MySQL syntax error
Hi there,
I've got my site set up and online, and everything works great except for the users_Profile.php page. I can register new users, login and log out etc etc, but whenever I try to go to the user profile page I get the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@mydomain' at line 1"
I'm not sure what could be causing this. Especially since everything else works fine. Here is the php code from the users_Profile.php page - maybe you can see something i'm missing....
<?php
if (!isset($_SESSION)) {
session_start();
}
?>
<?php require_once('Connections/login.php'); ?>
<?php require_once( "WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Administrator")){
WA_Auth_RestrictAccess("AccessDenied.php");
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
?>
<?php
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "WAATKUpdateForm")) {
$updateSQL = sprintf("UPDATE users SET UserPassword=%s, UserFirstName=%s, UserLastName=%s, UserCity=%s, UserState=%s, UserZip=%s, UserRegistrationDate=%s, UserVerificationCode=%s, UserIP=%s, UserPhone=%s, UserFax=%s, UserCountry=%s, UserAddress=%s, UserAddress2=%s, userLevel=%s WHERE UserEmail=%s",
GetSQLValueString($_POST['UserPassword'], "text"),
GetSQLValueString($_POST['UserFirstName'], "text"),
GetSQLValueString($_POST['UserLastName'], "text"),
GetSQLValueString($_POST['UserCity'], "text"),
GetSQLValueString($_POST['UserState'], "text"),
GetSQLValueString($_POST['UserZip'], "text"),
GetSQLValueString($_POST['UserRegistrationDate'], "date"),
GetSQLValueString($_POST['UserVerificationCode'], "text"),
GetSQLValueString($_POST['UserIP'], "text"),
GetSQLValueString($_POST['UserPhone'], "text"),
GetSQLValueString($_POST['UserFax'], "text"),
GetSQLValueString($_POST['UserCountry'], "text"),
GetSQLValueString($_POST['UserAddress'], "text"),
GetSQLValueString($_POST['UserAddress2'], "text"),
GetSQLValueString($_POST['userLevel'], "int"),
GetSQLValueString($_POST['UserEmail'], "text"));
mysql_select_db($database_login, $login);
$Result1 = mysql_query($updateSQL, $login) or die(mysql_error());
$updateGoTo = "users_Profile.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
?>
<?php
$ParamUserEmail_WAATKusers = "-1";
if (isset($_SESSION['UserEmail'])) {
$ParamUserEmail_WAATKusers = $_SESSION['UserEmail'];
}
mysql_select_db($database_login, $login);
$query_WAATKusers = sprintf("SELECT * FROM users WHERE UserEmail = %s", $ParamUserEmail_WAATKusers);
$WAATKusers = mysql_query($query_WAATKusers, $login) or die(mysql_error());
$row_WAATKusers = mysql_fetch_assoc($WAATKusers);
$totalRows_WAATKusers = mysql_num_rows($WAATKusers);
?>
<?php