Hey guys..

I have been trying to debug this mysql statement for the past 2 hours.. here is the statement:

$sql1 = "SELECT * FROM cpmip WHERE adid='$a' and ip='$ip'";
$res1 = mysql_query($sql1) or die(mysql_error());

I just can't figure out why this won't work.. it throws the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM cpmip WHERE ip='127.0.0.1' and adid='6'' at line 1

Its really a vague error.. so i can't tell.. Anyone else know whats wrong??

Thanks in advance,
-Brett

Do you have more than one SQL query?
In an error, MySQL will echo the query, but in the error you posted the ip and adid values are swapped.

I can't see anything wrong with your code there.

Yes, there are many queries in this particular file.. BUT none of them have the same syntax as this one.. This is the only line that has adid and ip in it. I have no clue why i am getting this error now.. its really annoying...


Does anyone see something wrong/know what can be happening???

Thanks for the suggestion!

>I have been trying to debug this mysql statement for the past 2 hours.. here is the statement:

$sql1 = "SELECT * FROM cpmip WHERE adid='$a' and ip='$ip'";
$res1 = mysql_query($sql1) or die(mysql_error());

> it throws the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM cpmip WHERE ip='127.0.0.1' and adid='6'' at line 1.

This error message is not belong to the select query you specified. Please post your complete code.

After further investigation.. i looked at one of my functions and noticed it was actually in there.. however, this is still the same exact query except reversed... i don't see any errors with it.. do you??

$sql = "SELECT * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res = mysql_query($sql) or die(mysql_error());

Thanks in advance,
-Brett

Ok.. here is the full function where this query occurs. Sorry for not wanting to post the whole thing, i just don't feel comfortable with that lol.. anyways heres the code.

function mcheckTime($ip,$a){
$myDb = new myDb;
$myDb->connect();
$sql = "SELECT * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
$myDb->close();

$time = time();

if($time >= $row['time']){

$myDb->connect();
$sql1 = "DELETE * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res1 = mysql_query($sql1) or die(mysql_error());
$myDb->close();

return true;
}elseif($time < $row['time']){

return false;
}}

Here is a problem:

$sql1 = "DELETE * FROM cpmip WHERE ip='$ip' and adid='$a'";

$sql1 = "DELETE  FROM cpmip WHERE ip='$ip' and adid='$a'";

Thank you.. that fixed that problem!! Now i am just having one problem.. another syntax error i didn't notice. Here is the code for the few lines surrounding it and it is highlighted. Just the same check your syntax error.

if($num<1){
$time = time() + (1 * 24 * 60 * 60);
$sql2 = "INSERT INTO cpmip(adid,ip,time) VALUES('$a','$ip','$time')";
$res2 = mysql_query($sql2) or die(mysql_error());
if($row3['credits']<=0){
$sql3 = "UPDATE cpm SET credits=0, active=0 WHERE id='$a'";
$res3 = mysql_query($sql3) or die(mysql_error());
}else{
$sql4 = "UPDATE cpm SET views=views+1, credits=credits-1 WHERE id='$a'";
$res4 = mysql_query($sql4) or die(mysql_error());
$sql5 = "UPDATE user SET balance=balance+ WHERE userid='$u'";
$res5 = mysql_query($sql5) or die(mysql_error());
}}elseif($num==1){
$a = mcheckTime($ip,$a);
if($a==true){
$time = time() + (1 * 24 * 60 * 60);
$sql6 = "INSERT INTO cpmip(ip,adid,time) VALUES('$ip','$a','$time')";
$res6 = mysql_query($sql6) or die(mysql_error());
if($row3['credits']<=0){
$sql7 = "UPDATE cpm SET credits=0, active=0 WHERE id='$a'";
$res7 = mysql_query($sql7) or die(mysql_error());
}else{
$sql8 = "UPDATE cpm SET views=views+1, credits=credits-1 WHERE id='$a'";
$res8 = mysql_query($sql8) or die(mysql_error());
$sql9 = "UPDATE user SET balance=balance+0.00007 WHERE userid='$u'";
$res9 = mysql_query($sql9) or die(mysql_error());
}}elseif($a==false){}}

Nevermind.. i was wrong i didn't notice it said balance+ and i never filled something in

My bad. Thanks for the help!

Also your function has a big security hole. Try using mysql_real_escape_string() on all mysql input. Below is an example:

function mcheckTime($ip,$a){
$a=mysql_real_escape_string($a);
$ip=mysql_real_escape_string($ip);
$myDb = new myDb;
$myDb->connect();
$sql = "SELECT * FROM cpmip WHERE ip='$ip' and adid='$a'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($res);
$myDb->close();

$time = time();

if($time >= $row['time']){

$myDb->connect();
$sql1 = "DELETE FROM cpmip WHERE ip='$ip' and adid='$a'";
$res1 = mysql_query($sql1) or die(mysql_error());
$myDb->close();

return true;
}elseif($time < $row['time']){

return false;
}}

Those aren't user inputed.. or inputed by any type of $_GET method.. Well its inputed by a get function, but the get is encoded.. On the function which actually fetches the ip etc.. i have used that though.

Thanks for the tip.

This question has already been answered. Start a new discussion instead.