Solved

I seems to have a sytax error within my code but cannot see why

Posted on 2014-10-17
11
130 Views
Last Modified: 2014-10-17
I seems to have a sytax error within my code but cannot see why.

the line in question is here:

mysqli_query($db,"INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')")or die(mysqli_error($db));
And the full error i get is here

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Meara ',' 22/1 ','25/1 < 22/1','D Nolan','',' Royal Marines ' at line 1

The line in which it says is near is this: '$thetrainer','$odds','$oddsmovement','$thejockey'

the database is set so all fields are varchat(250) aparent from parent id and id which are int

any further information please let me know
0
Comment
Question by:runnerjp2005
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40386844
Looks fine except for the space here
'$id ',

And Meara which appears to be the first value doesn't look like a ParentID to me - are your sure its not meant to be a number?
0
 

Author Comment

by:runnerjp2005
ID: 40386867
Meara is actually the value of Trainer or $thetrainer
0
 
LVL 58

Expert Comment

by:Gary
ID: 40386878
Seperate the sql and put in a variable then print it out before you you try and execute it.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 9

Expert Comment

by:Brian Tao
ID: 40386902
Can you post the resulted SQL string? The error may have come from the variables prior to $thetrainer.  To get the string, change your code to:
$sqlstr = "INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')";
echo $sqlstr . "<br>\n";
mysqli_query($db, $sqlstr)or die(mysqli_error($db));

Open in new window


A small tip: I usually do so (make the SQL string a variable and use it in mysqli_query) to make it easier for debugging.  After everything works, then you can comment out the line for echo.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 40386967
Maybe the error is not in your code, but instead is in the data?  Did you escape all of the variables before using them in the query string?  If not, learn about this function:
http://php.net/manual/en/mysqli.real-escape-string.php

And don't use die() - you can't trap it in an error handler.  Use trigger_error() instead.

This is a good way to write the query, run it and test for success.
$sql 
=
"
INSERT INTO `horses` 
( `ParentID`
, `Date`
, `Track`
, `Runners`
, `Going`
, `Distance`
, `Class`
, `Place`
, `Losing_Dist`
, `Stall`
, `Horse`
, `Weight`
, `Trainer`
, `Odds`
, `Oddsmovement`
, `Jockeys_Claim`
, `Comments`
, `Race_Name` 
)
VALUES
( '$id'
, '$Thedate'
, '$thecourse'
, '$noinrace'
, '$going'
, '$distance'
, '$class'
, '$place'
, '$distance_bt'
, '$stall'
, '$horse'
, '$weight'
, '$thetrainer'
, '$odds'
, '$oddsmovement'
, '$thejockey'
, '$comments'
, '$event'
)
"
;
$res = mysqli_query($db, $sql);
if (!$res)
{
    echo PHP_EOL . "FAIL: $sql";
    trigger_error(mysqli_error($db), E_USER_ERROR);
}

Open in new window

0
 

Author Comment

by:runnerjp2005
ID: 40387112
ahhhhhh is it due to the ' as its an irish name D O'Meara

what is the best way to deal with this??? i know i need to tighten up my sql but its just for my purpose and wont be public,,,, and a can escape string it but i would rather keep it
0
 
LVL 58

Expert Comment

by:Gary
ID: 40387123
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40387151
"This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

"Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z."

The function should be used on ALL data strings that are put into the query string.  It should also be used on all data strings that are retrieved from the data base and put back into the database.  It will not hurt your data; it will simply allow the database to store those special-meaning characters.

You may also want to take note of "magic quotes," which is mostly gone from PHP installations now, but which caused a lot of programmers to think that it was unnecessary to escape the data.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
0
 

Author Comment

by:runnerjp2005
ID: 40387283
am i doing something wrong here as i get the error: Fatal error: Call to a member function real_escape_string() on a non-object

 
$thejockey =  $grabthejockey->item(0)->textContent;
$thejockey = 	$mysqli->real_escape_string($thejockey); 	

Open in new window

0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 250 total points
ID: 40387293
When you create the db connection what name are you using? That is what you use

$my_db_connection_name->real_escape_string($thejockey);
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40387602
It's probably a good idea to avoid mixing the procedural and object-oriented methods; choose one or the other and stick with it.  Just a thought.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question