LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-10-2011, 09:04 PM   #1
cflores59
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Rep: Reputation: 0
Question newbie needs coding help--either parsing err or invalid $END


Trying simply to insert into table. Have succeeded in doing this but now want to correct user use of invalid characters. If I'm understanding correctly, Real-escape-string seems to correct these, so I've been trying to figure out how to use it. A short, test code version gives me a syntax error at INSERT VALUES, which--because it still has the single quotes in the text--tells me the real-escape-string didn't work. The code below gives me a parseing error with invalid $END at </body>. Any help appreciated!!!!!!!!!!!!!

-------------------
Insert Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' VALUES (UTC_TIMESTAMP,'What's happen' bra?')' at line 1
-------------------
Parse error: syntax error, unexpected $end in /home/powere15/public_html/DB/exercises_insert_record.php on line 94
--------------------------

<html><head><title>Exercise Catalog Insert Record</title></head>
<body>


<?
/* Change db and connect values if using online */

/* Change db and connect values if using online */

$ExerciseName=$_POST['ExerciseName'];
$ExercisePhoto1=$_POST['ExercisePhoto1'];
$ExercisePhoto2=$_POST['ExercisePhoto2'];
$Position=$_POST['Position'];
$TargetMuscles=$_POST['TargetMuscles'];
$Instructions1=$_POST['Instructions1'];
$Instructions2=$_POST['Instructions2'];
$Instructions3=$_POST['Instructions3'];
$Issues1=$_POST['Issues1'];
$Issues2=$_POST['Issues2'];
$Issues3=$_POST['Issues3'];
$db="powere15_Performax";
$link = mysql_connect('localhost', 'powere15', 'gotperformax');
if (! $link)
die(mysql_error());
mysql_select_db($db , $link) or die("Select Error: ".mysql_error());

// Query
$query = sprintf("SELECT * FROM users WHERE ExerciseName='%s' AND ExercisePhoto1='%s'
AND ExercisePhoto1='%s'
AND ExercisePhoto2='%s'
AND Position='%s'
AND TargetMuscles='%s'
AND Instructions1='%s'
AND Instructions2='%s'
AND Instructions3='%s'
AND Issues1='%s'
AND Issues2='%s'
AND Issues3='%s'",

mysql_real_escape_string($ExerciseName),
mysql_real_escape_string($ExercisePhoto1),
mysql_real_escape_string($ExercisePhoto2),
mysql_real_escape_string($Position),
mysql_real_escape_string($TargetMuscles),
mysql_real_escape_string($Instructions1),
mysql_real_escape_string($Instructions2),
mysql_real_escape_string($Instructions3),
mysql_real_escape_string($Issues1),
mysql_real_escape_string($Issues2),
mysql_real_escape_string($Issues3));

// Perform Query
$result = mysql_query($query);

// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);

$result=mysql_query("INSERT INTO ExerciseCatalog (ExerciseID, ExerciseName, ExercisePhoto1, ExercisePhoto2, Position, TargetMuscles, Instructions1, Instructions2, Instructions3, Issues1, Issues2, Issues3), VALUES (
UTC_TIMESTAMP,
'$ExerciseName',
'$ExercisePhoto1',
'$ExercisePhoto2',
'$Position',
'$TargetMuscles',
'$Instructions1',
'$Instructions2',
'$Instructions3',
'$Issues1',
'$Issues2',
'$Issues3')")

or die("Insert Error: ".mysql_error());

mysql_close($link);
print "Record added";
// Free the resources associated with the result set
// This is done automatically at the end of the script
mysql_free_result($result);
?>

<form method="POST" action="exercises_insert_form.html">
<input type="submit" value="Insert Another Record">
</form>
<br>

<form method="POST" action="exercises_dbase_interface.php">
<input type="submit" value="Dbase Interface">
</form>
</body>
</html>
 
Old 02-15-2011, 10:16 PM   #2
rdgreenlaw
Member
 
Registered: May 2007
Distribution: Ubuntu 14.04 LTS
Posts: 62

Rep: Reputation: 17
Try making the change noted below
Quote:
Originally Posted by cflores59 View Post
// Query
$query = sprintf("SELECT * FROM users WHERE ExerciseName='%s' AND ExercisePhoto1='%s'
AND ExercisePhoto1='%s'
AND ExercisePhoto2='%s'
AND Position='%s'
AND TargetMuscles='%s'
AND Instructions1='%s'
AND Instructions2='%s'
AND Instructions3='%s'
AND Issues1='%s'
AND Issues2='%s'
AND Issues3='%s'",

mysql_real_escape_string($ExerciseName),
mysql_real_escape_string($ExercisePhoto1),
mysql_real_escape_string($ExercisePhoto2),
mysql_real_escape_string($Position),
mysql_real_escape_string($TargetMuscles),
mysql_real_escape_string($Instructions1),
mysql_real_escape_string($Instructions2),
mysql_real_escape_string($Instructions3),
mysql_real_escape_string($Issues1),
mysql_real_escape_string($Issues2),
mysql_real_escape_string($Issues3));

echo "$query";
Adding the echo statement immediately following the assignment of values, and before executing the query will display the query to be executed somewhere on your web page. Check the format of the query to confirm that it is what you intended it to be. In particular note that fields containing spaces or special characters must be enclosed in quotes for sql to process them correctly.

Roger
 
Old 02-16-2011, 01:38 PM   #3
cflores59
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks Roger, I'll give it a try.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
invalid compressed format (err 1) oxman Fedora - Installation 4 05-04-2007 04:18 PM
Invalid Compressed Format (err=1) OpenCircuit Slackware 1 12-11-2005 02:31 PM
invalid compressed format (err=1) kl365 Slackware 1 06-28-2004 12:14 PM
invalid compressed format (err=2) mikeyjoon Linux - Software 1 08-20-2003 08:17 PM
invalid compressed format (err=1) shameless Linux - General 1 08-16-2003 12:15 PM


All times are GMT -5. The time now is 09:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration