PDA

View Full Version : i dont understand


AN-net
07-22-2004, 12:35 AM
ok im getting an mysql syntax error saying:

Invalid SQL: INSERT INTO journals
(journalist,journalist_id,journaldate,journaldesc, private,whocanview,lastentry,
lastentry_date,ipaddress,journalname)
VALUES ('Shon','6','1090459535','The only game dog journal',
'0','','Issue #1','1090459535','65.12.191.223'
,'Sporting Dog Journal'

mysql error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 6


here is my code:

$nameformat=",'".addslashes($jname)."'";
$DB_site->query_first("INSERT INTO ".TABLE_PREFIX."journals
(journalist,journalist_id,journaldate,journaldesc, private,whocanview,lastentry,
lastentry_date,ipaddress".iif($_POST['usejname']=='1', ',journalname').")
VALUES ('".addslashes($journalist)."','".intval($journalistid)."','".TIMENOW."','".addslashes($jdesc)."',
'".$jpriv."','".addslashes($whocanviewj)."','".addslashes($etitle)."','".TIMENOW."','".$REMOTE_ADDR."'
".iif($_POST['usejname']=='1', $nameformat)."
");


anyone know y cause having nothing in a field for an insert query has never given me a problem before>_>

Velocd
07-22-2004, 01:19 AM
The error I spotted:

".iif($_POST['usejname']=='1', $nameformat)."

$nameformat is a string, no? You are not providing the single quotes nor comma for it.

Here is a revamped and more readable version of your PHP:


$nameformat = ",'".addslashes($jname)."'";

$DB_site->query_first("
INSERT INTO ".TABLE_PREFIX."journals
(journalist, journalist_id, journaldate,
journaldesc, private, whocanview, lastentry,
lastentry_date, ipaddress".($_POST['usejname'] ? ', journalname', '').")
VALUES
('".addslashes($journalist)."', '".intval($journalistid)."',
".TIMENOW.", '".addslashes($jdesc)."', '".$jpriv."', '".addslashes($whocanviewj)."',
'".addslashes($etitle)."', ".TIMENOW.", '".$REMOTE_ADDR."'".($_POST['usejname'] ? ", '$nameformat'", '')."
)
");


I recommend to stick to this standard of formatting your queries. It's how vBulletin does it, and it just allows for easier visibility of spotting errors.

Other things I recommend:

Don't quote numbers. e.g. $_POST['usejname'] == '1'. For the most cases when comparing if a value is 0 or 1, or if it has any value not zero, you can drop out the == operator and second operand and just use if($_POST['usejname']).
Don't quote the TIMENOW constant. It returns a 10 integer unix timestamp, which again, is a number.
Use the ternary operator (condition ? if_true_value: if_false_value) instead of the vBs iif(). If you ever go outside vBulletin coding, iif wont be available, so you should know ? and :
$_POST['usejname'] looks a lot like $_POST['username'], maybe use underscores or something.. $_POST['use_jname'].

AN-net
07-22-2004, 01:45 AM
thanks so much ^_^

AN-net
07-22-2004, 01:52 AM
i now get a parse error for an unexpected comma on line 621 which is:
lastentry_date, ipaddress".($_POST['usejname'] ? ', journalname', '').")

AN-net
07-22-2004, 03:30 AM
i fixed it turns out you forgot to use a : instead of a comma in defining the true and false values;)