SEO

Hello,

This is my first post here and I am hoping someone can help me out. I
have a client whose site was working perfectly until the hosting
company upgraded to php5 and now we are seeing a mysql syntax
error ..try clicking on the large picture here

http://www.sharpfoto.com/detail.php?id=63

this is the error we are getting

SQL=>select p.products_id, p.products_image_lrg, pd.products_name from
products p, products_description pd where pd.products_id = and
p.products_id=pd.products_id
Error=>You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'and p.products_id=pd.products_id' at line 2



Here is the source code for the page casuing the error

<?
require('db.php');
include('config.php');
$pro_sql="select p.products_id, p.products_image_lrg,
pd.products_name from products p,
products_description pd where pd.products_id = $id and
p.products_id=pd.products_id ";
//echo $pro_sql;
$pro_res=mysql_query($pro_sql);
if(mysql_errno()) die("<br>SQL=>". $pro_sql."<br>Error=>".
mysql_error());
$row = mysql_fetch_array($pro_res);
?>

<html>
<head>
<title><? echo $row['products_name']; ?> by SharpFoto</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<!-- This is the right click function -->
<script language="Javascript1.2">

// Set the message for the alert box
am = "Copyright of Sharpfoto: If you wish to use these images please
contact us";

// do not edit below this line
// ===========================
bV = parseInt(navigator.appVersion)
bNS = navigator.appName=="Netscape"
bIE = navigator.appName=="Microsoft Internet Explorer"

function nrc(e) {
if (bNS && e.which > 1){
alert(am)
return false
} else if (bIE && (event.button >1)) {
alert(am)
return false;
}
}

document.onmousedown = nrc;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
if (bNS && bV<5) window.onmousedown = nrc;

</script>

<link rel="stylesheet" href="style1.css" type="text/css">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<img src="<? echo IMAGE_ROOT .$row['products_image_lrg']; ?>" >
<div align=center><br>
<a href="http://www.sharpfoto.com" target="_blank">&copy;
www.sharpfoto.com</a><br>
<a class="but" href="" onClick="window.close()">close window</A></
div>

</body>
</html>


I am no mysql expert but I can't see any obvious syntax errors.

Can anyone help?

Thanks so much

Zoe

On Wed, 12 Mar 2008 16:29:32 +0100, <z.feast@gmail.com> wrote:

> Hello,
>
> This is my first post here and I am hoping someone can help me out. I
> have a client whose site was working perfectly until the hosting
> company upgraded to php5 and now we are seeing a mysql syntax
> error ..try clicking on the large picture here
>
> http://www.sharpfoto.com/detail.php?id=63
>
> this is the error we are getting
>
> SQL=>select p.products_id, p.products_image_lrg, pd.products_name from
> products p, products_description pd where pd.products_id = and
> p.products_id=pd.products_id
> Error=>You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use
> near 'and p.products_id=pd.products_id' at line 2
>
>
>
> Here is the source code for the page casuing the error
>
> <?
> require('db.php');
> include('config.php');
> $pro_sql="select p.products_id, p.products_image_lrg,
> pd.products_name from products p,
> products_description pd where pd.products_id = $id and

$id is empty, hence invalid syntax ('... products_id = and ...').

> I am no mysql expert but I can't see any obvious syntax errors.

This is a PHP problem in building the query, not an MySQL one. I'll say
three quick things to you, if you need any help, ask in a PHP group
(comp.lang.php / alt.php / alt.comp.lang.php)
1) Don't rely on register_globals
2) Check $id before use
3) Be very aware of SQL injection.
--
Rik Wasmus

z.feast@gmail.com <z.feast@gmail.com> wrote in
<afa7fdff-f8e2-487d-bc98-d617d3af7c26@c33g2000hsd.googlegroups.com>:
> This is my first post here and I am hoping someone can
> help me out. I have a client whose site was working
> perfectly until the hosting company upgraded to php5 and
> now we are seeing a mysql syntax error ..try clicking on
> the large picture here
>
> http://www.sharpfoto.com/detail.php?id=63
>
> this is the error we are getting
>
> SQL=>select p.products_id, p.products_image_lrg,
> pd.products_name from products p, products_description pd
> where pd.products_id = and p.products_id=pd.products_id
> Error=>You have an error in your SQL syntax; check the
> manual that corresponds to your MySQL server version for
> the right syntax to use near 'and
> p.products_id=pd.products_id' at line 2
>
> Here is the source code for the page casuing the error
>
> <?
> require('db.php');
> include('config.php');
> $pro_sql="select p.products_id, p.products_image_lrg,
> pd.products_name from products p,
> products_description pd where pd.products_id = $id and
> p.products_id=pd.products_id ";

This has nothing to do with MySQL. I'm pretty certain
register_globals was set to "on" in your old PHP setup. Now
it's set to "off".

PLEASE don't try to fix this by merely switching
register_globals back to "on". The code as listed is a
security hole a couple miles wide, especially now that
you've published it on the Usenet. If you're unsure how to
go about securing your site, I'd recommend hiring an
expert.

> //echo $pro_sql;
> $pro_res=mysql_query($pro_sql);
> if(mysql_errno()) die("<br>SQL=>". $pro_sql."<br>Error=>".
> mysql_error());
> $row = mysql_fetch_array($pro_res);
> ?>

--
In Soviet Russia, XML documents transform *you*.