Solved

I seems to have a sytax error within my code but cannot see why

Posted on 2014-10-17
11
129 Views
Last Modified: 2014-10-17
I seems to have a sytax error within my code but cannot see why.

the line in question is here:

mysqli_query($db,"INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')")or die(mysqli_error($db));
And the full error i get is here

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Meara ',' 22/1 ','25/1 < 22/1','D Nolan','',' Royal Marines ' at line 1

The line in which it says is near is this: '$thetrainer','$odds','$oddsmovement','$thejockey'

the database is set so all fields are varchat(250) aparent from parent id and id which are int

any further information please let me know
0
Comment
Question by:runnerjp2005
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40386844
Looks fine except for the space here
'$id ',

And Meara which appears to be the first value doesn't look like a ParentID to me - are your sure its not meant to be a number?
0
 

Author Comment

by:runnerjp2005
ID: 40386867
Meara is actually the value of Trainer or $thetrainer
0
 
LVL 58

Expert Comment

by:Gary
ID: 40386878
Seperate the sql and put in a variable then print it out before you you try and execute it.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 9

Expert Comment

by:Brian Tao
ID: 40386902
Can you post the resulted SQL string? The error may have come from the variables prior to $thetrainer.  To get the string, change your code to:
$sqlstr = "INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')";
echo $sqlstr . "<br>\n";
mysqli_query($db, $sqlstr)or die(mysqli_error($db));

Open in new window


A small tip: I usually do so (make the SQL string a variable and use it in mysqli_query) to make it easier for debugging.  After everything works, then you can comment out the line for echo.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 40386967
Maybe the error is not in your code, but instead is in the data?  Did you escape all of the variables before using them in the query string?  If not, learn about this function:
http://php.net/manual/en/mysqli.real-escape-string.php

And don't use die() - you can't trap it in an error handler.  Use trigger_error() instead.

This is a good way to write the query, run it and test for success.
$sql 
=
"
INSERT INTO `horses` 
( `ParentID`
, `Date`
, `Track`
, `Runners`
, `Going`
, `Distance`
, `Class`
, `Place`
, `Losing_Dist`
, `Stall`
, `Horse`
, `Weight`
, `Trainer`
, `Odds`
, `Oddsmovement`
, `Jockeys_Claim`
, `Comments`
, `Race_Name` 
)
VALUES
( '$id'
, '$Thedate'
, '$thecourse'
, '$noinrace'
, '$going'
, '$distance'
, '$class'
, '$place'
, '$distance_bt'
, '$stall'
, '$horse'
, '$weight'
, '$thetrainer'
, '$odds'
, '$oddsmovement'
, '$thejockey'
, '$comments'
, '$event'
)
"
;
$res = mysqli_query($db, $sql);
if (!$res)
{
    echo PHP_EOL . "FAIL: $sql";
    trigger_error(mysqli_error($db), E_USER_ERROR);
}

Open in new window

0
 

Author Comment

by:runnerjp2005
ID: 40387112
ahhhhhh is it due to the ' as its an irish name D O'Meara

what is the best way to deal with this??? i know i need to tighten up my sql but its just for my purpose and wont be public,,,, and a can escape string it but i would rather keep it
0
 
LVL 58

Expert Comment

by:Gary
ID: 40387123
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40387151
"This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

"Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z."

The function should be used on ALL data strings that are put into the query string.  It should also be used on all data strings that are retrieved from the data base and put back into the database.  It will not hurt your data; it will simply allow the database to store those special-meaning characters.

You may also want to take note of "magic quotes," which is mostly gone from PHP installations now, but which caused a lot of programmers to think that it was unnecessary to escape the data.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
0
 

Author Comment

by:runnerjp2005
ID: 40387283
am i doing something wrong here as i get the error: Fatal error: Call to a member function real_escape_string() on a non-object

 
$thejockey =  $grabthejockey->item(0)->textContent;
$thejockey = 	$mysqli->real_escape_string($thejockey); 	

Open in new window

0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 250 total points
ID: 40387293
When you create the db connection what name are you using? That is what you use

$my_db_connection_name->real_escape_string($thejockey);
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40387602
It's probably a good idea to avoid mixing the procedural and object-oriented methods; choose one or the other and stick with it.  Just a thought.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question