I am getting the following error on a website. I create ticket for this reason in my hosting provider. It told me "You need to edit the select query, not a select query suitable for the mariadb version on the server." they said.
error_log File:
[25-Dec-2021 19:50:24 Europe] PHP Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'and dripfeed= 2' at line 1 in /home/user/public_html/script.php:461
Stack trace:
#0 /home/user/public_html/script.php(461): PDO->query('SELECT * FROM o...')
#1 /home/user/public_html/index.php(35): require_once('/home/user/...')
#2 {main}
thrown in /home/user/public_html/script.php on line 461
script.php File:
$dripfeedvarmi = $conn->query("SELECT * FROM demo WHERE user=$user_id and dripfeed=2");
if ($dripfeedvarmi->rowCount())
{
$dripfeedcount = 1;
}
else
{
$dripfeedcount = 0;
}
Current DB Version: 10.2.41-MariaDB-cll-lve
PHP Version: 7.4.25
OS: Linux
Thank you in advance for your help.
even if the MySQL syntax is correct, do not write code like this. Always prepare your query to make it secure!
Try this example:
$query = 'SELECT * FROM demo WHERE user = ? AND dripfeed = ?';
$array = array($user_id, 2);
$init = $conn->prepare($query);
$init->execute($array);
$rowCount = $init->rowCount();
if($rowCount > 0){
$dripfeedcount = 1;
}else{
$dripfeedcount = 0;
};
Also if you are storing the id of the user, so why the column name is not user_id instead of user? Be clean...
You can also try like this to execute the query using prepare() and execute() methods.
$dripfeedvarmi = $conn->prepare("SELECT * FROM demo WHERE user=:user and dripfeed=:dripfeed");
$dripfeedvarmi->execute([':user'=>$user_id,':dripfeed'=>2]);
if ($dripfeedvarmi->rowCount()>0)
{
$dripfeedcount = 1;
}
else
{
$dripfeedcount = 0;
}
Related
I'm trying to do a form to insert values on a data base, but it's not working.
In fact, I used to use a VM that is now dead. And when I switched to Xammp my program didn't work anymore.
$titre = $_POST["titre"];
$categorie = $_POST["categorie"];
$portion = $_POST["portion"];
$heure_cuiss = $_POST["heure_cuiss"];
$minute_cuiss = $_POST["minute_cuiss"];
$heure_prepa = $_POST["heure_prepa"];
$minute_prepa = $_POST["minute_prepa"];
$heure_rep = $_POST["heure_rep"];
$minute_rep = $_POST["minute_rep"];
$cuiss = $_POST["cuiss"];
$cost = $_POST["cost"];
$dif = $_POST["dif"];
$histoire = $_POST["histoire"];
$region = $_POST["region"];
$temps = intval($heure_cuiss) + intval($minute_cuiss)/60 + intval($heure_prepa) + intval($minute_prepa)/60 + intval($heure_rep) + intval($minute_rep)/60;
$query = $bdd -> prepare('INSERT INTO recette (titre, categorie, portion, heure_cuiss, minute_cuiss, heure_prepa, minute_prepa, heure_rep, minute_rep , cuiss, cost, dif, histoire, region, temps)
VALUES(:titre, :categorie, :portion, :heure_cuiss, :minute_cuiss, :heure_prepa, :minute_prepa, :heure_rep, :minute_rep, :cuiss, :cost, :dif, :histoire, :region, :temps)');
$query -> execute(array('titre'=>$titre, 'categorie'=>$categorie, 'portion'=>$portion, 'heure_cuiss'=>$heure_cuiss, 'minute_cuiss'=>$minute_cuiss, 'heure_prepa'=>$heure_prepa, 'minute_prepa'=>$minute_prepa, 'heure_rep'=>$heure_rep, 'minute_rep'=>$minute_rep, 'cuiss'=>$cuiss, 'cost'=>$cost, 'dif'=>$dif, 'histoire'=>$histoire, 'region'=>$region, 'temps'=>intval($temps)));
I get this error
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'portion, heure_cuiss, minute_cuiss, heure_prepa, minute_prepa, heure_rep, min...' at line 1 in C:\xampp\htdocs\ptut\upload\back-index.php:46 Stack trace: #0 C:\xampp\htdocs\ptut\upload\back-index.php(46): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\ptut\upload\back-index.php on line 46
I've tried to rewrite my database, to write my insert with '?' but nothing works.
I've been working on this problem for 5 hours. I really need your help !
Thanks, Thomas
Make sure your password is empty like this :
$bdd = new PDO('mysql:host=localhost;dbname=yourDataBase', 'root', '');
I'm getting:
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'LIMIT 1' at
line 1'
I'm trying to upgrade some code from MySQL 5.6 to 5.7 and I'm not sure how to rewrite this?
public function getPlayerInfo($uid){
$this->session->newQuery();
$sqlSelect = "SELECT COUNT(*) AS total, login, gameIP, homeIP, gamePass, email FROM users WHERE id = $uid LIMIT 1";
$data = $this->pdo->query($sqlSelect)->fetch(PDO::FETCH_OBJ);
if($data->total == 0){
exit();
}
To clarify what this does, it's supposed to return relevant player data, for example, further down in this file, I have:
if($doomStats['DOOM']['clanID'] == 0){
$doomedBy = ''.self::getPlayerInfo($doomStats['DOOM']['creatorID'])->login.'';
} else {
$clan = new Clan();
$clanInfo = $clan->getClanInfo($doomStats['DOOM']['clanID']);
$doomedBy = ''.$clanInfo->name.'';
$doomedBy .= ' <span class="small nomargin">(Released by '.self::getPlayerInfo($doomStats['DOOM']['creatorID'])->login.')</span>';
}
I hope this clarifies.
using count without an aggregate function? eg: groupby also put $uid in single quotes
I want to add data to my table with stored procedure, but I have this error:
Gönder
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)' at line 1' in C:\xampp\htdocs\berat\isyerikayit.php:142 Stack trace: #0 C:\xampp\htdocs\berat\isyerikayit.php(142): PDO->query('CALL isyerikayi...', 2) #1 {main} thrown in C:\xampp\htdocs\berat\isyerikayit.php on line 142
<?php
if (isset($_POST['gonder']))
{
$adi = $_POST["adi"];
$calismaturu = $_POST["calismaturu"];
$iscigucu = $_POST["iscigucu"];
$hizmetturu = $_POST["hizmetturu"];
$butce = $_POST["butce"];
if($calismaturu == 'V')
{
$sorgu= $db->query("CALL isyerikayitV($adi,$calismaturu,$iscigucu,$hizmetturu)",PDO::FETCH_ASSOC);
echo '<script>alert("Hizmet Veren Firma Eklendi.");</script>';
}
else
{
$sorgu= $db->query("CALL isyerikayitE($adi,$calismaturu,$butce)",PDO::FETCH_ASSOC);
echo '<script>alert("Hizmet Edilen Firma Eklendi.");</script>';
}
}
?>
My isyerikayitE() and isyerikayitV procedures are 7.
It seems that $iscigucu is empty:
"that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)'"
And all your string variables are missing the quotes:
A quick solution is to do:
$iscigucu = empty($_POST["iscigucu"]) ? "''" : "'".$_POST["iscigucu"]."'";
for each one of them.
or
$iscigucu = "'".$iscigucu."'"
But the right way to solve this is to use prepared statements:
$call = mysqli_prepare($mysqli, 'CALL test_proc(?, ?, ?, ?)');
mysqli_stmt_bind_param($call, 'ssss', $adi,$calismaturu,$iscigucu,$hizmetturu);
mysqli_stmt_execute($call);
Take a look at: http://php.net/manual/en/mysqli-stmt.bind-param.php
i am having a problem with my script in php/mysql. here is the error displayed by the server:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'if exists (select * from notificacoes where uid in () order by id desc' at line 1' in C:\wamp\www\bigui\classes\Notificacoes.class.php on line 57
and here is my php code:
static function listar(){
$strIdAmigos = Amizade::$strIdAmigos;
$query = self::getConn()->query('select * from notificacoes where uid in ('.$strIdAmigos.') order by id desc');
return $query->fetchAll(PDO::FETCH_ASSOC);
}
my table in the mysql is empty, with no values. when i insert a value in it, the error goes away and everything is fine. any help?
If $strIdAmigos is empty, it causes syntax errors.
Before you execute this query, you should check the $strIdAmigos value whether it's empty or not to avoid this issue. Not to forget to escape the values if needed.
When you run your query with nothing in the variable $strIdAmigos, it will error out.
Try initializing and/or checking your variable, $strIdAmigos, before running your query:
$strIdAmigos = "";
if (empty($strIdAmigos)) {
/* Uh oh, throw an error */
} else {
$query = self::getConn()->query('select * from notificacoes where uid in ('.$strIdAmigos.') order by id desc');
}
Note that if $strIdAmigos = "0" , the empty($strIdAmigos) will still evaluate to true and, hence, will NOT run the query.
i have this code:
static public function getLastNewMessage($profile_id)
{
$c = new Criteria();
$subSelect = "rc_message_box_table.profile_id_from NOT IN ( SELECT rc_blocklist_table.profile_id_block FROM rc_blocklist_table WHERE profile_id = $profile_id ) and rc_message_box_table.profile_id_to=$profile_id and opened_once = 0";
$c->add(self::PROFILE_ID_TO, $subSelect, Criteria::CUSTOM);
$c->addAsColumn("lastRow", MAX(self::ID));
//$subSelect2 = "max(rc_message_box_table.id)";
//$c->add(self::ID, $subSelect2, Criteria::CUSTOM);
return self::doSelect($c);
}
and get this error:
500 | Internal Server Error | PropelException [wrapped: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS lastRow FROM rc_message_box_table` WHERE rc_message_box_table.profile_id_fro' at line 1]
i just want the record of MAX(auto-increment-field) on the rc_message_box_table and this field is ID
i have tried the commented out lines as well but nothing works. i dont know how to achieve this..please help?
thank you
There is an extra ` in your SQL, where does that come from? It is right next to:
AS lastRow FROM rc_message_box_table`