1

I'm trying to pass a MySQL query with variables from flex to MySQL using php.

This is the Query in Flex. Everything appears to be correct.

mysqlQuery("INSERT INTO poc_note_test (first_name,last_name) VALUES ("+firstName+"," +lastName+")");

When the query is passed to my server via http to be processed by PHP it returns the following error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Test_Value )' at line 1

From what I can see it is trying to include the final ")" as part of the value. I for the life of me cannot see how to stop this from happening.

Here is the php that is being used to process the query where it errors out.

$sql = $_REQUEST['sql'];
$result = mysql_query($sql);
$err = mysql_error();
$cols_count = mysql_num_fields($result) or error_log('Invalid query: ' .mysql_error());

Any help will be much appreciated

This is the function passing the query. Maybe the issue is here?

public function mysqlQuery(sql:String,fid:String):void {

var http:HTTPService = new HTTPService;
var parm:Object = new Object;
parm.sql = sql;
parm.private_key = private_key;
parm.fas_db = mysql_db; 
http.url = mysql_url+"?irand="+Math.random();

http.showBusyCursor = true;
http.request = sql;
http.addEventListener(ResultEvent.RESULT, mysqlResult);
http.addEventListener(FaultEvent.FAULT, mysqlFault);
http.method = "POST";

sqlToken = http.send(parm);
sqlToken.param = fid;

}

Improve this question
2
  • try to run your query directly in your mysql database. if it worked then there is not problem with the your sql query. Commented Apr 6, 2013 at 2:05
  • I've done that. Everything checks out. Somewhere the query is being manipulated and I can't seem to find it. Commented Apr 6, 2013 at 2:08

2 Answers 2

Reset to default
3

Change this

mysqlQuery("INSERT INTO poc_note_test (first_name,last_name) VALUES ("+firstName+"," +lastName+")");

to

mysqlQuery("INSERT INTO poc_note_test (first_name,last_name) VALUES ('"+firstName+"','" +lastName+"')");

put ' around values

For removing \

$result = mysql_query(stripslashes($sql));
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Now I get this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'TestFirst\',\'TestLast' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'TestFirst\',\'TestLast' at line 1
@titancs I thin kin your php magic_quotes are enabled and it causes to add ` before '. Either disable magic_quotes` OR use stripslashes to remove ``.
turning off magic_quotes worked. Not sure why I didn't think of that before. Thanks for your help.
0

Changed into

mysqlQuery("INSERT INTO poc_note_test (first_name,last_name) VALUES ("+firstName+"," +lastName+")");

to

mysqlQuery("INSERT INTO poc_note_test (first_name,last_name) VALUES ('"+firstName+"','" +lastName+"')");

IN sql , the string character are quoted in single quotes/double quotes.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.