I’m being thrown an error:
“SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near ‘* FROM auction
WHERE etime < ?’ at line 1 “
My understanding of this is usually I have spelt something wrong where it says the error is occurring.
However, in the following script, there is no "* FROM auction WHERE etime < ?" on line 1 of my page.
Further it occurs only 3 times in the page – at line 19, 26 and 288.
I’ve checked all these locations for a syntax blunder around it and it looks proper. So I have no idea why this is being thrown, I want it to go away.
The page is rather large, bear with me:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
session_start();
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$_SESSION['lasturl'] = $url;
include("connect.php");
$pdo = connect();
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try{
$old = time() - (60*24*60*60);
$stmt15 = $pdo->prepare("DELETE * FROM auction WHERE etime < :time");
$stmt15->bindParam(":time", $old, PDO::PARAM_INT);
$stmt15->execute();
$time = time();
$stmt8 = $pdo->prepare("SELECT * FROM auction WHERE etime < :time AND closed < 1");
$stmt8->bindParam(":time", $time, PDO::PARAM_INT);
$stmt8->execute();
while($row = $stmt8->fetch(PDO::FETCH_ASSOC)){
$id = $row['ID'];
$holder = $row['holder'];
$owner = $row['owner'];
$stmt5 = $pdo->prepare("UPDATE auction SET closed = 50 WHERE ID = :id");
$stmt5->bindParam(":id", $id, PDO::PARAM_INT);
$stmt5->execute();
$stmt3 = $pdo->prepare("SELECT * FROM user WHERE username = :holder");
$stmt3->bindParam(":holder", $holder, PDO::PARAM_STR);
$stmt3->execute();
$row2 = $stmt3->fetch(PDO::FETCH_ASSOC);
$fbtokenh = $row2['fbtoken'];
$fbtokenh++;
$stmt4 = $pdo->prepare("UPDATE user WHERE username = :holder SET fbtoken = :fbtoken");
$stmt4->bindParam(":holder", $holder, PDO::PARMA_STR);
$stmt4->bindParam(":fbtoken", $fbtokenh, PDO::PARAM_INT);
$stmt4->execute();
$stmt6 = $pdo->prepare("SELECT * FROM user WHERE username = :owner");
$stmt6->bindParam(":owner", $owner, PDO::PARAM_STR);
$stmt6->execute();
$row3 = $stmt6->fetch(PDO::FETCH_ASSOC);
$fbtokeno = $row2['fbtoken'];
$fbtokeno++;
$stmt7 = $pdo->prepare("UPDATE user WHERE username = :owner SET fbtoken = :fbtoken");
$stmt7->bindParam(":owner", $owner, PDO::PARAM_STR);
$stmt7->bindParam(":fbtoken", $fbtokeno, PDO::PARAM_INT);
$stmt7->execute();
}
}catch(PDOException $e){
echo $e->getMessage();
}
if(isset($_GET['searchbox'])){
$search = $_GET['searchbox'];
}
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Trade diving equipment online at DiveBay</title>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="js/jquery.countdown.css" />
<script type="text/javascript" src="js/jquery.countdown.js"></script>
<script src="js/menuscript.js" language="javascript" type="text/javascript"></script>
<link rel="stylesheet" type="text/css" href="css/menustyle.css" media="screen, print" />
<link rel="stylesheet" type="text/css" href="css/searching.css" />
</head>
<body>
<center>
<div id="wrapper">
<div id="header">
<div id="hbackground">
<img src="db3.jpg" alt="hbackground" width="100%" height="100%" style="z-index:1;" />
<div id="htitle">
<span id="banner">DIVEBAY.COM</span>
<span id="byline">SEARCHING FOR STUFF ONLINE</span>
<table border="0" cellpadding="0" cellspacing="0" style="float:right; background-color:transparent;">
<tr>
<td>
<a href="search.php" onmouseover="setOverImg('1','');" onmouseout="setOutImg('1','');" target=""><img src="buttons/button1up.png" border="0" id="button1" vspace="1" hspace="1"></a><br>
<a href="sellanitem.php" onmouseover="setOverImg('2','');" onmouseout="setOutImg('2','');" target=""><img src="buttons/button2up.png" border="0" id="button2" vspace="1" hspace="1"></a><br>
<a href="forum.php" onmouseover="setOverImg('3','');" onmouseout="setOutImg('3','');" target=""><img src="buttons/button3up.png" border="0" id="button3" vspace="1" hspace="1"></a><br>
<a href="myaccount.php" onmouseover="setOverImg('4','');" onmouseout="setOutImg('4','');" target=""><img src="buttons/button4up.png" border="0" id="button4" vspace="1" hspace="1"></a><br>
<a href="support.php" onmouseover="setOverImg('5','');" onmouseout="setOutImg('5','');" target=""><img src="buttons/button5up.png" border="0" id="button5" vspace="1" hspace="1"></a><br>
<?php
if(isset($_SESSION['loggedin'])){
?>
<a href="logout.php" onmouseover="setOverImg('7','');" onmouseout="setOutImg('7','');" target=""><img src="buttons/button7up.png" border="0" id="button7" vspace="1" hspace="1"></a><br>
<?php
}else{
?>
<a href="login_to_divebay.php" onmouseover="setOverImg('6','');" onmouseout="setOutImg('6','');" target=""><img src="buttons/button6up.png" border="0" id="button6" vspace="1" hspace="1"></a><br>
<?php
}
?>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="searchandlog">
<div id="search">
<form id="searchdivebay" action="search.php" method="get">
<div id="searchboxholder"><input type="text" name="searchbox" id="searchbox" /></div>
<div id="searchbuttonholder"><input type="submit" name="searchbutton" id="searchbutton" value="Search DiveBay"/></div>
<input type="hidden" id="submit" name="submit" value="1"/>
</form>
</div>
<div id="login">
<?php
if(isset($_SESSION['loggedin'])){
echo '<span class="price1">Logged in as:</span> <span class="sessionset">'.$_SESSION['username'].'</span>';
}
else{
echo '<ul class="signreg">
<li><i>Existing user?</i><a href="login_to_divebay.php">SIGN IN</a></li>
<li><i>or, new?</i><a href="createacct.php">REGISTER</a></li>
</ul>';
}
?>
</div>
</div>
<?php
if(isset($_POST['searchbox'])){
if($search == ""){
?>
<p style="color:black; font-size:18pt; font-family: Impact; "> You didn"t search for anything!</p>
<?php
}else{
try{
$time = time();
$stmt12 = $pdo->prepare('SELECT * FROM auction WHERE name LIKE :name');
$stmt12->bindParam(':name', '%'. trim($search) .'%',PDO::PARAM_STR);
$stmt12->execute();
$numrows = 0;
?>
<div id="searchresults"><span style="font-style:italic; font-size: 14pt; font-family:Impact;">Search results for: </span> <span id="searchword"><?php echo $search; ?></span></div>
<div id="content">
<table id="displaying" class="displayer">
<?php
while($row = $stmt12->fetch(PDO::FETCH_ASSOC)){
$numrows++;
$ID = $row['ID'];
$img = $row['img'];
$desc = $row['description'];
$name = $row['name'];
$owner = $row['owner'];
$cprice = $row['sprice'];
$iprice = $row['iprice'];
$incprice = $row['incprice'];
$etime = $row['etime'];
$nextBid = $cprice + $incprice;
$stmt21 = $pdo->prepare("SELECT * FROM user WHERE username = :username");
$stmt21->bindParam(":username", $owner,PDO::PARAM_STR);
$stmt21->execute();
$thisuser = $stmt21->fetch(PDO::FETCH_ASSOC);
$location = $thisuser['location'];
echo'
<tr class="resultindex">
<td class="imgCol"><a href="displayAuct.php?id='.$ID.'"><img src="'.$img.'" alt="'.$name.'" /></a></td>
<td class="infoCol">
<div class="nameDiv">
<a class="nameLink" href="displayAuct.php?id='.$ID.'">'.$name.'</a><br/>
</div>
<div class="descDiv">
<span class="priceLabel2">'.$desc.'</span>
</div>
<div class="userdiv">
<span class="fromuser">Location: </span><br/>
<span class="location">'.$location.'</span>
</div>
</td>
<td style="width:1px; background-color:#330066;" ></td>
<td class="priceCol">
<div class="currentp"><span class="priceLabel">Current Bid: </span><br/><span class="price1">$'.$cprice.'</span></div>
<div class="instantp"><span class="priceLabel2">Instant Sale: </span><br/><span class="price2">$'.$iprice.'</span></div>
<div style="height:5px;"></div>
<div class="incp"><span class="priceLabel2">Next Bid:</span><br/><span class="price2">$'.$nextBid.'</span></div>
</td>
<td style="width:1px; background-color:#330066;"></td>
<td class="timerCol">
<div id="timeRow">
<span class="timeleft">Time Left: </span>
</div>
<div id="countdownRow"></div>
<script type=text/javascript>
var timestamp = '. $etime * 1000 .';
var endTime = new Date();
endTime.setTime(timestamp);
$("#countdownRow").countdown({until: endTime});
</script>
</td>
</tr>
';
}
if($numrows == 0){
?>
<tr>
<td colspan="6"><span class="price1">Sorry your search returned no results</span></td>
</tr>
<?php
}
else{
?>
<tr>
<td colspan="6"><span class="price1">Displaying <?php echo $numrows; ?> results</span></td>
</tr>
<?php
$pdo = null;
}
}catch(PDOException $e){
echo $e->getMessage();
}
}
?>
</table>
</div>
<?php
}else{
?>
<div id="searchresults"><span style="font-style:italic; font-size: 14pt; font-family:Impact;">Hurry, these auctions dont have long left!:</span></div>
<div id="content">
<table id="displaying" class="displayer">
<?php
try{
$time = time();
$in15 = time() + 900;
$stmt55 = $pdo->prepare('SELECT * FROM auction WHERE etime < :etime AND etime > :time ORDER BY etime');
$stmt55->bindParam(':etime', $in15, PDO::PARAM_INT);
$stmt55->bindParam(':time', $time, PDO::PARAM_INT);
$stmt55->execute();
while($row = $stmt55->fetch(PDO::FETCH_ASSOC)){
$ID = $row['ID'];
$img = $row['img'];
$desc = $row['description'];
$name = $row['name'];
$owner = $row['owner'];
$cprice = $row['sprice'];
$iprice = $row['iprice'];
$incprice = $row['incprice'];
$etime = $row['etime'];
$nextBid = $cprice + $incprice;
$stmt23 = $pdo->prepare("SELECT * FROM user WHERE username = :username");
$stmt23->bindParam(":username", $owner,PDO::PARAM_STR);
$stmt23->execute();
$thisuser = $stmt23->fetch(PDO::FETCH_ASSOC);
$location = $thisuser['location'];
echo'
<tr class="resultindex">
<td class="imgCol"><a href="displayAuct.php?id='.$ID.'"><img src="'.$img.'" alt="'.$name.'" /></a></td>
<td class="infoCol">
<div class="nameDiv">
<a class="nameLink" href="displayAuct.php?id='.$ID.'">'.$name.'</a><br/>
</div>
<div class="descDiv">
<span class="priceLabel2">'.$desc.'</span>
</div>
<div class="userdiv">
<span class="fromuser">Location: </span><br/>
<span class="location">'.$location.'</span>
</div>
</td>
<td style="width:1px; background-color:#330066;" ></td>
<td class="priceCol">
<div class="currentp"><span class="priceLabel">Current Bid: </span><br/><span class="price1">$'.$cprice.'</span></div>
<div class="instantp"><span class="priceLabel2">Instant Sale: </span><br/><span class="price2">$'.$iprice.'</span></div>
<div style="height:5px;"></div>
<div class="incp"><span class="priceLabel2">Next Bid:</span><br/><span class="price2">$'.$nextBid.'</span></div>
</td>
<td style="width:1px; background-color:#330066;"></td>
<td class="timerCol">
<div id="timeRow">
<span class="timeleft">Time Left: </span>
</div>
<div id="countdownRow"></div>
<script type=text/javascript>
var timestamp = '. $etime * 1000 .';
var endTime = new Date();
endTime.setTime(timestamp);
$("#countdownRow").countdown({until: endTime});
</script>
</td>
</tr>
';
}
$pdo = null;
}catch(PDOException $e){
echo $e->getMessage();
}
}
?>
</table>
</div>
<div id="sitemap">
</div>
</div>
</center>
</body>
</html>
Your SQL is slightly off, you have an extra
*in yourDELETE. It would make no sense to give a column list, sinceDELETEalways deletes a whole row;should be