PHP PDO REPLACE works in phpadmin but not in php - php

Trying to update the record (timestamp) if it exists or insert a new record if it doesn't exist.
Table is:
id = int 12 primary key, auto increment
userid = int 12
viewerid = int 12
viewDateTime = TIMESTAMP
This sql works in phpmyadmin but not in php
SELECT #id := id FROM `profileViews` WHERE `userid` = 31 AND `viewerid` = 30 LIMIT 1;
REPLACE INTO `profileViews`(id, `userid`, `viewerid`, `viewDateTime`)
VALUES (#id, 31, 30, now());
Here is the php version:
$INSERTViewSQL = "SELECT #id := id FROM `profileViews` WHERE `userid` = ? AND `viewerid` = ? LIMIT 1;
REPLACE INTO `profileViews`(id, `userid`, `viewerid`, `viewDateTime`)
VALUES (#id, ?, ?, now());";
try{
$DBConnection->prepare($INSERTViewSQL)->execute([$profileid, $_SESSION["id"], $profileid, $_SESSION["id"]]);
} catch(PDOException $e) {
file_put_contents($ErrorLogFileForPDO, 'update view : ' .$e->getMessage()."\n", FILE_APPEND);
}
Here is the error message:
update view : SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'REPLACE INTO profileViews(id, userid, viewerid, viewDateTime)
VALUES (#i' at line 2
Thanks‼️


MySQL document says:
SQL syntax for prepared statements does not support multi-statements (that is, multiple statements within a single string separated by ; characters).
So you need to fetch id value first, execute replace statement after that.
$stmt = $DBConnection
->prepare("SELECT id FROM ...");
$stmt->execute([$profileid, $_SESSION["id"]]);
$id = $stmt->fetchColumn();
$DBConnection
->prepare("REPLACE INTO ...");
->execute([$id, $profileid, $_SESSION["id"]]);

Related

mysqli query gets syntax error but phpmyadmin works

While the following query works with phpmyadmin, when I use mysqli->query(), a syntax error occurs
START TRANSACTION;
SELECT Value INTO #Increment FROM SystemConfiguration WHERE `Key` = 'POIncrement' FOR UPDATE;
UPDATE SystemConfiguration SET Value = Value + #Increment WHERE `Key` = 'POID';
COMMIT;
The syntax error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Value INTO #Increment FROM SystemConfiguration WHERE `Key` = 'POIncrement' at line 2
Is it that mysqli prepares the query and adds something in?

$sql = <<<SQL
START TRANSACTION;
SELECT Value
INTO #Increment
FROM SystemConfiguration
WHERE `Key` = 'POIncrement' FOR UPDATE;
UPDATE SystemConfiguration
SET Value = Value + #Increment
WHERE `Key` = 'POID';
COMMIT;
SQL;
$res = mysqli_multi_query($connection, $sql);

Something mysterious with PHP, PDO (probably not MySQL) SQLSTATE[42000](1064)

Something really strange is happening with the following query, when I try it on PhpMyAdmin it works flawlessly, but when I run it from PHP I get the following error.
I'm using PDO...
Maybe I'm blind, or maybe it's the fact that I've been working for so many hours, the thing is that I don't see anything wrong.
Error message
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO downsync (id, signature) VALUES ('1','b01c0d494aca29162d815346d0de5f' at line 2
The query... Highlighted version (http://pastebin.com/dkYRJCS1)
CREATE TEMPORARY TABLE IF NOT EXISTS downsync (`id` int(11) NOT NULL, `signature` VARCHAR(250) NOT NULL);
INSERT INTO downsync (id, signature) VALUES ('1','b01c0d494aca29162d815346d0de5fd3'),
('2','bc3d25e2a527a20779914f5c7dc181e5'),
('3','89bc5c4e013aea0b28e61561ada05770'),
('4','8ce1daecd2a20c23b1c3344dac07880a'),
('6','0a679dc54c3654933329fc7bbf01c401'),
('7','40e6af407141ab652a4cad01f2f30a05'),
('9','331e12d5136a24483a12a0610f0ecd80'),
('10','570e68fd6cccd91aaf1173845739d9ab'),
('11','603e6a77d56a21597563119b319aaf67'),
('12','7649d3e71223cf543994189fe4053670'),
('14','825d0a186fd938eb0417a1bf3e30d9c3'),
('15','4a66d12f56b9ff93332b7c841c986751'),
('16','7de9d51199cdd316d869510fe97f584c'),
('17','7ef58d702ea43e02398f3f983c8292f3'),
('18','430c864532d3352691c76a9517f54498'),
('19','11a0e5cd2497166b0f85f3e318e6ff2f'),
('20','9771222ec70e55722e2582f3238f4e44'),
('21','bffd7ce7a4b59bb439a98ae898e3a703'),
('22','daf986c8682f856b1828cd4b1c8888b7'),
('23','3fecc9e7e6291b0ea12bbe60c46d361b'),
('24','41e49696971f00648f3a3e5971ea765d'),
('25','0f58aa0ffa8fd6efeb3bb4ccee590d44');
SELECT `downsync.id`,
IF(MD5(CONCAT(
customers.id,
IFNULL(customers.full_name,0),
IFNULL(customers.phone,0),
IFNULL(customers.mobile,0),
IFNULL(customers.email,0),
IFNULL(customers.address,0),
IFNULL(customers.zipcode,0),
IFNULL(customers.city,0),
IFNULL(customers.state,0),
IFNULL(customers.country,0),
IFNULL(customers.gmaps_addrs,0)
)) = signature,1,0) as unchanged
FROM downsync
INNER JOIN customers ON downsync.id = customers.id;
The Code...
"Here's the PHP source, I'm a little slow right now, sorry for forgetting it... ;)"
$query = "
CREATE TEMPORARY TABLE IF NOT EXISTS downsync (`id` int(11) NOT NULL, `signature` VARCHAR(250) NOT NULL);
INSERT INTO downsync (id, signature) VALUES ('1','b01c0d494aca29162d815346d0de5fd3'),
('2','bc3d25e2a527a20779914f5c7dc181e5'),
('3','89bc5c4e013aea0b28e61561ada05770'),
('4','8ce1daecd2a20c23b1c3344dac07880a'),
('6','0a679dc54c3654933329fc7bbf01c401'),
('7','40e6af407141ab652a4cad01f2f30a05'),
('9','331e12d5136a24483a12a0610f0ecd80'),
('10','570e68fd6cccd91aaf1173845739d9ab'),
('11','603e6a77d56a21597563119b319aaf67'),
('12','7649d3e71223cf543994189fe4053670'),
('14','825d0a186fd938eb0417a1bf3e30d9c3'),
('15','4a66d12f56b9ff93332b7c841c986751'),
('16','7de9d51199cdd316d869510fe97f584c'),
('17','7ef58d702ea43e02398f3f983c8292f3'),
('18','430c864532d3352691c76a9517f54498'),
('19','11a0e5cd2497166b0f85f3e318e6ff2f'),
('20','9771222ec70e55722e2582f3238f4e44'),
('21','bffd7ce7a4b59bb439a98ae898e3a703'),
('22','daf986c8682f856b1828cd4b1c8888b7'),
('23','3fecc9e7e6291b0ea12bbe60c46d361b'),
('24','41e49696971f00648f3a3e5971ea765d'),
('25','0f58aa0ffa8fd6efeb3bb4ccee590d44');
SELECT `downsync.id`,
IF(MD5(CONCAT(
customer.id,
IFNULL(customer.name,0),
IFNULL(customer.email,0),
IFNULL(customer.gmaps_addrs,0)
)) = signature,1,0) as unchanged
FROM downsync
INNER JOIN commerces ON downsync.id = commerces.id;
";
echo '<pre>';var_dump($query);echo '</pre>';
try {
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$stmt = $pdo->query($query);
//> I tried to commet this and use the query method but it didn't work
//$stmt->setFetchMode(PDO::FETCH_ASSOC);
//$stmt->execute($params);
$results = $stmt->fetchAll();
}
catch(Exception $e) {
echo 'Exeption:<pre>';var_dump($e->getMessage());echo '</pre><hr>';
echo 'Error Obj.: <pre>';var_dump($e);echo '</pre>';
}

Solution:
Separating the 3 queries did the trick
$query1 = 'CREATE TEMPORARY TABLE IF NOT EXISTS....';
$query2 = 'INSERT INTO downsync...';
$query3 = 'SELECT downsync.id...';
...
$stmt = $pdo->query($query);
$stmt = $pdo->query($query2);
$stmt = $pdo->query($query3);
Thanks #lafor, #Prava - Mindfire Solutions, #Ravinder

PHP PDO update statement fails

The below sql UPDATE statement returns an error but I'm unable to see why:
Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 6
I already did a vardump of the array that I pass to bind the parameters but I see nothing unusual. The correct values are passed and I double checked for typos.
What I try to accomplish is to auto-generate a username based on firstname - lastname and user_id after insertion into the database.
Perhaps additional question: do you see any harm in that and if so, what is your suggestion?
I'm still in PHP learning phase.
Thanks.
...
//Autogenerate user_name based on first name, last name and user_id (auto-increment)
$query_username = "
UPDATE user_tbl
SET
user_name = :username
WHERE
user_id = :userid
)
";
// The parameter values
$query_params_username = array(
':username' => $_SESSION['user']['first_name'].".".$_SESSION['user']['last_name'].$_SESSION['user']['user_id'],
':userid' => $_SESSION['user']['user_id']
);
try
{
// Execute the query against the database
$stmt_username = $db->prepare($query_username);
$stmt_username->execute($query_params_username);
}
catch(PDOException $ex)
{
//Not to be used in production
die("Failed to run query: " . $ex->getMessage());
}
$_SESSION['user']['username'] = $_SESSION['user']['first_name'].".".$_SESSION['user']['last_name'].$_SESSION['user']['user_id'];

You had a closing parentheses after user_id = :userid
Try the following:
$query_username = "
UPDATE user_tbl
SET
user_name = :username
WHERE
user_id = :userid
";

Try doing this:
$query_username = "
UPDATE `user_tbl`
SET `user_name` = :username
WHERE `user_id` = :userid
";
There seems to be a lost ) character in your code.

PHP PDO UPDATE query with bind params

I'm trying to run the following query:
$sth = "UPDATE `users` SET users_password VALUES (:hash) WHERE users_id = $users_id";
$q = $conn->prepare($sth);
$q->execute(array(':hash'=>$hash));
But Im getting the following:
Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('$2y$12$Ao46iC7W9Lj8FFfSmAaeoeQs9O.3QRVtDbHAyvpzH90YIUN61ma8i') WHERE us' at line 1'
Any ideas?
(and yes the code isn't in a try, catch block yet just experimenting at them moment with a few things)

change this
$sth = "UPDATE `users` SET users_password VALUES (:hash) WHERE users_id = $users_id";
to
$sth = "UPDATE `users` SET users_password = :hash WHERE users_id = $users_id";

PDO - Invalid syntax for UPDATE query

I am getting the error, SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= time + '1' WHERE username = 'admin-test'' at line 1 when I attempt to preform the following query:
try
{
$sth = $dbh->prepare("UPDATE alltimehighscores time = time + :time
WHERE username = :username");
$arr = array(
':username' => $username,
':time' => $time
);
$sth->execute($arr);
}
catch (PDOException $e)
{
echo $e->getMessage();
exit();
}
The $time and $username values are assigned earlier on from $_GET. $dbh is also assigned above, which is working fine as there is another query above which executes fine.
Looking at the error message I can see that time isn't being changed into the current database value so I am assuming that there must be a different way of doing this when using PDO.

You're missing a SET
UPDATE alltimehighscores SET time = time + :time WHERE username = :username

SET is missing:
UPDATE alltimehighscores SET `time` = `time` + :time
WHERE username = :username

Categories