[Solved] SQL query works fine in command line, not in safe_query()

gerhard · 2009-09-26 21:45:11

This is just doing my head in! I might have been looking too long at it. This is the error which I’m getting after calling safe_query():

Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
'ALTER TABLE `textpattern` MODIFY `custom_3` VARCHAR(255) NOT NULL DEFAULT ''' at line 1
UPDATE `textpattern` SET `custom_3` = ''; ALTER TABLE `textpattern` MODIFY `custom_3` VARCHAR(255) NOT NULL DEFAULT '';
/var/www/glz_custom_fields/lib/db.php:37 glz_reset_custom_field() in /var/www/textpattern-4.2.0/textpattern/lib/txplib_db.php on line 85

Same query, executed on the command line:

mysql> UPDATE `textpattern` SET `custom_3` = ''; ALTER TABLE `textpattern` MODIFY `custom_3` VARCHAR(255) NOT NULL DEFAULT '';
Query OK, 1 row affected (0.00 sec)
Records: 1 Duplicates: 0 Warnings: 0

This is the bit of code which throws the above error:

  else if ( $table == PFX."textpattern" ) {
    $query = "UPDATE `".PFX."textpattern` SET `{$name}` = ''; ";
    $query .= "ALTER TABLE `".PFX."textpattern` MODIFY `{$custom_field}` VARCHAR(255) NOT NULL DEFAULT '';";
  }
  safe_query($query);

What am I missing?

Last edited by gerhard (2009-09-26 21:47:56)

gerhard · 2009-09-26 21:59:01

It’s not pretty, but it seems to be working. Still can’t understand why…

  else if ( $table == PFX."textpattern" ) {
    safe_query("UPDATE `".PFX."textpattern` SET `{$name}` = ''");
    safe_query("ALTER TABLE `".PFX."textpattern` MODIFY `{$custom_field}` VARCHAR(255) NOT NULL DEFAULT ''");
  }

Gocom · 2009-09-26 22:12:28

gerhard wrote:

It’s not pretty, but it seems to be working. Still can’t understand why…

PHP’s mysql_query() doesn’t support multiple queries.

Last edited by Gocom (2009-09-26 22:13:10)

gerhard · 2009-09-26 22:17:42

So what happens when you have 10 queries queued for execution, do you run them one by one? That doesn’t sound right…

gerhard · 2009-09-26 22:21:54

Jumping jelly beans, you are right, mysql_query() supports a single query. mysqli is the improved interface supporting multiple ones. Thanks for your help!

Gocom · 2009-09-26 22:29:25

gerhard wrote:

So what happens when you have 10 queries queued for execution, do you run them one by one? That doesn’t sound right…

It’s handled by PHP. It’s not as bad as it seems. Note that mysql_query always returns something (single value). If you want to save memory there are alternative ways.

Thanks for your help!

Np.

Last edited by Gocom (2009-09-26 22:30:53)

ruud · 2009-09-27 08:08:46

If multiple SQL queries were supported by default (it is possible, see the comments in the PHP manual) and there was an SQL injection vulnerability in your code, the possibilities for exploiting it would be far greater.

Textpattern CMS

Textpattern CMS support forum

#1 2009-09-26 21:45:11

[Solved] SQL query works fine in command line, not in safe_query()

#2 2009-09-26 21:59:01

Re: [Solved] SQL query works fine in command line, not in safe_query()

#3 2009-09-26 22:12:28

Re: [Solved] SQL query works fine in command line, not in safe_query()

#4 2009-09-26 22:17:42

Re: [Solved] SQL query works fine in command line, not in safe_query()

#5 2009-09-26 22:21:54

Re: [Solved] SQL query works fine in command line, not in safe_query()

#6 2009-09-26 22:29:25

Re: [Solved] SQL query works fine in command line, not in safe_query()

#7 2009-09-27 08:08:46

Re: [Solved] SQL query works fine in command line, not in safe_query()

Board footer