Discuss Having Trouble with my_sql_query in the PHP Development forum on Dev Shed. Having Trouble with my_sql_query PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
SET Balance = Balance - $Amount WHERE ID = '$SourceAccount'") OR die("Database query failed1: " . mysql_error());
SET Balance = Balance+$Amount WHERE ID = '$TargetAccount'"); //OR die("Database query failed2: " . mysql_error());
mysql_query("INSERT INTO 'transactions' ('AccountID','Type','Debit','Credit','Description','Memo')
VALUES ('$TargetAccount', 'Depoist', 0, $Amount, 'Online Deposit', '$Memo')") OR die("Database query failed3: " . mysql_error());
echo("<a href='StudentPage.php'>Back To Home</a>");
Also! I entered the following code into the mysql terminal
INSERT INTO 'transactions ('AccountID','Type','Debit','Credit','Description','Memo') VALUES ('1','Deposit','0','50','Online Deposit','Test');
And it returned with:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''transactions' ('AccountID','Type','Debit','Credit','Description','Memo')
INSERT' at line 1
Time spent in forums: 33 m 50 sec
Reputation Power: 0
I apologize for my late reply. I have removed all the quotes. now the first query runs fine. the second query does not return with an error but it does not update the database either. the third query returns with
Database query failed3: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Deposit, 'test')' at line 2
Time spent in forums: 1 Year 4 Months 1 Week 3 Days 11 h 45 m 38 sec
Reputation Power: 590
In the case of your 3rd query, you still have some problems with quotes. As a general rule you should enclose strings in single quotes while numbers do not need to be (requinix has already alluded to that).
mysql_query("INSERT INTO transactions (AccountID,Type,Debit,Credit,Description,Memo)
VALUES ($TargetAccount, 'Deposit', 0, $Amount, 'Online Deposit', '".$Memo."')") OR die("Database query failed3: " . mysql_error());
Note that I am guessing what is a string with respect to your variables. Use the above as an example and adjust for strings on your own.
As for your 2nd query, it is bad programming practice to pass literal strings to the query. Rather you should build the query into a string variable then you can echo exactly what is being passed to the query. For debugging purposes, you can then copy and paste that string into a MySQL command line to see if it produces what you expect and modify it from there.
That having been said you are playing with fire here. I don't know why no one has warned you yet but you are wide open to injection. First you should not be using the depreciated MySQL extensions, I recommend you change to PDO and prepared statements. However, if you ignore that advice, at least run your queries through 'mysql_real_escape_string'.
There are 10 kinds of people in the world. Those that understand binary and those that don't.
Last edited by gw1500se : November 5th, 2012 at 01:18 PM.