I'm following a tutorial but it seems I'm either doing something wrong, or the tutorial is outdated.
The tutorial told me to run this query:
$recordsPerPage = 3;
$fromRecordNum = ($recordsPerPage * $page) - $recordsPerPage;
$query = $engine->runQuery("SELECT * FROM forum_posts ORDER BY id DESC LIMIT $fromRecordNum, $recordsPerPage WHERE topic_id=:topic");
$query->execute(array(':topic'=>$thread['id']));
But this appears to output this error:
Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near '-3, 3 WHERE topic_id='20''
at line 1'
I've tried looking up different tuturials about pagination but it seems they all use this technique.
I hope someone knows how to fix this! Thanks a lot!!
Related
I have a strange error:
I have that simple code:
$id = strip_tags($_SESSION["infos_profile_id"]);
$id_friend = strip_tags($_POST["update_user_chat_every_5_second"]);
$q = $bdd->query('SELECT * FROM message WHERE id_sender = '.$id_friend.' AND id_send_to = '.$id.' AND message_read = "0"');
It work fine on mysql.
But after hosting my website on mariadb server, It see that error.
PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AND message_read = "0"' at line 1' in
I have done everything to solve but I can't find where is really the error from.
Any help to solve that error ?
Thanks.
I agree with the comment from #MaxT above -- you should echo your SQL query after interpolating all variables into it. It's too difficult to debug when you're looking at code that formats an SQL query, instead of the query itself.
Comments are also correct that strip_tags() is not useful for SQL injection protection.
Query parameters are the best protection against SQL injection, and they help you avoid syntax errors too.
Here's what it would look like for your code:
$id = $_SESSION["infos_profile_id"];
$id_friend = $_POST["update_user_chat_every_5_second"];
$sql = 'SELECT * FROM message WHERE id_sender = :id_friend AND id_send_to = :id AND message_read = 0';
$q = $bdd->prepare($sql);
$q->execute( ['id'=>$id, 'id_friend'=>$id_friend] );
It's really very easy!
I'm running a query inside laravel 5.4 that looks like this:
->orderBy("
select ifnull(distance, 10) from location_distances as ld where ld.location1 = '".Auth::user()->location."' and ld.location2=(select ifnull(location,'') from users as usl where usl.id=statuses.user.id)", "desc")
Im getting the error:
SQLSTATE[42000]: Syntax error or access violation: 1064 Syntax error next to 'as `ld where ld.location1 = 'New york' and ld.location2=(select ifnull(locatio' in line 1
Appearently I cannot use select as inside a subquery, the problem is, this query works fine in phpmyadmin
Can you please help me out?
Thank you
I am trying to find Payouts where user_id equals 1 from the skyrim table along with it's relations.
The code I executed is:
$user_payout = Payout::fromTable('skyrim')->where('user_id',1)->with('game','cluster')->first();
dd($user_payout);
It gives me this error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'where user_id = ? limit 1' at line 1 (SQL: select * where user_id = 1 limit 1)
Any reason why this doesn't work?
Try to fetch the data first then do the eager loading of relations
$model = (new Payout)->setTable('skyrim')->where('user_id', 1)->first();
if($model) {
$model->load('game','cluster');
}
Im just trying for pagination in one of my project and I am getting an error like this
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0',5' at line 1
Please Help me..
You get this error because $go parameter is being inserted as string rather than int.
I recommend to bind parameters before execute. You can do it like this:
$stmt->bindParam(':go', $go, PDO::PARAM_INT);
My question today is that I'm trying to return an id after I inserted a new line into my DB.
$sql = ('INSERT INTO `tSections`(`sSection`, `pCity_id`) VALUES (:sSection, :pCity_id) RETURNING pSection_id');
$new_section = $DBH->prepare($sql);
Without the returning pSection_id it works fine. Any ideas or solution. I'm assuming that I just forgot something simple.
Hope to hear from you guys soon.
This is the error that it gives
Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'RETURNING pJob_Type_id' at line 1' in
There's no such thing as RETURNING in MySQL.
You're looking for PDO::lastInsertID().