syntax error, unexpected T_STRING on INSERT command

I have uploaded a file and am now trying to store it in a DB. I am getting a "Parse error: syntax error, unexpected T_STRING" error on this line below:

INSERT INTO gallery (user_id, image_name)
VALUES ($RecordsetUserID, UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file);

Can anyone help?

Is it $UPLOAD_DIR ........?

Is it $UPLOAD_DIR ........?

This is my whole code:

[PHP]<?php require_once('Connections/PhotoABC.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$colname_Recordset1 = "-1";
if (isset($_SESSION['username'])) {
$colname_Recordset1 = $_SESSION['username'];
}
mysql_select_db($database_PhotoABC, $PhotoABC);
$query_Recordset1 = sprintf("SELECT user_id FROM `user` WHERE username = %s", GetSQLValueString($colname_Recordset1, "text"));
$Recordset1 = mysql_query($query_Recordset1, $PhotoABC) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

//define constant for the maximum upload
define ('MAX_FILE_SIZE', 100000);

if (array_key_exists('upload', $_POST)) {

//define constant for upload folder
define('UPLOAD_DIR', 'C:\htdocs\PhotoABC\upload_test\\');

//replace any spaces with underscore
//also assign to simple variable
$file = str_replace(' ', '_', $_FILES['image']['name']);

//convert the max size to KB
$max = number_format(MAX_FILE_SIZE/1024,1).'KB';

//create variable of correct file typr
$correct = array('image/jpeg','image/pjpeg');

// begin by saying file is unacceptable
$sizeOK = false;
$typeOK = false;

//check file is correct size
if ($_FILES['image']['size'] > 0 && $_FILES['image']['size'] <=MAX_FILE_SIZE){
$sizeOK = true;
}

//check file is correct type
foreach ($correct as $type){
if($type == $_FILES['image']['type']){
$typeOK = true;
break;
}
}

if ($sizeOK && $typeOK){
switch($_FILES['image']['error']){
case 0:



//.$_SESSION['MM_Username']
if (!is_dir(UPLOAD_DIR.$_SESSION['MM_Username'])){
mkdir(UPLOAD_DIR.$_SESSION['MM_Username']);
}


//move file to the upload folder and rename it
//get date and time
ini_set('date.timezone', 'Europe/Dublin');
$now = date('Y-m-is-');

$success = move_uploaded_file($_FILES['image']['tmp_name'], UPLOAD_DIR.$_SESSION[ 'MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file);

//copy image to database ????
INSERT INTO gallery (user_id, image_name)
VALUES ($RecordsetUserID,
UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file);




if ($success){
$result= "$file uploaded successfully";
}

break;
}
}
elseif ($_FILES['image']['error'] == 4){
$result = 'No file selected';
}
else {
$result = "$file cannot be uploaded. Maximum size: $max. Acceptable file types: jpg";
}
}

mysql_free_result($Recordset1);
?>
[/PHP]

Maybe i am not using the SQL correctly for the insert query?

You certainly are not using it correcly. A MySQL INSERT statement is ususally issued (in PHP) using the mysql_query() command.

So in your case it would be something like[php]$result=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ( .... etc )"
or die("Error in INSERT: ".mysql_error());[/php]Ronald

You certainly are not using it correcly. A MySQL INSERT statement is ususally issued (in PHP) using the mysql_query() command.

So in your case it would be something like[php]$result=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ( .... etc )"
or die("Error in INSERT: ".mysql_error());[/php]Ronald

Thanks for your reply.
I have tried this and still not having any luck.
I am just trying to save the name of the uploaded image into a database.
Any suggestions on how I might go about this?

Show the INSERT statement as you have it now and that does not work. (I almost bet that you did not include the value of the second field within quotes.)

Ronald

[php]$sql = "SELECT 'user_id' FROM 'user' ";
$result = mysql_query($sql) or die (mysql_error());

$result=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($result,$success)"
or die("Error in INSERT: ".mysql_error());[/php]

If u look at my code I am trying to create a recordset so that I can add the user_id to the database as well...and the name of my file is in the varible $success. u can see this around line 94 of my code.

Thanks for any help

Code as it is now

[PHP]<?php
//define constant for the maximum upload
define ('MAX_FILE_SIZE', 100000);

if (array_key_exists('upload', $_POST)) {

//define constant for upload folder
define('UPLOAD_DIR', 'C:\htdocs\PhotoABC\upload_test\\');

//replace any spaces with underscore
//also assign to simple variable
$file = str_replace(' ', '_', $_FILES['image']['name']);

//convert the max size to KB
$max = number_format(MAX_FILE_SIZE/1024,1).'KB';

//create variable of correct file typr
$correct = array('image/jpeg','image/pjpeg');

// begin by saying file is unacceptable
$sizeOK = false;
$typeOK = false;

//check file is correct size
if ($_FILES['image']['size'] > 0 && $_FILES['image']['size'] <=MAX_FILE_SIZE){
$sizeOK = true;
}

//check file is correct type
foreach ($correct as $type){
if($type == $_FILES['image']['type']){
$typeOK = true;
break;
}
}

if ($sizeOK && $typeOK){
switch($_FILES['image']['error']){
case 0:



//.$_SESSION['MM_Username']
if (!is_dir(UPLOAD_DIR.$_SESSION['MM_Username'])){
mkdir(UPLOAD_DIR.$_SESSION['MM_Username']);
}


//move file to the upload folder and rename it
//get date and time
ini_set('date.timezone', 'Europe/Dublin');
$now = date('Y-m-is-');

$success = move_uploaded_file($_FILES['image']['tmp_name'], UPLOAD_DIR.$_SESSION[ 'MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file);

//copy image to database ????
//$sql = "SELECT 'user_id' FROM 'user' ";
//$result = mysql_query($sql) or die (mysql_error());

//$result=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($result,$success)"
//or die("Error in INSERT: ".mysql_error());


//$query = "INSERT INTO gallery (user_id,image_name) VALUES ($result,$success)";
//$queryresult = mysql_query($query) or die (mysql_error());




if ($success){
$result= "$file uploaded successfully";
}

break;
}
}
elseif ($_FILES['image']['error'] == 4){
$result = 'No file selected';
}
else {
$result = "$file cannot be uploaded. Maximum size: $max. Acceptable file types: jpg";
}
}
?>[/PHP]

$result=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($result,$success)"

This statement is nonsense. You take the result of the move_uploaded...() command (which is an error or an okay) and want to insert that as the name of the image file into your database.

Ronald

This statement is nonsense. You take the result of the move_uploaded...() command (which is an error or an okay) and want to insert that as the name of the image file into your database.

Ronald

yeah I am getting myself confused.
How then do I get the name of the file that was just uploaded and renamed. I am at a loss really...

Save it in a variable like[php]$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;[/php]
Then use that variable in your INSERT statement, like[php]$resins=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($result,'$v')"
//or die("Error in INSERT: ".mysql_error());[/php]
Ronald

Save it in a variable like[php]$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;[/php]
Then use that variable in your INSERT statement, like[php]$resins=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($result,'$v')"
//or die("Error in INSERT: ".mysql_error());[/php]
Ronald

Thank u again for your help....
This is my code now.

[PHP]$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;

//copy image to database
$resins=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($Recordset1,'$v'")
or die("Error in INSERT: ".mysql_error());[/PHP]


What i have done is created a recordset with dreamweaver call Recordset1...this holds user_id from the user DB.
Can I use this $Recordset1 as my varible in my INSERT query or do I need to extract the information some how?
And I am getting an error :
"Error in INSERT: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id #6,'C:\htdocs\PhotoABC\upload_test\Jordan/2008-03-2022-Jordan-CompeteHome_03.' at line 1"

Looking at the INSERT part of the code (NOT the other part) it looks like you need something like the following to

(a) get the correct userid, repace the ??? in that statement with the correct WHERE user_id=xxxxx, (probably $_SESSION['MM_username']??

(b) Insert the name of the image into a row
[php]//copy image to database
$sql = "SELECT user_id FROM user ???????????????? ";
$result = mysql_query($sql)
or die (mysql_error());
if (mysql_num_rows($result) > 0) {
$row=mysql_fetch_assoc($result);
$userid=$row['user_id'];
$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;
$resins=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES($userid,'$v'")
or die("Error in INSERT: ".mysql_error());
}[/php]Ronald

[PHP]$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;

//copy image to database

$sql = "SELECT user_id FROM user WHERE username = $_SESSION['MM_username']";
$queryresult = mysql_query($sql)
or die (mysql_error());
if (mysql_num_rows($queryresult) > 0) {
$row=mysql_fetch_assoc($queryresult);
$userid=$row['user_id'];

$resins=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($userid,'$v'")
or die("Error in INSERT: ".mysql_error());
[/PHP]

Getting an error on line 5.
I think i am just missing some ' '.
Does this code look more like what I need now?

User_id is (most probably) a character type field, so you must enclose any value to be used with that field, between quotation marks, like[[php]$sql = "SELECT user_id FROM user WHERE user_id = '".$_SESSION['MM_username']."'";[/php]If it is a char field, then the same goes for line 12 statement.

Ronald

User_id is (most probably) a character type field, so you must enclose any value to be used with that field, between quotation marks, like[[php]$sql = "SELECT user_id FROM user WHERE user_id = '".$_SESSION['MM_username']."'";[/php]If it is a char field, then the same goes for line 12 statement.

Ronald

Yeah that was it.

[PHP]$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;

//copy image to database

$sql ="SELECT user_id FROM user WHERE username = '".$_SESSION['MM_Username']."'";
$queryresult = mysql_query($sql)
or die (mysql_error());
if (mysql_num_rows($queryresult) > 0) {
$row=mysql_fetch_assoc($queryresult);
$userid=$row['user_id'];
}

$resins=mysql_query("INSERT INTO gallery (user_id, image_name) VALUES ($userid,'$v'")
or die("Error in INSERT: ".mysql_error());[/PHP]

When I upload a file and it tries to send it to the database I get this error message:

"Error in INSERT: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

Please read my posts entirely

If it is a char field, then the same goes for line 12 statement.

So line 13 (was line 12 previously) must have the user_id within quotes just like the other user_id fields:[php]VALUES ('$userid','$v'")[/php]Ronald

Please read my posts entirely
So line 13 (was line 12 previously) must have the user_id within quotes just like the other user_id fields:[php]VALUES ('$userid','$v'")[/php]Ronald

Sorry.
I have been using this line:
[PHP]$sql ="SELECT user_id FROM user WHERE username = '".$_SESSION['MM_Username']."'";[/PHP]

where I get user_id from the user DB WHERE username is equal to the the session username.
I understood that I was using this query to return user_id for the username logged in?

Sorry if I picked u up wrong.
That is why I didnt put the quotes around line 12 because user_id is an INT.

Statement should then be Ronald

I have been working on my code.
New Code

[PHP]$v=UPLOAD_DIR.$_SESSION['MM_Username'].'/'.$now.$_SESSION['MM_Username'].'-'.$file;

//copy image to database

$sql = "SELECT `user_id` FROM `user` WHERE `username` = '".$_SESSION['MM_Username']."'";
$queryresult = mysql_query($sql)
or die (mysql_error());
if (mysql_num_rows($queryresult) > 0) {
$row=mysql_fetch_assoc($queryresult);
$userid=$row['user_id'];
}

$resins=mysql_query("INSERT INTO gallery ('user_id', 'image_name') VALUES ($userid,'$v')")
or die("Error in INSERT: ".mysql_error());[/PHP]

I get this error
"Error in INSERT: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user_id', 'image_name') VALUES (5,'C:\htdocs\PhotoABC\upload_test\Jordan/2008-0' at line 1"

As u can see the VALUES entered are correct.
Just have an SQL syntax error and I do not know where.

This is fixed and working now
Thanks for all your help

Here is the working code

[PHP]$sql = "SELECT `user_id` FROM `user` WHERE `username` = '".$_SESSION['MM_Username']."'";
$queryresult = mysql_query($sql)
or die (mysql_error());
if (mysql_num_rows($queryresult) > 0) {
$row=mysql_fetch_assoc($queryresult);
$userid=$row['user_id'];
}

$resins=mysql_query("INSERT INTO gallery (`user_id`, `image_name`) VALUES ('$userid','$v')")
or die("Error in INSERT: ".mysql_error());
[/PHP]

Thanks again..it wouldnt be working with out u :)

Good that it works now.

Remember, you cannot use quotation marks ina MySQL statement for enclosing table, column or db names. You have to use 'back ticks' for that. And you found that out.

See you again some time.

Ronald