Erro de sintaxe no SQL

Programação
#1

Eis o código

/*****************************************************************************************
*					Processamento Principal da Carga do Excel
******************************************************************************************
*/

//=====	Realiza o chamado da biblioteca PHPExcel, que esta incluida no SC
sc_include_lib("excel");

//=====	Variavel que possui o endereço do Planilha
$rutaXLS = $_SESSION['scriptcase']['controlCargaExcel']['glo_nm_path_doc'].'/'.{arquivo};

//=====	Carga do Arquivo informado
$objPHPExcel=PHPExcel_IOFactory::load($rutaXLS);

//=====	Leitura das linhas do Excel
foreach ($objPHPExcel->getWorksheetIterator() as $worksheet){ 

	//=====	Ttitulo da Celula do Excel
	$worksheetTitle     = $worksheet->getTitle();
	//=====	Quantidade de Linhas 
	$highestRow         = $worksheet->getHighestRow();
	//=====	Quantidade de Colunas
	$highestColumn      = $worksheet->getHighestColumn();
	
	//=====	iremos acessar a linha que tem informações, iniciar pela linha 2
	//=====	linha 1 contem o cabeçalho
	for ($row=1;$row<= $highestRow; ++ $row){
	

		//===== Coluna A
		$cell = $worksheet -> getCellByColumnAndRow (0, $row);
		$colunaA = $cell ->getValue();
		//===== Coluna B
		$cell = $worksheet -> getCellByColumnAndRow (1, $row);
		$colunaB = $cell ->getValue();
		//===== Coluna C
		$cell = $worksheet -> getCellByColumnAndRow (2, $row);
		$colunaC = $cell ->getValue();
		//===== Coluna D
		$cell = $worksheet -> getCellByColumnAndRow (3, $row);
		$colunaD = $cell ->getValue();
		//===== Coluna E
		$cell = $worksheet -> getCellByColumnAndRow (4, $row);
		$colunaE = $cell ->getValue();
		//===== Coluna F
		$cell = $worksheet -> getCellByColumnAndRow (5, $row);
		$colunaF = $cell ->getValue();
		//===== Coluna G
		$cell = $worksheet -> getCellByColumnAndRow (6, $row);
		$colunaG = $cell ->getValue();
		//===== Coluna H
		$cell = $worksheet -> getCellByColumnAndRow (7, $row);
		$colunaH = $cell ->getValue();
		//===== Coluna I
		$cell = $worksheet -> getCellByColumnAndRow (8, $row);
		$colunaI = $cell ->getValue();
		//===== Coluna J
		$cell = $worksheet -> getCellByColumnAndRow (9, $row);
		$colunaJ = $cell ->getValue();
		//===== Coluna K
		$cell = $worksheet -> getCellByColumnAndRow (10, $row);
		$colunaK = $cell ->getValue();
		//===== Coluna L
		$cell = $worksheet -> getCellByColumnAndRow (11, $row);
		$colunaL = $cell ->getValue();
		//===== Coluna M
		$cell = $worksheet -> getCellByColumnAndRow (12, $row);
		$colunaM = $cell ->getValue();
		//===== Coluna N
		$cell = $worksheet -> getCellByColumnAndRow (13, $row);
		$colunaN = $cell ->getValue();
		//===== Coluna O
		$cell = $worksheet -> getCellByColumnAndRow (14, $row);
		$colunaO = $cell ->getValue();
		//===== Coluna P
		$cell = $worksheet -> getCellByColumnAndRow (15, $row);
		$colunaP = $cell ->getValue();
		//===== Coluna Q
		$cell = $worksheet -> getCellByColumnAndRow (16, $row);
		$colunaQ = $cell ->getValue();
		//===== Coluna R
		$cell = $worksheet -> getCellByColumnAndRow (17, $row);
		$colunaR = $cell ->getValue();
		//===== Coluna S
		$cell = $worksheet -> getCellByColumnAndRow (18, $row);
		$colunaS = $cell ->getValue();
		//===== Coluna T
		$cell = $worksheet -> getCellByColumnAndRow (19, $row);
		$colunaT = $cell ->getValue();
		//===== Coluna U
		$cell = $worksheet -> getCellByColumnAndRow (20, $row);
		$colunaU = $cell ->getValue();
		//===== Coluna V
		$cell = $worksheet -> getCellByColumnAndRow (21, $row);
		$colunaV = $cell ->getValue();
		//===== Coluna W
		$cell = $worksheet -> getCellByColumnAndRow (22, $row);
		$colunaW = $cell ->getValue();
		//===== Coluna X
		$cell = $worksheet -> getCellByColumnAndRow (23, $row);
		$colunaX = $cell ->getValue();
		//===== Coluna Y
		$cell = $worksheet -> getCellByColumnAndRow (24, $row);
		$colunaY = $cell ->getValue();
		//===== Coluna Z
		$cell = $worksheet -> getCellByColumnAndRow (25, $row);
		$colunaZ = $cell ->getValue();
		
		/*
		//===== Coluna AA
		$cell = $worksheet -> getCellByColumnAndRow (26, $row);
		$colunaAA = $cell ->getValue();
		//===== Coluna AB
		$cell = $worksheet -> getCellByColumnAndRow (27, $row);
		$colunaAB = $cell ->getValue();
		//===== Coluna AC
		$cell = $worksheet -> getCellByColumnAndRow (28, $row);
		$colunaAC = $cell ->getValue();
		//===== Coluna AD
		$cell = $worksheet -> getCellByColumnAndRow (29, $row);
		$colunaAD = $cell ->getValue();
		//===== Coluna AE
		$cell = $worksheet -> getCellByColumnAndRow (30, $row);
		$colunaAE = $cell ->getValue();
		//===== Coluna AF
		$cell = $worksheet -> getCellByColumnAndRow (31, $row);
		$colunaAF = $cell ->getValue();
		//===== Coluna AG
		$cell = $worksheet -> getCellByColumnAndRow (32, $row);
		$colunaAG = $cell ->getValue();
		//===== Coluna AH
		$cell = $worksheet -> getCellByColumnAndRow (33, $row);
		$colunaAH = $cell ->getValue();
		//===== Coluna AI
		$cell = $worksheet -> getCellByColumnAndRow (34, $row);
		$colunaAI = $cell ->getValue();
		//===== Coluna AJ
		$cell = $worksheet -> getCellByColumnAndRow (35, $row);
		$colunaAJ = $cell ->getValue();
		//===== Coluna AK
		$cell = $worksheet -> getCellByColumnAndRow (36, $row);
		$colunaAK = $cell ->getValue();
		//===== Coluna AL
		$cell = $worksheet -> getCellByColumnAndRow (37, $row);
		$colunaAL = $cell ->getValue();
		//===== Coluna AM
		$cell = $worksheet -> getCellByColumnAndRow (38, $row);
		$colunaAM = $cell ->getValue();
		//===== Coluna AN
		$cell = $worksheet -> getCellByColumnAndRow (39, $row);
		$colunaAN = $cell ->getValue();
		//===== Coluna AO
		$cell = $worksheet -> getCellByColumnAndRow (40, $row);
		$colunaAO = $cell ->getValue();
		//===== Coluna AP
		$cell = $worksheet -> getCellByColumnAndRow (41, $row);
		$colunaAP = $cell ->getValue();
		//===== Coluna AQ
		$cell = $worksheet -> getCellByColumnAndRow (42, $row);
		$colunaAQ = $cell ->getValue();
		//===== Coluna AR
		$cell = $worksheet -> getCellByColumnAndRow (43, $row);
		$colunaAR = $cell ->getValue();
		//===== Coluna AS
		$cell = $worksheet -> getCellByColumnAndRow (44, $row);
		$colunaAS = $cell ->getValue();
		//===== Coluna AT
		$cell = $worksheet -> getCellByColumnAndRow (45, $row);
		$colunaAT = $cell ->getValue();
		//===== Coluna AU
		$cell = $worksheet -> getCellByColumnAndRow (46, $row);
		$colunaAU = $cell ->getValue();
		//===== Coluna AV
		$cell = $worksheet -> getCellByColumnAndRow (47, $row);
		$colunaAV = $cell ->getValue();
		//===== Coluna AW
		$cell = $worksheet -> getCellByColumnAndRow (48, $row);
		$colunaAW = $cell ->getValue();
		//===== Coluna AX
		$cell = $worksheet -> getCellByColumnAndRow (59, $row);
		$colunaAX = $cell ->getValue();
		//===== Coluna AY
		$cell = $worksheet -> getCellByColumnAndRow (50, $row);
		$colunaAY = $cell ->getValue();
		//===== Coluna AZ
		$cell = $worksheet -> getCellByColumnAndRow (51, $row);
		$colunaAZ = $cell ->getValue();
		
		*/
		
		
$insert_sql = "INSERT INTO timbr (colunaA, colunaB, colunaC, colunaD, colunaE, colunaF, colunaG, colunaH, colunaI, colunaJ, colunaK, colunaL, colunaM, colunaN, colunaO, colunaP, colunaQ, colunaR, colunaS, colunaT, colunaU, colunaV, colunaW, colunaX, colunaY, colunaZ) 
		VALUES ('$colunaA', '$colunaB', '$colunaC', '$colunaD', '$colunaE', '$colunaF', '$colunaG', '$colunaH', '$colunaI', '$colunaJ', '$colunaK', '$colunaL', '$colunaM', '$colunaN', '$colunaO', '$colunaP', '$colunaQ', '$colunaR', '$colunaS', '$colunaT', '$colunaU', '$colunaV', '$colunaW', '$colunaX', '$colunaY', '$colunaZ')";
		
		sc_exec_sql($insert_sql);
		sc_commit_trans();
		
	}
}

Ele importa as colunas e linhas acima, mas fica esse erro no debug e não consigo adicionar novas colunas para importação

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s - PRINT ABAIXO)’)’ at line 2

ADOConnection._Execute(INSERT INTO timbr (colunaA, colunaB, colunaC, colunaD, colunaE, colunaF, colunaG, colunaH, colunaI, colunaJ, colunaK, colunaL, c..., false) % line 1149, file: [adodb.inc.php](file:///C:/Program%20Files/NetMake/v9-php73/wwwroot/scriptcase/prod/third/adodb/adodb.inc.php) ADOConnection.Execute(INSERT INTO timbr (colunaA, colunaB, colunaC, colunaD, colunaE, colunaF, colunaG, colunaH, colunaI, colunaJ, colunaK, colunaL, c...) % line 2680, file: [controlCargaExcel_apl.php](file:///C:/Program%20Files/NetMake/v9-php73/wwwroot/scriptcase/app/webinarCargaExcel/controlCargaExcel/controlCargaExcel_apl.php) controlCargaExcel_apl.m_php_cargaExcel() % line 1734, file: [controlCargaExcel_apl.php](file:///C:/Program%20Files/NetMake/v9-php73/wwwroot/scriptcase/app/webinarCargaExcel/controlCargaExcel/controlCargaExcel_apl.php) controlCargaExcel_apl.Valida_campos(null, null, null) % line 1132, file: [controlCargaExcel_apl.php](file:///C:/Program%20Files/NetMake/v9-php73/wwwroot/scriptcase/app/webinarCargaExcel/controlCargaExcel/controlCargaExcel_apl.php) controlCargaExcel_apl.controle() % line 2046, file: [index.php](file:///C:/Program%20Files/NetMake/v9-php73/wwwroot/scriptcase/app/webinarCargaExcel/controlCargaExcel/index.php)

#2

Passa sc_sql_injection nas variáveis.
Esta vindo caractere do Excel que está quebrando a string para o Insert.

#3

Sr Haroldo. Obrigado pela ajuda. Estou lendo sobre essa macro para entender sua finalidade e aplicação.

#4

A finalidade dela é escapar caracteres que podem ingterferir na query ou injetar códigos sql maliciosos.

Imagine: Num cadastro de cliente, na razão social, o usuário troca o nome por (delete from clientes) por exemplo, o sql_inject transforma isso em uma string então a instrução sql não interpreta o conteúdo como sql.

#5

ficou assim:

VALUES (’$nome’ = sc_sql_injection($nome); ‘$colunaA’= sc_sql_injection($colunaA); ‘$colunaB’= sc_sql_injection($colunaB); ‘$colunaC’= sc_sql_injection($colunaC); ‘$colunaD’ = sc_sql_injection($colunaD); ‘$colunaE’= sc_sql_injection($colunaE); ‘$colunaF’= sc_sql_injection($colunaF); ‘$colunaG’= sc_sql_injection($colunaG); ‘$colunaH’= sc_sql_injection($colunaH); ‘$colunaI’= sc_sql_injection($colunaI); ‘$colunaJ’= sc_sql_injection($colunaJ); ‘$colunaK’= sc_sql_injection($colunaK); ‘$colunaL’= sc_sql_injection($colunaL); ‘$colunaM’= sc_sql_injection($colunaM); ‘$colunaN’= sc_sql_injection($colunaN); ‘$colunaO’= sc_sql_injection($colunaO); ‘$colunaP’= sc_sql_injection($colunaP); ‘$colunaQ’= sc_sql_injection($colunaQ); ‘$colunaR’= sc_sql_injection($colunaR); ‘$colunaS’= sc_sql_injection($colunaS); ‘$colunaT’= sc_sql_injection($colunaT); ‘$colunaU’= sc_sql_injection($colunaU); ‘$colunaV’= sc_sql_injection($colunaV); ‘$colunaW’= sc_sql_injection($colunaW); ‘$colunaX’= sc_sql_injection($colunaX); ‘$colunaY’= sc_sql_injection($colunaY); ‘$colunaZ’ = sc_sql_injection($colunaZ)";

e o erro persiste:

Fatal error: Uncaught PHPExcel_Reader_Exception: Could not open file C:\Users\jacks\Documents\Projeto-Between/ for reading. in C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\prod\third\phpexcel\PHPExcel\Reader\Abstract.php:202 Stack trace: #0 C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\prod\third\phpexcel\PHPExcel\Reader\Excel2003XML.php(96): PHPExcel_Reader_Abstract->_openFile(‘C:\Users\jacks\…’) #1 C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\prod\third\phpexcel\PHPExcel\IOFactory.php(280): PHPExcel_Reader_Excel2003XML->canRead(‘C:\Users\jacks\…’) #2 C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\prod\third\phpexcel\PHPExcel\IOFactory.php(191): PHPExcel_IOFactory::createReaderForFile(‘C:\Users\jacks\…’) #3 C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\app\carregarPlanilha\controlCargaExcel\controlCargaExcel_apl.php(2537): PHPExcel_IOFactory::load(‘C:\Users\jacks\…’) #4 C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\app\carregarPlanilha\controlCargaExcel\contr in C:\Program Files\NetMake\v9-php73\wwwroot\scriptcase\prod\third\phpexcel\PHPExcel\Reader\Abstract.php on line 202

#6

no erro anterior vc tinha erro de sql, esse sumiu. O outro erro, não está encontrando o arquivo ou ele não é legível como excel.

#7

verdade. muito bem observado. o xlsx é o mesmo que usei nos webnar da netmake e fincionou. aliás, na aplicação da netmake funciona, quando eu crio a minha – essa aí acima – dá esse erro.

Já havia alterado o caminho em Aplicação/configuração/Caminho dos Documentos. O arquivo está lá, não está aberto…

Agora travou tudo. Nem o suporte da netmake ajuda. eles dizem que isso tem que ser feito em aplicação formulário e li aqui nesse fórum que tem que ser controle.

Caso vc tenha alguma outra ideia, será bem-vinda. Caso não, já agradeço sua ajuda. graças a você avancei mais um passo.