This question already has answers here:
how to add ` character to sql queries in cakephp 3
(2 answers)
Closed 4 years ago.
Here is my code:
$conn = \Cake\Datasource\ConnectionManager::get('default');
$conn->logQueries(true);
$entities[] = $this->patchEntity($entity, $insertData);
$this->saveMany($entities);
And its generating the following insert header:
INSERT INTO aneel_sdi_razao_sintetico (Ide_RO_Sintetico, Cd_ODI, Cd_SubODI, Txt_Desc_ODI, Nr_TI, Txt_Tipo_Obra, Txt_Class_Obra, Vl_UC/UAR, Vl_COM, Vl_Proj_ST, Vl_Mont_ST, Vl_Frete_ST, Vl_Fis_ST, Vl_Sup_ST, Vl_Ger_ST, Vl_Proj_MOP, Vl_Mont_MOP, Vl_Frete_MOP, Vl_Fis_MOP, Vl_Sup_MOP, Vl_Ger_MOP, Vl_Tot_CA, Vl_JOA, Vl_Outros, Vl_Tot_Proj, Dt_Ini_Proj, Dt_Energ, Dt_Uniti, Pct_OE, txt_PLPT_OE, txt_Doa_OE, txt_Incor_OE, Nr_Fases, SDI_importacoes_id) VALUES ...
And the following error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/UAR, Vl_COM, Vl_Proj_ST, Vl_Mont_ST, Vl_Frete_ST, Vl_Fis_ST, Vl_Sup_ST, Vl_Ger_' at line 1
The problem is the field "Vl_UC/UAR" must have this "/" and i don't know how to place the "`" character to make the MySQL accept it.
Someone know how to make it work?
If a column contains a / it needs to be quoted and the backtick is an subshell in PHP so:
\`Vl_UC/UAR\`
However its probably easier to rename the column.
Related
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
When I try to insert data where with code:
$query = dbConnect()->prepare("INSERT INTO users(key) WHERE mail='$mail' VALUES ('$key')");
I'm using XAMPP, it gives me an error:
Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'key) WHERE mail='maciej#localhost' VALUES (key)' at line 1 in C:\xampp\htdocs\PHP7_login\restore\index.php:38
You should use backticks for key (because is a reserved word)
and not use where
"INSERT INTO users(`key`) VALUES ('$key')"
or if you need an update
"UPDATE users
set `key` = '$key'
where mail = '$mail'"
The guess is that you want update:
update users
set key = '$key'
where mail = '$mail' ;
You should also learn to use parameters for values in queries. Substituting strings into the query string introduces the possibility of unexpected errors and makes the code vulnerable to SQL injection attacks.
This question already has answers here:
Mysql + php with special characters like '(Apostrophe) and " (Quotation mark)
(8 answers)
Closed 9 years ago.
Query Error : CALL spCheckUserMailAccount('way2waymail#gmail.com',
'2', 'D'cruz', 'way2waymail#gmail.com') Details: You have an error in
your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near 'cruz',
'way2waymail#gmail.com')' at line 1
Query Error : CALL spAddMailAccount('way2waymail#gmail.com', '2',
'D'cruz', 'way2waymail#gmail.com', '123456', 'smtp.gmail.com', '465')
Details: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'cruz', 'way2waymail#gmail.com', '123456', 'smtp.gmail.com',
'465')' at line 1
Try encapsulating values with double quotes. Some thing like CALL spCheckUserMailAccount("way2waymail#gmail.com", "2", "D'cruz", "way2waymail#gmail.com"). If you still get errors, try using mysql_real_escape_string.
Ref: http://php.net/manual/en/function.mysql-real-escape-string.php
Whenever inserting fields into a db always check for single quotes. If you have already inserted them then I believe you will have to use the REPLACE function to retrieve the proper value
SELECT REPLACE(Customer_Name, '\'', '') FROM table
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 9 years ago.
This is where I think it´s the problem...
$sql1 = "SELECT `puntos_globales`, '$juego'
FROM `lista_jugadores` WHERE `id_jugador`='$noTop'";
This is the error message:
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "blackOps2'='1' WHERE `id_jugador` = '10" at line 1
$juego .. is a php variable that holds the column name; in this case blackOps2. I don´t know why in the error says blackOps2'='1'??
from the error it seems you didnt provide the true query and it looks you have two where clause
blackOps2='1' WHERE `id_jugador` = '10"
try do it like that
WHERE `id_jugador` = '10' AND blackOps2='1'
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 9 years ago.
$tconn = new PDO('mysql:host='.WW_HST.';dbname='.WW_DB, WW_USR, WW_PS);
$res = $tconn->prepare('SELECT * FROM :tbl');
$res->execute(array(':tbl'=>"ugb"));
When I use this code to draw data from the 'ugb' table, I get the following error:
'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''ugb'' at line 1'
So it's correctly substituting :tbl for 'ugb' but whether I do a bind or just execute with an array, I always get an error. It works fine if I just do SELECT * FROM ugb though.
How can I correct this problem?
PDO does not allow you to set variables in FROM.
You only could add table name in query string.
I usually do by this way:
$allowedTables = array('first', 'second', 'third');
if(in_array($tblName, $allowedTables)) {
$$res = $tconn->prepare("SELECT * FROM $tblName");
}
I don't think that PDO will allow you to bind a parameter to the FROM statement. You could try manualy escaping the table name parameter and after that adding it to the query like this:
$table = "ugb";
$tconn = new PDO('mysql:host='.WW_HST.';dbname='.WW_DB, WW_USR, WW_PS);
$res = $tconn->prepare('SELECT * FROM '. $tconn->quote($table));
$res->execute();
Hope this helps.
This question already has an answer here:
How to insert into MySQL using a prepared statement with PHP [duplicate]
(1 answer)
Closed 9 years ago.
I'm getting the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' DStormr', 'ddo.png', 'Online:' at line 1`
The sql is the following:
"UPDATE articulo SET '".$nombre."', '".$imagen."', '".$text."', '".$precio."', '".$popup."', ".$genero_id.
" WHERE id=".$id"";
What am I missing/not seeing?
When you do an UPDATE you need to SET key = 'value'.