Solved

Error in sql syntax

Posted on 2007-03-26
18
180 Views
Last Modified: 2007-03-26
What seems to be wrong with this sql statement?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

$strSQL_Delete = mysql_query("DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID']) or die(mysql_error());
0
Comment
Question by:pingeyeg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 5
18 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 18793922
When you encounter errors like this, it helps to see the entire SQL statement as it is submitted, rather than with the variables in place. Try this modification to your code:

$query = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' AND reviewID =" . $_POST['reviewID'];
$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());

This seperates the query string from the mysql_query statement so that we can see exactly what is being submitted. There is a possibility that one of the $_POST variables you are submitting has an errant quote in it.
0
 
LVL 27

Expert Comment

by:Cornelia Yoder
ID: 18793941
"
DELETE FROM tblReviews WHERE strCompanyname =
'
"
 . $_POST['strCompanyname'] .
"
'
and
reviewID =
"
 . $_POST['reviewID']

I've separated out where you have single and double quotes mixed together.  As you can see, the structure doesn't make sense.  What you probably mean to do is

"DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID']

It would be much easier for you if you would use the syntax

$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = " . $_POST['strCompanyname'] . " and reviewID =" . $_POST['reviewID'];

$strSQL_Delete = mysql_query($sqlquery) or die(mysql_error());


0
 
LVL 27

Expert Comment

by:Cornelia Yoder
ID: 18793967
Oops, you do need the single quotes also:

$sqlquery = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname']' " . " and reviewID =" . $_POST['reviewID'];
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 1

Author Comment

by:pingeyeg
ID: 18793983
Either way I code it, I still get the same error message.
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18793991
I know that.  I kept them in.  Thanks though.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18793999
@yodercm:

 strCompanyname = ' " . $_POST['strCompanyname']' "

This will result in mis-matched singe quotes. You have the first single quote inside the double-quoted string, but the second occurs outside of it. pingeyeg had it correct the first time, as far as I can tell.
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18794004
This is what I have right now, but like I said I get the same error message:

$strSQL_Delete = "DELETE FROM tblReviews WHERE strCompanyname = '" . $_POST['strCompanyname'] . "' and reviewID =" . $_POST['reviewID'];
$SQL = mysql_query($strSQL_Delete) or die(mysql_error());
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18794019
Change:

$SQL = mysql_query($strSQL_Delete) or die(mysql_error());

to:

$strSQL_Delete = mysql_query($query) or die ("The following query failed: $query. <br /> The MySQL error was: " . mysql_error());

so that we can see the entire SQL query as it is submitted to the server. We don't currently know what is contained in '$_POST['strCompanyname']' and '$_POST['reviewID']', so we cannot accurately troubleshoot the statement.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18794036
Or rather:

$SQL = mysql_query($strSQL_Delete) or die ("The following query failed: $strSQL_Delete. <br /> The MySQL error was: " . mysql_error());

(Sorry, I had the variable names wrong the first time).
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18794055
Not sure why I am not getting the values from the variables, but this is my result:

The following query failed: DELETE FROM tblReviews WHERE strCompanyname = '' and reviewID =.
The MySQL error was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18794095
Do you want us to take a look at that part of the code, or will you troubleshoot that?

Make sure that the form that posts the data is using 'method="POST"', and that the field names are correct.
0
 
LVL 27

Accepted Solution

by:
Cornelia Yoder earned 500 total points
ID: 18794193
Ok, the best solution is to clean up the messy query!

First of all, you should NEVER use a $_POST directly in a query.  It leaves you WIDE OPEN to SQL Injection hacking.  So do this:

$inputcompanyname = htmlentities($_POST['strCompanyname'],ENT_QUOTES);
$inputreviewID = htmlentities($_POST['reviewID'],ENT_QUOTES);

$strSQL_Delete = "DELETE FROM tblReviews WHERE strCompanyname = '$inputcompanyname' and reviewID = '$inputreviewID' ";

$SQL = mysql_query($strSQL_Delete) or die(mysql_error());
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18794261
Ok, I'm no longer getting an error, but the requested review isn't being deleted either.
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18794314
Ok, right now I got the company to show, but the reviewID is showing as reviewID instead of a number when displaying the sql statement.

DELETE FROM tblReviews WHERE strCompanyname = 'Plumbing When You Need It' and reviewID = 'reviewID'
0
 
LVL 27

Expert Comment

by:Cornelia Yoder
ID: 18794321
$inputcompanyname = htmlentities($_POST['strCompanyname'],ENT_QUOTES);
$inputreviewID = htmlentities($_POST['reviewID'],ENT_QUOTES);

echo "input company name = $inputcompanyname <br>";
echo "input review ID = $inputreviewID <br>";

See if the values are correct.
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18794348
Nope:

input company name = Plumbing When You Need It
input review ID = reviewID
0
 
LVL 27

Expert Comment

by:Cornelia Yoder
ID: 18794384
So, you are getting the string "reviewID" instead of the correct ID number.  Fix that in your form input.
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18794389
Nevermind, I got it.  Thanks!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question