Jump to content
MakeWebGames

Support Needed


dementor

Recommended Posts

I decided today to make a script for voting on my site

 

<?php
session_start();
include "mysql.php";
include "global_func.php";
global $c;
$is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error());
$ir=mysql_fetch_array($is);
check_level();
$user=$_POST['userid'];
$q=mysql_query("SELECT * FROM votes WHERE userid='$user' AND list='toprpg'",$c);
if(mysql_num_rows($q))
{
event_add($_POST['userid'],"You voted today already.",$c);
}
else
{
event_add($_POST['userid'],"Well done for voting keep it up.",$c);
   mysql_query("UPDATE users SET crystals=crystals+1 WHERE userid='$user'");
   mysql_query("INSERT INTO votes values ('$user','toprpg')",$c);
}
?> 

 

That is what I come up with and I get the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Im clueless where that error is comeing from do you ?

Link to comment
Share on other sites

Guest Anonymous

Re: Support Needed

mysql_query("INSERT INTO votes values ('$user','toprpg')",$c); ......

mysql_query("INSERT INTO votes (column, column) VALUES('$user, '$toprpg' )",$c);

replace "column" to the database structure columns.

Link to comment
Share on other sites

Re: Support Needed

For some reason the variable $user is empty, thus the query error.

MySQL, in this case, cannot update the column with the null value, so the error occurs.

 

$user=$_POST['userid'];

I'm hoping this is not direct input from a user, that is then used in a query desensitized.

My guess here is that your meaning for this was to just use the current "userid", if so then use the below.

$user = $ir['userid'];

 

If it isn't you intention, first sanitize the input variable, and also check if the POST array contains any value at the key "userid".

This can be done by using an debugging function, you can place it near where the input variable is used.

var_dump($_POST);
Link to comment
Share on other sites

Re: Support Needed

lol Spudinski, you're spot on with that.

Somehow I doubt that dementor is capable of carrying out your advice as is evidenced by his complete lack of debugging skills.

He can't even tell us which query error is in.

Good luck with it bro ;)

My advice is to study really hard.

Link to comment
Share on other sites

Re: Support Needed

 

The error is not in one of the queries just in the event add

The event_add() function uses a query to insert a record into the database, and you are using the same variable for all the queries.

They all *will* output the same error, for the reason I have supplied earlier.

I have given you advice on how to solve this problem, now it's time you help yourself.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...