Member Avatar for BrettOwnz

Hey guys..

I have been trying to debug this mysql statement for the past 2 hours.. here is the statement:

$sql1 = "SELECT * FROM cpmip WHERE adid='$a' and ip='$ip'";
$res1 = mysql_query($sql1) or die(mysql_error());

I just can't figure out why this won't work.. it throws the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM cpmip WHERE ip='127.0.0.1' and adid='6'' at line 1

Its really a vague error.. so i can't tell.. Anyone else know whats wrong??

Thanks in advance,
-Brett

  • 4 Contributors
  • 11 Replies
  • 132 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by BrettOwnz

Recommended Answers

All 11 Replies

Member Avatar for Will Gresham

Do you have more than one SQL query?
In an error, MySQL will echo the query, but in the error you posted the ip and adid values are swapped.

I can't see anything wrong with your code there.

Member Avatar for BrettOwnz

Yes, there are many queries in this particular file.. BUT none of them have the same syntax as this one.. This is the only line that has adid and ip in it. I have no clue why i am getting this error now.. its really annoying...


Does anyone see something wrong/know what can be happening???

Thanks for the suggestion!

Member Avatar for kvprajapati

>I have been trying to debug this mysql statement for the past 2 hours.. here is the statement:

$sql1 = "SELECT * FROM cpmip WHERE adid='$a' and ip='$ip'";
$res1 = mysql_query($sql1) or die(mysql_error());

> it throws the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM cpmip WHERE ip='127.0.0.1' and adid='6'' at line 1.

This error message is not belong to the select query you specified. Please post your complete code.

Member Avatar for BrettOwnz

After further investigation.. i looked at one of my functions and noticed it was actually in there.. however, this is still the same exact query except reversed... i don't see any errors with it.. do you??

$sql = "SELECT * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res = mysql_query($sql) or die(mysql_error());

Thanks in advance,
-Brett

Member Avatar for kvprajapati

Will you post your complete code?

Member Avatar for BrettOwnz

Ok.. here is the full function where this query occurs. Sorry for not wanting to post the whole thing, i just don't feel comfortable with that lol.. anyways heres the code.

function mcheckTime($ip,$a){
$myDb = new myDb;
$myDb->connect();
$sql = "SELECT * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
$myDb->close();

$time = time();

if($time >= $row['time']){

$myDb->connect();
$sql1 = "DELETE * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res1 = mysql_query($sql1) or die(mysql_error());
$myDb->close();

return true;
}elseif($time < $row['time']){

return false;
}}
Member Avatar for kvprajapati

Here is a problem:

$sql1 = "DELETE * FROM cpmip WHERE ip='$ip' and adid='$a'";

$sql1 = "DELETE  FROM cpmip WHERE ip='$ip' and adid='$a'";
Member Avatar for BrettOwnz

Thank you.. that fixed that problem!! Now i am just having one problem.. another syntax error i didn't notice. Here is the code for the few lines surrounding it and it is highlighted. Just the same check your syntax error.

if($num<1){
$time = time() + (1 * 24 * 60 * 60);
$sql2 = "INSERT INTO cpmip(adid,ip,time) VALUES('$a','$ip','$time')";
$res2 = mysql_query($sql2) or die(mysql_error());
if($row3['credits']<=0){
$sql3 = "UPDATE cpm SET credits=0, active=0 WHERE id='$a'";
$res3 = mysql_query($sql3) or die(mysql_error());
}else{
$sql4 = "UPDATE cpm SET views=views+1, credits=credits-1 WHERE id='$a'";
$res4 = mysql_query($sql4) or die(mysql_error());
$sql5 = "UPDATE user SET balance=balance+ WHERE userid='$u'";
$res5 = mysql_query($sql5) or die(mysql_error());
}}elseif($num==1){
$a = mcheckTime($ip,$a);
if($a==true){
$time = time() + (1 * 24 * 60 * 60);
$sql6 = "INSERT INTO cpmip(ip,adid,time) VALUES('$ip','$a','$time')";
$res6 = mysql_query($sql6) or die(mysql_error());
if($row3['credits']<=0){
$sql7 = "UPDATE cpm SET credits=0, active=0 WHERE id='$a'";
$res7 = mysql_query($sql7) or die(mysql_error());
}else{
$sql8 = "UPDATE cpm SET views=views+1, credits=credits-1 WHERE id='$a'";
$res8 = mysql_query($sql8) or die(mysql_error());
$sql9 = "UPDATE user SET balance=balance+0.00007 WHERE userid='$u'";
$res9 = mysql_query($sql9) or die(mysql_error());
}}elseif($a==false){}}
Member Avatar for BrettOwnz

Nevermind.. i was wrong i didn't notice it said balance+ and i never filled something in

My bad. Thanks for the help!

Member Avatar for cwarn23

Also your function has a big security hole. Try using mysql_real_escape_string() on all mysql input. Below is an example:

function mcheckTime($ip,$a){
$a=mysql_real_escape_string($a);
$ip=mysql_real_escape_string($ip);
$myDb = new myDb;
$myDb->connect();
$sql = "SELECT * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
$myDb->close();

$time = time();

if($time >= $row['time']){

$myDb->connect();
$sql1 = "DELETE FROM cpmip WHERE ip='$ip' and adid='$a'";
$res1 = mysql_query($sql1) or die(mysql_error());
$myDb->close();

return true;
}elseif($time < $row['time']){

return false;
}}
Member Avatar for BrettOwnz

Those aren't user inputed.. or inputed by any type of $_GET method.. Well its inputed by a get function, but the get is encoded.. On the function which actually fetches the ip etc.. i have used that though.

Thanks for the tip.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.