...

View Full Version : Database error



Jon W
01-14-2008, 03:02 AM
I've seem to be getting a mysql_error saying: Database error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1.

-------

I'm not to sure what that means, and I was wondering if you guys could help me out. This PHP script is meant for a Password Recovery system, (i.e forgot password). So how it works is that the User is suppose to type in his/hers email address and when the user types his/her Email address, then the script is suppose to check the table users to see if there is a email that matchs the email that was typed inside of the input. If it does, then its suppose to insert the info that was typed in the input, the random_key (That will be used to verify the persons email address) and the IP. And then send a email out with the info that I want to be displayed in the email and then the link of course that will lead to the next page that will check and see if the random key is the same key that is in the database, if so, then bring up a field that the User then an UPDATE his/hers Password to his/hers likings.



<?php

$random_key = md5(uniqid(rand(), true));

if(isset($_POST['submit']))

{

if($_POST['email'] !='')

{

include("db.php");

$query = mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error());

$row = mysql_fetch_assoc($query);

if($row['email'] == $_POST['email'])

{

$sql = mysql_query("INSERT INTO recovery (`id`, `username`, `random_key`, `ip`) VALUES('', '".mysql_real_escape_string($row['username'])."', '".$random_key."', '".$_SERVER['REMOTE_ADDR']."')") or die('Database error: ' .mysql_error());

$subject = 'Password Recovery';
$header = 'TopGameHQ';
$message = 'Dear '.$row['username'].', \r\n\r\n Here is the Password Recovery that you have requested. Please click this link to comfirme your Email Address: http://topgamehq.com/site/change_pass.php?id='.$row['id'].'&amp;key='.$random_key.'';

mail($_POST['email'], $subject, $message, $header);


}

else
{
$error = 'This Email does not exist in our Database.';
}
}
else
{
$error = 'Please fill in your Email Address';
}

}
?>

Iszak
01-14-2008, 03:06 AM
It means that the SQL ("SELECT * FROM table WHERE condition='this'") is incorrect and this may be because you're request a field that doesn't exist, or you didn't escape the name of a field I found on some cases that SQL commands like TO and FROM say in a messaging system has to be escaped because FROM is a command in the SQL manual.

Jon W
01-14-2008, 03:14 AM
I do not believe that is the case this time though. Heres my fields that are in my Database:

CREATE TABLE `users` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(255) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
`temp_pass` varchar(55) default NULL,
`temp_pass_active` tinyint(1) default NULL,
`email` varchar(255) NOT NULL default '',
`active` int(11) default NULL,
`level_access` int(11) default NULL,
`random_key` varchar(32) default NULL,
`firstname` varchar(255) default NULL,
`lastname` varchar(255) default NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=64 DEFAULT CHARSET=latin1;


And my query was:




$query = mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error());




Any other ideas?

tomws
01-14-2008, 04:23 AM
And my query was:




$query = mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error());




Any other ideas?


You have a right paren hanging around in your query. Replace the dot-splice to reveal it...



$query = mysql_query("SELECT email, username, id FROM users WHERE email = 'address@example.com')") or die('Database error: ' .mysql_error());


See it after the address? The error messages are sometimes not too helpful, but this one gives a hint to look for a right paren. I use the query log to help me track down goofy errors like this in my queries.

Jon W
01-14-2008, 04:25 AM
How am I suppose to use the mysql_real_escape_string then?

Jon W
01-14-2008, 04:32 AM
Ahh... I've got it figured out.




$email = mysql_real_escape_string($_POST['email']);

$query = mysql_query("SELECT id, username, email FROM users WHERE email = '$email'") or die('Database error: ' .mysql_error());




Thanks for your help guys!
Jon W

tomws
01-14-2008, 04:33 AM
How am I suppose to use the mysql_real_escape_string then?

Sorry. I didn't explain what I was saying well enough, I guess. To find why you have the error, replace this dot-splice code...

".mysql_real_escape_string($_POST['email'])." with an actual email address to see the extra paren at the end.

You'll notice that the function paren is still within the code above, but there's still a right paren as actual text in the query. Mysql is receiving this query:

SELECT email, username, id FROM users WHERE email = 'address@example.com')

Notice the paren dangling on the end. That's in your code after the dot-splice between a single quote and a double quote.

StupidRalph
01-14-2008, 05:18 AM
If you were to store your SQL statement in a variable you could echo it out whenever the script dies.



$sql = 'SELECT * FROM table';
mysql_query($sql) or die('Database error: ' .mysql_error() . 'SQL: ' . $sql);

Jon W
01-14-2008, 05:51 AM
Thanks for your help guys once again.

Jon W



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum