This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftGeneral
Micheal Pearce's profile picture

PHP troubles

Started by Micheal Pearce, 19 March 2014 - 01:55 AM
Micheal Pearce #1

Micheal Pearce's profile picture

89 posts

Location USA

Posted 19 March 2014 - 02:55 AM
i've been working on messaging program that could be used like on different servers and I've hit a problem in my php/mysql code that I have no idea how to fix can someone help?

it says there's an error in this line of code

mysqli_query($con,'INSERT INTO mail (checked,to,for,message,DATEADDED) VALUES ("no","'.$MessageInfo['to'].'","'.$MessageInfo['for'].'","'.$MessageInfo['message'].'","'.date("m/d/y").'")') or die(mysqli_error($con));

near


'to,for,message,DATEADDED) VALUES ("no","Yuri","Micheal","Hello There","03/19/14"'
Edited on 19 March 2014 - 01:56 AM
Lyqyd #2

Lyqyd's profile picture

8543 posts

Posted 19 March 2014 - 03:07 AM
Moved to General.
oeed #3

oeed's profile picture

2151 posts

Location Auckland, New Zealand

Posted 19 March 2014 - 07:08 AM
What's the error. If you want us to help you you've got to tell us what the problem is.
Nokiyen #4

Nokiyen's profile picture

51 posts

Location Japan

Posted 19 March 2014 - 08:04 AM
Hello!

I guess your error message is like "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ~~~~~~"

In this code, the problem is the field names of "to" and "for". In mysql syntax, "to" and "for" are so called "reserved words".
You can not use these reserved words directly in your mysql query.

So, in this situation, you shoud add " ` " just before and after each field name.
Like this.

mysqli_query($con,'INSERT INTO mail (checked,`to`,`for`,message,DATEADDED) ~~~

I hope this code work well.
theoriginalbit #5

theoriginalbit's profile picture

7508 posts

Location Australia

Posted 19 March 2014 - 08:46 AM
I'm going to also go ahead and add that you should look into protecting yourself against SQL Injection; look into things such as prepared statements!
Micheal Pearce #6

Micheal Pearce's profile picture

89 posts

Location USA

Posted 19 March 2014 - 10:35 AM
Nokiyen, on 19 March 2014 - 08:04 AM said:
Hello!

I guess your error message is like "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ~~~~~~"

In this code, the problem is the field names of "to" and "for". In mysql syntax, "to" and "for" are so called "reserved words".
You can not use these reserved words directly in your mysql query.

So, in this situation, you shoud add " ` " just before and after each field name.
Like this.

mysqli_query($con,'INSERT INTO mail (checked,`to`,`for`,message,DATEADDED) ~~~

I hope this code work well.

Yea that was my error and I'll test this out later and see if it work the code works thanks for your help!
Edited on 19 March 2014 - 09:44 AM
LayZee #7

LayZee's profile picture

15 posts

Posted 13 April 2014 - 11:14 PM
Really though, you should setup permissions correct and escape input data properly. All reserved words in MySQL: https://dev.mysql.com/doc/refman/5.6/en/reserved-words.html