Link to home
Start Free TrialLog in
Avatar of pingeyeg
pingeyeg

asked on

Error in sql syntax

What seems to be wrong with this sql statement?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

$strSQL_Delete = mysql_query("DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID']) or die(mysql_error());
Avatar of glcummins
glcummins
Flag of United States of America image
When you encounter errors like this, it helps to see the entire SQL statement as it is submitted, rather than with the variables in place. Try this modification to your code:

$query = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' AND reviewID =" . $_POST['reviewID'];
$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());

This seperates the query string from the mysql_query statement so that we can see exactly what is being submitted. There is a possibility that one of the $_POST variables you are submitting has an errant quote in it.
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
"
DELETE FROM tblReviews WHERE strCompanyname =
'
"
 . $_POST['strCompanyname'] .
"
'
and
reviewID =
"
 . $_POST['reviewID']

I've separated out where you have single and double quotes mixed together.  As you can see, the structure doesn't make sense.  What you probably mean to do is

"DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID']

It would be much easier for you if you would use the syntax

$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID'];

$strSQL_Delete = mysql_query($sqlquery) or die(mysql_error());


Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
Oops, you do need the single quotes also:

$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname']' " . " and reviewID =" . $_POST['reviewID'];
Avatar of pingeyeg
pingeyeg

ASKER

Either way I code it, I still get the same error message.
Avatar of pingeyeg
pingeyeg

ASKER

I know that.  I kept them in.  Thanks though.
Avatar of glcummins
glcummins
Flag of United States of America image
@yodercm:

 strCompanyname = ' " . $_POST['strCompanyname']' "

This will result in mis-matched singe quotes. You have the first single quote inside the double-quoted string, but the second occurs outside of it. pingeyeg had it correct the first time, as far as I can tell.
Avatar of pingeyeg
pingeyeg

ASKER

This is what I have right now, but like I said I get the same error message:

$strSQL_Delete = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID'];
$SQL = mysql_query($strSQL_Delete) or die(mysql_error());
Avatar of glcummins
glcummins
Flag of United States of America image
Change:

$SQL = mysql_query($strSQL_Delete) or die(mysql_error());

to:

$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());

so that we can see the entire SQL query as it is submitted to the server. We don't currently know what is contained in '$_POST['strCompanyname']' and '$_POST['reviewID']', so we cannot accurately troubleshoot the statement.
Avatar of glcummins
glcummins
Flag of United States of America image
Or rather:

$SQL = mysql_query($strSQL_Delete) or die ("The following query failed: $strSQL_Delete. <br /> The MySQL error was: " . mysql_error());

(Sorry, I had the variable names wrong the first time).
Avatar of pingeyeg
pingeyeg

ASKER

Not sure why I am not getting the values from the variables, but this is my result:

The following query failed: DELETE FROM tblReviews WHERE strCompanyname = '' and reviewID =.
The MySQL error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Avatar of glcummins
glcummins
Flag of United States of America image
Do you want us to take a look at that part of the code, or will you troubleshoot that?

Make sure that the form that posts the data is using 'method="POST"', and that the field names are correct.
ASKER CERTIFIED SOLUTION
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pingeyeg
pingeyeg

ASKER

Ok, I'm no longer getting an error, but the requested review isn't being deleted either.
Avatar of pingeyeg
pingeyeg

ASKER

Ok, right now I got the company to show, but the reviewID is showing as reviewID instead of a number when displaying the sql statement.

DELETE FROM tblReviews WHERE strCompanyname = 'Plumbing When You Need It' and reviewID = 'reviewID'
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
$inputcompanyname = htmlentities($_POST['strCompanyname'],ENT_QUOTES);
$inputreviewID = htmlentities($_POST['reviewID'],ENT_QUOTES);

echo "input company name = $inputcompanyname <br>";
echo "input review ID = $inputreviewID <br>";

See if the values are correct.
Avatar of pingeyeg
pingeyeg

ASKER

Nope:

input company name = Plumbing When You Need It
input review ID = reviewID
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
So, you are getting the string "reviewID" instead of the correct ID number.  Fix that in your form input.
Avatar of pingeyeg
pingeyeg

ASKER

Nevermind, I got it.  Thanks!