A CMS I once programmed many years ago (2009), started to throw MySQL syntax errors back at the users, when certain input form fields were empty.
The PHP code to insert data into the table simply used the variables as values:
$dbh=mysqli_connect("$mysql_host", "$mysql_user", "$mysql_password", "$mysql_db") or die ('I cannot connect to the database because: ' . mysqli_connect_error());
$anfrage="INSERT INTO objects(cat, title, location, year, rooms, squareliving, squaregarage, volumeliving, volumegarage, apt75, apt65, apt55, apt45, apt35, apt25, text, lastedit) VALUES ($iCat, '$iTitle', '$iLocation', $iYear, '$iRooms', $iSquareliving, $iSquaregarage, $iVolumeliving, $iVolumegarage, $iApt75, $iApt65, $iApt55, $iApt45, $iApt35, $iApt25, '$iText', $iTimestamp)";
if ($ergebnis=mysqli_query($dbh, $anfrage)) {
echo "Success";
}
else {
echo "Error=".mysqli_error($dbh);
}
mysqli_close($dbh);
But with the empty fields (e.g. squaregarage field was empty), this resulted in the following query (note the empty values around the commas):
INSERT INTO objects(cat, title, location, year, rooms, squareliving, squaregarage, volumeliving, volumegarage, apt75, apt65, apt55, apt45, apt35, apt25, text, lastedit) VALUES (5, 'Mehr Platz für Kinder', 'NULL', 2019, '6.5', 217, , 960, , , , , , , , 'Das ländliche Haus i', 1632295937)
And this caused the following SQL syntax error:
You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near
'960,,,,,,,,'
The first guess was that the table would not accept NULL for these fields, however the table was created to accept NULL values on these fields, even setting it as default value:
MariaDB [db]> describe objects;
+--------------+---------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------+---------------+------+-----+---------+----------------+
| objid | int(11) | NO | PRI | NULL | auto_increment |
| cat | int(11) | NO | | NULL | |
| title | varchar(250) | NO | | NULL | |
| location | varchar(250) | YES | | NULL | |
| year | int(4) | NO | | NULL | |
| rooms | varchar(10) | YES | | NULL | |
| squareliving | int(4) | YES | | NULL | |
| squaregarage | int(4) | YES | | NULL | |
| volumeliving | int(5) | YES | | NULL | |
| volumegarage | int(5) | YES | | NULL | |
| apt75 | smallint(6) | YES | | 0 | |
| apt65 | smallint(6) | YES | | 0 | |
| apt55 | smallint(6) | YES | | 0 | |
| apt45 | smallint(6) | YES | | 0 | |
| apt35 | smallint(6) | YES | | 0 | |
| apt25 | smallint(6) | YES | | 0 | |
| text | varchar(2000) | NO | | NULL | |
| lastedit | int(11) | NO | | NULL | |
+--------------+---------------+------+-----+---------+----------------+
18 rows in set (0.001 sec)
In the past this has always worked; empty values were automatically assigned a NULL value and entered into the table. But with the newer MariaDB version (10.3 or maybe even before that), this doesn't seem to work anymore.
To work around this, the non mandatory input fields are now analyzed whether or not they contain a value:
if ($iSquareliving == "") { $iSquareliving = 'NULL'; }
if ($iSquaregarage == "") { $iSquaregarage = 'NULL'; }
if ($iVolumeliving == "") { $iVolumeliving = 'NULL'; }
if ($iVolumegarage == "") { $iVolumegarage = 'NULL'; }
if ($iApt75 == "") { $iApt75 = 'NULL'; }
if ($iApt65 == "") { $iApt65 = 'NULL'; }
if ($iApt55 == "") { $iApt55 = 'NULL'; }
if ($iApt45 == "") { $iApt45 = 'NULL'; }
if ($iApt35 == "") { $iApt35 = 'NULL'; }
if ($iApt25 == "") { $iApt25 = 'NULL'; }
This now results in the following SQL query:
INSERT INTO objects(cat, title, location, year, rooms, squareliving, squaregarage, volumeliving, volumegarage, apt75, apt65, apt55, apt45, apt35, apt25, text, lastedit) VALUES (5, 'Mehr Platz für Kinder', '', 2019, '6.5', 217, NULL, 960, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'Das ländliche Haus i', 1632296773)
The empty values are replaced by NULL and the table insert now works again.
MariaDB [db]> select objid,cat,title,location,year,rooms,squareliving,squaregarage,volumeliving,volumegarage,lastedit from objects where lastedit = 1632296773;
+-------+-----+------------------------+----------+------+-------+--------------+--------------+--------------+--------------+------------+
| objid | cat | title | location | year | rooms | squareliving | squaregarage | volumeliving | volumegarage | lastedit |
+-------+-----+------------------------+----------+------+-------+--------------+--------------+--------------+--------------+------------+
| 86 | 5 | Mehr Platz für Kinder | | 2019 | 6.5 | 217 | NULL | 960 | NULL | 1632296773 |
+-------+-----+------------------------+----------+------+-------+--------------+--------------+--------------+--------------+------------+
1 row in set (0.001 sec)
Looking closer at the MariaDB documentation, the reason the empty values were accepted in the past might have been due to the "strict" mode which has been enabled by default starting with MariaDB 10.2.4. From the documentation:
With strict mode not set (default in version <= MariaDB 10.2.3), MariaDB will automatically adjust invalid values, for example, truncating strings that are too long, or adjusting numeric values that are out of range, and produce a warning.
Meaning: The original SQL insert query from 2009 was never really correct, but MySQL/MariaDB (without strict mode) auto-corrected these invalid values.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Container Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java KVM Kibana Kodi Kubernetes LTS LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Redis SSL Samba Seafile Security Shell SmartOS Solaris Surveillance SystemD Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder