keyboard
02-09-2005, 12:34 AM
I get this message:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
This is the script DW generates:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE cd SET cd_name=%s WHERE cd_pk=%s",
GetSQLValueString($_POST['cd_name'], "text"),
GetSQLValueString($_POST['cd_pk'], "int"));
mysql_select_db($database_Apress_pdav, $Apress_pdav);
$Result1 = mysql_query($updateSQL, $Apress_pdav) or die(mysql_error());
$updateGoTo = "artist.php?artist=".$_POST['artist']."";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
if ((isset($_POST['cd_pk'])) && ($_POST['cd_pk'] != "")) {
$deleteSQL = sprintf("DELETE FROM cd WHERE cd_pk=%s",
GetSQLValueString($_POST['cd_pk'], "int"));
mysql_select_db($database_Apress_pdav, $Apress_pdav);
$Result1 = mysql_query($deleteSQL, $Apress_pdav) or die(mysql_error());
$deleteGoTo = "artist.php?artist=".$_POST['artist']."";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
$colname_rstCD = "1";
if (isset($_GET['cd'])) {
$colname_rstCD = (get_magic_quotes_gpc()) ? $_GET['cd'] : addslashes($_GET['cd']);
}
mysql_select_db($database_Apress_pdav, $Apress_pdav);
$query_rstCD = sprintf("SELECT artist.artist_pk, artist.artist_name, cd.cd_pk, cd.cd_name FROM cd, artist WHERE cd_pk = %s AND cd.cd_artist = artist.artist_pk ", $colname_rstCD);
$rstCD = mysql_query($query_rstCD, $Apress_pdav) or die(mysql_error());
$row_rstCD = mysql_fetch_assoc($rstCD);
$totalRows_rstCD = mysql_num_rows($rstCD);
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
This is the script DW generates:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE cd SET cd_name=%s WHERE cd_pk=%s",
GetSQLValueString($_POST['cd_name'], "text"),
GetSQLValueString($_POST['cd_pk'], "int"));
mysql_select_db($database_Apress_pdav, $Apress_pdav);
$Result1 = mysql_query($updateSQL, $Apress_pdav) or die(mysql_error());
$updateGoTo = "artist.php?artist=".$_POST['artist']."";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
if ((isset($_POST['cd_pk'])) && ($_POST['cd_pk'] != "")) {
$deleteSQL = sprintf("DELETE FROM cd WHERE cd_pk=%s",
GetSQLValueString($_POST['cd_pk'], "int"));
mysql_select_db($database_Apress_pdav, $Apress_pdav);
$Result1 = mysql_query($deleteSQL, $Apress_pdav) or die(mysql_error());
$deleteGoTo = "artist.php?artist=".$_POST['artist']."";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
$colname_rstCD = "1";
if (isset($_GET['cd'])) {
$colname_rstCD = (get_magic_quotes_gpc()) ? $_GET['cd'] : addslashes($_GET['cd']);
}
mysql_select_db($database_Apress_pdav, $Apress_pdav);
$query_rstCD = sprintf("SELECT artist.artist_pk, artist.artist_name, cd.cd_pk, cd.cd_name FROM cd, artist WHERE cd_pk = %s AND cd.cd_artist = artist.artist_pk ", $colname_rstCD);
$rstCD = mysql_query($query_rstCD, $Apress_pdav) or die(mysql_error());
$row_rstCD = mysql_fetch_assoc($rstCD);
$totalRows_rstCD = mysql_num_rows($rstCD);