On Sun, 2010-10-03 at 13:14 -0400, chris h wrote: > On Sun, Oct 3, 2010 at 12:47 PM, Gary <gpaul@xxxxxxxxxxxxxxxx> wrote: > > > I have just created a registration page using Webassist, and I am getting a > > syntax error that I am not understanding. Anyone be able to point me in > > the > > right direction? > > > > You have an error in your SQL syntax; check the manual that corresponds to > > your MySQL server version for the right syntax to use near ' NULL, NULL)' > > at > > line 1 > > > > This is the code (I have not modified it) > > > > <?php require_once('Connections/local.php'); ?> > > <?php > > if (!function_exists("GetSQLValueString")) { > > function GetSQLValueString($theValue, $theType, $theDefinedValue = "", > > $theNotDefinedValue = "") > > { > > $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; > > > > $theValue = function_exists("mysql_real_escape_string") ? > > mysql_real_escape_string($theValue) : mysql_escape_string($theValue); > > > > switch ($theType) { > > case "text": > > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > > break; > > case "long": > > case "int": > > $theValue = ($theValue != "") ? intval($theValue) : "NULL"; > > break; > > case "double": > > $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; > > break; > > case "date": > > $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; > > break; > > case "defined": > > $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; > > break; > > } > > return $theValue; > > } > > } > > ?> > > <?php > > // *** Redirect if username exists > > $MM_flag="MM_insert"; > > if (isset($_POST[$MM_flag])) { > > $MM_dupKeyRedirect=""; > > $loginUsername = $_POST['id']; > > $LoginRS__query = "SELECT id FROM family WHERE id='" . $loginUsername . > > "'"; > > mysql_select_db($database_local, $local); > > $LoginRS=mysql_query($LoginRS__query, $local) or die(mysql_error()); > > $loginFoundUser = mysql_num_rows($LoginRS); > > > > //if there is a row in the database, the username was found - can not add > > the requested username > > if($loginFoundUser){ > > $MM_qsChar = "?"; > > //append the username to the redirect page > > if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&"; > > $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar > > ."requsername=".$loginUsername; > > header ("Location: $MM_dupKeyRedirect"); > > exit; > > } > > } > > ?> > > <?php > > $editFormAction = $_SERVER['PHP_SELF']; > > if (isset($_SERVER['QUERY_STRING'])) { > > $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); > > } > > > > ?> > > <?php > > if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == > > "WAATKRegistrationForm")) { > > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, > > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, > > %s, > > %s, %s, %s, %s, %s)", > > GetSQLValueString($_POST['firstname'], "text"), > > GetSQLValueString($_POST['lastname'], "text"), > > GetSQLValueString($_POST['email'], "text"), > > GetSQLValueString($_POST['password'], "text"), > > GetSQLValueString($_POST['relationship'], "text"), > > GetSQLValueString($_POST['story'], "text"), > > GetSQLValueString($_POST['image'], ""), GetSQLValueString($_POST['ip'], > > "text"), GetSQLValueString($_POST['submitted'], "date")); > > > > mysql_select_db($database_local, $local); > > $Result1 = mysql_query($insertSQL, $local) or die(mysql_error()); > > > > $insertGoTo = "family_LogIn.php"; > > if (isset($_SERVER['QUERY_STRING'])) { > > $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; > > $insertGoTo .= $_SERVER['QUERY_STRING']; > > } > > header(sprintf("Location: %s", $insertGoTo)); > > } > > ?> > > > > Thanks again for the help. > > > > Gary > > > > > > > > __________ Information from ESET Smart Security, version of virus signature > > database 5499 (20101003) __________ > > > > The message was checked by ESET Smart Security. > > > > http://www.eset.com > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > MySQL is not liking a query. It looks to be this one: > > $insertSQL = sprintf("INSERT INTO family (firstname, lastname, email, > password, relationship, story, image, ip, submitted) VALUES (%s, %s, %s, %s, > %s, %s, %s, %s, %s)", > > I would echo or log $insertSQL just before you pass it to mysql_query() and > see if the SQL syntax looks right. > > > Chris. Does sprintf enclose the replacement strings in single quotes, as I don't believe it does, so it could be that it is choking on. Try running the SQL through something like phpMyAdmin, or a dedicated tool like MySQL Workbench, which should be able to pin-point the issue if it's not immediately obvious. Thanks, Ash http://www.ashleysheridan.co.uk