You have an error in your SQL syntax;

2

I've been using this code for a long time now that it came to give this error

  

Error: Database Select Failed:

     

You have an error in your SQL syntax; check the manual that   correspond to your MySQL server version for the right syntax to use   near ')' at line 1

<?php
session_start();
include('vars.php');
$simultaneousbanner=3;// number of maxbanners show once at a time
if(isset($_GET['style'])) $style= $_GET['style'];
if(isset($_GET['sb'])) $simultaneousbanner= $_GET['sb'];
function error($error){
    global $self_url,$style,$default_link,$default_banner;
    //global $SERVER_NAME,$self_url,$style,$default_link,$default_banner;
    if ($ban_error_notify == "yes") {
        $db = db("SELECT value FROM admin WHERE field='email'");
        $ad_mail = mysql_result($db, 0, "value");
        @mail($ad_mail,"Ad Rotator Error!","There was an error with the ad rotator:\n\n$error",$email_headers);
    }
    if ($style == "non_ssi") {
        print "document.write('<a href=\"$default_link\" target=\"_blank\"><img src=\"$default_banner\" border=0></a>');\n";
    } else {
        print "<a href=\"$default_link\" target=\"_blank\"><img src=\"$default_banner\" border=0></a>\n";
    }
    exit;
}
// MySQL Function
function db($query) {
    global $db_host,$db_name,$db_user,$db_pwd;
    ($mysql_link = @mysql_connect($db_host,$db_user,$db_pwd)) or die (print "Error: Couldn't connect to database:<br><br>".mysql_error());
    @mysql_select_db($db_name,$mysql_link) or die (print "Error: Couldn't Select Database:<br><br>".mysql_error());
    ($mysql_result = @mysql_query($query,$mysql_link)) or die (print "Error: Database Select Failed:<br><br>".mysql_error());
    @mysql_close($mysql_link) or die (print "Error: Couldn't close database".mysql_error());
    return $mysql_result;
}
// Display Ad Function
function display_banner(){
    global $self_url,$style,$simultaneousbanner;
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > $simultaneousbanner){
        $_SESSION['banneron'] =array();
    }
    $wheresql = '';
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > 0){
        $wheresql = " WHERE ad_id NOT IN(".implode(',', $_SESSION['banneron']).') ';
    }
    $db = db("SELECT * FROM ad_info $wheresql");
    $totalads = mysql_num_rows($db);
    if ($totalads == 0) {error("There are no banners/ads found in the database"); }
    while ($info = @mysql_fetch_row($db)){
        if (($info[11] == 0) || ($info[12] < $info[11])) {
            for ($i=1;$i<=$info[14];$i++){
                $valid[] = $info[0];
            }
        }
    }
    $num = count($valid);
    $num--;
    if ($num >= 1) {
        srand ((double) microtime() * 1000000);
        $rand_num = rand(0,$num);
        $rand_num = $valid[$rand_num];
    } else {
        $rand_num = $valid[0];
    }
    $_SESSION['banneron'][] = $rand_num;

    $db = db("SELECT * FROM ad_info WHERE ad_id = $rand_num");
    if ($info = mysql_fetch_row($db)){
        $exp = $info[12] + 1;
        $update = db("UPDATE ad_info SET num_exp = $exp WHERE ad_id = $rand_num");
        if ($info[2] == 1){
            if ($exp == $info[11]){
                error("The ad '$info[1] has reached its impression limit, $info[11].\n"."It will no longer be displayed unless you increase the\n"." number of impressions allowed");
            }
            if ($style != "non_ssi") {
                if ($info[15] == 1) {
                    $temp = " target=\"_blank\"";
                }
                if ($info[8]) {
                    print "<table border=0 cellpadding=0 cellspacing=0><tr><td align=center>\n";
                }
                if ($info[7]) {
                    $info[7] = addslashes($info[7]);
                    $temp2 = " onMouseOver=\"window.status='$info[7]'; return true\" onMouseOut=\"window.status=''; return true\"";
                }
                print "<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>\n";
                print "<img src=\"$info[4]\" height=\"$info[5]\" width=\"$info[6]\" border=\"0\" alt=\"$info[7]\"></a>\n";
                if ($info[8]) {
                    print "</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>\n";
                }
            } else {
                if ($info[15] == 1){
                    $temp = " target=\"_blank\"";
                }
                $info[9] = eregi_replace("'",'',$info[9]);
                $info[7] = eregi_replace("'","\'",$info[7]);
                $info[8] = eregi_replace("'","\'",$info[8]);
                $info[14] = eregi_replace("'","\'",$info[14]);
                if ($info[9]) {
                    $temp2 = " onMouseOver=\"window.status=\'$info[9]\'; return true\" onMouseOut=\"window.status=\'\'; return true\"";
                }
                print "document.write('<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>');\n";
                print "document.write('<img src=\"$info[4]\" width=\"$info[6]\"  height=\"$info[5]\" border=\"0\" alt=\"$info[7]\"></a>');\n";
                if ($info[8]) {
                    print "document.write('</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>');\n";
                }
            }
        } else {
            $info[10] = eregi_replace('<!-- Link URL -->',"$self_url"."banner.php?action=r&id=$rand_num",$info[10]);
            $info[10] = eregi_replace('href','target="_blank" href',$info[10]);
            if ($style != "non_ssi") {
                $info[10] = stripslashes($info[10]);
                print "$info[10]";
            } else {
                $info[10] = eregi_replace("'","\'",$info[10]);
                print "document.write('<table align=\"right\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"468\" height=\"60\" bgcolor=\"black\"><tr><td align=\"center\" valign=\"middle\">');\n";
                print "document.write('$info[10]');\n";
                print "document.write('</td></tr></table>');\n";
            }
        }
    }
}
// Redirect Function
function redirect(){
    global $id;
    if (eregi_replace('[^0-9]','',$info[8])) {
        error("Invalid id given, bad character given, perhaps messed with link or just an old banner link?");
    }
    $db = db("SELECT num_clicks,link_url,type FROM ad_info WHERE ad_id = $id");
    if ($info = @mysql_fetch_row($db)){
        $num = $info[0] + 1;
        $update = db("UPDATE ad_info SET num_clicks = num_clicks+1 WHERE ad_id = $id");
        $stuff = $_SERVER['QUERY_STRING'];
        $stuff = eregi_replace("action=r&id=$id","",$stuff);
        if (($stuff) && ($info[2] == 2)) {
            header("Location: $info[1]?$stuff\n");
            exit;
        }
        header("Location: $info[1]\n");
        exit;
    }
}
// Display Group Function
function display_group() {
    global $style,$gid,$self_url,$simultaneousbanner;
    //global $PHP_SELF,$SERVER_NAME,$style,$gid,$DOCUMENT_ROOT,$self_url;
    if (eregi('[^0-9]',$gid)){
        error("Invalid group id given");
    }
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > $simultaneousbanner){
        $_SESSION['banneron'] =array();
    }
    $wheresql = '';
    if(isset($_SESSION['banneron']) && count($_SESSION['banneron']) > 0){
        $wheresql = " AND a.ad_id NOT IN(".implode(',', $_SESSION['banneron']).') ';
    }

    $db = db("SELECT a.ad_id,prob,num_allow_exp,num_exp,ad_prob FROM gp_info g,ad_info a WHERE gid = $gid AND g.ad_id = a.ad_id AND a.ad_id = g.ad_id $wheresql");
    while ($info = mysql_fetch_row($db)){
        if (($info[2] != 0) && ($info[3] <= $info[2])){
            for ($i=1;$i<=$info[4];$i++){
                $valid[] = $info[0];
            }
        }
        if ($info[2] == 0) {
            for ($i=1;$i<=$info[4];$i++){
                $valid[] = $info[0];
            }
        }
    }
    $num = count($valid);
    $num--;
    if (!$valid[0]) {
        error("Was not able to select any banners for group ($gid).\n"."Perhaps all banners have run out of inpressions?");
    }
    if ($num >= 1) {
        srand ((double) microtime() * 1000000);
        $rand_num = rand(0,$num);
        $rand_num = $valid[$rand_num];
    } else {
        $rand_num = $valid[0];
    }
    $_SESSION['banneron'][] = $rand_num;
    $db = db("SELECT * FROM ad_info WHERE ad_id = $rand_num");
    if ($info = mysql_fetch_row($db)) {
        $exp = $info[12] + 1;
        $update = db("UPDATE ad_info SET num_exp = $exp WHERE ad_id = $rand_num");
        if ($info[2] == 1) {
            if ($exp == $info[11]) {
                error("The advert '$info[1] has reached its impression limit, $info[11].\n"."It will no longer be displayed unless you increase the\n"." number of impressions allowed");
            }
            if ($style != "non_ssi") {
                if ($info[15] == 1) {
                    $temp = " target=\"_blank\"";
                }
                if ($info[8]) {
                    print "<table border=0 cellpadding=0 cellspacing=0><tr><td align=center>\n";
                }
                if ($info[9] != "") {
                    $info[9] = addslashes($info[9]);
                    $temp2 = " onMouseOver=\"window.status='$info[9]'; return true\" onMouseOut=\"window.status=''; return true\"";
                }
                print "<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>\n";
                print "<img src=\"$info[4]\" height=\"$info[5]\" width=\"$info[6]\" border=\"0\" alt=\"$info[7]\"></a>\n";
                if ($info[8]) {
                    print "</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>\n";
                }
            } else {
                if ($info[15] == 1) {
                    $temp = " target=\"_blank\"";
                }
                if ($info[8]) {
                    print "document.write('<table border=0 cellpadding=0 cellspacing=0><tr><td align=center>');\n";
                }
                $info[9] = eregi_replace("'",'',$info[9]);
                $info[7] = eregi_replace("'","\'",$info[7]);
                $info[8] = eregi_replace("'","\'",$info[8]);
                $info[14] = eregi_replace("'","\'",$info[14]);
                if ($info[9]) {
                    $temp2 = " onMouseOver=\"window.status=\'$info[9]\'; return true\" onMouseOut=\"window.status=\'\'; return true\"";
                }

                print "document.write('<a href=\"$self_url"."banner.php?action=r&id=$rand_num\"$temp"."$temp2>');\n";
                print "document.write('<img src=\"$info[4]\" width=\"$info[6]\"  height=\"$info[5]\" border=\"0\" alt=\"$info[7]\"></a>');\n";

                if ($info[8]) {
                    print "document.write('</td></tr><tr><td align=\"center\">$info[8]</td></tr></table>');\n";
                }
            }
        } else {
            $info[10] = eregi_replace('<!-- Link URL -->',"$self_url"."banner.php?action=r&id=$rand_num",$info[10]);
            $info[10] = eregi_replace('href','target="_blank" href',$info[10]);
            if ($style != "non_ssi"){
                $info[10] = stripslashes($info[10]);
                print "$info[10]";
            } else {
                $info[10] = eregi_replace("'","\'",$info[10]);
                print "document.write('<table align=\"right\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"468\" height=\"60\" bgcolor=\"black\"><tr><td align=\"center\" valign=\"middle\">');\n";
                print "document.write('$info[10]');";
                print "document.write('</td></tr></table>');\n";
            }
        }
    }
}
if ($_GET['gid']){
    $gid = $_GET['gid'];
    display_group();
    $action = 1;
} elseif ($_GET['action'] == ""){
    display_banner();
} elseif ($_GET['action'] == "r"){
    $id = $_GET['id'];
    redirect();
} else {
    display_banner();
}
?>
    
asked by anonymous 26.06.2014 / 14:48

1 answer

4

Without knowing the content of your variable $_SESSION['banneron'] , by analyzing the error you get, it indicates that it is located before the closing of parentheses.

Expected in NOT IN() will be (1, 2, 3) , but may be (1, 2, 3,) due to an empty entry in $_SESSION['banneron'] array. On the other hand, it may have only one empty entry.

Checking both scenarios

$wheresql = "";

if (isset($_SESSION['banneron']) && count($_SESSION['banneron']) > 0) {

  // fazer a junção mas cortar uma eventual virgula no final a string
  $ad_ids = rtrim(implode(',', $_SESSION['banneron']), ",");

  // confirmar se a variável contém alguma coisa
  if (!empty($ad_ids)) {

    $wheresql = " WHERE ad_id NOT IN (".$ad_ids.") ";
  }
}

Ideone test scenario for the 3 eventualities.

    
26.06.2014 / 15:41