Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I seems to have a sytax error within my code but cannot see why

Posted on 2014-10-17
11
Medium Priority
?
133 Views
Last Modified: 2014-10-17
I seems to have a sytax error within my code but cannot see why.

the line in question is here:

mysqli_query($db,"INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')")or die(mysqli_error($db));
And the full error i get is here

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Meara ',' 22/1 ','25/1 < 22/1','D Nolan','',' Royal Marines ' at line 1

The line in which it says is near is this: '$thetrainer','$odds','$oddsmovement','$thejockey'

the database is set so all fields are varchat(250) aparent from parent id and id which are int

any further information please let me know
0
Comment
Question by:runnerjp2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40386844
Looks fine except for the space here
'$id ',

And Meara which appears to be the first value doesn't look like a ParentID to me - are your sure its not meant to be a number?
0
 

Author Comment

by:runnerjp2005
ID: 40386867
Meara is actually the value of Trainer or $thetrainer
0
 
LVL 58

Expert Comment

by:Gary
ID: 40386878
Seperate the sql and put in a variable then print it out before you you try and execute it.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 9

Expert Comment

by:Brian Tao
ID: 40386902
Can you post the resulted SQL string? The error may have come from the variables prior to $thetrainer.  To get the string, change your code to:
$sqlstr = "INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')";
echo $sqlstr . "<br>\n";
mysqli_query($db, $sqlstr)or die(mysqli_error($db));

Open in new window


A small tip: I usually do so (make the SQL string a variable and use it in mysqli_query) to make it easier for debugging.  After everything works, then you can comment out the line for echo.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 40386967
Maybe the error is not in your code, but instead is in the data?  Did you escape all of the variables before using them in the query string?  If not, learn about this function:
http://php.net/manual/en/mysqli.real-escape-string.php

And don't use die() - you can't trap it in an error handler.  Use trigger_error() instead.

This is a good way to write the query, run it and test for success.
$sql 
=
"
INSERT INTO `horses` 
( `ParentID`
, `Date`
, `Track`
, `Runners`
, `Going`
, `Distance`
, `Class`
, `Place`
, `Losing_Dist`
, `Stall`
, `Horse`
, `Weight`
, `Trainer`
, `Odds`
, `Oddsmovement`
, `Jockeys_Claim`
, `Comments`
, `Race_Name` 
)
VALUES
( '$id'
, '$Thedate'
, '$thecourse'
, '$noinrace'
, '$going'
, '$distance'
, '$class'
, '$place'
, '$distance_bt'
, '$stall'
, '$horse'
, '$weight'
, '$thetrainer'
, '$odds'
, '$oddsmovement'
, '$thejockey'
, '$comments'
, '$event'
)
"
;
$res = mysqli_query($db, $sql);
if (!$res)
{
    echo PHP_EOL . "FAIL: $sql";
    trigger_error(mysqli_error($db), E_USER_ERROR);
}

Open in new window

0
 

Author Comment

by:runnerjp2005
ID: 40387112
ahhhhhh is it due to the ' as its an irish name D O'Meara

what is the best way to deal with this??? i know i need to tighten up my sql but its just for my purpose and wont be public,,,, and a can escape string it but i would rather keep it
0
 
LVL 58

Expert Comment

by:Gary
ID: 40387123
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40387151
"This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

"Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z."

The function should be used on ALL data strings that are put into the query string.  It should also be used on all data strings that are retrieved from the data base and put back into the database.  It will not hurt your data; it will simply allow the database to store those special-meaning characters.

You may also want to take note of "magic quotes," which is mostly gone from PHP installations now, but which caused a lot of programmers to think that it was unnecessary to escape the data.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
0
 

Author Comment

by:runnerjp2005
ID: 40387283
am i doing something wrong here as i get the error: Fatal error: Call to a member function real_escape_string() on a non-object

 
$thejockey =  $grabthejockey->item(0)->textContent;
$thejockey = 	$mysqli->real_escape_string($thejockey); 	

Open in new window

0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 1000 total points
ID: 40387293
When you create the db connection what name are you using? That is what you use

$my_db_connection_name->real_escape_string($thejockey);
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40387602
It's probably a good idea to avoid mixing the procedural and object-oriented methods; choose one or the other and stick with it.  Just a thought.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question