954,604 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Months Ago
0

SQL error

I was working on this script which let's you upload and everything is logged in the database. I got this error, any help?

Error :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/home/a6771073/public_html/upload/img.png)' at line 1

Code:

<html> 
<body>
  <form enctype="multipart/form-data"  method="post">
    <input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
    Choose a file to upload: <input name="uploaded_file" type="file" />
    <input type="submit" value="Upload" />
  </form> 
</body> 
</html>

<?php
include 'global.php';
//Check that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) 
{

  //Check if the file is size is less than 350Kb
  $filename = basename($_FILES['uploaded_file']['name']);

  $ext = substr($filename, strrpos($filename, '.') + 1);

  if (($_FILES["uploaded_file"]["size"] < 350000)) 
  {
    //Determine the path to which we want to save this file
      $newname = dirname(__FILE__).'/upload/'.$filename;

      //Check if the file with the same name is already exists on the server
      if (!file_exists($newname)) 
      {
        //Attempt to move the uploaded file to it's new place
        if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) 
        {
           $rand = rand(1, 1024) . "_" . rand(3, 2673) . "_" . rand(5, 7337);
           $name = $_FILES["uploaded_file"]["name"];
           mysql_query("INSERT INTO uploads(id, name, todownloadname, path) VALUES(" . $rand . ", " . $name . ", " . $name . ", " . $newname . ")")or die(mysql_error());
           echo "It's done! The file has been saved ";
        } 
        else 
        {
           echo "Error: A problem occurred during file upload!";
        }
      }  
      else 
      {
         echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
      }
  }  
  else  
  {
     echo "Error: Only files under 350Kb are accepted for upload";
  }
} 
else  
{
 echo "Error: No file uploaded";
}
?>
Warl30ck
Newbie Poster
15 posts since Mar 2011
Reputation Points: 10
Solved Threads: 0
 
3 Months Ago
0

for debugging in such situations, i always do 

$sql = " whatever query ".$var;
echo $sql;
die();

now what you can do is see the query, copy it into the mysql console or wherever you wish...and run it from there...this will precisely tell you the error ...

i didnt want to read through the code much, being lazy... but one possible error could be the missing quotes around the variables in the query ... you know string parameters require quotes....

try something like this

$sql = " insert into abc ( a1) values ('".$var."')";
dos_killer
Junior Poster in Training
50 posts since Dec 2010
Reputation Points: 15
Solved Threads: 4
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed