Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: [Solved] You have an error in your SQL syntax  (Read 8948 times)

H.A.C

  • Jr. Member
  • **
  • Karma: 20
  • Posts: 86
  • i love snews community for its great members
    • Chasoft Corporation
[Solved] You have an error in your SQL syntax
« on: February 07, 2008, 02:25:17 pm »

Hi everybody,

I'm facing to a mysterious problem with MySQL. I don't know why! I need your help.

My code is very simple but I still don't know why, let you follow my description:

This is my code, it works - you can check it.
Code: [Select]
<?php
$content file_get_contents('http://www.9down.com/AMD-Athlon-64-X2-Dual-Core-Processor-Driver-v-1-3-2-16-for-Win-XP-Server-2003-7154/');

preg_match('@<div class="imgss">.*</div>(.*)<div class="lifls1 bj">@Uus'$content$article_body);

echo "This is orginal article:\n".$article_body[1];

//replace all ' to &#38;#39;
$article_body[1] = str_replace("\'",'&#38;#39;',$article_body[1]);

//i just want to check if the above function works
if (strpos($article_body,"\'") > 0) {
echo "\noh, it doesnt works\n";
} else {
echo "\nIt works\n";
}

echo $article_body[1];

?>
(when copy the code above to test, please pay attention that & is converted to &#38; by our forum system- so  you must replace &#38; by & mark to test my code)

And the result I got is: (run the script with firefox 2.0.11 and rightlick -> view Page Source)

Quote
This is orginal article:

Allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users. This driver supports AMD Athlon&trade; 64 X2 Dual Core processors on Windows XP SP2, Windows 2003 SP1 x84 and x64 Editions.<div>Before proceeding with your driver installation we suggest you make sure you are installing the latest version available and for the appropriate model/revision and Operating System. We strongly suggest following 'readme' instructions for installing drivers when available. Often restarting your system will be necessary for the new driver to become active and start functioning properly.</div><br /><div>You can check back regularly for new updates at TechSpot's Drivers Section or stop by our frontpage on a daily for the best technology information on the web. <br /><br /><strong><a href="http://www.amd.com/us-en/assets/content_type/utilities/amdcupsetup.exe" target="_self">Download</a></strong></div>

It works

Allows the system to automatically adjust the CPU speed, voltage and power combination that match the instantaneous user performance need. Download this Setup Installation program (EXE) to automatically update all the files necessary for installation. This package is recommended for users whom desire a graphical user interface for installation. This .EXE driver is a user friendly localized software installation of the driver designed for end-users. This driver supports AMD Athlon&trade; 64 X2 Dual Core processors on Windows XP SP2, Windows 2003 SP1 x84 and x64 Editions.<div>Before proceeding with your driver installation we suggest you make sure you are installing the latest version available and for the appropriate model/revision and Operating System. We strongly suggest following 'readme' instructions for installing drivers when available. Often restarting your system will be necessary for the new driver to become active and start functioning properly.</div><br /><div>You can check back regularly for new updates at TechSpot's Drivers Section or stop by our frontpage on a daily for the best technology information on the web. <br /><br /><strong><a href="http://www.amd.com/us-en/assets/content_type/utilities/amdcupsetup.exe" target="_self">Download</a></strong></div>

You can see that all done.

The code below generate :: "It works" <= that means that there is no ' mark.

Code: [Select]
<?php
if (
strpos($article_body,"\'") > 0) {
echo "\noh, it doesnt works\n";
} else {
echo "\nIt works\n";
}
?>


But look at the second paragraph, there is still ' mark on the paragraph. (expected: &#39;) <= I dont understand this point.

that's why when i parse $article_body to MySQL, I got this error message (i use echo mysql_error (); to get the error message)

Quote
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'readme' instructions for installing drivers when available. Often restarting you' at line 1

Note: This is my environment
Firefox 2.0.11
AppServ 2.5.9 (Apache 2.2.4, PHP 5.2.3, MySQL 5.0.45, phpMyAdmin-2.10.2)
,
« Last Edit: February 12, 2008, 12:08:35 pm by H.A.C »
Logged
I'm not available ....until the end of the year 2009!
----------------------------
The largest website powered by sNews is in its way to become the biggest!
My great personal website powered by sNews 1.6
http://www.chasoft.net
Come to see how it's great!

codetwist

  • Hero Member
  • *****
  • Karma: 50
  • Posts: 940
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #1 on: February 07, 2008, 03:31:41 pm »

IMHO this:
Code: [Select]
//replace all ' to &#38;#39;
$article_body[1] = str_replace("\'",
should look this:
Code: [Select]
//replace all ' to &#38;#39;
$article_body[1] = str_replace("'",
and this:
Code: [Select]
//i just want to check if the above function works
if (strpos($article_body,"\'") > 0) {
like this:
Code: [Select]
//i just want to check if the above function works
if (strpos($article_body,"'") > 0) {
Logged

H.A.C

  • Jr. Member
  • **
  • Karma: 20
  • Posts: 86
  • i love snews community for its great members
    • Chasoft Corporation
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #2 on: February 07, 2008, 04:57:48 pm »

Oh, thanks for your help. it works correctly. Thank you very much. But I have another question:


But this code works correctly

Code: [Select]
<?php
$id$_GET['id'];
if ($id!= '') {
echo $text str_replace("\'",'&#38;#39;',$id);
} else {
echo 'You must type something in the textbox below:';
echo '<form name="upload" action="'.$_SERVER['PHP_SELF'].'" method="GET" enctype="text" target="_self">';
echo '<input name="id" type="text" size="100" /><br>';
echo '<input type="submit" name="cmdSend" value="SEND" /> ';
echo '</form>';

?>

the code below doesn't work correctly.

Code: [Select]
<?php
$id$_GET['id'];
if ($id!= '') {
echo $text str_replace("'",'&#38;#39;',$id);
} else {
echo 'You must type something in the textbox below:';
echo '<form name="upload" action="'.$_SERVER['PHP_SELF'].'" method="GET" enctype="text" target="_self">';
echo '<input name="id" type="text" size="100" /><br>';
echo '<input type="submit" name="cmdSend" value="SEND" /> ';
echo '</form>';

?>

could you explain this situation?


Also, how about this line in sNews.php?

Code: [Select]
<?php
$comment 
str_replace("\'""&#38;#39;"$_POST['editedcomment']);
?>
« Last Edit: February 07, 2008, 05:08:23 pm by H.A.C »
Logged
I'm not available ....until the end of the year 2009!
----------------------------
The largest website powered by sNews is in its way to become the biggest!
My great personal website powered by sNews 1.6
http://www.chasoft.net
Come to see how it's great!

lilspen

  • Jr. Member
  • **
  • Karma: 2
  • Posts: 57
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #3 on: February 09, 2008, 12:42:05 pm »

would it have anything to do with the fact that the &#38;#39 are between " ... " in the snews code and yours are between ' ... '?

try your original code with " instead of '.
that's the only difference I can see.
Logged

lilspen

  • Jr. Member
  • **
  • Karma: 2
  • Posts: 57
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #4 on: February 09, 2008, 12:48:31 pm »

the only difference I see isthat your code has &#38;#39 in single quotes ( ' ) and the sNews code is using double quotes ( " ).

try your original code using " and tell me what you get.
Logged

H.A.C

  • Jr. Member
  • **
  • Karma: 20
  • Posts: 86
  • i love snews community for its great members
    • Chasoft Corporation
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #5 on: February 09, 2008, 05:04:25 pm »

" can't help. I still get the same result.
Logged
I'm not available ....until the end of the year 2009!
----------------------------
The largest website powered by sNews is in its way to become the biggest!
My great personal website powered by sNews 1.6
http://www.chasoft.net
Come to see how it's great!

codetwist

  • Hero Member
  • *****
  • Karma: 50
  • Posts: 940
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #6 on: February 09, 2008, 05:19:34 pm »

Those other lines in snews.php deals with different data source - presumably already stored in database and probably escaped with slash character. In Your case it's data with unescaped single quote character.
Logged

invarbrass

  • Full Member
  • ***
  • Karma: 18
  • Posts: 117
    • http://snews.extremebittorrent.com
Re: [Help][Mysterious error ] You have an error in your SQL syntax
« Reply #7 on: February 11, 2008, 03:55:38 pm »

that's why when i parse $article_body to MySQL, I got this error message (i use echo mysql_error (); to get the error message)

Quote
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'readme' instructions for installing drivers when available. Often restarting you' at line 1

I can't find any database calls in your code. Are you preparing the input for SQL? I think you're not escaping the control characters in the retrieved article. Try mysql_real_escape().
Logged