-1

I have the problem, and I have no idea right now how Can I resolve this. The same INSERT INTO work on mySQL MariaDB 10.1, but it’s not work on mySQL MariaDB 10.5.

The ‚id’ table have a auto increment in mysql structure and there will be insert $nextid value. As I wrote above the same query work on MariaDB 10.1, but on 10.5 not.

Here is query :

$sql = mysqli_query($connect, "INSERT INTO `". $cfg_mysqlprefix . "archive` (`id`,`filename`,`userid`,`link`,`filehosting`,`filesize`,`completedtime`,`downloadtime`,`charged`) VALUES($nextid,'". $filenames[$i] ."',". $userids[$i] .",'". $links[$i] ."','". $filehostings[$i] ."',". $filesizes[$i] .",". $times[$i] .",". $downloadtimes[$i] .",". $charges[$i] .")");
                $nextid++;

Any idea?

Dharman
  • 21,838
  • 18
  • 57
  • 107
bntuser
  • 7
  • 3
  • The most recent version of MySQL is 8.0.24. Are you using PostgreSQL instead? – matigo May 02 '21 at 04:29
  • Hi, I use MariaDB mySQL. – bntuser May 02 '21 at 04:30
  • 2
    1. Don't put variables in SQL use prepared statements and parameterize query. 2. Use error reporting the driver will tell you the issue. `$nextid` also seems like a big flaw, why not auto-increment? – user3783243 May 02 '21 at 04:45
  • Hi @user3783243 Im not a dev, so I'm trying methods I know :) I have swtiched on error reporting, but no error back. It seems like query is done, but value not insert to the database. Could you give an example on my query so that I can understand it better? – bntuser May 02 '21 at 04:52
  • 1
    What have you tried for error reporting? https://stackoverflow.com/questions/17053466/how-to-display-errors-for-my-mysqli-query – user3783243 May 02 '21 at 05:26
  • @user3783243 oh, thanks, now I see error : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 1 But I can't see where I've this syntax error – bntuser May 02 '21 at 06:32
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman May 02 '21 at 12:56

0 Answers0