#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘Giff Gaff - Free Sim’‘,’‘AdWarm Limited’‘)’ at line 1
INSERT INTO affprograms VALUES ('','2','1','Pending',''Giff Gaff - Free Sim'',''AdWarm Limited'')
Whats wrong with my MySQL query?
The first ‘’ is left blank as its Auto Increment.
Any help would be great.
Thanks
It’s a translation issue. % is the escape character in sprintf - if you want a litteral %, you put %%.
Lets look at that section of the code.
'%%s%s%’
Read left to right, and it says "Put a literal %, then an s (because the % is not a special character anymore), then put in a string, then escape a ’ (which does nothing, because %’ isnt a valid escape sequence in sprintf.
The correct code you’re looking for there, is ‘%%%s%s%%’
gets out crayons to show how that gets translated
Output a literal %.
Parse a String
Parse Another String
Output a literal %.
Ah ok so i had to take the ‘’ out of the query around those 2 as for some reason it was adding them automatically. Thanks StarLion. I have another problem now, I’ve changed all the pages to make it SQL Injection proof but now im getting a few problems for example:
$query = sprintf("SELECT SUM(Payout) AS 'payout' FROM affleads WHERE `AffID` = '%s' AND `Date` LIKE '%%s%s%'",
quote_smart($affid),
quote_smart($current_year),
quote_smart($current_month));
SELECT SUM(Payout) AS ‘payout’ FROM affleads WHERE
AffID= ‘2’ ANDDateLIKE '%s2011
As you can see theres still a %s in there that never got replaced, why is this happening?
Yea i have % at the beginning and end as its a wildcard.
Thanks
The coloration in your code there should be a hint. Look at the color of Pending, then at the color of Giff Gaff…
Ah right ok thanks again StarLion 