?
Solved

Unusual syntax error towards mysql

Posted on 2007-03-30
7
Medium Priority
?
269 Views
Last Modified: 2008-02-20
Not sure why I am getting this since it has nothing to do with the page it is talking about.  The error I get is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Use Us Again and Again!', 'Basic' )' at line 3

That line on the page it is referring to is:

if ($_SERVER['REQUEST_METHOD'] == "POST") {
0
Comment
Question by:pingeyeg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 18823908
Can you provide a few lines before and after that point in your script? Additionally, are you including any files (like MySQL connection details) around that point?
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18823923
This is my sql statement:

$result = mysql_query("INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')") or die(mysql_error());

addslashes($strServicesoffered);
addslashes($strOtherservices);
addslashes($strProvidertagline);

The lines before and after my last post are:

<?php

if ($_SERVER['REQUEST_METHOD'] == "POST") {

            $strProviderservice = $_REQUEST['strProviderservice'];
            $strCompanyname = $_REQUEST['strCompanyname'];
            $strOwner = $_REQUEST['strOwner'];
            $strAddress = $_REQUEST['strAddress'];
            $strTown = $_REQUEST['strTown'];
            $strZipcode = $_REQUEST['strZipcode'];
            $strPhone = $_REQUEST['strPhone'];
            $str2ndphone = $_REQUEST['str2ndphone'];
            $strMobile = $_REQUEST['strMobile'];
            $strPager = $_REQUEST['strPager'];
            $strFax = $_REQUEST['strFax'];
            $strEmail = $_REQUEST['strEmail'];
            $strWebsite = $_REQUEST['strWebsite'];
            $strLicense = $_REQUEST['strLicense'];
            $strInsured = $_REQUEST['strInsured'];
            $strBonded = $_REQUEST['strBonded'];
            $strHours = $_REQUEST['strHours'];
            $str24houremerg = $_REQUEST['str24houremerg'];
            $strOtherservices = $_REQUEST['strOtherservices'];
            $strServicearea = $_REQUEST['strServicearea'];
            $strInbusiness_since = $_REQUEST['strInbusiness_since'];
            $strServicesoffered = $_REQUEST['strServicesoffered'];
            $strFreeestimate = $_REQUEST['strFreeestimate'];
            $strWorkguaranteed = $_REQUEST['strWorkguaranteed'];
            $strProvidertagline = $_REQUEST['strProvidertagline'];
            $strAd_size = $_REQUEST['strAd_size'];
0
 
LVL 24

Accepted Solution

by:
glcummins earned 1600 total points
ID: 18823960
Each of your input fields needs to be escaped. It looks like the string contained in '$strProvdertagline' contains a single quote, which interferes with the proper quoting of the SQL query.

Try adding 'addslashes()' around each of the $_REQUESTs:

            $strProviderservice = addslashes($_REQUEST['strProviderservice']);
            $strCompanyname = addslashes($_REQUEST['strCompanyname']);
            $strOwner = addslashes($_REQUEST['strOwner']);
            $strAddress = addslashes($_REQUEST['strAddress']);
            $strTown = addslashes($_REQUEST['strTown']);
            $strZipcode = addslashes($_REQUEST['strZipcode']);
            $strPhone = addslashes($_REQUEST['strPhone']);
            $str2ndphone = addslashes($_REQUEST['str2ndphone']);
            $strMobile = addslashes($_REQUEST['strMobile']);
            $strPager = addslashes($_REQUEST['strPager']);
            $strFax = addslashes($_REQUEST['strFax']);
            $strEmail = addslashes($_REQUEST['strEmail']);
            $strWebsite = addslashes($_REQUEST['strWebsite']);
            $strLicense = addslashes($_REQUEST['strLicense']);
            $strInsured = addslashes($_REQUEST['strInsured']);
            $strBonded = addslashes($_REQUEST['strBonded']);
            $strHours = addslashes($_REQUEST['strHours']);
            $str24houremerg = addslashes($_REQUEST['str24houremerg']);
            $strOtherservices = addslashes($_REQUEST['strOtherservices']);
            $strServicearea = addslashes($_REQUEST['strServicearea']);
            $strInbusiness_since = addslashes($_REQUEST['strInbusiness_since']);
            $strServicesoffered = addslashes($_REQUEST['strServicesoffered']);
            $strFreeestimate = addslashes($_REQUEST['strFreeestimate']);
            $strWorkguaranteed = addslashes($_REQUEST['strWorkguaranteed']);
            $strProvidertagline = addslashes($_REQUEST['strProvidertagline']);
            $strAd_size = addslashes($_REQUEST['strAd_size']);
0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 27

Assisted Solution

by:Cornelia Yoder
Cornelia Yoder earned 400 total points
ID: 18823962
One of your variables has a quote mark in it:

the right syntax to use near 'll Use Us Again and Again!', 'Basic' )' at line 3

probably something like ...   I'll Use Us ...

0
 
LVL 24

Expert Comment

by:glcummins
ID: 18823998
When you receive user input to be stored in a database, you should always check the input before processing it. User input can contain problematic or even malicious characters and strings that may damage your data or compromise the security of your application.

For more information on this topic, take a look at http://www.digitalpropulsion.org/Programming/SQL_Injections_in_PHP_with_MySQL
0
 
LVL 1

Author Comment

by:pingeyeg
ID: 18824007
That made a lot of since, but I am still getting that same error after putting those in.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18824046
So that we can see the query that is being attempted, can you make the following change in your code:

$query = "INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')"

$result = mysql_query($query) or die("The following query failed:<br />$query<br />The MySQL error was: " . mysql_error());
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question