this is my code:
TableName::db()->updateAll(array('updated' => 'NOW()'), "WHERE userID
= ". (string)$id);
This is the errormessage i get:
CDbCommand failed to execute the SQL statement: SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'WHERE userID = 1043' at line
1. The SQL statement executed was: UPDATE TableName SET updated=:yp0 WHERE WHERE userID = 1043;. Bound with :yp0='NOW()'
The SQL Update Query will succesfully executed, but i want to fix this error.
Somebody have a hint for me how to fix this error?
Solution:
TableName::model()->updateAll(array('updated' => new CDbExpression('NOW()')), "userID= ". (string)$id);
The SQL Update Query will succesfully. Good luck to you
Related
I'm trying to upload information to my DB but it keeps giving me a syntax error.
$query = "INSERT INTO `klant` (`naam`,`adres`,`postcode`,`email`,`nieuwsbrief`) VALUES ($naam,$adres,$postcode,$plaats,$email,$nieuwsbrief)";
The query I use should work as it's the same as in PHPMyAdmin.
The error I receive:
PHP Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '4,1234AB,Rotterdam,email#gmai.com,1)'
Two errors:
There are five columns specified in your insert query, but you're trying to put in six values. They should match. (plaats is missing)
String values should have quotes "" around them in insert statements.
Also, rickdenhaan touched on a good point. Using variables like this is dangerous as it allows for SQL injection, especially if the variables are populated by the public.
I have a error in my SQL statement. I am using NULL in my command and I guess thats the problem, but I am not sure. So what am I doing wrong here ?
Code:
function run()
{
$sql = "UPDATE %%EVENT%% SET lock = NULL WHERE 'lock' IS NOT NULL";
Database::get()->update($sql);
}
Error:
USER ERROR: "SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'lock = NULL WHERE 'lock' IS NOT NULL' at line 1
Try removing the apostrophes around the second 'lock':
UPDATE %%EVENT%% SET lock = NULL WHERE lock IS NOT NULL
Without knowing the SQL dialect you're using it's hard to further diagnose the issue. It's possible that lock is a reserved keyword. What are you trying to achieve with %%EVENT%%? I assume you're trying to use wildcard.
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 4 years ago.
I am having problems running a PDO execute and returns an error in MySQL syntax.
The code is as follows:
try {
global $connect;
$arr = array(':ranked' => $db_rank, ':tier' => $db_tier, ':id' => $_SESSION['user_id']);
$query = $connect->prepare('UPDATE users SET :ranked = :tier WHERE id = :id');
$query->execute($arr);
} catch (PDOException $e) {
echo $e->getMessage();
}
where $db_rank returns a string with the column name(conversion from json) and $db_tier returns a joined string(again conversion from json).
It is inside a loop that should update 1-3 columns, but upon execution an exception is thrown:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name1>' = '<value1>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name2>' = '<value2>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name3>' = '<value3>' WHERE id = '3'' at line 1
It should probably be because of the passing of the table column as a variable, in which case how should I proceed to loop it with 3 different pre-set table names without making it spaghetti code ?
Found my answer:
Should prepare the statement with " and not with ' because inside the array the type changes 3 times(once from function, once from passing and once from PREPARE statement). The variables themselve are const and are fetched using a whitelist already(upon decoding from the json request).
$sql = 'INSERT INTO employee (cin,nom) VALUES(:cin,:nom)';
try{
$requete=$db->query($sql);
$requete->bindValue(':cin',$emp->GetCin(),PDO::PARAM_STR);
$requete->bindValue(':nom',$emp->GetNom(),PDO::PARAM_STR);
$requete->execute();
}
catch(Exception $e)
{
die("erreur".$e->getMessage());
}
When executing this code, the following error arises:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':cin,:nom)'
How to fix?
$db->query() executes the query as is.
The query you are using requires that you first prepare the statement, bind parameters and then execute the query. Otherwise, the tuple after VALUES is interpreted as data.
In order to fix this, use $db->prepare(). (Docs)
$requete=$db->prepare($sql);
$requete->bindValue(':cin',$emp->GetCin(),PDO::PARAM_STR);
$requete->bindValue(':nom',$emp->GetNom(),PDO::PARAM_STR);
$requete->execute();
Im just trying for pagination in one of my project and I am getting an error like this
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0',5' at line 1
Please Help me..
You get this error because $go parameter is being inserted as string rather than int.
I recommend to bind parameters before execute. You can do it like this:
$stmt->bindParam(':go', $go, PDO::PARAM_INT);