I have this code for checking the username and ticket availability but something doesnt work well if someone can tell me whats the problem, this error shows me if i enter the right info Invalid Ticket or Receiver here is the code:

<?php
                                    if(isset($_POST['sendTicket'])) {
                                        $ticketID = $_POST['ticketID'];
                                        $ticketReceiver = $_POST['ticketReceiver'];

                                        $ticket_id = getUserData('kladilnica', 'ticket_id');
                                        $sender = getUserData('users', 'Username');

                                        if(!empty($ticketID) && !empty($ticketReceiver)) {
                                            $sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 
                                            SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='".$ticketID."' AND `Username`='".$ticketReceiver."'";
                                            $result = $conn->query($sql);

                                            if($result === false) {
                                                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
                                            } else {
                                                if($ticketReceiver == $sender) {
                                                ?>
                                                    <p>You cannnot send to yourself!</p>
                                                <?php
                                                } else {
                                                    if($conn->affected_rows > 0) {
                                                    ?>
                                                        <p>Sended successfully</p>
                                                    <?php
                                                    } else {
                                                    ?>
                                                        <p>Invalid Ticket or Receiver</p>
                                                    <?php
                                                    }
                                                }
                                            }
                                        } else {
                                        ?>
                                            <p>Can't leave empty</p>
                                        <?php
                                        }
                                    }
                                ?>

Are you sure that your SELECT returns any rows?

Some one help me PLEASE ?

i think you missed VALUES in your query

Bet, Gain, Odd) VALUES SELECT Username, '".$ticketReceiver."', Date

nope it gives me error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Username, 'VladoRafa', Date, ticket_id, match1, match2, match3, match4, m' at line 2 in

Member Avatar
diafol

try 'VladoRafa' without the single quotes

Im trying without them just like VladoRafa without anything

Member Avatar
diafol

That's not what your error message said. OK, well post any error messages you get now without the quotes. Otherwise we're in the dark.

here is the full error message
Fatal error: Wrong SQL: INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) VALUES SELECT Username, VladoRafa, Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='550415' AND 'Username'='VladoRafa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Username, VladoRafa, Date, ticket_id, match1, match2, match3, match4, mat' at line 2 in C:\xampp\htdocs\asdf\navigation.php on line 208

Username column in the where clause shouldn't have single quotes around it.

I have do it like that because of the post if have `` theese it will be outsite the box something like this ANDUsername='VladoRafa' Error: You have an error in your SQL syntax;

Member Avatar
diafol

I have do it like that

Well you can't, that's all there is to it.
Columns should not be enclosed in quotes, well, not in your case anyway. I would bet money that the backticks ( `...`) are not the source of your errors.

so any other options about this problem ?

Member Avatar
diafol

We've pointed out an obvious source of error:

AND 'Username'='VladoRafa'

should be

AND Username='VladoRafa'

SO until you sort that out, we won't know whether you've got another error or not.

I tried that but again it gives me the error Invalid Ticket or Receiver

Member Avatar
diafol

At least query runs now. It didn't before. So you' ve managed to reach further. Your new error stems from something else.

Then post the entire current query again.

Here is again the whole query:

<?php
    if(isset($_POST['sendTicket'])) {
        $ticketID = $_POST['ticketID'];
        $ticketReceiver = $_POST['ticketReceiver'];

        $ticket_id = getUserData('kladilnica', 'ticket_id');
        $sender = getUserData('users', 'Username');

        if(!empty($ticketID) && !empty($ticketReceiver)) {
            $sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 

            SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='".$ticketID."' AND Username='".$ticketReceiver."'";
            $result = $conn->query($sql);

            if($result === false) {
                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
            } else {
                if($ticketReceiver == $sender) {
                ?>
                    <p>You cannnot send to yourself!</p>
                <?php
                } else {
                    if($conn->affected_rows > 0) {
                    ?>
                        <p>Sended successfully</p>
                    <?php
                    } else {
                    ?>
                        <p>Invalid Ticket or Receiver</p>
                    <?php
                    }
                }
            }
        } else {
        ?>
            <p>Can't leave empty</p>
        <?php
        }
    }
?>

That's your code, I meant the generated query (in $sql). If affected rows retuns zero, then it means that the SELECT part of your query does not return any results. Output the generated query and run the SELECT part against your database.

Member Avatar
diafol

IN addition, you seem to be using raw input data in your SQL - this is v. dangerous (open to SQL injection). Either use a prepared statement or sanitize them.

I realized that i need to select from two tables first the (ticket_id) from kladilnica and secound the (Username) from users to check if exists, so i searched and found this

$sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 
                                    SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica, users WHERE kladilnica.ticket_id='".$ticketID."' AND users.Username='".$ticketReceiver."'";

**but it gives me error **
Fatal error: Wrong SQL: INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) SELECT Username, 'VladoRafa', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds WHERE kladilnica.ticket_id='550415' AND users.Username='VladoRafa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE kladilnica.ticket_id='550415' AND users.Username='VladoRafa'' at line 2 in C:\xampp\htdocs\asdf\navigation.php on line 208
how can i select from two tables so i can check the two elements exists ?