I have a error in my SQL statement. I am using NULL in my command and I guess thats the problem, but I am not sure. So what am I doing wrong here ?
Code:
function run()
{
$sql = "UPDATE %%EVENT%% SET lock = NULL WHERE 'lock' IS NOT NULL";
Database::get()->update($sql);
}
Error:
USER ERROR: "SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'lock = NULL WHERE 'lock' IS NOT NULL' at line 1
Try removing the apostrophes around the second 'lock':
UPDATE %%EVENT%% SET lock = NULL WHERE lock IS NOT NULL
Without knowing the SQL dialect you're using it's hard to further diagnose the issue. It's possible that lock is a reserved keyword. What are you trying to achieve with %%EVENT%%? I assume you're trying to use wildcard.
Related
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 4 years ago.
I am having problems running a PDO execute and returns an error in MySQL syntax.
The code is as follows:
try {
global $connect;
$arr = array(':ranked' => $db_rank, ':tier' => $db_tier, ':id' => $_SESSION['user_id']);
$query = $connect->prepare('UPDATE users SET :ranked = :tier WHERE id = :id');
$query->execute($arr);
} catch (PDOException $e) {
echo $e->getMessage();
}
where $db_rank returns a string with the column name(conversion from json) and $db_tier returns a joined string(again conversion from json).
It is inside a loop that should update 1-3 columns, but upon execution an exception is thrown:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name1>' = '<value1>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name2>' = '<value2>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name3>' = '<value3>' WHERE id = '3'' at line 1
It should probably be because of the passing of the table column as a variable, in which case how should I proceed to loop it with 3 different pre-set table names without making it spaghetti code ?
Found my answer:
Should prepare the statement with " and not with ' because inside the array the type changes 3 times(once from function, once from passing and once from PREPARE statement). The variables themselve are const and are fetched using a whitelist already(upon decoding from the json request).
this is my code:
TableName::db()->updateAll(array('updated' => 'NOW()'), "WHERE userID
= ". (string)$id);
This is the errormessage i get:
CDbCommand failed to execute the SQL statement: SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'WHERE userID = 1043' at line
1. The SQL statement executed was: UPDATE TableName SET updated=:yp0 WHERE WHERE userID = 1043;. Bound with :yp0='NOW()'
The SQL Update Query will succesfully executed, but i want to fix this error.
Somebody have a hint for me how to fix this error?
Solution:
TableName::model()->updateAll(array('updated' => new CDbExpression('NOW()')), "userID= ". (string)$id);
The SQL Update Query will succesfully. Good luck to you
I'm using CakePHP 2.9.9.
I want to use prepared statement in query method, but got syntax error.
code is below
$query = 'CREATE TABLE IF NOT EXISTS ? (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY)';
$this->User->query($query, array('dynamic_table_name'));
error message is this.
Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''dynamic_table_name' (id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY)' at line 1
Why escape by single quote like ''dynamic_table_name' ?
How to fix it?
I'm trying to insert some data into database, but something is off here. Cannot catch what it is and I'm hoping someone might be able to tell me what's going on with this one.
My table looks somewhat like this:
CREATE TABLE IF NOT EXISTS `db_name`.`order` (
`orderID` INT NOT NULL AUTO_INCREMENT,
`order_ordernumber` VARCHAR(200) NOT NULL,
`order_orderweight` INT NOT NULL,
... And other columns as well, but all NULL
ENGINE = InnoDB
I'm using Symfony2-framework and it's DBAL-insert here:
$conn->insert('order', array(
'order_ordernumber' => $this->orderid,
'order_orderweight' => $this->totalweight
));
"$this->orderid" is string variable, and "$this->totalweight" is int.
And it gives this error-message:
An exception occurred while executing 'INSERT INTO order (order_ordernumber, order_orderweight) VALUES (?, ?)' with params ["000001", 900]:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (order_ordernumber, order_orderweight) VALUES ('000001', '900')' at line 1
500 Internal Server Error - DBALException
1 linked Exception: PDOException ยป
I can do the same query on pure sql and it works, this one doesn't. What on earth is going on with this one?
order is a reserved keyword in MySQL : http://dev.mysql.com/doc/refman/5.6/en/reserved-words.html
You have to use backquotes arround the word to prevent this error. But a better recommendation would be to prefix your table.
Today I got an unusual response when trying to make a few queries, here is the error output.
[17-Feb-2014 12:37:24 America/Denver] PHP Warning: PDOStatement::execute():
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in
your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near 'key = 'AH3D'' at line 1 in file on line 28
Here is the code I was using, this is how i've always done it.
public function get($key = null) {
$get = $this->conn->prepare("SELECT url FROM urls WHERE key = :get");
$get->execute(array(':get' => $key));
return $get->fetch();
}
How I call the function.
echo $tiny->get($_GET['key']);
Key is a mysql reserved keyword you need to use back-ticks arround your columns name key
$get = $this->conn->prepare("SELECT url FROM urls WHERE `key` = :get");
Mysql Reserved Words