I have done simple php script and I have corrected every little error I got
but now I stucked. I keep getting "You have an error in your SQL syntax
near '' at line 9 ", and I don't know what to do. The code is the following:
<?php
require('config.php');
$conn = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS) or
die ('Could not connect to MySQL database.' .mysql_error());
mysql_select_db (SQL_DB, $conn);
$display_block = "<h1>$project_name Categories</h1>
<P>Select a Category to see details.</P>";
//validate project
$get_project = "SELECT
c.cat_name,
p.project_name
FROM
category
AS c LEFT JOIN
project AS p ON p.id = c.project_id
WHERE
c.id = $_GET[cat_id]";
$get_project_res = mysql_query($get_project) or die (mysql_error());
if (mysql_num_rows($get_project_res) < 1) {
//invalid item
$display_block .= "<p><em>Invalid project selection.</em></p>";
} else {
//valid project, get info
$project_name =
strtoupper(stripslashes(mysql_result($get_project_ res,0,'project_name')));
$cat_name = stripslashes(mysql_result($get_project_res,0,'cat_ name'));
}
?>
<html>
<head>
<title>Projects</title>
</head>
<body>
<?php print $display_block; ?>
</body>
</html>
I have to tables, one is category and other one is project. On the main page
I have data from project table, and on the other page (code up) I want to
show data from other table but only valid for project example 1 or 2 etc.
Tnx in advance, sorry for any gramatic mistake, english is not my first
language :) 8 1745
Igor Slivka wrote: I have done simple php script and I have corrected every little error I got but now I stucked. I keep getting "You have an error in your SQL syntax near '' at line 9 ", and I don't know what to do. The code is the following:
It's always worth echo'ing the SQL command.
$result = mysql_query($query) or die("$query<br>".mysql_error());
.... just don't leave them in your released app, the queries give too
much away.
> //validate project $get_project = "SELECT c.cat_name, p.project_name FROM category AS c LEFT JOIN project AS p ON p.id = c.project_id WHERE c.id = $_GET[cat_id]";
Try to do this as here:
$get_project = "SELECT c.cat_name, p.project_name FROM category c, project
p WHERE c.id=$_GET[cat_id] AND p.id=c.project_id";
Alex_r wrote: //validate project $get_project = "SELECT c.cat_name, p.project_name FROM category AS c LEFT JOIN project AS p ON p.id = c.project_id WHERE c.id = $_GET[cat_id]";
Try to do this as here:
$get_project = "SELECT c.cat_name, p.project_name FROM category c, project p WHERE c.id=$_GET[cat_id] AND p.id=c.project_id";
Well this was nice try, but unfortunatly it doesn't work :(.
Know it's reporting php error on 'AND ...'
Hm, strange thing is that original code (with different tables name) IS
working with one other very simple db. Go figure...
> It's always worth echo'ing the SQL command. $result = mysql_query($query) or die("$query<br>".mysql_error()); ... just don't leave them in your released app, the queries give too much away.
LikeI said, i'm just beginning with php. Tnx for the tip thou :))
Any idea what to do with the code? I should be pretty simple, show
categories that are related to project 1 (or 2,3 for that matter), nothing
fancy and complex. I' m really confused.
.oO("Igor Slivka" <igor.slivka@REMOVE THISri.htnet.hr>) I have done simple php script and I have corrected every little error I got but now I stucked. I keep getting "You have an error in your SQL syntax near '' at line 9 ", and I don't know what to do. The code is the following: [...]
//validate project $get_project = "SELECT c.cat_name, p.project_name FROM category AS c LEFT JOIN project AS p ON p.id = c.project_id WHERE c.id = $_GET[cat_id]";
The above query relies on a URL-parameter and uses it without any
checking, which makes the code vulnerable to SQL-injection (google for
details on that).
And what happens if there's no such parameter at all? The query becomes
invalid and causes an error message on the last (9th) line.
A possible solution with a default value of '0':
$cat_id = isset($_GET['cat_id']) ? intval($_GET['cat_id']) : 0;
$get_project = "
SELECT c.cat_name, p.project_name
FROM category AS c
LEFT JOIN project AS p ON p.id = c.project_id
WHERE c.id = $cat_id";
HTH
Micha
Igor Slivka wrote: I have done simple php script and I have corrected every little error I got but now I stucked. I keep getting "You have an error in your SQL syntax near '' at line 9 ", and I don't know what to do. The code is the following:
<?php require('config.php'); $conn = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS) or die ('Could not connect to MySQL database.' .mysql_error()); mysql_select_db (SQL_DB, $conn);
$display_block = "<h1>$project_name Categories</h1> <P>Select a Category to see details.</P>";
//validate project $get_project = "SELECT c.cat_name, p.project_name FROM category AS c LEFT JOIN project AS p ON p.id = c.project_id WHERE c.id = $_GET[cat_id]"; $get_project_res = mysql_query($get_project) or die (mysql_error());
if (mysql_num_rows($get_project_res) < 1) { //invalid item $display_block .= "<p><em>Invalid project selection.</em></p>"; } else { //valid project, get info $project_name = strtoupper(stripslashes(mysql_result($get_project_ res,0,'project_name'))); $cat_name = stripslashes(mysql_result($get_project_res,0,'cat_ name')); } ?>
<html> <head> <title>Projects</title> </head> <body> <?php print $display_block; ?> </body> </html>
I have to tables, one is category and other one is project. On the main page I have data from project table, and on the other page (code up) I want to show data from other table but only valid for project example 1 or 2 etc.
Tnx in advance, sorry for any gramatic mistake, english is not my first language :)
Are p.id or c.project_id text values?
Steve
> The above query relies on a URL-parameter and uses it without any checking, which makes the code vulnerable to SQL-injection (google for details on that).
Thank You! Will do :)
Just learning so i'm reading a tons of book and that are all pretty simple
(as u can see :)) but even that's enough for me ;)
And what happens if there's no such parameter at all? The query becomes invalid and causes an error message on the last (9th) line. A possible solution with a default value of '0': $cat_id = isset($_GET['cat_id']) ? intval($_GET['cat_id']) : 0; $get_project = " SELECT c.cat_name, p.project_name FROM category AS c LEFT JOIN project AS p ON p.id = c.project_id WHERE c.id = $cat_id";
Yup, thank You once again! :) Know i'm getting somewhere.
Well expect few other questions like this one, thank U all for replaying :)
Best regards, Igor
> Are p.id or c.project_id text values?
Of course, not that stupid ;>.
Anyway i'm going somwhere with above response, thank U all once more ;) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Judi Keplar |
last post by:
I am currently taking a course to learn Python and was looking for
some help. I need to write a Python statement to print a comma-
separated repetition of the word, "Spam", written 511 times...
|
by: Philip Mette |
last post by:
I am begginner at best so I hope someone that is better can help.
I have a stored procedure that updates a view that I wrote using 2
cursors.(Kind of a Inner Loop) I wrote it this way Because I...
|
by: Grrrbau |
last post by:
I'm a beginner.
I'm looking for a good C++ book.
Someone told me about Lafore's "Object-Oriented Programming in C++".
What do you think?
Grrrbau
|
by: BobJohnson |
last post by:
Just started learning C++ and I need some help with my homework, shouldn't
take long for people around here. I need to create a simple money
calculator but I don't know how to make the output...
|
by: ranger |
last post by:
Hi,
I'm a beginner with C++, studying on my own from a book and I've
encoutered quite some problems.. If possible, someone out there might
help me out..
The problem is the following.. I've...
|
by: Simon Matthews |
last post by:
Hope someone can help an Access beginner!
I've just started keeping my surgical logbook on access and it's a
simple flat-file affair. I have created several queries that will
list cases...
|
by: newbie |
last post by:
Hi
I am using a toolkit written in c++ that consists of three parts
1) video captur
2) image processin
3) OpenGL wrappe
The video capture program only works with local hardware (for...
|
by: hl |
last post by:
Hi,
I'm a beginner and need a little help with getting data back from a web
service.
I am using VB.Net and have added a web reference to a Wsdl that was
provided to me.
My reference.vb file...
|
by: fool |
last post by:
Dear group,
Given a string I have to print the permutation, using some
looping tricks. This is not a Home work problem. My best
try as beginner is:
#include<stdio.h>
#include<stdlib.h>
...
|
by: macmac |
last post by:
I'm new to this forum and I am in a beginner level with programming too. I posted this thing out hoping that somebody could help me out in making this program. I am working right now as a C++...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |