PHP & SQL arrays

Question

I'm sorry to keep bothering you guys with all my, what may seem, dumb questions, however, I still have my 'L' plates on here.

Can anyone spot any problems with the following, as I keep getting a syntax error from this bit of code, I've managed to narrow it down to this anyway, the page seems to work without it.

    //USERGROUP
$ug = $db->query( "SELECT displaygroup FROM users WHERE id ={$uid}" );
$usergroup = $db->assoc( $ug );
$displayug = $db->query( "SELECT name FROM usergroups WHERE id = '{$usergroup['displaygroup']}' LIMIT 1" );
$displayGroup = $db->assoc( $displayug );
//LAST REVIEW
$lr = $db->query( "SELECT date FROM radioreviews WHERE dj = '{$uid}' LIMIT 1" );
$lastReview = $db->assoc( $lr );

Thanks in advance for your assistance.

Syntax Error;

MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Full page code (excuse the mess, wipe your feet on the way out);

<?php

    require_once( "_inc/glob.php" );
    $ip=@$_SERVER['REMOTE_ADDR'];

    //UID
    $uid = $user->data['id'];
    //FETCH NUMBER OF SLOTS
    $slotsBooked = mysql_query("SELECT * FROM timetable WHERE dj={$uid}");
    //TOTAL SLOTS ARRAY
    $slotsTotal = mysql_num_rows($slotsBooked);
    //TOTAL REQUESTS
    $req = mysql_query("SELECT * FROM requests WHERE for={$uid}");
    //TOTAL RQ
    $reqTotal = mysql_num_rows($req);
    //NEWEST MEMBER
    $newuser = $db->query( "SELECT * FROM users ORDER BY id DESC LIMIT 1" );
    $newestUser = $db->assoc( $newuser );
    //PANEL SETTINGS
    $settings = $db->query( "SELECT * FROM settings ORDER BY id DESC LIMIT 1" );
    $panelSettings = $db->assoc( $settings );
    //USERGROUP
    $ug = $db->query( "SELECT displaygroup FROM users WHERE id ={$uid}" );
    $usergroup = $db->assoc( $ug );
    $displayug = $db->query( "SELECT name FROM usergroups WHERE id = '{$usergroup['displaygroup']}' LIMIT 1" );
    $displayGroup = $db->assoc( $displayug );
    //LAST REVIEW
    $lr = $db->query( "SELECT date FROM radioreviews WHERE dj = '{$uid}' LIMIT 1" );
    $lastReview = $db->assoc( $lr );



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

    <head>

        <meta http-equiv="Content-type" content="text/html; charset=UTF-8" />

        <title>radiPanel</title>

        <script type="text/javascript" src="_js/prototype.js"></script>
        <script type="text/javascript" src="_js/scriptaculous.js"></script>
        <script type="text/javascript" src="_js/validation.js"></script>
        <script type="text/javascript" src="_js/radi.js"></script>

        <style type="text/css" media="screen">@import url('_img/style.css');</style>

    </head>

    <body>
        <?php
        $ip    = @$_SERVER['REMOTE_ADDR'];
        $url   = @$_SERVER['SCRIPT_NAME'];
        ?>
            <?php

                if( $user->loggedIn ) {

            ?>

        <div style="width: 1000px; margin: auto;">

            <div>
                <big>RADIPANEL17</big>
            </div>


            <div style="float: left; width: 200px;">

                <?php

                    $url = $_GET['url'] ? $core->clean( $_GET['url'] ) : 'core.home';

                    $query3 = $db->query( "SELECT * FROM menu WHERE url = '{$url}'" );
                    $array3 = $db->assoc( $query3 );

                    if( !$array3['usergroup'] ) {

                        $array3['usergroup'] = "invalid";

                    }

                    $query = $db->query( "SELECT * FROM usergroups ORDER BY weight ASC" );

                    while( $array = $db->assoc( $query ) ) {

                        if( in_array( $array['id'], $user->data['uGroupArray'] ) ) {

                ?>

                <div class="box">

                    <div class="square menu" style="background: #<?php echo $array['colour']; ?>;" onclick="Radi.menuToggle('<?php echo $array['id']; ?>');">

                        <img id="menutoggle_<?php echo $array['id']; ?>" class="menutoggle" src="_img/<?php echo ( $array['id'] != $array3['usergroup'] ) ? 'plus' : 'minus'; ?>_white.png" alt="Toggle" align="right" />

                        <strong><?php echo $array['name']; ?></strong>

                    </div>

                    <div class="menuitems"<?php if( $array['id'] != $array3['usergroup'] ) { ?> style="display: none;"<?php } ?> id="mitems_<?php echo $array['id']; ?>">

                    <?php

                        $query2 = $db->query( "SELECT * FROM menu WHERE usergroup = '{$array['id']}' ORDER BY weight ASC" );

                        $i      = "a";

                        while( $array2 = $db->assoc( $query2 ) ) {

                    ?>

                        <a href="<?php echo $array2['url']; ?>" class="<?php echo $i; ?>">
                            <?php echo $array2['text']; ?>
                        </a>

                    <?php
                            $i++;

                            if( $i == "c" ) {

                                $i = "a";

                            }

                        }
                    ?>

                    </div>

                </div>

                <?php

                        }

                    }

                ?>

            </div>

            <div style="float: right; width: 200px; padding-left: 10px;">
                            <div class="box">
                   <div class="square title"><strong>
                       <?php
$t = date("H");

if ($t < "12") {
    echo "Good morning,!";
} elseif ($t < "18") {
    echo "Good afternoon,";
} else {
    echo "Good evening,";
}
?>

                       <?php echo $user->data['fullUsername']; ?>!</strong></div>
                                <center><img src='https://www.habbo.com/habbo-imaging/avatarimage?user=<?php echo $user->data['habbo']; ?>&direction=2&head_direction=3&action=wav&gesture=sml&size=l'>
                                <br />
                                    <br /><strong>Role</strong><br /><strong><font color="<?php echo $displayGroup['colour']; ?>"><?php echo $displayGroup['name']; ?></font></strong>
                                <br /><strong>Last Review</strong><br /><?php echo $lastReview['date']; ?>
                                    </center>
                </div>
            </div>

            <div style="float: left; width: 580px; padding-left: 10px;">
            <div class="box">

                                <div class="square title"><strong><?php echo $panelSettings['site_name']; ?> Staff News</strong></div>

    <?php echo  htmlspecialchars_decode($panelSettings['latest_news']); ?>

            </div>
                    <?php
                        if( !in_array( $array3['usergroup'], $user->data['uGroupArray'] ) ) {

                            echo "Permission denied.";


                        }
                        elseif( !@include_once( $array3['resource'] ) ) {

                            echo "Error has occurred looking for " . $array3['resource'];

                        }

                    ?>

            <?php if ( $_GET['url'] == "core.home" ) { ?>

            <div class="box">

                                <div class="square title"><strong>Online Users</strong></div>

                                <?php

                    $query = $db->query( "SELECT DISTINCT user_id FROM sessions WHERE user_id != '0'" );
                        $i = 1;

                    while( $array = $db->assoc( $query ) ) {

                        $queryU = $db->query( "SELECT * FROM users WHERE id = '{$array['user_id']}'" );
                        $arrayU = $db->assoc( $queryU );

                        $queryUG = $db->query( "SELECT * FROM usergroups WHERE id = '{$arrayU['displaygroup']}'" );
                        $arrayUG = $db->assoc( $queryUG );

                        echo "<span style=\"color: #{$arrayUG['colour']}; font-weight: bold;\">";
                        echo $arrayU['username'];
                        echo "</span>";
                        echo ( $i == $db->num( $query ) ) ? '' : ', ';

                        $i++;

                    }

                    ?>


            </div>


            <div class="box" style="width: 275px; float:left;">
                <div class="square title"><strong>Slots Booked</strong></div>

                <p><?php echo $user->data['username']; ?>,you have <strong><?php echo $slotsTotal; ?></strong> radio slots booked this week!<br /><br />Management require you to complete <b><?php echo $panelSettings['min_radio']; ?></b> radio slots per week as a minimum, failure to do so will be reflected in your review.
                <br />
                <br />
                <?php
                        if ($panelSettings['min_radio'] > $slotsTotal) {
                        echo "<b>You havent met the minimum slot requirement this week yet, get booking!<b>";
                                    }
                            elseif ($slotsTotal > $panelSettings['min_radio']) {
                        echo "<b>Congratulations! You have reached the minimum requirement for this week!<b>";
                                    }
                ?>
                </div>



                <div class="box" style="width: 275px; float:right;">
                <div class="square title"><strong>Welcome, <?php echo $newestUser['username']; ?>!</strong></div>

                    <p><img align="right" src='https://www.habbo.com/habbo-imaging/avatarimage?user=<?php echo $newestUser['habbo']; ?>&direction=4&head_direction=3&action=sit,wav&gesture=sml&size=m'>Welcome to our newest member of the <?php echo $panelSettings['site_name']; ?> team, <?php echo $newestUser['username']; ?>!
                <br>
                <br>
                    »<a href="<?php echo $panelSettings['main_url']; ?>">Main Site</a>
                    <br/><i>Check out our Main Site for the latest content!</i>
                    <br />»<a href="<?php echo $panelSettings['forum_url']; ?>">Forum</a>
                    <br/><i>Visit our forums for the latest news and staff updates!</i>

            </div>

                <?php } ?>

            </div>

            <br clear="all" />

        </div>


            <?php

                }
                else {

            ?>
<!DOCTYPE html>
<html >
<head>
  <meta charset="UTF-8">
  <title>radiPanel Login</title>

  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">

  <link rel='stylesheet prefetch' href='http://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900'>
<link rel='stylesheet prefetch' href='http://fonts.googleapis.com/css?family=Montserrat:400,700'>
<link rel='stylesheet prefetch' href='https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'>

      <link rel="stylesheet" href="css/style.css">


</head>

<body>

<div class="container">
  <div class="info">
  </div>
</div>
<div class="form">
  <div><img style='height: 100%; width: 100%; object-fit: contain' src="_img/logo.png"/></div>
    <br />
 <form method="post" action="" id="login">

                <?php
                    if( $_POST['submit'] ) {

                        try {

                            $username = $_POST['username'];
                            $password = $_POST['password'];
                            $user->login( $username, $password );
                            echo $core->redirect( "?" );

                        }
                        catch( UserException $e ) {

                            echo "<div class=\"square bad\">";
                            echo "<strong>Error</strong>";
                            echo "<br />";
                            echo $e->getMessage();
                            echo "</div>";

                        }

                    }
                ?>

                    <table width="100%" cellpadding="3" cellspacing="0">

                        <?php

                            echo $core->buildField( "text",
                                                    "required",
                                                    "username",
                                                    "Username",
                                                    "Your username." );

                            echo $core->buildField( "password",
                                                    "required",
                                                    "password",
                                                    "Password",
                                                    "Your password." );

                        ?>

                    </table>   





                    <input class="button" type="submit" name="submit" value="Log in" />



            </form>
    <span style="color:red"><b>WARNING:</b></span> all access attempts are logged along with your IP (<?php

echo $_SERVER["REMOTE_ADDR"]; ?>).</span>
            </div>

        </div>
            <?php

                    echo $core->buildFormJS("login");

                }

            ?>
</div>
    <script src="js/index.js"></script>
<center>radiPanel was created by Josh and has been modified by <a href="http://www.habbo.com/home/Tynamics">Tynamics</a>.</center>
</body>

    </html>

Well if you are going to keep bothering us :), at least show us **what syntax error you are getting** The full and complete error message please — RiggsFolly, Apr 18 '17 at 22:58
@user2860957 Would you like to explain why you think that is a problem?? — RiggsFolly, Apr 18 '17 at 23:00
`$uid` is not quoted in the first query, but it is in the third one. Is it an int? If it's a string, you'll need to quote it in the first query. Or better yet, use prepared statements. — Don't Panic, Apr 18 '17 at 23:03
Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) — RiggsFolly, Apr 18 '17 at 23:06
Pleas read [How to ask a good question](http://stackoverflow.com/help/how-to-ask) and [the perfect question](http://codeblog.jonskeet.uk/2010/08/29/writing-the-perfect-question/) and how to create a [Minimal, Complete and Verifiable example](http://stackoverflow.com/help/mcve) — RiggsFolly, Apr 18 '17 at 23:07
It looks to me like you've downloaded or obtained someone elses code somewhere and are trying to add your own code to it using the more than 3 years deprecated `mysql_*` function. If you were using php 7+ on your server, that wouldn't work at all. No matter how "correct" your code is. — icecub, Apr 18 '17 at 23:11
Thanks. Other than the code I'm using is outdated, I can't read an answer here ... is there one. I have no intention of changing my PHP version as of yet, as I imagine a lot of the code would stop functioning. — Michael Berry, Apr 18 '17 at 23:11
And it would help to know **which query** is generating this error — RiggsFolly, Apr 18 '17 at 23:15
Can you show us how the `$db` object is instantiated? I wouldn't even be surprised if there's a conflict between mysql connection objects both trying to keep the connection open.. — icecub, Apr 18 '17 at 23:16
@RiggsFolly *displaygroup* isn't a table, it's a column in *users* — Michael Berry, Apr 18 '17 at 23:17
He asks what the _datatype_ of the _id_ column in the _displaygroup_ table is. Is it INT, VARCHAR, CHAR etc? — icecub, Apr 18 '17 at 23:19
**`INT(255)`** Would you like to check that again please????? — RiggsFolly, Apr 18 '17 at 23:21
There is nothing wrong with *INT(255)* - it's a perfectly valid type declaration. @RiggsFolly It's insane, but perfectly valid. — junkfoodjunkie, Apr 18 '17 at 23:23
@junkfoodjunkie That maybe true, but it looks a lot like a size you would use for a VARCHAR. So if its ok with you I thought I would ask the OP to check it — RiggsFolly, Apr 18 '17 at 23:24
Are you sure `$uid` is actually containing a value? Because that error looks like something that could happen if `id = "`happens — junkfoodjunkie, Apr 18 '17 at 23:24
`$uid` is working fine on other queries, so I would assume it does contain a value @junkfoodjunkie — Michael Berry, Apr 18 '17 at 23:27
But lemme just ask a question here. Since you are still learning, why do you persist on using `mysql_*` with all kinds of excuses like not updating your server etc etc? You do know that if you go live with that code and your database gets hacked with SQL Injection, pretty much any country will hold you liable for damages (personal data theft of your users)? — icecub, Apr 18 '17 at 23:29
Okay so the script I'm using creates a session when a user is logged in, and works fine with the above code when the user is logged in, it's just on the login screen where the error is appearing. Would this be because I'm trying to query for a UID that doesn't exist on the login screen? — Michael Berry, Apr 18 '17 at 23:30
So... when the user is NOT LOGGED IN, is the $uid empty? (It would seem like it would be, since it's fetching its value from $user->data['id']). And this is what happens when you code without error-checking, or redundancies. — junkfoodjunkie, Apr 18 '17 at 23:30
@junkfoodjunkie yeah, it's just clicked. What's the work-around, if any? edit: Other queries are using $uid and seems to be working fine, like `$slotsBooked` — Michael Berry, Apr 18 '17 at 23:32
wrap the queries inside an `if (!empty($uid)) {` or set `$uid` to a default that will never be used in the DB, like `0`if there is no `$user->data['id']`. But basically, rewrite the whole thing. It's a mess. — junkfoodjunkie, Apr 18 '17 at 23:33
Other queries are using $uid and seems to be working fine, like `$slotsBooked` — Michael Berry, Apr 18 '17 at 23:35
`$slotsBooked` seems to be using plain `mysql_query`, not the other `$db->query`-setup, I'm guessing it just fails silently. I would check the server-logs, because I'm guessing there will be a LOT of errors in them. — junkfoodjunkie, Apr 18 '17 at 23:36
@junkfoodjunkie your solution worked, thanks very much, really appreciated! — Michael Berry, Apr 18 '17 at 23:41

score 0 · Answer 1 · answered Apr 19 '17 at 20:17

The problem was that the page was looking for an array that only existed if a user was logged in, therefore, throwing an error.

Answer provided by @junkfoodjunkie;

wrap the queries inside an if (!empty($uid)) { or set $uid to a default that will never be used in the DB, like 0if there is no $user->data['id']. But basically, rewrite the whole thing. It's a mess.

PHP & SQL arrays

1 Answers1