This question already has answers here:
MySQL Insert query doesn't work with WHERE clause
(31 answers)
Closed 2 years ago.
please help me to solve this error.i tired from searching solution...
error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE name=NULL' at line 1
my database have 3 column=id(int),name(varchar),comment(varchar) and i want insert comment to it.
my php code :
<?php
include "./Config.php";
include './MyPDO.php';
$response = array() ;
$connect = MyPDO::getInstance();
$name = $_REQUEST['name'];
$comment=$_REQUEST['comment'];
$query = " INSERT INTO user "
. " (comment) "
. " VALUES "
. " (:comment) "
. " WHERE name=:name ";
$stmt = $connect->prepare($query);
$stmt->bindParam(":name",$name);
$stmt->bindParam(":comment",$comment);
try {
$stmt->execute();
$response['massage'] = "sucess";
echo json_encode($response);
exit;
} catch (PDOException $ex) {
$response['massage'] = "error";
$response['error']=$ex->getMessage();
echo json_encode($response);
}
Looks like you mixed the syntax here. You seem to want to update an existing record. Use
update user
set comment = :comment
where name = :name
insert if for creating a new record.
The insert into ... values() syntax does not take a where clause.
If you want to insert, then:
insert into user(name, comment) values(:name, :comment)
But actually it looks like you might want an update:
update users set comment = :comment where name = :name;
The former creates a new record in the table, with the given name and comment.
The latter modifies the already-existing record that has the same name and sets its comment value.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I realize the error pertains to syntax - I am fairly new to MySQL; but I usually know my way around. This error has been plaguing me for days! Any and all help would be appreciated, thanks!
ERROR:
Connected successfully! SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 USER EXISTS
CODE (I narrowed it down to these two functions, addUser() calls doesUserExist()):
function doesUserExist($user, $conn) {
try {
// Setting the query and runnin it...
$sql = "SELECT COUNT(email) FROM userinformation WHERE email = $user";
$result = $conn->query($sql);
// If it's greater than 0 then the account exists
if ($result != 0) {
echo "more than 0";
return true; // user exists
} else {
echo "0";
return false; // user does not exist
}
}
// Catching it if something went wrong.
catch(PDOException $e) {
echo $e->getMessage();
}
}
function addUser($user, $conn) {
echo $user;
// If user does not exist
if (doesUserExist($user, $conn) === false) {
// Add user to database (begin this process)
$sqlEntry = "INSERT INTO userinformation (email, password) VALUES('alexnord', 'password')";
$query = $conn->query($sqlEntry); // insert data into table
} else {
// Take to profile homepage
echo "USER EXISTS";
}
}
you forget single quotations for string input, your select query should be
$sql = "SELECT COUNT(email) FROM userinformation WHERE email = '$user'";
This question already has answers here:
delete * from table not working [closed]
(2 answers)
Clear data in MySQL table with PHP? [duplicate]
(7 answers)
Closed 7 years ago.
I am trying to delete entries from a mysql database by using a php file and for some reason it doesn't work. The connection (in "connect.php") works, as I am using the same file for my SELECT statements and those work. I am only having trouble with deleting them. Any ideas what I'm doing wrong?
Thanks in advance!
<?php
include "include/connect.php";
if($link === false){
die("ERROR: Could not connect. " . mysql_connect_error());
}
$word = (isset($_GET['email']) ? $_GET['email'] : null);
$sql = "DELETE * from tbl_sbs WHERE eml='" . word . "'";
$result = mysql_query($sql);
?>
You don't use * or column name for DELETE statement unless in WHERE clause for filtering purpose same as in SELECT statement. It should just be
$sql = "DELETE from tbl_sbs";
DELETE general syntax is
DELETE FROM TABLE_NAME WHERE COLUMN_NAME <comparison_operator> SOME_FILTER_CONDITION
So, in your case it should just be
$sql = "DELETE FROM tbl_sbs WHERE eml='" . $word . "'";
Error reporting would have thrown you an undefined constant word notice; IF that wasn't a typo in '" . word . "'.
The * and having checked for errors, would have thrown you the following:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '*
References:
https://dev.mysql.com/doc/refman/5.0/en/delete.html
http://php.net/manual/en/function.error-reporting.php
http://php.net/manual/en/function.mysql-error.php
And you must use the $ before a variable name (word)
$sql = "DELETE from tbl_sbs WHERE eml='" . $word . "'";
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 8 years ago.
In PHP I'm building, at least trying to, a query using named parameters like so...
$answerNumber = "a1";
$questionNumber = "q2";
$answerText = "Test Answer";
//INSERT QUERY
$sql = "INSERT INTO $questionNumber (:answerNumber) VALUES (:answerText)";
$stmt = $db->prepare($sql);
$stmt->bindValue(':answerNumber', $answerNumber);
$stmt->bindValue(':answerText', $answerText);
$stmt->execute();
$errorInfo = $stmt->errorInfo();
if(isset($errorInfo[2])){
$error = $errorInfo[2];
echo $error;
} else {
echo "No errors.";
};
But I keep getting an error thrown. The error returned...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''a1') VALUES ('Test Answer')' at line 1
Remove the :
INSERT INTO $questionNumber (:answerNumber) VALUES (:answerText)
here------------^
use the column name and not the parameter content. You column name is answerNumber, right? Because first you have to name the columns you want to insert into. Then list the values in that order. Example:
insert into users (id, name) values (1, 'John')
and in PDO
insert into users (id, name) values (:id, :name)
I'm trying to insert variables into my database where the user data comes from $_SESSION['user'].
<?php
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: login.php");
die("Redirecting to Login");
}
$user = $_SESSION['user'];
~calculations done~
$query = "INSERT INTO db (role,rolesub) VALUES ('$varRole','$varRoleSub') WHERE user = $user";
$query_params = array(
':role' => $varRole,
':roleSub' => $varRoleSub
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query 3: " . $ex->getMessage());
}
I keep getting this error:
Failed to run query 3: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user = Array' at line 1
I can not see where my WHERE clause is failing on me.
Any help would be greatly appreciated!!!
You cannot have a WHERE clause in an INSERT statement.
You're either looking for:
UDPATE db SET role = '$varRole', rolesub = '$varRoleSub' WHERE user = $user
Or:
INSERT INTO db (role,rolesub,user) VALUES ('$varRole','$varRoleSub',$user)
Or if you're feeling extra saucy, and user is your PK:
INSERT INTO db (role,rolesub,user) VALUES ('$varRole','$varRoleSub',$user)
ON DUPLICATE KEY UPDATE role = '$varRole', rolesub = '$varRoleSub'
INSERT queries do not and can not have a WHERE clause. This is the cause of the MySQL syntax error. If you need to insert based on some condition, you need to do that logic before the INSERT query.
If you want to do an UPDATE query then you can use the WHERE clause, however, the MySQL error shows $_SESSION['user'] is an array, which can't be put directly into SQL, so you'll need to access one of its elements such as $_SESSION['user']['id'].
First of all, IF you could have a WHERE in the same query as an INSERT, variables need to be separate from the string (outside of the quotes). BUT you CANT put a where clause into an INSERT.
So you could change this line:
$query = "INSERT INTO db (role,rolesub) VALUES ('$varRole','$varRoleSub') WHERE user = $user";
to:
$query = "INSERT INTO db (role,rolesub) VALUES (" . $varRole . ", " . $varRoleSub . ")";
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do I handle single quotes inside a SQL query in PHP?
Greeting ,
I have a small script which is used for applications and it saves questions answer into the database. The script is given below:
while(list($QKey,$QVal) = each($AppQuestions)) {
$result2= mysql_query("
INSERT INTO forum_app_answers (AID, AppID, Question, Answer)".
" VALUES (NULL, '$AppID', '$Questions[$QKey]', '$QVal')"
) or die(mysql_error());
Now the problem is that if someone write ' character in the answer , the data doesnt get saved. For simple writing its okay . The problem is only if the answer contains ' in it. any help will be highly appreciated tx
The following error occures:
You Have An Error In Your SQL Syntax; Check The Manual That Corresponds To Your MySQL Server Version For The Right Syntax To Use Near 's GF. Channel Services')' At Line 1
Use prepared statements. Look up PDO and use prepared statements.
mysql_ is deprecated.
After connecting with $dbh = new PDO(),
$sql = 'sql';
$stmt = $dbh->prepare($sql);
$stmt->execute($params);
do the following:
$QVal = $mysqli->real_escape_string($QVal);
$query = "INSERT INTO forum_app_answers (AID, AppID, Question, Answer)
VALUES (NULL, '$AppID', '$Questions[$QKey]', '$QVal')";
// $mysqli is previously defined
$mysqli->query($query);
if ($mysqli->errno !=0){
printf("you have an error in your query %s", $mysqli->error);
}
You may try:
while(list($QKey,$QVal) = each($AppQuestions)) {
$result2= mysql_query("
INSERT INTO forum_app_answers
(AID, AppID, Question, Answer)". "
VALUES (
NULL,
'$AppID',
'$Questions[$QKey]',
'". mysql_real_escape_string($QVal). "')
") or die(mysql_error());
Without mysql_real_escape_string() your script also has huge security issues.