You have an error in your SQL syntax;

Asked

Viewed 185 times

2

I’ve been using this code for a while now that you’ve made this mistake

Error: Database Select Failed:

You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near ')' at line 1

<?php
session_start();
include('vars.php');
$simultaneousbanner=3;// number of maxbanners show once at a time
if(isset($_GET['style'])) $style= $_GET['style'];
if(isset($_GET['sb'])) $simultaneousbanner= $_GET['sb'];
function error($error){
    global $self_url,$style,$default_link,$default_banner;
    //global $SERVER_NAME,$self_url,$style,$default_link,$default_banner;
    if ($ban_error_notify == "yes") {
        $db = db("SELECT value FROM admin WHERE field='email'");
        $ad_mail = mysql_result($db, 0, "value");
        @mail($ad_mail,"Ad Rotator Error!","There was an error with the ad rotator:\n\n$error",$email_headers);
    }
    if ($style == "non_ssi") {
        print "document.write('<a href=\"$default_link\" target=\"_blank\"><img src=\"$default_banner\" border=0></a>');\n";
    } else {
        print "<a href=\"$default_link\" target=\"_blank\"><img src=\"$default_banner\" border=0></a>\n";
    }
    exit;
}
// MySQL Function
function db($query) {
    global $db_host,$db_name,$db_user,$db_pwd;
    ($mysql_link = @mysql_connect($db_host,$db_user,$db_pwd)) or die (print "Error: Couldn't connect to database:<br><br>".mysql_error());
    @mysql_select_db($db_name,$mysql_link) or die (print "Error: Couldn't Select Database:<br><br>".mysql_error());
    ($mysql_result = @mysql_query($query,$mysql_link)) or die (print "Error: Database Select Failed:<br><br>".mysql_error());
    @mysql_close($mysql_link) or die (print "Error: Couldn't close database".mysql_error());
    return $mysql_result;
}
// Display Ad Function
function display_banner(){
    global $self_url,$style,$simultaneousbanner;
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > $simultaneousbanner){
        $_SESSION['banneron'] =array();
    }
    $wheresql = '';
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > 0){
        $wheresql = " WHERE ad_id NOT IN(".implode(',', $_SESSION['banneron']).') ';
    }
    $db = db("SELECT * FROM ad_info $wheresql");
    $totalads = mysql_num_rows($db);
    if ($totalads == 0) {error("There are no banners/ads found in the database"); }
    while ($info = @mysql_fetch_row($db)){
        if (($info[11] == 0) || ($info[12] < $info[11])) {
            for ($i=1;$i<=$info[14];$i++){
                $valid[] = $info[0];
            }
        }
    }
    $num = count($valid);
    $num--;
    if ($num >= 1) {
        srand ((double) microtime() * 1000000);
        $rand_num = rand(0,$num);
        $rand_num = $valid[$rand_num];
    } else {
        $rand_num = $valid[0];
    }
    $_SESSION['banneron'][] = $rand_num;

    $db = db("SELECT * FROM ad_info WHERE ad_id = $rand_num");
    if ($info = mysql_fetch_row($db)){
        $exp = $info[12] + 1;
        $update = db("UPDATE ad_info SET num_exp = $exp WHERE ad_id = $rand_num");
        if ($info[2] == 1){
            if ($exp == $info[11]){
                error("The ad '$info[1] has reached its impression limit, $info[11].\n"."It will no longer be displayed unless you increase the\n"." number of impressions allowed");
            }
            if ($style != "non_ssi") {
                if ($info[15] == 1) {
                    $temp = " target=\"_blank\"";
                }
                if ($info[8]) {
                    print "<table border=0 cellpadding=0 cellspacing=0><tr><td align=center>\n";
                }
                if ($info[7]) {
                    $info[7] = addslashes($info[7]);
                    $temp2 = " onMouseOver=\"window.status='$info[7]'; return true\" onMouseOut=\"window.status=''; return true\"";
                }
                print "<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>\n";
                print "<img src=\"$info[4]\" height=\"$info[5]\" width=\"$info[6]\" border=\"0\" alt=\"$info[7]\"></a>\n";
                if ($info[8]) {
                    print "</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>\n";
                }
            } else {
                if ($info[15] == 1){
                    $temp = " target=\"_blank\"";
                }
                $info[9] = eregi_replace("'",'',$info[9]);
                $info[7] = eregi_replace("'","\'",$info[7]);
                $info[8] = eregi_replace("'","\\'",$info[8]);
                $info[14] = eregi_replace("'","\\'",$info[14]);
                if ($info[9]) {
                    $temp2 = " onMouseOver=\"window.status=\\'$info[9]\\'; return true\" onMouseOut=\"window.status=\\'\\'; return true\"";
                }
                print "document.write('<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>');\n";
                print "document.write('<img src=\"$info[4]\" width=\"$info[6]\"  height=\"$info[5]\" border=\"0\" alt=\"$info[7]\"></a>');\n";
                if ($info[8]) {
                    print "document.write('</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>');\n";
                }
            }
        } else {
            $info[10] = eregi_replace('<!-- Link URL -->',"$self_url"."banner.php?action=r&id=$rand_num",$info[10]);
            $info[10] = eregi_replace('href','target="_blank" href',$info[10]);
            if ($style != "non_ssi") {
                $info[10] = stripslashes($info[10]);
                print "$info[10]";
            } else {
                $info[10] = eregi_replace("'","\\'",$info[10]);
                print "document.write('<table align=\"right\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"468\" height=\"60\" bgcolor=\"black\"><tr><td align=\"center\" valign=\"middle\">');\n";
                print "document.write('$info[10]');\n";
                print "document.write('</td></tr></table>');\n";
            }
        }
    }
}
// Redirect Function
function redirect(){
    global $id;
    if (eregi_replace('[^0-9]','',$info[8])) {
        error("Invalid id given, bad character given, perhaps messed with link or just an old banner link?");
    }
    $db = db("SELECT num_clicks,link_url,type FROM ad_info WHERE ad_id = $id");
    if ($info = @mysql_fetch_row($db)){
        $num = $info[0] + 1;
        $update = db("UPDATE ad_info SET num_clicks = num_clicks+1 WHERE ad_id = $id");
        $stuff = $_SERVER['QUERY_STRING'];
        $stuff = eregi_replace("action=r&id=$id","",$stuff);
        if (($stuff) && ($info[2] == 2)) {
            header("Location: $info[1]?$stuff\n");
            exit;
        }
        header("Location: $info[1]\n");
        exit;
    }
}
// Display Group Function
function display_group() {
    global $style,$gid,$self_url,$simultaneousbanner;
    //global $PHP_SELF,$SERVER_NAME,$style,$gid,$DOCUMENT_ROOT,$self_url;
    if (eregi('[^0-9]',$gid)){
        error("Invalid group id given");
    }
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > $simultaneousbanner){
        $_SESSION['banneron'] =array();
    }
    $wheresql = '';
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > 0){
        $wheresql = " AND a.ad_id NOT IN(".implode(',', $_SESSION['banneron']).') ';
    }

    $db = db("SELECT a.ad_id,prob,num_allow_exp,num_exp,ad_prob FROM gp_info g,ad_info a WHERE gid = $gid AND g.ad_id = a.ad_id AND a.ad_id = g.ad_id $wheresql");
    while ($info = mysql_fetch_row($db)){
        if (($info[2] != 0) && ($info[3] <= $info[2])){
            for ($i=1;$i<=$info[4];$i++){
                $valid[] = $info[0];
            }
        }
        if ($info[2] == 0) {
            for ($i=1;$i<=$info[4];$i++){
                $valid[] = $info[0];
            }
        }
    }
    $num = count($valid);
    $num--;
    if (!$valid[0]) {
        error("Was not able to select any banners for group ($gid).\n"."Perhaps all banners have run out of inpressions?");
    }
    if ($num >= 1) {
        srand ((double) microtime() * 1000000);
        $rand_num = rand(0,$num);
        $rand_num = $valid[$rand_num];
    } else {
        $rand_num = $valid[0];
    }
    $_SESSION['banneron'][] = $rand_num;
    $db = db("SELECT * FROM ad_info WHERE ad_id = $rand_num");
    if ($info = mysql_fetch_row($db)) {
        $exp = $info[12] + 1;
        $update = db("UPDATE ad_info SET num_exp = $exp WHERE ad_id = $rand_num");
        if ($info[2] == 1) {
            if ($exp == $info[11]) {
                error("The advert '$info[1] has reached its impression limit, $info[11].\n"."It will no longer be displayed unless you increase the\n"." number of impressions allowed");
            }
            if ($style != "non_ssi") {
                if ($info[15] == 1) {
                    $temp = " target=\"_blank\"";
                }
                if ($info[8]) {
                    print "<table border=0 cellpadding=0 cellspacing=0><tr><td align=center>\n";
                }
                if ($info[9] != "") {
                    $info[9] = addslashes($info[9]);
                    $temp2 = " onMouseOver=\"window.status='$info[9]'; return true\" onMouseOut=\"window.status=''; return true\"";
                }
                print "<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>\n";
                print "<img src=\"$info[4]\" height=\"$info[5]\" width=\"$info[6]\" border=\"0\" alt=\"$info[7]\"></a>\n";
                if ($info[8]) {
                    print "</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>\n";
                }
            } else {
                if ($info[15] == 1) {
                    $temp = " target=\"_blank\"";
                }
                if ($info[8]) {
                    print "document.write('<table border=0 cellpadding=0 cellspacing=0><tr><td align=center>');\n";
                }
                $info[9] = eregi_replace("'",'',$info[9]);
                $info[7] = eregi_replace("'","\'",$info[7]);
                $info[8] = eregi_replace("'","\\'",$info[8]);
                $info[14] = eregi_replace("'","\\'",$info[14]);
                if ($info[9]) {
                    $temp2 = " onMouseOver=\"window.status=\\'$info[9]\\'; return true\" onMouseOut=\"window.status=\\'\\'; return true\"";
                }

                print "document.write('<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>');\n";
                print "document.write('<img src=\"$info[4]\" width=\"$info[6]\"  height=\"$info[5]\" border=\"0\" alt=\"$info[7]\"></a>');\n";

                if ($info[8]) {
                    print "document.write('</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>');\n";
                }
            }
        } else {
            $info[10] = eregi_replace('<!-- Link URL -->',"$self_url"."banner.php?action=r&id=$rand_num",$info[10]);
            $info[10] = eregi_replace('href','target="_blank" href',$info[10]);
            if ($style != "non_ssi"){
                $info[10] = stripslashes($info[10]);
                print "$info[10]";
            } else {
                $info[10] = eregi_replace("'","\'",$info[10]);
                print "document.write('<table align=\"right\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"468\" height=\"60\" bgcolor=\"black\"><tr><td align=\"center\" valign=\"middle\">');\n";
                print "document.write('$info[10]');";
                print "document.write('</td></tr></table>');\n";
            }
        }
    }
}
if ($_GET['gid']){
    $gid = $_GET['gid'];
    display_group();
    $action = 1;
} elseif ($_GET['action'] == ""){
    display_banner();
} elseif ($_GET['action'] == "r"){
    $id = $_GET['id'];
    redirect();
} else {
    display_banner();
}
?>
  • What is the line of error?

1 answer

4

Not knowing the contents of your variable $_SESSION['banneron'], by analyzing the error you get, it indicates that it is located before closing parentheses.

What was expected in the NOT IN() will be (1, 2, 3), but may be (1, 2, 3,) due to an empty input in the matrix $_SESSION['banneron']. On the other hand, it may only have an empty entry.

Checking out both scenarios

$wheresql = "";

if (isset($_SESSION['banneron']) && count($_SESSION['banneron']) > 0) {

  // fazer a junção mas cortar uma eventual virgula no final a string
  $ad_ids = rtrim(implode(',', $_SESSION['banneron']), ",");

  // confirmar se a variável contém alguma coisa
  if (!empty($ad_ids)) {

    $wheresql = " WHERE ad_id NOT IN (".$ad_ids.") ";
  }
}

Ideone test scenario for all 3 eventualities.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.