I have a Gaming Control Panel for a website I am running, and the people whom I purcashed it from suggested I use MySQL 4.0.22. I installed and configured it, and it seemed like the control panel worked. I am able to add content, such as news etc, but am not able to Delete or Edit it. I get the error:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

I asked the company what version they use, and they use the same version of MySQL as me, and have no problems whatsoever. If anyone is able to fix this for me, I'd happily pay a nominal fee.

Oh, I am also running PHP Version 4.3.9, with Apache.

post the query string it used.
And i like your username..
for those who dont know..
babooshka means grandma in russian.

$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);
MYSQL_QUERY("UPDATE $mysql_table SET news_topic='$news_topic', news_author='$news_author', news_message='$news_message' WHERE $id_type=$id") or die (mysql_error());
showSuccess('News Update',$_SERVER['PHP_SELF']);

is this variable set? $mysql_table

Yes, it's set to
$mysql_table = "cp_news";

What is $id set to?

It sets itself to the corresponding newspost which I want to delete or edit, which is '1'.

Note that this works perfectly fine with the company that gave me this script. They have no idea what is wrong, their support sucks.

Yes, but I don't see it set in your code above...unless you missed it when you snipped the code. Double check that you set the variable first in the page. I know its a simple thing, but I've done that many a time. To debug, comment out the MYSQL_QUERY execution and print out the SQL string to the browser. That will at least show you what variable is causing the thrown error. I still suspect the id...but I am wrong quite a bit.

Originally posted by babooshka

$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);
MYSQL_QUERY("UPDATE $mysql_table SET news_topic='$news_topic', news_author='$news_author', news_message='$news_message' WHERE $id_type=$id") or die (mysql_error());
showSuccess('News Update',$_SERVER['PHP_SELF']);


maybe it should be

Originally posted by babooshka
$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);
MYSQL_QUERY("UPDATE $mysql_table SET news_topic='$news_topic', news_author='$news_author', news_message='$news_message' WHERE $id_type='$id' ") or die (mysql_error());
showSuccess('News Update',$_SERVER['PHP_SELF']);

need 5 posts to post link..

uploaded the php file to http://tehw00t.net/news.zip , hopefully that will be of use to you.

I think I see the problem. Line 25ish the variable set is:

$id_type

and yet on line 40ish the SQL I see uses:

$id

This is just my 20 second impression. I'll investigate more and will be back later.

Disclaimer: I am not responsible for war, famine, or what happens if anything fails. (Well, maybe the famine part.)

Find this:


} if ($_REQUEST['m'] == "4") {
$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);


And make it look like this:


} if ($_REQUEST['m'] == "4") {
$id = remslash($_POST['id']);
$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);


Then check your update function. If that works, let us know, and we will progress to fixing your DELETE functionality.

Did not work :(

Okay, let's see what the string is.

Find this


} if ($_REQUEST['m'] == "4") {
$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);
MYSQL_QUERY("UPDATE $mysql_table SET news_topic='$news_topic', news_author='$news_author', news_message='$news_message' WHERE $id_type=$id") or die (mysql_error());
showSuccess('News Update',$_SERVER['PHP_SELF']);


And change it to look like this:


} if ($_REQUEST['m'] == "4") {
$news_topic = remslash($_POST['news_topic']);
$news_author = remslash($_POST['news_author']);
$news_message = remslash($_POST['news_message']);
print "UPDATE $mysql_table SET news_topic='$news_topic', news_author='$news_author', news_message='$news_message' WHERE $id_type=$id";
/*MYSQL_QUERY("UPDATE $mysql_table SET news_topic='$news_topic', news_author='$news_author', news_message='$news_message' WHERE $id_type=$id") or die (mysql_error());
showSuccess('News Update',$_SERVER['PHP_SELF']);*/


And the run youe edit functionality. This should print your query string to the screen. Copy the results and share them with us.

(if there is heavy formatting on the screen, sometimes you might have to view source, especially if heavy use of tables are employed.)

Shoot, I didn't even ask this question: I'm assuming the edit FORM works, and when you hit 'submit', that's when it fails, right?

I get this:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Chris, check pm :o

Gotcha., On it.

Okay, find this:


} if ($_REQUEST['m'] == "3") {
getHeader();
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());


And make it so...


} if ($_REQUEST['m'] == "3") {
$id=remslash($_REQUEST['id']);
getHeader();
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());

that seemed to work! It shows the EDIT form now. Ill try to add that line in to in the update function.

awesome, it edits and updates now, what should I do to delete?

Find:


} if ($_REQUEST['m'] == "5") {
getHeader();
showAsk('Are you sure you want to remove this news post?',$id);
getFooter();
} if ($_REQUEST['m'] == "6") {
MYSQL_QUERY("DELETE FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());
showSuccess('News Removed',$_SERVER['PHP_SELF']);


And Change to:


} if ($_REQUEST['m'] == "5") {
$id=remslash($_REQUEST['id']); //<--Added by cl.
getHeader();
showAsk('Are you sure you want to remove this news post?',$id);
getFooter();
} if ($_REQUEST['m'] == "6") {
$id=remslash($_REQUEST['id']); //<--Added by cl.
MYSQL_QUERY("DELETE FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());
showSuccess('News Removed',$_SERVER['PHP_SELF']);


And check that. If that works, there are a few other recommendations that you may or may not wish to take.

works very well now, sir. Thanks.

You're quite welcome. Glad to be of service.

Now, at this point, most people would say "good enuff, it works." I am not most people. This next code is completely optional, and an excersice in cleanup & maintainability.

I would change:

} if ($_REQUEST['m'] == "3") {
getHeader();
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());
while ($mysql=mysql_fetch_array($result)) {
$mysql_values = "null&" . $mysql[news_topic] . "&" . $mysql[news_author] . "&" . $mysql[news_message];;
createJSValid($checkfields,$errors);
createForm($titles,$fields,$type,$size,$maxlength,'4',$id_type,$id,$mysql_values);
}
getFooter();


To:

} if ($_REQUEST['m'] == "3") {
getHeader();
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());
while ($mysql=mysql_fetch_array($result)) {
//$mysql_values = "null&" . $mysql[news_topic] . "&" . $mysql[news_author] . "&" . $mysql[news_message];;
$mysql_values = "null&" . $mysql['news_topic'] . "&" . $mysql['news_author'] . "&" . $mysql['news_message']; //note the quotes around the field names and we eliminate one of the redundant semicolons.
createJSValid($checkfields,$errors);
createForm($titles,$fields,$type,$size,$maxlength,'4',$id_type,$id,$mysql_values);
}
getFooter();


Also, one of the reasons it may have worked on another system is due to that system having REGISTER_GLOBALS on, which is bad. That is only an assumption, though.