'{"queue":[],"recieved":[],"accepted":[]}' not a valid query

Question

I'm receiving this error when trying to query a INSERT INTO request.

Table query:

CREATE TABLE `profiles` (
  `userid` bigint(20) NOT NULL,
  `balance` bigint(20) NOT NULL,
  `respects` bigint(20) NOT NULL,
  `tarowomaru` bigint(20) NOT NULL,
  `taruwumaru` bigint(20) NOT NULL,
  `suggestions` bigint(20) NOT NULL,
  `friends` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,
  `flags` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

SQL query: INSERT INTO profiles (userid, balance, respects, tarowomaru, taruwumaru, suggestions, friends, flags)VALUES (323470201016549378, 0, 0, 0, 0, 0, '{"queue":[],"recieved":[],"accepted":[]}', '[]')

Received error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"queue":[],"recieved":[],"accepted":[]},[])' at line 17

Is there something wrong with {"queue":[],"recieved":[],"accepted":[]} or is there something wrong with my query? Is using get requests messing up the string?

[Edit] the question and add the `CREATE` statement for `profiles`. — sticky bit, Jul 28 '20 at 00:52
Hmm, works for me: https://dbfiddle.uk/?rdbms=mariadb_10.3&fiddle=4cbf9915ec19bfa960dc43caf8a5720b — sticky bit, Jul 28 '20 at 01:09
hm, then its has to be my php script or how im sending the data... — TaromaruYuki, Jul 28 '20 at 01:23

score -1 · Accepted Answer · answered Jul 28 '20 at 07:33

-1

I guess it was my query. My query before was

"INSERT INTO profiles (userid, balance, respects, tarowomaru, taruwumaru, suggestions, friends, flags) VALUES ($userid, $balance, $respects, $tarowomaru, $taruwumaru, $suggestions, $friends, $flags)"

so it wasn't sending {"queue":[],"recieved":[],"accepted":[]} as a string.

The fixed query:

"INSERT INTO profiles (userid, balance, respects, tarowomaru, taruwumaru, suggestions, friends, flags) VALUES ($userid, $balance, $respects, $tarowomaru, $taruwumaru, $suggestions, '$friends', '$flags')"

Thanks for you guy's help though!

answered Jul 28 '20 at 07:33

TaromaruYuki

65
5

Im the only one that can use the script, and it's only storing stuff like discord ID's for my bot. Even if someone find the webpage, they will need a password for it to actually work. @Dharman – TaromaruYuki Jul 28 '20 at 18:56
This is irrelevant. You have a bug and you wouldn't have this issue you just had if you did it properly. Please, consider doing it properly, it is for your own good. See https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement – Dharman Jul 28 '20 at 19:28
I thought since I sent the data as a string, it would recognize it as one two, but it wasn't. idk. and the sql injection thing... I have experience with sql injections(not that i had one), and i know how to prevent them. But, i'm not worried about them in this case, since no user input is being sent. Now if I would add descriptions or I saved the user's discord name(which isn't necessary since i can get that via id), I would 100% take caution and add safety measures. But in my case, there's no need to add that extra stuff. – TaromaruYuki Jul 28 '20 at 21:42

'{"queue":[],"recieved":[],"accepted":[]}' not a valid query

1 Answers1