-6

I'm trying to setup a very simple email tracking pixel...it's proving to be less simple than I had originally expected.

My server is running linux and mysql v. 5.1.65

<?php

$username = '*******';
$db_password = '*******';
$database = '*******';

$IP = $_SERVER['REMOTE_ADDR'];

$CAMPAIGN = $_GET['MID'];

mysql_connect('localhost',$username,$db_password);
@mysql_select_db($database) or die( "Unable to select database");

mysql_query("INSERT INTO email_table VALUES ('$CAMPAIGN', '$IP',)") or die(mysql_error() );
mysql_close();
exit;
?>

I'm getting: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

Jimmy
  • 15
  • 3
  • 2
    The title of your question is misleading. Could you update it so it better summarizes the specific problem you're having? – Bob Kaufman Nov 14 '12 at 23:28
  • 2
    The error message tells you exactly what's wrong... – emartel Nov 14 '12 at 23:28
  • [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained and the [deprecation process](http://j.mp/Rj2iVR) has begun on it. See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – tereško Nov 14 '12 at 23:58

1 Answers1

2

You appear to have an extra comma at the end:

INSERT INTO email_table VALUES ('$CAMPAIGN', '$IP',)

Try:

INSERT INTO email_table VALUES ('$CAMPAIGN', '$IP')

BTW, I won't judge your code too much but tracking people by IP is not very reliable. For example, a lot of corporate traffic behind company firewalls can use the same IP address.

Also, it looks like $CAMPAIGN comes from the HTTP post, which can be a security issue if you're not parameterizing your SQL.

Community
  • 1
  • 1
Mike Christensen
  • 88,082
  • 50
  • 208
  • 326
  • I just need to verify that an email campaign actually was sent out. If I have a few thousand hits from the same IP than I know it didn't get sent. – Jimmy Nov 14 '12 at 23:32
  • That works, but I"m not getting "Column count doesn't match value count at row 1" which leads me to believe I've got my database structured incorrectly. I'm trying to insert into a table that has column 1 as an auto increment, column two as $MID, and column three as IP. – Jimmy Nov 14 '12 at 23:34
  • Change the SQL to: `INSERT INTO email_table (campaign_id, ip_address) VALUES ('$CAMPAIGN', '$IP')` instead, then you can specify the exact columns you're inserting values for. – Mike Christensen Nov 14 '12 at 23:37
  • Thanks Mike. You're spectacular! – Jimmy Nov 14 '12 at 23:39
  • 1
    @Jimmy - No problem, be sure to mark as the answer if I've answered your questions. – Mike Christensen Nov 14 '12 at 23:40