0

I have this code for checking the username and ticket availability but something doesnt work well if someone can tell me whats the problem, this error shows me if i enter the right info Invalid Ticket or Receiver here is the code:

<?php
                                    if(isset($_POST['sendTicket'])) {
                                        $ticketID = $_POST['ticketID'];
                                        $ticketReceiver = $_POST['ticketReceiver'];

                                        $ticket_id = getUserData('kladilnica', 'ticket_id');
                                        $sender = getUserData('users', 'Username');

                                        if(!empty($ticketID) && !empty($ticketReceiver)) {
                                            $sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 
                                            SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='".$ticketID."' AND `Username`='".$ticketReceiver."'";
                                            $result = $conn->query($sql);

                                            if($result === false) {
                                                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
                                            } else {
                                                if($ticketReceiver == $sender) {
                                                ?>
                                                    <p>You cannnot send to yourself!</p>
                                                <?php
                                                } else {
                                                    if($conn->affected_rows > 0) {
                                                    ?>
                                                        <p>Sended successfully</p>
                                                    <?php
                                                    } else {
                                                    ?>
                                                        <p>Invalid Ticket or Receiver</p>
                                                    <?php
                                                    }
                                                }
                                            }
                                        } else {
                                        ?>
                                            <p>Can't leave empty</p>
                                        <?php
                                        }
                                    }
                                ?>

Edited by Stefan_1

6
Contributors
24
Replies
131
Views
2 Years
Discussion Span
Last Post by cereal
Featured Replies
  • 1

    Username column in the where clause shouldn't have single quotes around it. Read More

  • 1
    diafol 3,669   2 Years Ago

    We've pointed out an obvious source of error: AND 'Username'='VladoRafa' should be AND Username='VladoRafa' SO until you sort that out, we won't know whether you've got another error or not. Read More

  • 2
    cereal 1,419   2 Years Ago

    Hi, `Date` in the select list is a reserved word, you can use it if you wrap it in backticks. Docs: * https://dev.mysql.com/doc/refman/5.6/en/keywords.html Read More

0

i think you missed VALUES in your query

Bet, Gain, Odd) VALUES SELECT Username, '".$ticketReceiver."', Date
-1

nope it gives me error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Username, 'VladoRafa', Date, ticket_id, match1, match2, match3, match4, m' at line 2 in

0

That's not what your error message said. OK, well post any error messages you get now without the quotes. Otherwise we're in the dark.

0

here is the full error message
Fatal error: Wrong SQL: INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) VALUES SELECT Username, VladoRafa, Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='550415' AND 'Username'='VladoRafa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Username, VladoRafa, Date, ticket_id, match1, match2, match3, match4, mat' at line 2 in C:\xampp\htdocs\asdf\navigation.php on line 208

Edited by Stefan_1

0

I have do it like that because of the post if have `` theese it will be outsite the box something like this ANDUsername='VladoRafa' Error: You have an error in your SQL syntax;

0

I have do it like that

Well you can't, that's all there is to it.
Columns should not be enclosed in quotes, well, not in your case anyway. I would bet money that the backticks ( `...`) are not the source of your errors.

Edited by diafol

1

We've pointed out an obvious source of error:

AND 'Username'='VladoRafa'

should be

AND Username='VladoRafa'

SO until you sort that out, we won't know whether you've got another error or not.

0

I tried that but again it gives me the error Invalid Ticket or Receiver

0

At least query runs now. It didn't before. So you' ve managed to reach further. Your new error stems from something else.

0

Here is again the whole query:

<?php
    if(isset($_POST['sendTicket'])) {
        $ticketID = $_POST['ticketID'];
        $ticketReceiver = $_POST['ticketReceiver'];

        $ticket_id = getUserData('kladilnica', 'ticket_id');
        $sender = getUserData('users', 'Username');

        if(!empty($ticketID) && !empty($ticketReceiver)) {
            $sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 

            SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='".$ticketID."' AND Username='".$ticketReceiver."'";
            $result = $conn->query($sql);

            if($result === false) {
                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
            } else {
                if($ticketReceiver == $sender) {
                ?>
                    <p>You cannnot send to yourself!</p>
                <?php
                } else {
                    if($conn->affected_rows > 0) {
                    ?>
                        <p>Sended successfully</p>
                    <?php
                    } else {
                    ?>
                        <p>Invalid Ticket or Receiver</p>
                    <?php
                    }
                }
            }
        } else {
        ?>
            <p>Can't leave empty</p>
        <?php
        }
    }
?>

Edited by Stefan_1

0

That's your code, I meant the generated query (in $sql). If affected rows retuns zero, then it means that the SELECT part of your query does not return any results. Output the generated query and run the SELECT part against your database.

0

IN addition, you seem to be using raw input data in your SQL - this is v. dangerous (open to SQL injection). Either use a prepared statement or sanitize them.

0

I realized that i need to select from two tables first the (ticket_id) from kladilnica and secound the (Username) from users to check if exists, so i searched and found this

$sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 
                                    SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica, users WHERE kladilnica.ticket_id='".$ticketID."' AND users.Username='".$ticketReceiver."'";

**but it gives me error **
Fatal error: Wrong SQL: INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) SELECT Username, 'VladoRafa', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds WHERE kladilnica.ticket_id='550415' AND users.Username='VladoRafa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE kladilnica.ticket_id='550415' AND users.Username='VladoRafa'' at line 2 in C:\xampp\htdocs\asdf\navigation.php on line 208
how can i select from two tables so i can check the two elements exists ?

Edited by Stefan_1

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.