You have an error in your SQL syntax

Asked

Viewed 438 times

1

I am learning php and I am trying to make a combobox, it is pulling the database data correctly but when displaying the result presents this error:

You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near 'and imovel_categoria = '2' and imovel_bairro = '2'' at line 1

PHP

<script src="lightbox/js/jquery-1.11.0.min.js"></script>

 <script type="text/javascript">
 $(document).ready(function(){
  $('#tipo').change(function(){

  $('#cb_categoria').load('combo_categoria.php?cod='+$('#tipo').val());
  });  //fim do change


    //aqui carrega o conteúdo

    $('#cb_categoria').change(function(){

  $('#conteudo').load('resultado.php?cod='+$('#cb_categoria').val());
  }); 

     } );//fim do ready



    </script>

      <?php

       $tipo = new Conexao();
       $tipo->ExecSQL("select * from tipo ");

        ?>



       <!--combo listando os tipos-->
       <label><b>Finalidade:</b></label>
       <select id="tipo">

        <?php

         while($tip = $tipo->ListarDados()){

            ?>

         <option value="<?php echo $tip['tipo_id']?>"><?php echo        $tip['tipo_nome']?></option>

<?php

}//fecho o laço

?>

 </select>
 <!--listando categoria-->
  <label><b>Tipo:</b></label>

    <select id="cb_categoria">

     </select>


      <!--conteudo pesquisado-->
      <div id="conteudo"></div>

PHP combo_categoria:

    <script src="lightbox/js/jquery-1.11.0.min.js"></script>

<script type="text/javascript">
    $(document).ready(function () {
        $('#cb_categoria').change(function () {

            $('#cb_bairro').load('combo_bairro.php?cod='+$('#cb_categoria').val());

        });  //fim do change

        //aqui carrega o conteudo
        $('#cb_bairro').change(function () {

            $('#conteudos').load('resultado.php?cod='+$('#cb_bairro').val());

      });

    });//fim do ready



</script>



<?php
require './app/Config.php';

if (!empty($_GET['cod'])):

    $cod = $_GET['cod'];

else:
    $cod = 0;
endif;

$categoria = new Conexao();
$categoria->ExecSQL("select * from categoria where categoria_tipo = '$cod' ");
?>



<!--combo listando categoria-->


    <?php
    while ($cat = $categoria->ListarDados()) {
        ?>

        <option value="<?php echo $cat['categoria_id'] ?>"><?php echo $cat['categoria_nome'] ?></option>

    <?php
}//fecho o laço
?>



<label><b>Bairro:</b></label>
<select id="cb_bairro">

</select>


<!--conteudo pesquisado-->
<div id="conteudos"></div>

PHP combo_bairro:

<?php

require './app/Config.php';


if (!empty($_GET['cod'])):
    $cod = $_GET['cod'];

else:
    $cod = 0;
endif;


$bairro = new Conexao();
$bairro->ExecSQL("select * from bairro where bairro_categoria = '$cod'");

?>



<!--combo listando Bairro-->


    <?php

    while($bai = $bairro->ListarDados()){

    ?>

    <option value="<?php echo $bai['bairro_id']?>"><?php echo $bai['bairro_nome']?></option>

    <?php

    }//fecho o laço

    ?>

PHP result:

<?php
require_once './app/Config.php';


$imovel = new Conexao();

if (!empty($_GET['cod'])):
    $cod = $_GET['cod'];
else:
    $cod = 0;
endif;


$sql = 'select * from imoveis, tipo, categoria, bairro';
$sql .= ' where imovel_categoria = categoria_id and imovel_bairro = bairro_id';
$sql .= ' and imovel_tipo = tipo_id order by imovel_id desc limit 6';


$sql .= " and imovel_categoria = '$cod' ";
$sql .= " and imovel_bairro = '$cod' ";


$imovel->ExecSQL($sql);


echo '<ul>';
while ($imv = $imovel->ListarDados()) {


    //pego a foto
    $i = new Conexao();
    $f = $imv['imovel_id'];
    $i->ExecSQL("select * from imoveis_fotos where foto_imovel = '$f' limit 1");
    $foto = $i->ListarDados();


    //mostrando conteudo
    echo '<li class="listagem_home">';
    echo Fotos::Exibir($foto['foto_nome'], 150, 150);
    echo '<div class="imoveis">';
    echo '<div class="listagem_nome">' . $imv['tipo_nome'] . '</div>';
    echo '<div class="listagem_cat"> ' . $imv['categoria_nome'] . '</div>';
    echo '<div class="listagem_cat">R$ ' . Sistema::GetReal($imv['imovel_valor']) . '</div>';
    echo '<div class="listagem_bai"> ' . $imv['bairro_nome'] . '</div>';
    echo '<div id="botao">';
    echo '<a href="' . Rotas::$detalhe . $imv['imovel_id'] . '" class="btn">saiba mais</a>';
    echo '</div>';
    echo '</div>';
    echo '</li>';
}
echo '</ul>';
?>
  • 3

    The way you’re riding your select, it’s getting like this: select * from imoveis, tipo, categoria, bairro where imovel_categoria = categoria_id and imovel_bairro = bairro_id and imovel_tipo = tipo_id order by imovel_id desc limit 6 and imovel_categoria = '$cod' and imovel_bairro = '$cod'. You see where the mistake is?

  • You can’t have one LIMIT in the middle of the consultation he always goes at the end the same goes for the ORDER BY

  • 2

    The structure must at all times follow more or less this order: SELECT campos FROM tabela JOIN (JOIN, LEFT, RIGTH, OUTER, FULL, ETC) tabela WHERE condição GROUP BY condição ORDER BY campos LIMIT numero may have all, more than one or none of these structures

1 answer

1

In the result PHP, the filters by imovel_category and imovel_neighborhood in the SQL query follow the " order by ", hence the error You can do so:

if (!empty($_GET['cod'])):
    $cod = $_GET['cod'];
else:
    $cod = 0;
endif;


$sql = 'select * from imoveis, tipo, categoria, bairro';
$sql .= ' where imovel_categoria = categoria_id and imovel_bairro = bairro_id';
$sql .= ' and imovel_tipo = tipo_id';
$sql .= " and imovel_categoria = '$cod'";
$sql .= " and imovel_bairro = '$cod'";
$sql .= ' order by imovel_id desc limit 6';


$imovel->ExecSQL($sql);

Attention, apparently you are not cleaning the data sent by the user that comes in the variable $_GET ! It is safer to use Prepared statements, for example. More info (in English): https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

Browser other questions tagged

You are not signed in. Login or sign up in order to post.