Syntax error or access violation: 1064 in code [duplicate] - php

This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 4 years ago.
I am having problems running a PDO execute and returns an error in MySQL syntax.
The code is as follows:
try {
global $connect;
$arr = array(':ranked' => $db_rank, ':tier' => $db_tier, ':id' => $_SESSION['user_id']);
$query = $connect->prepare('UPDATE users SET :ranked = :tier WHERE id = :id');
$query->execute($arr);
} catch (PDOException $e) {
echo $e->getMessage();
}
where $db_rank returns a string with the column name(conversion from json) and $db_tier returns a joined string(again conversion from json).
It is inside a loop that should update 1-3 columns, but upon execution an exception is thrown:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name1>' = '<value1>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name2>' = '<value2>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name3>' = '<value3>' WHERE id = '3'' at line 1
It should probably be because of the passing of the table column as a variable, in which case how should I proceed to loop it with 3 different pre-set table names without making it spaghetti code ?

Found my answer:
Should prepare the statement with " and not with ' because inside the array the type changes 3 times(once from function, once from passing and once from PREPARE statement). The variables themselve are const and are fetched using a whitelist already(upon decoding from the json request).

Related

PHP Yii1 Syntax error or access violation: 1064

this is my code:
TableName::db()->updateAll(array('updated' => 'NOW()'), "WHERE userID
= ". (string)$id);
This is the errormessage i get:
CDbCommand failed to execute the SQL statement: SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'WHERE userID = 1043' at line
1. The SQL statement executed was: UPDATE TableName SET updated=:yp0 WHERE WHERE userID = 1043;. Bound with :yp0='NOW()'
The SQL Update Query will succesfully executed, but i want to fix this error.
Somebody have a hint for me how to fix this error?
Solution:
TableName::model()->updateAll(array('updated' => new CDbExpression('NOW()')), "userID= ". (string)$id);
The SQL Update Query will succesfully. Good luck to you

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error onds to your MySQL s se vnom)' at line 1

$sql = 'INSERT INTO employee (cin,nom) VALUES(:cin,:nom)';
try{
$requete=$db->query($sql);
$requete->bindValue(':cin',$emp->GetCin(),PDO::PARAM_STR);
$requete->bindValue(':nom',$emp->GetNom(),PDO::PARAM_STR);
$requete->execute();
}
catch(Exception $e)
{
die("erreur".$e->getMessage());
}
When executing this code, the following error arises:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':cin,:nom)'
How to fix?
$db->query() executes the query as is.
The query you are using requires that you first prepare the statement, bind parameters and then execute the query. Otherwise, the tuple after VALUES is interpreted as data.
In order to fix this, use $db->prepare(). (Docs)
$requete=$db->prepare($sql);
$requete->bindValue(':cin',$emp->GetCin(),PDO::PARAM_STR);
$requete->bindValue(':nom',$emp->GetNom(),PDO::PARAM_STR);
$requete->execute();

$sql="SELECT * FROM billing ORDER BY billing_no limit :go,5";$stmt = $db->prepare($sql);$stmt ->execute(array(':go'=>$go));

Im just trying for pagination in one of my project and I am getting an error like this
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0',5' at line 1
Please Help me..
You get this error because $go parameter is being inserted as string rather than int.
I recommend to bind parameters before execute. You can do it like this:
$stmt->bindParam(':go', $go, PDO::PARAM_INT);

SQLState error when binding parameters

Today I got an unusual response when trying to make a few queries, here is the error output.
[17-Feb-2014 12:37:24 America/Denver] PHP Warning: PDOStatement::execute():
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in
your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near 'key = 'AH3D'' at line 1 in file on line 28
Here is the code I was using, this is how i've always done it.
public function get($key = null) {
$get = $this->conn->prepare("SELECT url FROM urls WHERE key = :get");
$get->execute(array(':get' => $key));
return $get->fetch();
}
How I call the function.
echo $tiny->get($_GET['key']);
Key is a mysql reserved keyword you need to use back-ticks arround your columns name key
$get = $this->conn->prepare("SELECT url FROM urls WHERE `key` = :get");
Mysql Reserved Words

MYSQL IN Clause error

I have used the below code in mysql query:
$all_PIDs=array();
foreach($pID as $p)
{
$all_PIDs[]=$p->ID;
}
$AIDS=implode(',',$all_PIDs);
$table_tsk = new Timesheets_Table_Tasks();
$select_tsk = $table_tsk->select()
->from($table_tsk, array
(
'Total'=>'SUM(timesheets_tasks.Time)',
'Charged'=>'SUM(timesheets_tasks.Time_Charged)'
))
->where('timesheets_tasks.ProjectID IN ('.$AIDS.')')
;
But using the above code I am getting the following error:
"An error has occured
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '))' at line 1"
I have added a quotation mark(") for IN clause. But the problem is the query only displays for the first $AIDS number. Could someone help me to clear the error?
Thanks!
It should be specified as:
->where('timesheets_tasks.ProjectID IN (?)', $all_PIDs)
so you're passing an array of integers, not the comma-separated list of it
On your codes the quotes are not part of your MySQL query but only your PHP portion. DO this
$AIDS= "'".implode("','",$all_PIDs)."'";
And then
>where('timesheets_tasks.ProjectID IN ('.$AIDS.')'

Categories