Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9

Thread: Database error

  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Database error

    I've seem to be getting a mysql_error saying: Database error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1.

    -------

    I'm not to sure what that means, and I was wondering if you guys could help me out. This PHP script is meant for a Password Recovery system, (i.e forgot password). So how it works is that the User is suppose to type in his/hers email address and when the user types his/her Email address, then the script is suppose to check the table users to see if there is a email that matchs the email that was typed inside of the input. If it does, then its suppose to insert the info that was typed in the input, the random_key (That will be used to verify the persons email address) and the IP. And then send a email out with the info that I want to be displayed in the email and then the link of course that will lead to the next page that will check and see if the random key is the same key that is in the database, if so, then bring up a field that the User then an UPDATE his/hers Password to his/hers likings.

    PHP Code:
      <?php
      
      $random_key 
    md5(uniqid(rand(), true));
      
      if(isset(
    $_POST['submit']))
      
      {
      
      if(
    $_POST['email'] !='')
      
      {
      
      include(
    "db.php");
      
      
    $query mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error());
      
      
    $row mysql_fetch_assoc($query);
      
      if(
    $row['email'] == $_POST['email'])
      
      {
      
      
    $sql mysql_query("INSERT INTO recovery (`id`, `username`, `random_key`, `ip`) VALUES('', '".mysql_real_escape_string($row['username'])."', '".$random_key."', '".$_SERVER['REMOTE_ADDR']."')") or die('Database error: ' .mysql_error());
      
      
    $subject 'Password Recovery';
      
    $header 'TopGameHQ';
      
    $message 'Dear '.$row['username'].', \r\n\r\n Here is the Password Recovery that you have requested. Please click this link to comfirme your Email Address: http://topgamehq.com/site/change_pass.php?id='.$row['id'].'&amp;key='.$random_key.'';
      
      
    mail($_POST['email'], $subject$message$header);
      
      
      }
      
      else
      {
      
    $error 'This Email does not exist in our Database.';
      }
      }
      else
      {
      
    $error 'Please fill in your Email Address';
      }
      
      }
      
    ?>

  • #2
    Regular Coder Iszak's Avatar
    Join Date
    Jun 2007
    Location
    Perth, Western Australia
    Posts
    332
    Thanks
    2
    Thanked 58 Times in 57 Posts
    It means that the SQL ("SELECT * FROM table WHERE condition='this'") is incorrect and this may be because you're request a field that doesn't exist, or you didn't escape the name of a field I found on some cases that SQL commands like TO and FROM say in a messaging system has to be escaped because FROM is a command in the SQL manual.

  • #3
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    I do not believe that is the case this time though. Heres my fields that are in my Database:

    CREATE TABLE `users` (
    `id` int(11) NOT NULL auto_increment,
    `username` varchar(255) NOT NULL default '',
    `password` varchar(255) NOT NULL default '',
    `temp_pass` varchar(55) default NULL,
    `temp_pass_active` tinyint(1) default NULL,
    `email` varchar(255) NOT NULL default '',
    `active` int(11) default NULL,
    `level_access` int(11) default NULL,
    `random_key` varchar(32) default NULL,
    `firstname` varchar(255) default NULL,
    `lastname` varchar(255) default NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM AUTO_INCREMENT=64 DEFAULT CHARSET=latin1;


    And my query was:

    PHP Code:

    $query 
    mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error()); 

    Any other ideas?

  • #4
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by Jon W View Post
    And my query was:

    PHP Code:

    $query 
    mysql_query("SELECT email, username, id FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."')") or die('Database error: ' .mysql_error()); 

    Any other ideas?

    You have a right paren hanging around in your query. Replace the dot-splice to reveal it...

    PHP Code:
    $query mysql_query("SELECT email, username, id FROM users WHERE email = 'address@example.com')") or die('Database error: ' .mysql_error()); 
    See it after the address? The error messages are sometimes not too helpful, but this one gives a hint to look for a right paren. I use the query log to help me track down goofy errors like this in my queries.

  • #5
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    How am I suppose to use the mysql_real_escape_string then?

  • #6
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Ahh... I've got it figured out.

    PHP Code:

    $email 
    mysql_real_escape_string($_POST['email']);

    $query mysql_query("SELECT id, username, email FROM users WHERE email = '$email'") or die('Database error: ' .mysql_error()); 

    Thanks for your help guys!
    Jon W

  • #7
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by Jon W View Post
    How am I suppose to use the mysql_real_escape_string then?
    Sorry. I didn't explain what I was saying well enough, I guess. To find why you have the error, replace this dot-splice code...
    PHP Code:
    ".mysql_real_escape_string($_POST['email'])." 
    with an actual email address to see the extra paren at the end.

    You'll notice that the function paren is still within the code above, but there's still a right paren as actual text in the query. Mysql is receiving this query:
    Code:
    SELECT email, username, id FROM users WHERE email = 'address@example.com')
    Notice the paren dangling on the end. That's in your code after the dot-splice between a single quote and a double quote.

  • #8
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    If you were to store your SQL statement in a variable you could echo it out whenever the script dies.

    PHP Code:
    $sql 'SELECT * FROM table';
    mysql_query($sql) or die('Database error: ' .mysql_error() . 'SQL: ' $sql); 
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • Users who have thanked StupidRalph for this post:

    Jon W (01-14-2008)

  • #9
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thanks for your help guys once again.

    Jon W


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •