Some notes to begin

Greg K — Thu, 08 Mar 2012 01:02:20 +0000

Some notes to begin with:

Your site is very insecure and open to hacks. Look into using the mysql_real_escape_string (http://php.net/mysql_real_escape_string for explanation and examples)

Also, why you should aways wrap data with mysql_real_escape_string for use in queries, for display on a web page (and this include the value="whatever" for inputs), you should always use htmlspecialchars($myVar,ENT_QUOTES). Lastly, when you go to use a piece of data in a URL, use urlencode() (these last two you can get to them by adding http://php.net/ in front like the first one I gave you)

For these I refer to any data that can be changed by the end user, which includes, but isn't limited to, the following:
$_POST, $_GET, $_COOKIE, $_SERVER['HTTP_REFERRER'], $_SERVER['HTTP_USER_AGENT'] $_SERVER['PHP_SELF'], $_SERVER['QUERY_STRING'] also any data that may have came from these sources (is once came from here and was put into database and read back in)

I edited your post to remove your login information, hopefully it is locked down so it will not et remote users in, but since you have published the information on a high traffic forum, you will probably want to go change the password ASAP.

So, now back to you issue.. You didn't list which one is givng you the error, but anytime you get an error, it is a good idea to echo out the actual $SQL query so you can see what variable replacement was done, sometimes when you do this you can catch a misplaced quote.

If you can't see it from there, try manually running the SQL directly on the server (worse case, use phpMyAdmin to manually execute it), sometimes it will give you more details of what exactly is wrong. But in this case (based on what you posted) it is running into a doublequote somewhere it wasn't expected, and since the code at quick glance looks good, must be coming from a variable somewhere (again, where mysql_real_escape_string would help, and echoing it out you would probably see where it is.

Here is an example of some code to use:

<?php
 

define ('DEBUG_MODE', TRUE);  // change to false when done testing

// Connect to database

$SQL = 'SELECT `field1`, `field2` FROM `tblCars` WHERE `field3` = "'.mysql_real_escape_string($myVariable).'" ORDER BY `lastfield`';
$rsCars = mysql_query($SQL) 
   or die ('[ERR-'.__LINE__.'] '.((DEBUG_MODE) ? mysql_error()."<br />\n".$SQL : 'There was an error with a database query'));
if (mysql_num_rows($rsCars) > 0) {
    while ($aryRow = mysql_fetch_assoc($rsCars)) {
        echo 'Field1 = ',htmlspecialchars($aryRow['field1']),"<br />\n";
        echo 'Field2 = ',htmlspecialchars($aryRow['field2']),"<br />\n<br />\n";
    }
    mysql_free_result($rsCars);
}
else {
    echo "There were no records found...<br />\n";
}
unset($rsCars);
?>

You will notice in the first line, there is a constant that you set to TRUE or FALSE to display more error information. it is good practice that when a script goes "live" (intended for others to access it) you do not list mysql errors, as there could be times depending on the query, it could give out info to help a someone compromise your site. While you are working on it (and after it goes live, if you come across an error), you can set this back to TRUE to see more info.

Good luck with this.

-Greg

First test this code on local

vasvigupt — Wed, 07 Mar 2012 12:47:22 +0000

First test this code on local host then see if you get the same error.