On Sun, 2010-10-03 at 13:14 -0400, chris h wrote:
> On Sun, Oct 3, 2010 at 12:47 PM, Gary <gpaul@xxxxxxxxxxxxxxxx> wrote:
>
> > I have just created a registration page using Webassist, and I am getting a
> > syntax error that I am not understanding. Anyone be able to point me in
> > the
> > right direction?
> >
> > You have an error in your SQL syntax; check the manual that corresponds to
> > your MySQL server version for the right syntax to use near ' NULL, NULL)'
> > at
> > line 1
> >
> > This is the code (I have not modified it)
> >
> > <?php require_once('Connections/local.php'); ?>
> > <?php
> > if (!function_exists("GetSQLValueString")) {
> > function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
> > $theNotDefinedValue = "")
> > {
> > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
> >
> > $theValue = function_exists("mysql_real_escape_string") ?
> > mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
> >
> > switch ($theType) {
> > case "text":
> > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> > break;
> > case "long":
> > case "int":
> > $theValue = ($theValue != "") ? intval($theValue) : "NULL";
> > break;
> > case "double":
> > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
> > break;
> > case "date":
> > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
> > break;
> > case "defined":
> > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
> > break;
> > }
> > return $theValue;
> > }
> > }
> > ?>
> > <?php
> > // *** Redirect if username exists
> > $MM_flag="MM_insert";
> > if (isset($_POST[$MM_flag])) {
> > $MM_dupKeyRedirect="";
> > $loginUsername = $_POST['id'];
> > $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername .
> > "'";
> > mysql_select_db($database_local, $local);
> > $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error());
> > $loginFoundUser = mysql_num_rows($LoginRS);
> >
> > //if there is a row in the database, the username was found - can not add
> > the requested username
> > if($loginFoundUser){
> > $MM_qsChar = "?";
> > //append the username to the redirect page
> > if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
> > $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar
> > ."requsername=".$loginUsername;
> > header ("Location: $MM_dupKeyRedirect");
> > exit;
> > }
> > }
> > ?>
> > <?php
> > $editFormAction = $_SERVER['PHP_SELF'];
> > if (isset($_SERVER['QUERY_STRING'])) {
> > $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
> > }
> >
> > ?>
> > <?php
> > if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] ==
> > "WAATKRegistrationForm")) {
> > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
> > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s,
> > %s,
> > %s, %s, %s, %s, %s)",
> > GetSQLValueString($_POST['firstname'], "text"),
> > GetSQLValueString($_POST['lastname'], "text"),
> > GetSQLValueString($_POST['email'], "text"),
> > GetSQLValueString($_POST['password'], "text"),
> > GetSQLValueString($_POST['relationship'], "text"),
> > GetSQLValueString($_POST['story'], "text"),
> > GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'],
> > "text"), GetSQLValueString($_POST['submitted'], "date"));
> >
> > mysql_select_db($database_local, $local);
> > $Result1 = mysql_query($insertSQL, $local) or die(mysql_error());
> >
> > $insertGoTo = "family_LogIn.php";
> > if (isset($_SERVER['QUERY_STRING'])) {
> > $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
> > $insertGoTo .= $_SERVER['QUERY_STRING'];
> > }
> > header(sprintf("Location: %s", $insertGoTo));
> > }
> > ?>
> >
> > Thanks again for the help.
> >
> > Gary
> >
> >
> >
> > __________ Information from ESET Smart Security, version of virus signature
> > database 5499 (20101003) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> MySQL is not liking a query. It looks to be this one:
>
> $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email,
> password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s,
> %s, %s, %s, %s, %s)",
>
> I would echo or log $insertSQL just before you pass it to mysql_query() and
> see if the SQL syntax looks right.
>
>
> Chris.
Does sprintf enclose the replacement strings in single quotes, as I
don't believe it does, so it could be that it is choking on.
Try running the SQL through something like phpMyAdmin, or a dedicated
tool like MySQL Workbench, which should be able to pin-point the issue
if it's not immediately obvious.
Thanks,
Ash
http://www.ashleysheridan.co.uk
