Need Help Updating SQL Query
Posted by: Tracy Sweder
Date: April 09, 2010 12:05PM
Date: April 09, 2010 12:05PM
I installed Infinite Responder and have been trying (unsuccessfully) to get support from them so I'm hoping someone here might be able to see where the query needs syntax updating.
When I setup a form that includes custom fields (these are already existing custom fields in the database - I didn't create new ones) and try to submit it, I have a few things happen:
A - email DOES get input to the database
B - custom fields DO NOT get input into the database
C - webpage gives the following error:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,st reetaddress_1,city,state,zipcod' at line 1
The error is being generated by s.php and the entire form contents are in the URL Bar
I am using MySQL v5.0.89 and PHP v5.2.12 on an apache server (hosted so I have no control over the server itself, but I don't think this is a server issue)
It appears that there is something in the SQL Queries that is not correctly formatted for version 5.0.89 - but I have no idea looking at the script what it is that is setup incorrectly.
Would anyone be willing to let me know why the following queries aren't working?
When I setup a form that includes custom fields (these are already existing custom fields in the database - I didn't create new ones) and try to submit it, I have a few things happen:
A - email DOES get input to the database
B - custom fields DO NOT get input into the database
C - webpage gives the following error:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,st reetaddress_1,city,state,zipcod' at line 1
The error is being generated by s.php and the entire form contents are in the URL Bar
I am using MySQL v5.0.89 and PHP v5.2.12 on an apache server (hosted so I have no control over the server itself, but I don't think this is a server issue)
It appears that there is something in the SQL Queries that is not correctly formatted for version 5.0.89 - but I have no idea looking at the script what it is that is setup incorrectly.
Would anyone be willing to let me know why the following queries aren't working?
<?php
# ------------------------------------------------
# License and copyright:
# See license.txt for license information.
# ------------------------------------------------
include('config.php');
# -------------------------------------------------------------------
function AddCustomFields() {
global $Email_Address, $Responder_ID;
global $FirstName, $LastName, $DB_LinkID;
$CustomFieldsArray = GetFieldNames('InfResp_customfields');
$CustomFieldsExist = FALSE;
foreach ($CustomFieldsArray as $key => $value) {
$blah = "cf_".$value;
$reqblah = trim($_REQUEST[$blah]);
if (!(Empty($reqblah))) {
$CustomFieldsArray[$value] = MakeSafe($reqblah);
$CustomFieldsExist = TRUE;
}
}
# Any custom fields?
if ($CustomFieldsExist == TRUE) {
#------------- Mandatory fields checking ------------------
# if (empty($CustomFieldsArray['blah'])) { die('Error Message'); }
#----------------------------------------------------------
# --- Custom code ---
$Fullname = "$FirstName $LastName";
$CustomFieldsArray['full_name'] = $Fullname;
# -------------------
# Set static data
$CustomFieldsArray['email_attached'] = $Email_Address;
$CustomFieldsArray['resp_attached'] = $Responder_ID;
unset($CustomFieldsArray['fieldID']);
unset($CustomFieldsArray['user_attached']);
# Delete any old data
$query = "SELECT * FROM InfResp_customfields WHERE email_attached = '$Email_Address' AND resp_attached = '$Responder_ID'";
$result = mysql_query($query) or die("Invalid query: " . mysql_error());
if (mysql_num_rows($result) > 0) {
$query = "DELETE FROM InfResp_customfields WHERE email_attached = '$Email_Address' AND resp_attached = '$Responder_ID'";
$result = mysql_query($query) or die("Invalid query: " . mysql_error());
}
# Insert new data
DB_Insert_Array("InfResp_customfields", $CustomFieldsArray);
}
}
# -------------------------------------------------------------------
# Process inputs
if ($_REQUEST['s'] == "1") { $SilentMode = 1; }
else { $SilentMode = 0; }
# Process input
$Email_Address = rawurldecode(trim($_REQUEST['e']));
$Email_Address = str_replace(">","",$Email_Address);
$Email_Address = str_replace("<","",$Email_Address);
$Email_Address = str_replace("\\","",$Email_Address);
$Email_Address = str_replace('/',"",$Email_Address);
$Email_Address = str_replace('..',"",$Email_Address);
$Email_Address = str_replace('|',"",$Email_Address);
$Email_Address = stripnl(MakeSafe($Email_Address));
$Confirm_String = MakeSafe($_REQUEST['c']);
$Subscriber_ID = MakeSafe($_REQUEST['sub_ID']);
$HandleHTML = MakeSafe($_REQUEST['h']);
$ReferralSrc = MakeSafe($_REQUEST['ref']);
$IPaddy = $_SERVER['REMOTE_ADDR'];
# Grab the name
if (isEmpty($_REQUEST['n'])) {
$FirstName = MakeSafe($_REQUEST['f']);
$LastName = MakeSafe($_REQUEST['l']);
}
else {
$FullName = MakeSafe($_REQUEST['n']);
$names = explode(' ',$FullName);
$FirstName = $names[0];
$LastName = '';
for ($k=1; $k<=(count($names)-1); $k++) {
$LastName = $LastName . " " . $names[$k];
}
$LastName = trim($LastName);
}
# Grab the action var
if (isEmpty($_REQUEST['a'])) {
$action = strtolower(MakeSafe($_REQUEST['action']));
}
else {
$action = strtolower(MakeSafe($_REQUEST['a']));
}
# Grab responder ID
if (isset($_REQUEST['r'])) {
$Responder_ID = MakeSafe($_REQUEST['r']);
}
else {
$Responder_ID = MakeSafe($_REQUEST['r_ID']);
}
# Bounds checking
if (!(is_numeric($Responder_ID))) { $Responder_ID = 0; }
if (!(is_numeric($Subscriber_ID))) { $Subscriber_ID = 0; }
if ($HandleHTML != "1") { $HandleHTML = "0"; }
# Actions from admin.php
if (($action == "resend_unsub_conf") || ($action == "resend_sub_conf")) {
# Pull info
if (!(ResponderExists($Responder_ID))) { admin_redirect(); }
GetResponderInfo();
if ((GetSubscriberInfo($Subscriber_ID)) == FALSE) { admin_redirect(); }
# Open template
if ($SilentMode != 1) {
include('templates/open.page.php');
}
# Handle the action
if ($action == "resend_sub_conf") {
SendMessageTemplate('templates/subscribe.confirm.txt');
if ($SilentMode != 1) {
print "<br />Subscription confirmation message sent!<br />\n";
}
}
elseif ($action == "resend_unsub_conf") {
SendMessageTemplate('templates/unsubscribe.confirm.txt');
if ($SilentMode != 1) {
print "<br />Unsubscribe confirmation message sent!<br />\n";
}
}
# Back to admin button
$return_action = 'sub_edit';
if ($SilentMode != 1) {
include('templates/admin_button.subhandler.php');
}
# Close template
if ($SilentMode != 1) {
copyright();
include('templates/close.page.php');
}
die();
}
# Is there a confirm string?
if (!(isEmpty($Confirm_String))) {
# Is a sub or an unsub code?
$type = strtolower(substr($Confirm_String, 0, 1));
if (($type == "s") || ($type == "u")) {
# Verify the code
$code = substr($Confirm_String, 1, (strlen($Confirm_String)-1));
$query = "SELECT * FROM InfResp_subscribers WHERE UniqueCode = '$code'";
$result = mysql_query($query) or die("Invalid query: " . mysql_error());
if (mysql_num_rows($result) < 1) {
# Invalid code. Print it!
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/invalid_code.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
# Grab the subscriber data
$result_data = mysql_fetch_assoc($result);
$DB_SubscriberID = $result_data['SubscriberID'];
$DB_ResponderID = $result_data['ResponderID'];
$DB_SentMsgs = $result_data['SentMsgs'];
$DB_EmailAddress = $result_data['EmailAddress'];
$DB_TimeJoined = $result_data['TimeJoined'];
$DB_Real_TimeJoined = $result_data['Real_TimeJoined'];
$CanReceiveHTML = $result_data['CanReceiveHTML'];
$DB_LastActivity = $result_data['LastActivity'];
$DB_FirstName = $result_data['FirstName'];
$DB_LastName = $result_data['LastName'];
$DB_IPaddy = $result_data['IP_Addy'];
$DB_ReferralSource = $result_data['ReferralSource'];
$DB_UniqueCode = $result_data['UniqueCode'];
$DB_Confirmed = $result_data['Confirmed'];
# Grab the relevant responder data
$Responder_ID = $DB_ResponderID;
if (!(ResponderExists($Responder_ID))) {
# Invalid code. Print it!
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/invalid_code.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
GetResponderInfo();
# Emails, DB and redir/template
if ($type == "s") {
# Do DB update
$Set_LastActivity = time();
$query = "UPDATE InfResp_subscribers SET LastActivity = '$Set_LastActivity', TimeJoined = '$Set_LastActivity', Real_TimeJoined = '$Set_LastActivity', Confirmed = '1' WHERE SubscriberID = '$DB_SubscriberID'";
$DB_result = mysql_query($query) or die("Invalid query: " . mysql_error());
# Handle custom fields
AddCustomFields();
# Send mail
SendMessageTemplate('templates/subscribe.complete.txt');
if ($DB_NotifyOnSub == "1") {
SendMessageTemplate('templates/new_subscriber.notify.txt',$DB_OwnerEmail,$DB_OwnerEmail);
}
# Autocall sendmails on subscribe?
if ($config['autocall_sendmails'] == "1") {
$silent = TRUE;
include('sendmails.php');
}
# Redir or template
if ((trim($DB_OptInRedir)) == "") {
# Display the page
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/sub_complete.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
else {
if ($SilentMode != 1) {
header("Location: $DB_OptInRedir");
print "<br>\n";
print "Now redirecting you to a new page...<br>\n";
print "<br>\n";
print "If your browser doesn't support redirects then you'll need to <A HREF=\"$DB_OptInRedir\">click here.</A><br>\n";
print "<br>\n";
}
die();
}
}
elseif ($type == "u") {
# Send mail
SendMessageTemplate('templates/unsubscribe.complete.txt');
if ($DB_NotifyOnSub == "1") {
SendMessageTemplate('templates/subscriber_left.notify.txt',$DB_OwnerEmail,$DB_OwnerEmail);
}
# Delete from DB
$query = "DELETE FROM InfResp_subscribers WHERE SubscriberID = '$DB_SubscriberID'";
$DB_result = mysql_query($query) or die("Invalid query: " . mysql_error());
$query = "DELETE FROM InfResp_customfields WHERE user_attached = '$DB_SubscriberID'";
$result = mysql_query($query) or die("Invalid query: " . mysql_error());
# Redirect or template
if ((trim($DB_OptOutRedir)) == "") {
# Display the page
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/unsub_complete.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
else {
if ($SilentMode != 1) {
header("Location: $DB_OptOutRedir");
print "<br>\n";
print "Now redirecting you to a new page...<br>\n";
print "<br>\n";
print "If your browser doesn't support redirects then you'll need to <A HREF=\"$DB_OptOutRedir\">click here.</A><br>\n";
print "<br>\n";
}
die();
}
}
}
else {
# Invalid code. Print it!
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/invalid_code.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
}
else {
# if ($action == "unsub") {
# # Get user and responder info
# if ((GetSubscriberInfo($Subscriber_ID)) == FALSE) {
# if ($SilentMode != 1) {
# include('templates/open.page.php');
# include('templates/invalid_action.subhandler.php');
# copyright();
# include('templates/close.page.php');
# }
# die();
# }
# $Responder_ID = $DB_ResponderID;
# if (!(ResponderExists($Responder_ID))) {
# if ($SilentMode != 1) {
# include('templates/open.page.php');
# include('templates/invalid_action.subhandler.php');
# copyright();
# include('templates/close.page.php');
# }
# die();
# }
# GetResponderInfo();
#
# # Send confirmation msg
# SendMessageTemplate('templates/unsubscribe.confirm.txt');
#
# # Display from the DB or the template
# if ((trim($DB_OptOutDisplay)) == "") {
# # Display the template
# if ($SilentMode != 1) {
# include('templates/open.page.php');
# include('templates/unsub_confirm.subhandler.php');
# copyright();
# include('templates/close.page.php');
# }
# die();
# }
# else {
# # Display from the DB
# if ($SilentMode != 1) {
# include('templates/open.page.php');
# print $DB_OptOutDisplay;
# copyright();
# include('templates/close.page.php');
# }
# die();
# }
# }
if (($action == "sub") || ($action == "subscribe") || ($action == "s")) {
# Check the email address format
if (!(isEmail($Email_Address))) {
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/invalid_email.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
# Is the email address blacklisted?
if (isInBlacklist($Email_Address)) {
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/blacklisted.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
# Get responder info.
if (!(ResponderExists($Responder_ID))) {
# Invalid code. Print it!
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/invalid_code.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
GetResponderInfo();
# Is the email already on this responder?
$query = "SELECT * FROM InfResp_subscribers WHERE ResponderID = '$Responder_ID' AND EmailAddress = '$Email_Address'";
$result = mysql_query($query) or die("Invalid query: " . mysql_error());
if (mysql_num_rows($result) > 0) {
# Yes, it is.
$result_data = mysql_fetch_assoc($result);
$DB_SubscriberID = $result_data['SubscriberID'];
$DB_ResponderID = $result_data['ResponderID'];
$DB_SentMsgs = $result_data['SentMsgs'];
$DB_EmailAddress = $result_data['EmailAddress'];
$DB_TimeJoined = $result_data['TimeJoined'];
$DB_Real_TimeJoined = $result_data['Real_TimeJoined'];
$CanReceiveHTML = $result_data['CanReceiveHTML'];
$DB_LastActivity = $result_data['LastActivity'];
$DB_FirstName = $result_data['FirstName'];
$DB_LastName = $result_data['LastName'];
$DB_IPaddy = $result_data['IP_Addy'];
$DB_ReferralSource = $result_data['ReferralSource'];
$DB_UniqueCode = $result_data['UniqueCode'];
$DB_Confirmed = $result_data['Confirmed'];
# Are they confirmed?
if ($DB_Confirmed == "1") {
# Yes, display the error page.
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/already_subscribed.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
else {
# Send confirmation msg
SendMessageTemplate('templates/subscribe.confirm.txt');
# Display from the DB or the template
if ((trim($DB_OptInDisplay)) == "") {
# Display the template
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/sub_confirm.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
else {
# Display from the DB
if ($SilentMode != 1) {
include('templates/open.page.php');
print $DB_OptInDisplay;
copyright();
include('templates/close.page.php');
}
die();
}
}
}
# They aren't already subscribed, let's proceed...
$DB_ResponderID = $Responder_ID;
$DB_SentMsgs = "";
$DB_EmailAddress = $Email_Address;
$DB_TimeJoined = time();
$DB_Real_TimeJoined = time();
$CanReceiveHTML = $HandleHTML;
$DB_LastActivity = time();
$DB_FirstName = $FirstName;
$DB_LastName = $LastName;
$DB_IPaddy = $IPaddy;
$DB_ReferralSource = $ReferralSrc;
$DB_UniqueCode = generate_unique_code();
$DB_Confirmed = "0";
if ($DB_OptMethod == "Double") {
# Add a non-confirmed row to the DB
$query = "INSERT INTO InfResp_subscribers (ResponderID, SentMsgs, EmailAddress, TimeJoined, Real_TimeJoined, CanReceiveHTML, LastActivity, FirstName, LastName, IP_Addy, ReferralSource, UniqueCode, Confirmed)
VALUES('$DB_ResponderID','$DB_SentMsgs', '$DB_EmailAddress', '$DB_TimeJoined', '$DB_Real_TimeJoined', '$CanReceiveHTML', '$DB_LastActivity', '$DB_FirstName', '$DB_LastName', '$DB_IPaddy', '$DB_ReferralSource', '$DB_UniqueCode', '$DB_Confirmed')";
$DB_result = mysql_query($query) or die("Invalid query: " . mysql_error());
$DB_SubscriberID = mysql_insert_id();
# Send confirmation msg
SendMessageTemplate('templates/subscribe.confirm.txt');
# Display from the DB or the template
if ((trim($DB_OptInDisplay)) == "") {
# Display the template
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/sub_confirm.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
else {
# Display from the DB
if ($SilentMode != 1) {
include('templates/open.page.php');
print $DB_OptInDisplay;
copyright();
include('templates/close.page.php');
}
die();
}
}
else {
# Add a confirmed row to the DB
$DB_Confirmed = "1";
$query = "INSERT INTO InfResp_subscribers (ResponderID, SentMsgs, EmailAddress, TimeJoined, Real_TimeJoined, CanReceiveHTML, LastActivity, FirstName, LastName, IP_Addy, ReferralSource, UniqueCode, Confirmed)
VALUES('$DB_ResponderID','$DB_SentMsgs', '$DB_EmailAddress', '$DB_TimeJoined', '$DB_Real_TimeJoined', '$CanReceiveHTML', '$DB_LastActivity', '$DB_FirstName', '$DB_LastName', '$DB_IPaddy', '$DB_ReferralSource', '$DB_UniqueCode', '$DB_Confirmed')";
$DB_result = mysql_query($query) or die("Invalid query: " . mysql_error());
$DB_SubscriberID = mysql_insert_id();
# Handle custom fields
AddCustomFields();
# Send mail and notify
SendMessageTemplate('templates/subscribe.complete.txt');
if ($DB_NotifyOnSub == "1") {
SendMessageTemplate('templates/new_subscriber.notify.txt',$DB_OwnerEmail,$DB_OwnerEmail);
}
# Autocall sendmails on subscribe?
if ($config['autocall_sendmails'] == "1") {
$silent = TRUE;
include('sendmails.php');
}
# Template or redirect
if ((trim($DB_OptInRedir)) == "") {
# Display the page
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/sub_complete.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
else {
if ($SilentMode != 1) {
header("Location: $DB_OptInRedir");
print "<br>\n";
print "Now redirecting you to a new page...<br>\n";
print "<br>\n";
print "If your browser doesn't support redirects then you'll need to <A HREF=\"$DB_OptInRedir\">click here.</A><br>\n";
print "<br>\n";
}
die();
}
}
}
else {
if ($SilentMode != 1) {
include('templates/open.page.php');
include('templates/invalid_action.subhandler.php');
copyright();
include('templates/close.page.php');
}
die();
}
}
DB_disconnect();
?>
Subject
Written By
Posted
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.