Syntax error for search db

jmdweb · March 5, 2008, 10:55am

ello you beautiful people :lol:

I have been converting an old script, and having a couple of problems in doing so -

Its a surname database, people search for a surname etc and brings a list of people for the searched name, the script is displaying the list correctly and showing peoples information when clicked correctly, the problem lies when I click on to next results (page numbers)

I click on another page of results and I get this sql error -

SQL Error Occurred : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '20' at line 1

http://www.site.org/search/result.php?where=lcase(surname)%20like%20'smith'%20&startLimit=160&limitPerPage=20&sortby=

I have viewed the coresponding page and cant see the problem - here is the page code;

[code]

Family History: Surname DATABASE - SUMMARY SEARCH RESULTS

”);
$cntnumber = mysql_num_rows($cntresult);

$queryall = $cntquery.$sorted.$querylimit;
//echo $queryall . “

”;
$resultall = mysql_query($queryall) or die("

”);
$numberall = mysql_num_rows($resultall);
?>

DATABASE - SUMMARY SEARCH RESULTS

<?php include("common/datacon.php");

$limitPerPage = 20; //Results per page
$cut_off = 10; //Number of pages displayed at once
if (!isset($_REQUEST[‘startLimit’])) $startLimit = 0; //Don’t change!

$querylimit = " limit $startLimit,$limitPerPage ";
$nextStartLimit = $startLimit + $limitPerPage;
$previousStartLimit = $startLimit - $limitPerPage;

$sorted = " order by old_c_code,event_plac,year1,month1,day1,no_of_reco";

if (!isset($_REQUEST[‘where’]))
{
$surname = $_REQUEST[‘surname’];
$surname = str_replace("", “%”, $surname);
$forenames = $_REQUEST[‘forenames’];
$forenames = str_replace("", “%”, $forenames);
$no_of_reco = $_REQUEST[‘no_of_reco’];
$old_c_code = $_REQUEST[‘old_c_code’];
$old_c_code = str_replace("", “%”, $old_c_code);
$day1 = $_REQUEST[‘day1’];
$month1 = $_REQUEST[‘month1’];
$year1 = $_REQUEST[‘year1’];
$event_type = $_REQUEST[‘event_type’];
$event_plac = $_REQUEST[‘event_plac’];
$event_plac = str_replace("", “%”, $event_plac);
$surname_fa = $_REQUEST[‘surname_fa’];
$surname_fa = str_replace("", “%”, $surname_fa);
$forename_f = $_REQUEST[‘forename_f’];
$forename_f = str_replace("", “%”, $forename_f);
$surname_mo = $_REQUEST[‘surname_mo’];
$surname_mo = str_replace("", “%”, $surname_mo);
$forename_m = $_REQUEST[‘forename_m’];
$forename_m = str_replace("", “%”, $forename_m);
$surname_sp = $_REQUEST[‘surname_sp’];
$surname_sp = str_replace("", “%”, $surname_sp);
$forename_s = $_REQUEST[‘forename_s’];
$forename_s = str_replace("", “%”, $forename_s);
$date_enter = $_REQUEST[‘date_enter’];
$notes = $_REQUEST[‘notes’];
$notes = str_replace("*", “%”, $notes);

if (($surname=="") && ($forenames=="") && ($no_of_reco=="") && ($old_c_code=="") && ($day1=="") && ($year1=="") && ($month1=="") && ($event_type=="") && ($event_plac=="") && ($surname_fa=="") && ($forename_f=="") && ($surname_mo=="") && ($forename_m=="") && ($surname_sp=="") && ($forename_s=="") && ($date_enter=="") && ($notes=="") && ($oldcode==""))
{
	echo "<tr><td class='box'>At least one search term must be selected! <a href='javascript:history.back()'>Go back</a> and enter a search term.</td></tr>";
	exit;
}

if ($surname!=="")
{
	$surname = strtolower($surname);
	$where = "lcase(surname) like '$surname' ";
}
else
{
	$where = "surname like '%%' ";
}		

if ($forenames!=="")
{
	$forenames = strtolower($forenames);
	$where = $where . "and lcase(forenames) like '$forenames' ";
}

if ($year1!=="")
{
	switch ($yearrange) {
		case 0:
			$where = $where . "and year1 like '$year1' ";
			break;
		case 2:
		case 5:
		case 10:
		case 20:
			$yearl = $year1-$yearrange;
			$yearm = $year1+$yearrange;
			$where = $where . "and year1 between $yearl and $yearm ";
			break;
	}
}

if ($month1!=="")
{
	$where = $where . "and month1 like '$month1' ";
}

if ($day1!=="")
{
	$where = $where . "and day1 like '$day1' ";
}
	
if ($event_type!=="")
{
	$event_type = strtolower($event_type);
	$where = $where . "and lcase(event_type) like '$event_type' ";
}
	
if ($event_plac!=="")
{
	$event_plac = strtolower($event_plac);
	$where = $where . "and lcase(event_plac) like '$event_plac' ";
}

if ($surname_fa!=="")
{
	$surname_fa = strtolower($surname_fa);
	$where = "lcase(surname_fa) like '$surname_fa' ";
}

if ($forename_f!=="")
{
	$forename_f = strtolower($forename_f);
	$where = $where . "and lcase(forename_f) like '$forename_f' ";
}

if ($surname_mo!=="")
{
	$surname_mo = strtolower($surname_mo);
	$where = "lcase(surname_mo) like '$surname_mo' ";
}

if ($forename_m!=="")
{
	$forename_m = strtolower($forename_m);
	$where = $where . "and lcase(forename_m) like '$forename_m' ";
}

if ($surname_sp!=="")
{
	$surname_sp = strtolower($surname_sp);
	$where = "lcase(surname_sp) like '$surname_sp' ";
}

if ($forename_s!=="")
{
	$forename_s = strtolower($forename_s);
	$where = $where . "and lcase(forename_s) like '$forename_s' ";
}

if ($no_of_reco==!"")
{
	$where = $where . "and no_of_reco like '$no_of_reco'";
}

if ($date_enter!=="")
{
	switch ($daterange) {
		case "Exact":
			$where = $where . "and date_enter = '$date_enter' ";
			break;
		case "Before":
			$where = $where . "and date_enter between '0000-00-00' and '$date_enter' ";
			break;
		case "After":
			$today = date("Y-m-d");
			$where = $where . "and date_enter between '$date_enter' and '$today' ";
			break;
	}
}

if ($notes==!"")
{
	$notes = strtolower($notes);
	$where = $where . "and lcase(notes) like '$notes' ";
}

if ($old_c_code==!"")
{
	$old_c_code = strtolower($old_c_code);
	$where = $where . "and lcase(old_c_code) like '$old_c_code'";
}

}
else
{
$where = stripslashes($_REQUEST[‘where’]);
}

$cntquery = “select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac,old_c_code from tyrrell_main where $where”;
//echo $cntquery . “

”;
$cntresult = mysql_query($cntquery) or die("

SQL Error Occurred : " . mysql_error() . “

<?php if ($numberall == 0) { echo ""; } else if ($numberall > 0) { $x = 0;

while ($x < $numberall)
{
    if (($x%2) == 0) { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#C0C0C0"; }
	?>
		<tr>
			<td colspan="9" valign="top">
				<hr width="750">
			</td>
		</tr>
		<tr height="25">
			<?php $old_c_code1 = mysql_result($resultall,$x,"old_c_code"); ?>
			<td valign="top" height="25" class="box"><?php echo $old_c_code1; ?></td>
			<?php $event_plac1 = mysql_result($resultall,$x,"event_plac"); ?>
			<td valign="top" height="25" class="box"><?php echo $event_plac1; ?></td>
			<?php $day1a = mysql_result($resultall,$x,"day1"); ?>
			<td valign="top" height="25" class="box"><?php echo $day1a; ?></td>
			<?php $month1a = mysql_result($resultall,$x,"month1"); ?>
			<td valign="top" height="25" class="box"><?php echo $month1a; ?></td>
			<?php $year1a = mysql_result($resultall,$x,"year1"); ?>
			<td valign="top" height="25" class="box"><?php echo $year1a; ?></td>
			<?php $surname1 = mysql_result($resultall,$x,"surname"); ?>
			<td valign="top" height="25" class="box"><?php echo $surname1; ?></td>
			<?php $forenames1 = mysql_result($resultall,$x,"forenames"); ?>
			<td valign="top" height="25" class="box"><?php echo $forenames1; ?></td>
			<?php $event_type1 = mysql_result($resultall,$x,"event_type"); ?>
			<td valign="top" height="25" class="box"><?php echo $event_type1; ?></td>
			<?php $no_of_reco1 = mysql_result($resultall,$x,"no_of_reco"); ?>
			<td valign="top" height="25" class="box"><?php echo $no_of_reco1; ?></td>
			<td valign="top" class="box">
				<form name="detail" method="post" action="tyrrellfull.php">
					<input type="hidden" name="no_of_reco" value="<?php echo $no_of_reco1; ?>">
					<input type="submit" name="submit" value="Full">
				</form>
			</td>
		</tr>
		</tr><?php
    $x++;
} // end while

function pagination($page_count,$num,$start,$PHP_SELF,$cut_off,$sortby,$where)
{
	$newnum = $num / $page_count;
	$newnum = ceil($newnum);
	if(!isset($page))$page = 1;

	if($newnum >= 2)
	{
		echo "<table border="0" cellpadding="0" cellspacing="0" align="center">
		<tr>
		<td style="border: 1px solid #999999; font-family: Verdana; font-size: 11px;" nowrap>";

		if(isset($start) && $start != 0)
		{
			$new_start = $start - $page_count;
			echo "« <a href="$PHP_SELF?where=$where&startLimit=$new_start&limitPerPage=$page_count&sortby=$sortby">back</a> ";
		}
		else
		{
			echo "« back ";
		}

		$total_pages = $newnum;
		if($newnum > $cut_off) $newnum = $cut_off;

		$cur_page = ($start + $page_count) / $page_count;

		if($cur_page > $cut_off) $page = $cur_page - $cut_off + 1;

		if($cur_page > $cut_off)
		{
			$start_page = $page * $page_count - $page_count;
		}
		else
		{
			$start_page = 0;
		}

		for($i=0; $i<$newnum;$i++)
		{
			if($start == ($page * $page_count) - $page_count)
			{
				echo "<b>$page</b> ";
			}
			else
			{
				echo "<a href="$PHP_SELF?where=$where&startLimit=$start_page&limitPerPage=$page_count&sortby=$sortby">$page</a> ";
			}
			$page++;
			$start_page = $start_page + $page_count;
		}

		$new_start = $start + $page_count;
		if ($newnum >= 2 && $cur_page < $newnum && $cur_page <= $total_pages)
		{
			echo " <a href="$PHP_SELF?where=$where&startLimit=$new_start&limitPerPage=$page_count&sortby=$sortby">next</a> »";
		}
		elseif($cur_page >= $total_pages)
		{
			echo " next »";
		}
		else
		{
			echo " <a href="$PHP_SELF?where=$where&startLimit=$new_start&limitPerPage=$page_count&sortby=$sortby">next</a> »";
		}

		echo "</td>
		</tr>
		</table>
		<br><div align="center" style="font-family: Verdana; font-size: 11px;">Page $cur_page of $total_pages<div>";
	}//if any results at top
}//function

echo "<tr><td colspan="13" align='center'>";
pagination($limitPerPage,$cntnumber,$startLimit,$PHP_SELF,$cut_off,$sortby,$where);
echo "</td></tr></table></center>";

} // end if numberall > 0
?>

C. Code	Event Place	Date	Surname	Forename	Event Type	R. No.
No Records Found !

<< BACK TO SEARCH SCREEN

[/code]

Zyppora · March 5, 2008, 11:55am

What’s the full SQL query?

jmdweb · March 5, 2008, 12:27pm

how would I do that please?

jmdweb · March 5, 2008, 12:33pm

sorry Im being dippy, the query is -

There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem

ERROR: Unknown Punctuation String @ 206
STR: </

jmdweb · March 5, 2008, 12:41pm

Error

SQL query:

$limitPerPage =20;

MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$limitPerPage = 20' at line 1

Zyppora · March 5, 2008, 2:45pm

I’m talking about the SQL query that’s being run, i.e. “SELECT * FROM table WHERE where_clause”. I need to know EXACTLY what the query looks like in order to determine what the issue is.

EDIT:
I’m thinking you didn’t write this code yourself. Am I right?

jmdweb · March 5, 2008, 3:20pm

Ok, if you can help, PM me, I have login details etc so you can see the problem for yourself.

I’m willing to pay a rate for the hour of yours time.

Thank you

kind regards,
Jonathan

andyd34 · March 5, 2008, 5:52pm

I can see a few errors in your query.

if ($month1!=="")
   {
      $where = $where . "and month1 like '$month1' ";
   }
   
   if ($day1!=="")
   {
      $where = $where . "and day1 like '$day1' ";
   }
      
   if ($event_type!=="")
   {
      $event_type = strtolower($event_type);
      $where = $where . "and lcase(event_type) like '$event_type' ";
   }

it seems to be all the if()

try

if (!$month1)
   {
      $where = $where . "and month1 like '$month1' ";
   }
   
   if (!$day1)
   {
      $where = $where . "and day1 like '$day1' ";
   }
      
   if (!$event_type)
   {
      $event_type = strtolower($event_type);
      $where = $where . "and lcase(event_type) like '$event_type' ";
   }

but not just on the ones i’ve highlighted, on them all

jmdweb · March 5, 2008, 6:50pm

Thank you for you help, I changed them all successfuly but till get the same error -

Ive tried to narrow it down, it seems like its the pagination function, which isnt working correctly, maybe its an old function?

I really need this up and running by today, if anyone can spare a hour or so…can contact me via MSN on jmd.hallam (AT) googlemail.com

Everything and anything is really appreciated…

Zyppora · March 6, 2008, 9:49am

We’re not here to meet deadlines or make a buck, we’re here to help fellow developers better understand the (quirks of the) PHP language.
I’ve asked for the entire SQL query, which you could have easily provided me by removing a simple set of comment slashes in your code. The code is basically already there. My signature gives a link to a debugging thread on this very forum which gives you plenty of tips and tricks, and should have at least given you the knowledge to give me the query I requested.

The reason Andy’s suggestion doesn’t solve your problem is because the if statements are syntactically correct, and construct a query that’s probably not the one messing up (this could have also been verified by removing said comment slashes and simply taking a peek at what exact query is being run, and where things go haywire). What I can see is that you’re taking $_GET data and inject it directly into your SQL query (which is unsafe by ANY definition of the word), and you get tangled up in the URL encoding of certain characters. However, that’s just guessing on my side, since I haven’t seen the query itself.

jmdweb · March 6, 2008, 10:46am

I have been very very polite and as I am needing a lil help (phphelp) I have come here,
I know you and others would not care if I met deadlines or not but the point is I am asking politely and not getting much back. If I knew exactly what to reply with etc I would of, a little bit of understanding and less arrogance would be very nice to see.

Thank you.

peg110 · March 6, 2008, 12:50pm

If perhaps you can post the results of the echo $cntquery; that you have (currently commented in the code above) so that we can see the actual query.

The Error message indicates it’s a problem with the query. As was pointed out it looks that it could be in the where clause as well since it’s created by a bunch of “IF” statements. It maybe something as simple as forgetting a space, but until we see the ACTUAL Query that causes the error, it’s difficult to say and even more difficult for us to chug through all the IF statements.

jmdweb · March 6, 2008, 1:12pm

Ok, so what do you want me to do with it exaclty? paste “echo $cntquery;” into query window at mysql?

peg110 · March 6, 2008, 1:26pm

In the section of your code on the web page near the area of the following:

[code] else
{
$where = stripslashes($_REQUEST[‘where’]);
}

$cntquery  = "select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac,old_c_code from tyrrell_main where $where";
//echo $cntquery . "<p>";
$cntresult = mysql_query($cntquery) or die("<tr><td>SQL Error Occurred : " . mysql_error() . "</td></tr>");
$cntnumber = mysql_num_rows($cntresult);[/code]

Modify it so it’s like this:

In the section of your code on the web page near the area of the following:

[code] else
{
$where = stripslashes($_REQUEST[‘where’]);
}

$cntquery  = "select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac,old_c_code from tyrrell_main where $where";

///////////////////////////////////////////////////////////
// BELOW IS THE CHANGE.
///////////////////////////////////////////////////////////
echo $cntquery . “

”; // Uncommented this line
die(); // Added this line to halt execution of the script
///////////////////////////////////////////////////////////
// ABOVE IS THE CHANGE.
///////////////////////////////////////////////////////////

$cntresult = mysql_query($cntquery) or die("<tr><td>SQL Error Occurred : " . mysql_error() . "</td></tr>");
$cntnumber = mysql_num_rows($cntresult);[/code]

Then Run the script that gets the error. You can then copy the actual outputted query that’s on the web page. It should be the last thing viewed on the page.

Paste that result in here for us to see.

It’s the actual query that gets sent to mysql that we need to see. It should look something like:
select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac … but there would/should be more including the WHERE clause (which is where I think the problem might be.

jmdweb · March 6, 2008, 1:39pm

right, thank you so much for your time Peg,

this is what the page produced -



select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac,old_c_code from tyrrell_main where lcase(surname_sp) like '' and lcase(forename_s) like '' and no_of_reco like ''and lcase(notes) like '' and lcase(old_c_code) like ''

then the code I got from the siteI ran it through mysql query window and got this result -


MySQL returned an empty result set (i.e. zero rows). (Query took 0.0880 sec)


SQL query:
SELECT no_of_reco, surname, forenames, day1, year1, month1, event_type, event_plac, old_c_code
FROM tyrrell_main
WHERE lcase( surname_sp ) LIKE ''
AND lcase( forename_s ) LIKE ''
AND no_of_reco LIKE ''
AND lcase( notes ) LIKE ''
AND lcase( old_c_code ) LIKE ''
LIMIT 0 , 30

peg110 · March 6, 2008, 6:54pm

First of all why are you lcaseing all the field names. Especially since they are already lowercase.
Next, did you notice that your entire where clause shows that you want the records where surname_sp, forename_s, no_of_rec, notes, and old_c_code are all blank?
Is this what you intended?
Are surname_sp, forename_s, no_of_rec, notes, and old_c_code even fields in the database?

Perhaps you meant for it to be more like:

SELECT no_of_reco, surname, forenames, day1, year1, month1, event_type, event_plac, old_c_code FROM tyrrell_main WHERE surname LIKE lcase( surname_sp ) AND forename LIKE lcase( forename_s ) AND no_of_reco LIKE '' AND notes LIKE lcase( notes ) AND old_c_code LIKE lcase( old_c_code ) LIMIT 0 , 30

Where the text that is RED is actually from variable data in your code.

Zyppora · March 7, 2008, 9:32am

There isn’t much for us to give back if you don’t give us the requested information. We’re not your personal debugger that you can demand to fix your code when something goes wrong there.

As a token of good will however, I took your code and slightly modified it to see what exactly it does. I took out the HTML and manually added the URL query string to run it in CLI, using error_reporting(E_ALL);. Here’s the output:

[code]Notice: Undefined variable: startLimit in C:Documents and Settings410670Applicationsphpruntest.php on line 12

Notice: Undefined variable: startLimit in C:Documents and Settings410670Applicationsphpruntest.php on line 13

Notice: Undefined variable: startLimit in C:Documents and Settings410670Applicationsphpruntest.php on line 14
select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac,old_c_code from tyrrell_main where lcase(surname) like ‘smith’

select no_of_reco,surname,forenames,day1,year1,month1,event_type,event_plac,old_c_code from tyrrell_main where lcase(surname) like ‘smith’ order by old_c_code,event_plac, year1, month1, day1, no_of_reco limit ,20[/code]

That’s exactly what I needed to know, to tell you what the problem is (and, to be completely honest, it was your job to give me this, as it’s really not too hard to produce, took me about 5 minutes, including making it CLI-ready, an extra action you don’t even have to do).

First of all: get rid of the notices. Apparently you’re not initializing the variable $startLimit. Go do that. Just give it a default value, but don’t leave it (conditionally) empty. The first query being run is fine. Doesn’t pose a problem. The second query uses $startLimit, which is undefined. Hence the ‘LIMIT ,20’ part, which is what the script is tripping over.

This also shows that my guess about the URL encoding messing it up was wrong, and clearly shows why providing the requested information is such an important factor in solving your problem.

error_reporting() ftw.