This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 4 years ago.
Im trying to add an extra AND statement to my SQL query.
I work fine as:
SELECT * FROM tsv WHERE YEAR(`Reporting Date`) = 2017 AND MONTH(`Reporting Date`) = 6
But when I try to add the extra line (AND ISRC = QZERG1727327) in the end it dosen´t work any more
SELECT * FROM tsv WHERE YEAR(`Reporting Date`) = 2017 AND MONTH(`Reporting Date`) = 6 AND ISRC = QZERG1727327
It´s hard to find any solutions online, I really don´t know what to do.
Strings in SQL have to be enclosed in single quotes, so your query should be
SELECT * FROM tsv
WHERE YEAR(`Reporting Date`)=2017 AND MONTH(`Reporting Date`)=6
AND ISRC='QZERG1727327'
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 3 years ago.
I'm working on a website, and I have encountered with an strange MySQL behaviour. I'm trying to use an MySQL Update Query with multiple WHERE Clauses.
$name = $_POST['username'];
$updatequery1 = "UPDATE OTP SET 'Project' = 'ANETSignupUsed' WHERE Name = '$name' AND HashedOTP = '$hashedotp' ";
$sqlconnection->query($updatequery1);
die("DONE");
Note that I've already defined $hashedotp.
When I try doing the same thing in MySQL Console it works pretty well, and I've made sure that the user used to define $sqlconnection has Update rights.
I've tried solutions DESCRIBED
HERE
HERE
I've spent hours searching about it, but to no avail.
Thanks a lot in advance!
Try this Remove single quote from your query
$updatequery1 = "UPDATE OTP SET Project = 'ANETSignupUsed' WHERE Name = '$name' AND HashedOTP = '$hashedotp' ";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I think I have all the syntax correct here but for some reason my table will not update when this code is executed. Does anyone know why?
Here is the code of my php page:
<?php
include_once("connexionMysql.php");
if(isset($_GET['valider'])){
$titreIci=$_GET['titre'];
$idIci=(int)$_GET['id'];
$preparedStatement = $bdd->prepare("UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'");
$preparedStatement->bindValue(':titreIci', $titreIci);
$preparedStatement->bindValue(':idIci', $idIci);
$preparedStatement->execute();
}
header("Location: pageDaccueilAdmin.php");
?>
You should remove the quotes.
Instead of this:
UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'
Do this:
UPDATE AY_albums SET titre=:titreIci WHERE id=:idIci
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Using LIKE in bindParam for a MySQL PDO Query [duplicate]
(2 answers)
Closed 7 years ago.
I'm trying to get PDO to return the results of a wildcard search. My code is:
$search = "%Notes%";
$result = $db->prepare("SELECT * FROM books WHERE 'name' LIKE :search");
$result->bindParam(':search', $search);
$result->execute();
while($arr = $result->fetch(PDO::FETCH_ASSOC)){
echo $arr['name'];
}
At the moment, I get a blank screen. If I run the sequel through PHPMyAdmin:
SELECT * FROM books WHERE name LIKE '%Notes%'
I get the appropriate result.
I assume it's something to do with the way I am formatting my PDO statement, I know you can't have a dynamic column name but I don't see what is going wrong?
in your query you have 'name' change that to just backticks instead of quotes
aka
$result = $db->prepare("SELECT * FROM `books` WHERE `name` LIKE :search");
you can also just remove the backticks
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I made a query like this:
INSERT INTO slider ('h1', 'h2', 'data-bg', 'data-img', 'data-url', 'status') VALUES ('Lalala', 'Lalala', 'http://localhost/mares.com.br-final/images/backgrounds/black_thumb.jpg', 'http://localhost/mares.com.br-final/images/banners/papeis_2015.png', 'http://lalala.com', 1)
But it's not working and phpMyAdmin says the syntax is incorrect.
So I tried adding a line through phpMyAdmin and it gave me back a query, I cleaned it, to take away some elements that I'm not inserting in my query, and tried it, and it works...
Here's the phpMyAdmin's query:
INSERT INTO slider (`data-img`, `data-bg`, `data-url`, `h1`, `h2`, `status`) VALUES ('images/lalal.jpg', 'images/back/lalala.jpg', 'http://lalal.com', 'Oi', 'Olá', '1')
Obs: I alredy tried to change ' for ` (the symbol to add code here) int he columns names.
The querys are identical to me, so why my query is wrong and phpMyAdmin's is not?
Your using single quotes for column which is wrong, instead of using single code for column use Backticks.
wrong syntax : ('h1', 'h2', 'data-bg', 'data-img', 'data-url', 'status')
right syntax : (`data-img`, `data-bg`, `data-url`, `h1`, `h2`, `status`)
for more refer the below link When to use single quotes, double quotes, and backticks in MySQL
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
This string works:
$sql = 'SELECT * FROM Bar_Info WHERE b_id=' .
$db->real_escape_string($_GET['b_id']);
However, this one does not:
$sql = 'SELECT * FROM Bar_Info WHERE BarLink=' .
$db->real_escape_string($_GET["BarLink"]);
b_id are variables and BarLink are names of bars some including hyphens. An example being: granite-city
Is there any reason the second example of code would not work?
You need to quote your SQL parameters:
$sql = 'SELECT * FROM Bar_Info WHERE BarLink=\'' . $db->real_escape_string($_GET["BarLink"]).'\'';
The first query likely works because you just use numbers, but the second one uses a string.
PS: Quoting is necessary in both cases as otherwise you are vulnerable to SQL injection.
strings in SQL queries have to be surrounded by quotation marks, while integers don't. So if "BarLink" contains strings, you'll have to add those:
$sql = 'SELECT * FROM Bar_Info WHERE BarLink="' . $db->real_escape_string($_GET["BarLink"]).'"';