how to maintain Uncaught exception 'ErrorException' in php

Question

$cuntRs = $this->db->query("SELECT count(*) as cunt from " . DB_PREFIX . "vendhq_product");
if($cuntRs->row["cunt"]==0) {
    foreach ($json["products"] as $dept){
        echo "<strong> Product ". $i++ ."</strong><br/>";

        $passval=$i;

        echo $dept["name"]."<br/>"; echo $dept["id"]."<br/>";

        $this->addVendHQproducts($dept,$passval);
    }
}

function addVendHQproducts($dept,$pro_id) {
     $this->db->query("INSERT INTO " . DB_PREFIX . "vendhq_product SET id = '" . $pro_id  . "', vendhq_id = '" . $dept["id"]. "', name = '" . $dept["name"]. "', description = '" . $dept["description"]. "',image = '" . $dept["image"] . "', image_large = '" . $dept["image"]. "', tag = '" . $dept["tags"]. "', price = '" . $dept["price"] . "', supplier_name = '" . $dept["supplier_name"] ."'");
}

?> Output:

Product 0
.........1
 ...........3..

Fatal error: Uncaught exception 'ErrorException' with message 'Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's server</p>',image = 'http://mohamedkaremullasha.vendhq.com/images/placeholder/' at line 1<br />Error No: 1064<br />INSERT INTO oc_vendhq_product SET id = '5', vendhq_id = 'bbeef777-9ac0-11e3-a0f5-b8ca3a64f8f4', name = 'TradeSender', description = '<p>trade sender iphone and ipod application to receive instant updates from ambibroker's server</p>',image = 'http://mohamedkaremullasha.vendhq.com/images/placeholder/product/no-image-white-thumb.png', image_large = 'http://mohamedkaremullasha.vendhq.com/images/placeholder/product/no-image-white-thumb.png', tag = 'share market, share updates', price = '100', supplier_name = 'Hibrise Tech -Suppliers'' in /Applications/XAMPP/xamppfiles/htdocs/mks/opencart-1.5.6.1/upload/system/database/mysqli.php:40 Stack trace: #0 /Applications/XAMPP/xamppfiles/htdocs/mks/opencart-1.5.6.1/uplo in 

/Applications/XAMPP/xamppfiles/htdocs/mks/opencart-1.5.6.1/upload/system/database/mysqli.php on line 40

//please let me know how to handle error exception in php

Answer 1

Change your INSERT query as below:

$this->db->query("INSERT INTO " . DB_PREFIX . "vendhq_product SET id = '" .(int)$pro_id  . "', vendhq_id = '" . (int)$dept["id"]. "', name = '" . $this->db->escape($dept["name"]). "', description = '" . $this->db->escape($dept["description"]). "',image = '" . $this->db->escape($dept["image"]) . "', image_large = '" . $this->db->escape($dept["image"]). "', tag = '" . $this->db->escape($dept["tags"]). "', price = '" . $dept["price"] . "', supplier_name = '" . $this->db->escape($dept["supplier_name"]) ."'");

Have a nice day!!

Answer 2

you need to make sure your content is escaped properly

'trade sender iphone and ipod application to receive instant updates from ambibroker's server' 

will cause an issue because of the ' in ambibroker's

use mysqli_real_escape_string or mysql_real_escape_string php functions

Answer 3

There is a single quote in description at "from ambibroker's" that messes the query.

Answer 4

As pointed out by other one of your value has ' in its value.So you need to escape it before inserting

It is always better to use mysqli_real_escape_string or mysql_real_escape_string when inserting values into DB. So use this function to all variable which you are using to inseert into DB

like this

$this->db->query("INSERT INTO " . DB_PREFIX . "vendhq_product SET id = '" . mysql_real_escape_string($pro_id) . "', vendhq_id = '" . mysql_real_escape_string($dept["id"]). "', name = '" . mysql_real_escape_string($dept["name"]). "', description = '" .mysql_real_escape_string( $dept["description"]). "',image = '" . mysql_real_escape_string($dept["image"]) . "', image_large = '" . mysql_real_escape_string($dept["image"]). "', tag = '" . mysql_real_escape_string($dept["tags"]). "', price = '" . mysql_real_escape_string($dept["price"] ). "', supplier_name = '" . mysql_real_escape_string($dept["supplier_name"]) ."'"); }