473,399 Members | 3,401 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > mysql database > questions > dynamic string sent to db receives mysql error near '%'

Join Bytes to post your question to a community of 473,399 software developers and data experts.

dynamic string sent to db receives MySQL error near '%'

Hi Everyone,

I need your help.

I'm probably missing something simple but here's the string that I'm trying to send to the db:

Expand|Select|Wrap|Line Numbers
  1.  
  2. Select distinct (email_address) from some_table where age BETWEEN 18 AND 19 AND state like 'ca%' 
  3.  
If I copy and paste this statement directly into the SQL textarea of phpmyadmin it returns the result set that I am looking for with no problem.

However, when I try to send it via AJAX/Flex:

AJAX receives this line from Flex --

Expand|Select|Wrap|Line Numbers
  1. var mySqlStr = "Select distinct (email_address) from some_table where age BETWEEN " + age1.text + " AND " + age2.text + " AND state like '" + state.text + "%';";
  2. ExternalInterface.call('sendRequestPost_search', mySqlStr);
  3.  
Which sends this string to a php page. The php page catches the $_POST['mySqlStr'] and uses it to send the sql string to the database.

Expand|Select|Wrap|Line Numbers
  1. $con = mysql_connect($server, $username, $password);
  2.  
  3.     if (!$con)
  4.     {
  5.         die('Could not connect: ' . mysql_error());
  6.     }
  7.     mysql_select_db("db", $con);
  8.     $my_sql_string = $mySqlStr;
  9.     if (!mysql_query($my_sql_string,$con))
  10.       {
  11.             die('Error: ' . mysql_error());
  12.       }
  13.     else
  14.       {
  15.      $myDetails = '<table><tr colspan=2><td valign=top>';
  16.                         $someVar = mysql_query($my_sql_string,$con);
  17.                         while($row = mysql_fetch_array($someVar))
  18.                         {
  19.                          $myDetails .= 'EMAIL_ADDRESS: '. $row["EMAIL_ADDRESS"];
  20.                         }
  21.         $myDetails .= '</td></tr></table>';
  22.        }
  23.        echo $myDetails;
  24.  
Instead of a table of emails, I receive this error:
Expand|Select|Wrap|Line Numbers
  1. Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'ca%\'' at line 1
  2.  
I've tried to write the string without the single quoutes. I've tried to add back slashes. I've tried it without the semicolon at the end. I've tried to send the string without the "%" altogether and insert it within the php page before sending the sql string off to the db.

What can I do?

Thanks in advance,
Tarik
Feb 26 '08 #1
4 1366
ronverdonk
4,258 Expert 4TB
Try to remove the backslashes using [php]$my_sql_string = stripslashes($mySqlStr);[/php]Ronald
Feb 26 '08 #2
mwasif
802 Expert 512MB
Print the value of $my_sql_string, this will tell you what is the exact problem. It seems to be a problem with the parameter value you are passing for state.

You should only pass the parameters, validate them and use it in your SQL query. You can also use mysql_real_escape_string() to make your query safe.
Feb 27 '08 #3
Thanks for the feedback guys. I did echo the string and it was fine the way that it was (I tested the echoed string by copying & pasting it into phpmyadmin sql section) and I tried addslashes and htmlentities, but I don't know why I didn't think of stripslashes.

Anyways! This was the solution that I came up with in the mean time, was to split the string and bring it back together again in PHP.

Within Flex I broke up the string that was being passed to the AJAX(js) file, as such:
Expand|Select|Wrap|Line Numbers
  1.         public function myCallToDB():void
  2.         {
  3.             var o:Object = new Object();
  4.             o.mySqlStr = "Select distinct (email_address) from some_table where age BETWEEN " + age1.text + " AND " + age2.text + " AND state like ";
  5.             o.mySqlStr2 = state.text;
  6.             o.mySqlStr3 = shows.text;
  7.             ExternalInterface.call('sendRequestPost_search', o);  
  8.         }
  9.  
Within the AJAX(js) file:
Expand|Select|Wrap|Line Numbers
  1. // Set path to PHP script
  2.   var phpscript = 'login.php';
  3.  
  4.     function sendRequestPost_search(o)
  5.     {
  6.         var mySqlStr = o.mySqlStr;
  7.         var mySqlStr2 = o.mySqlStr2;
  8.         var mySqlStr3 = o.mySqlStr3;
  9.  
  10.         // Open PHP script for requests
  11.             http.open('post', phpscript);
  12.         http.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
  13.         http.onreadystatechange = handleResponsePost;
  14.         http.send('mySqlStr='+mySqlStr+'&mySqlStr2='+ mySqlStr2+'&mySqlStr3='+ mySqlStr3);
  15.     }
  16.  
Within the PHP file the three strings are placed back together:
Expand|Select|Wrap|Line Numbers
  1. $mySqlStr = $_POST['mySqlStr'];
  2. $mySqlStr2 = $_POST['mySqlStr2'];
  3. $mySqlStr3 = $_POST['mySqlStr3']; 
  4.  
  5.     $con = mysql_connect($server, $username, $password);
  6.  
  7.     if (!$con)
  8.     {
  9.         die('Could not connect: ' . mysql_error());
  10.     }
  11.     mysql_select_db("db", $con);
  12.     $my_sql_string = $mySqlStr."'".$mySqlStr2."%'  AND shows like '".$mySqlStr3."%';";
  13.  
The PHP files results is returned to the AJAX(js) file, which writes the results to a div called "response":
Expand|Select|Wrap|Line Numbers
  1. function handleResponsePost() 
  2. {
  3.     if(http.readyState == 1)
  4.     {
  5.         document.getElementById("response").innerHTML = "Please wait, loading... " ; 
  6.     } 
  7.     else if(http.readyState == 4 && http.status == 200)
  8.     {
  9.         // Text returned from PHP script
  10.         var response = http.responseText;
  11.         document.getElementById("response").innerHTML = response;
  12.         if(response) 
  13.         {
  14.             // Update ajaxTest2 content
  15.             document.getElementById("response").innerHTML = response;        
  16.         }
  17.     }
  18. }
  19.  
And it worked so well, that as you can see, there was room to add another param from the original sql string to further refine the select statement result set.

I bet the stripslashes would have done it :-)

And thanks for the help once again.
Feb 27 '08 #4
ronverdonk
4,258 Expert 4TB
We're all glad to have been of help. See you next time.

Ronald
Feb 27 '08 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

0
schema and Catalog under MySQL 3.23.55
by: Morten Gulbrandsen | last post by:
Hi programmers, I try to investigate some of the basics behind schemas and cataloges, Which is part of SQL2 Language this is the error message I get:
MySQL Database
0
Import Database from MySQL3.x to MySQL 4.x
by: Mario Ohnewald | last post by:
Hello! I want to import a MySQL 3.x Databse to my new shiny MySQL4.x. I did a backup with /usr/local/mysql-standard-4.0.14-pc-linux-i686/bin/mysqldump -u root -p --opt -A > mysql_lamp_backup.`date...
MySQL Database
9
How To Use Dynamic Queries As Report RecordSource?
by: mooseshoes | last post by:
All: I'm using Access 2000 on a Windows XP platform. My goal is to use a form to gather user criteria which I will then parse into a useable SQL string. At this point I would like to open one...
Microsoft Access / VBA
8
how to get " into a string without it terminating it
by: Ian Davies | last post by:
Hello I have the following sql string to run as a command in my VB6 project to update mysql table strSQL = "LOAD DATA INFILE " & ImportFile & " INTO TABLE tPupils FIELDS TERMINATED BY ','...
MySQL Database
2
MYSQL Limit on length of insert statements?
by: speralta | last post by:
My tired old eyes may be failing me, but the following insert statements look correct to me, but I can't seem to get a clean insert from a fairly large text file database into mysql. I was...
MySQL Database
11
Dynamic SQL reading statements from table
by: downwitch | last post by:
Hi, I'm using a 3rd-party app's back end which stores SQL statements in a table, so I have no choice but to use dynamic SQL to call them (unless someone else knows a workaround...) Problem...
Microsoft SQL Server
2
jdbc createConnection(String url) throws exception
by: bevis | last post by:
I'm new to sql server and mysql but this seems like it should be a pretty straight forward jdbc connection. But I have spent almost 2 days just trying to get a jdbc connection. Please help if you...
Microsoft SQL Server
2
Dynamic TreeView selection binding to DetailsView using sqlDataSource in ASP.NET 2.0
by: makennedy | last post by:
Hi Experts, Please help, I am a newbie to ASP.NET 2.0 may be I am doing something wrong or there may be a bug somewhere. Basically I have a TreeView Control which I have created...
.NET Framework
3
Trying to insert a long XML string in mysql using perl
by: jonathan184 | last post by:
The code seems to be working fine for some records but I am thinking it is finding some other records with special characters and so on. I am looking for a way to insert the xml string with escaping...
Perl
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!