Hey everyone. Pretty new to php...someone gave me some code to help me out with a project, but I'm getting an error. 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Here's the code. <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>title</title> </head> <body> <?php $con = mysql_connect("localhost", "user", "pass") or die ("Cannot connect to server"); mysql_select_db("database", $con) or die ("Cannot connect to database table").";"; $query = "SELECT * FROM videoconferencerooms where doctorId=".$_GET["doctorId"]; $result = mysql_query($query); if(!$result) { printf("<p style='color: red;'>%s - %s</p>", mysql_errno(), mysql_error()); } else { $videoconf = mysql_fetch_array($result, MYSQL_ASSOC); printf("<a href=".$videoconf["url"].">".$videoconf["doctorFirstname"]." ".$videoconf["doctorLastame"]." conference room</a>"); mysql_free_result($result); } mysql_close($con); ?> </body> </html> Code (markup): Thanks for any help you can give.
It's almost certainly a problem with the value of $_GET['doctorID']. Have your error message display the value of $query and it should be easy to spot the problem. Look for issues like an incorrect data type. For example, is the database expected a string or a number for the 'doctorID' field? If it's a string, it should be quoted in your query. You should also avoid passing raw user data to the mySQL server in a query. It makes your script vulnerable to hacking. See mysql_real_escape_string() in the PHP manual.
Thanks for the advice Rain, I'll pass it along. Honestly, even changing the code to have the error message show the value of $query is a bit beyond me right now, if you could point me in the right direction as to a walkthrough on how to do that (I feel awful asking for the actual code) it would be much appreciated. I will say that for the doctorId field the table is set to expect an integer.
The only line we are interested in is this one: $query = "SELECT * FROM videoconferencerooms where doctorId=".$_GET["doctorId"]; PHP: Just as good coding practice I would change it to: $query = "SELECT * FROM videoconferencerooms where doctorId='{$_GET['doctorId']}'"; PHP: It may fix the problem. If not, and you want to see what the value of $query is simply add the following to your code after the line we are looking at. echo 'Query: '.$query; PHP: That will display something on the page to tell you what the query actually is. If you're not sure of the problem post what it says and will be very easy to diagnose. Hope this helps.
Perfect geforce, that showed me the error and I was able to fix the issue (the first "where doctorId" should have been something different). Thank you both so much for your help!!!