-3

How to fix this error?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 20' at line 1

The same script in my website is working properly but I uploaded to another server which is Windows server and received this error.

<?php

//connect to database
mysql_connect('xyz.ipowermysql.com','itomi','password.');
mysql_select_db('itomi');

$max_results = 20;
$from = (($page * $max_results) - $max_results);


if(empty($_POST)) {
    $query = "SELECT * FROM `itomi` WHERE `ntitle` LIKE '".$letter."%' ORDER BY `ntitle` ASC LIMIT $from, $max_results";
} 
$result = mysql_query("SET NAMES utf8"); //the main trick
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);

echo "<table class='hovertable' border='1' cellpadding='0' cellspacing='0'>";
echo "<tr><th>Keyword</th><th>Title</th><th>Detail</th></tr>";

if ($rows > 0) {
    while($row = mysql_fetch_array($result)) {
        echo "<tr><td>";
        echo '<a href="detail.php?id=' . $row['id'] . '" class="style1">' .$row['ntitle'].' </a>';
        echo "</td><td>";
        echo $row['ndetails'];
        echo "</td><td>";
        echo $row['counter'];
        echo "</td></tr>";
    }
} else {
    echo "<tr><td colspan=\"5\">No results found!</td></tr>";
}

echo "</table>";

// Figure out the total number of results in DB: 
$total_results = mysql_result(mysql_query("SELECT COUNT(*) as ntitle FROM itomi ORDER BY ntitle ASC"),0);

// Figure out the total number of pages. Always round up using ceil() 
$total_pages = ceil($total_results / $max_results);

// Build Page Number Hyperlinks 
echo "<p class=\"style1\">Pages: ";

// Build Previous Link 
if($page > 1){ 
    $prev = ($page - 1); 
    echo "<a href=\"".$_SERVER['php_SELF']."?page=$prev&letter=$letter\" class=\"style1\">Previous</a> "; 
}

for($i = 1; $i <= $total_pages; $i++){ 
    if(($page) == $i){ 
        echo "$i "; 
    } else { 
        echo " "; 
    }
}


// Build Next Link 
if($page < $total_pages){ 
    $next = ($page + 1); 
    echo "<a href=\"".$_SERVER['php_SELF']."?page=$next&letter=$letter\" class=\"style1\">Next</a>"; 
} 
echo "</p>";

mysql_close();
S.L. Barth
  • 8,058
  • 71
  • 49
  • 63
user2226586
  • 3
  • 2
  • 3

1 Answers1

2

Reading on the title which is part of the whole mysql syntax error message, the value you are passing on the LIMIT clause is less than the Minimum value of 0.

LIMIT 0~, 1~

the problem is caused here:

$from = (($page * $max_results) - $max_results)

try this:

$partVal = (($page * $max_results) - $max_results);
$from = ($partVal <= 0 ? 0 : $partVal)

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

Community
  • 1
  • 1
John Woo
  • 249,283
  • 65
  • 481
  • 481