z.feast@gmail.com <z.feast@gmail.com> wrote in
<afa7fdff-f8e2-487d-bc98-d617d3af7c26@c33g2000hsd.googlegroups.com>:
> This is my first post here and I am hoping someone can
> help me out. I have a client whose site was working
> perfectly until the hosting company upgraded to php5 and
> now we are seeing a mysql syntax error ..try clicking on
> the large picture here
>
> http://www.sharpfoto.com/detail.php?id=63
>
> this is the error we are getting
>
> SQL=>select p.products_id, p.products_image_lrg,
> pd.products_name from products p, products_description pd
> where pd.products_id = and p.products_id=pd.products_id
> Error=>You have an error in your SQL syntax; check the
> manual that corresponds to your MySQL server version for
> the right syntax to use near 'and
> p.products_id=pd.products_id' at line 2
>
> Here is the source code for the page casuing the error
>
> <?
> require('db.php');
> include('config.php');
> $pro_sql="select p.products_id, p.products_image_lrg,
> pd.products_name from products p,
> products_description pd where pd.products_id = $id and
> p.products_id=pd.products_id ";

This has nothing to do with MySQL. I'm pretty certain
register_globals was set to "on" in your old PHP setup. Now
it's set to "off".

PLEASE don't try to fix this by merely switching
register_globals back to "on". The code as listed is a
security hole a couple miles wide, especially now that
you've published it on the Usenet. If you're unsure how to
go about securing your site, I'd recommend hiring an
expert.

> //echo $pro_sql;
> $pro_res=mysql_query($pro_sql);
> if(mysql_errno()) die("<br>SQL=>". $pro_sql."<br>Error=>".
> mysql_error());
> $row = mysql_fetch_array($pro_res);
> ?>

--
In Soviet Russia, XML documents transform *you*.