Click here to Skip to main content
15,891,828 members
Search within:


Sql query error in million dollar script
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
PHP
I have million dollar website script which enables me to sell pixel blocks but whenever i try to add new advertisement it gives me the following error.
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS ID, t2.field_comment AS FCOMMENT FROM form_fields AS t1, form_field_translati' at line 1"

here is the complete query
SQL
"SELECT t2.field_label AS FLABEL, t1.* AS ID, t2.field_comment AS FCOMMENT FROM form_fields AS t1, form_field_translations AS t2 WHERE t1.field_id=t2.field_id AND lang='".$_SESSION['MDS_LANG']."' AND section='$section' AND form_id='$form_id' $where_sql order by field_sort"

please help.

What I have tried:

haven't tried anything yet i am still new to php and mysql therefore i am stuck in here thats why i downloaded a ready made script.
Posted
Updated 4-Aug-18 0:00am
v2
Add a Solution
Comments
Mehdi Gholam 4-Aug-18 5:19am    
Try spending some of the million dollars on training!
Richard MacCutchan 4-Aug-18 5:28am    
t1.* AS ID
What do you think that asterisk is supposed to do?

And do not use code downloaded from the internet if you don't understand it. It will just give you more trouble than it is worth.

2 solutions

How do you expect a possible multiple number of columns to be returned and given teh same name?
SQL
... , t1.* AS ID, ...
"*"returns multiple rows, and can;t be used with AS

Never use SELECT * ... FROM - always list your columns. That way, you have control over exactly what is returned, and the order it is returned in so database changes don't affect your code (unless a required column is removed, in which case you DEFINITELY want to know about it). It also helps with bandwidth, in that unnecessary columns aren't returned, which can waste a lot of bandwidth, memory, and time.
 
Share this answer
 
Posted
Because of the SQL injection problem, we have no idea of what is the real query.
PHP
"SELECT t2.field_label AS FLABEL, t1.* AS ID, t2.field_comment AS FCOMMENT FROM form_fields AS t1, form_field_translations AS t2 WHERE t1.field_id=t2.field_id AND lang='".$_SESSION['MDS_LANG']."' AND section='$section' AND form_id='$form_id' $where_sql order by field_sort"

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Optimised query for updating millions of record
Sql query syntax error
We want to convert our ms SQL script to my SQL script
A million dollar question
Sql developer query error when running the script
Convert Dollar to Words in SQL 2000
Help on SQL query (Perl script)
sql query to select millions record very fast
SQL INNER JOIN Script Query
SQL Cursor Script for my Query

Advertise
Privacy
Cookies
Terms of Use
Last Updated 4 Aug 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900