ferrari3000 ferrari3000 - 7 months ago 17
PHP Question

I am very inexperienced with MySQL and I don't know how to troubleshoot this error.

I'm making a simple website for a class, and I am trying to save information to my database. The error is not very specific and I do not know which part of my code I need to fix.

Error message: "check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 2"

My PHP code:

<?php
include 'mysqli.php' ;

$result = $con->query("select * from setList s
left join songTable t on s.SetList_ID = t.Song_ID
left join bands b on s.SetList_ID = b.Band_ID");

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$setList = $_POST['setlist'];
$venue = $_POST['venue'];
$date = $_POST['dateOfShow'];
$band= $_POST['band'];

$set = $result->fetch_object();

//error handling and form
try {
if (empty($setList) || empty($venue) || empty($date) || empty($band)) {
throw new Exception(
"All Fields Required");
}

if (isset($set)) {
$id = $set->SetList_ID;

$q = "update setList set SetList_Name = '$setList',
Venue = '$venue', Show_Date = $date, Band_Name = '$band')";
}
else{

$q = "insert setList (SetList_Name, Venue, Show_Date, Band_Name)
values ('$setList', '$venue', $date, '$band')";
}

$result = $con->query($q);
if (!$result) {
throw new Exception($con->error);
}

header('Location:my_set-lists.php');
} catch(Exception $e) {
echo '<p class ="error">Error: ' .
$e->getMessage() . '</p>';
}
}
?>

Answer

The error message tells you exactly where the problem is; you have an extra ). Replace

$q = "update setList set SetList_Name = '$setList',
        Venue = '$venue', Show_Date = $date, Band_Name = '$band')";
// extra ) is here ---------------------------------------------^

With

$q = "update setList set SetList_Name = '$setList',
        Venue = '$venue', Show_Date = $date, Band_Name = '$band'";

Note: your next query (starting insert setList) is also going to fail; it should be INSERT INTO setList.... A decent IDE (like PHPStorm) would catch these errors for you.

Also, you are wide open to SQL injection. You really need to be using prepared statements.