Solved

I seems to have a sytax error within my code but cannot see why

Posted on 2014-10-17
11
126 Views
Last Modified: 2014-10-17
I seems to have a sytax error within my code but cannot see why.

the line in question is here:

mysqli_query($db,"INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')")or die(mysqli_error($db));
And the full error i get is here

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Meara ',' 22/1 ','25/1 < 22/1','D Nolan','',' Royal Marines ' at line 1

The line in which it says is near is this: '$thetrainer','$odds','$oddsmovement','$thejockey'

the database is set so all fields are varchat(250) aparent from parent id and id which are int

any further information please let me know
0
Comment
Question by:runnerjp2005
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40386844
Looks fine except for the space here
'$id ',

And Meara which appears to be the first value doesn't look like a ParentID to me - are your sure its not meant to be a number?
0
 

Author Comment

by:runnerjp2005
ID: 40386867
Meara is actually the value of Trainer or $thetrainer
0
 
LVL 58

Expert Comment

by:Gary
ID: 40386878
Seperate the sql and put in a variable then print it out before you you try and execute it.
0
 
LVL 9

Expert Comment

by:Brian Tao
ID: 40386902
Can you post the resulted SQL string? The error may have come from the variables prior to $thetrainer.  To get the string, change your code to:
$sqlstr = "INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')";
echo $sqlstr . "<br>\n";
mysqli_query($db, $sqlstr)or die(mysqli_error($db));

Open in new window


A small tip: I usually do so (make the SQL string a variable and use it in mysqli_query) to make it easier for debugging.  After everything works, then you can comment out the line for echo.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 40386967
Maybe the error is not in your code, but instead is in the data?  Did you escape all of the variables before using them in the query string?  If not, learn about this function:
http://php.net/manual/en/mysqli.real-escape-string.php

And don't use die() - you can't trap it in an error handler.  Use trigger_error() instead.

This is a good way to write the query, run it and test for success.
$sql 
=
"
INSERT INTO `horses` 
( `ParentID`
, `Date`
, `Track`
, `Runners`
, `Going`
, `Distance`
, `Class`
, `Place`
, `Losing_Dist`
, `Stall`
, `Horse`
, `Weight`
, `Trainer`
, `Odds`
, `Oddsmovement`
, `Jockeys_Claim`
, `Comments`
, `Race_Name` 
)
VALUES
( '$id'
, '$Thedate'
, '$thecourse'
, '$noinrace'
, '$going'
, '$distance'
, '$class'
, '$place'
, '$distance_bt'
, '$stall'
, '$horse'
, '$weight'
, '$thetrainer'
, '$odds'
, '$oddsmovement'
, '$thejockey'
, '$comments'
, '$event'
)
"
;
$res = mysqli_query($db, $sql);
if (!$res)
{
    echo PHP_EOL . "FAIL: $sql";
    trigger_error(mysqli_error($db), E_USER_ERROR);
}

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:runnerjp2005
ID: 40387112
ahhhhhh is it due to the ' as its an irish name D O'Meara

what is the best way to deal with this??? i know i need to tighten up my sql but its just for my purpose and wont be public,,,, and a can escape string it but i would rather keep it
0
 
LVL 58

Expert Comment

by:Gary
ID: 40387123
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40387151
"This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

"Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z."

The function should be used on ALL data strings that are put into the query string.  It should also be used on all data strings that are retrieved from the data base and put back into the database.  It will not hurt your data; it will simply allow the database to store those special-meaning characters.

You may also want to take note of "magic quotes," which is mostly gone from PHP installations now, but which caused a lot of programmers to think that it was unnecessary to escape the data.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
0
 

Author Comment

by:runnerjp2005
ID: 40387283
am i doing something wrong here as i get the error: Fatal error: Call to a member function real_escape_string() on a non-object

 
$thejockey =  $grabthejockey->item(0)->textContent;
$thejockey = 	$mysqli->real_escape_string($thejockey); 	

Open in new window

0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 250 total points
ID: 40387293
When you create the db connection what name are you using? That is what you use

$my_db_connection_name->real_escape_string($thejockey);
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40387602
It's probably a good idea to avoid mixing the procedural and object-oriented methods; choose one or the other and stick with it.  Just a thought.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now