I have the following db query that is looking up rows in a MySql table that end in a certain pattern.
$res = db_query('SELECT identifier FROM {rules_scheduler} WHERE identifier LIKE %:schid', array(':schid' => '_' . $sch_id));
foreach ($res as $rec) {
scheduler_delete_schedule($component, $rec->identifier);
}
But this results in the following error...
PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '%'_591'' at line 1: SELECT identifier FROM {rules_scheduler}
WHERE identifier LIKE %:schid; Array ( [:schid] => _591 ) in
_callback_delete_scheduled_notifications()
So it looks like my :schid token is correctly being replaced with _591 , but there seems to be a single inverted comma between the % and the under score. I cant for the life of me figure out why!
I don't know what {rules_scheduler} is supposed to be, so I'll provide you with a query string that works with the wildcard:
$query = "SELECT identifier FROM rules_scheduler WHERE identifier LIKE CONCAT('%', :schid)";
$res = db_query($query, [':schid' => '_' . $sch_id]);
Related
When trying to update my database I get a SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':summary, wentWell:wentWell, ' error. Would really appreciate some help since I have been trying to solve this problem for days now.
This is the code I use to update the database (journal.php):
public function updateJournal($array) {
$query = "UPDATE journal SET
summary:summary,
wentWell:wentWell,
doBetter:doBetter,
ideas:ideas,
mood:mood,
motivation:motivation,
concentration:concentration,
tranquility:tranquility,
physical:physical WHERE id=:journalId";
$stmt = $this -> connection -> prepare($query);
$stmt -> execute();
}
I use an array (updateJournal.php) to send the data to the updateJournal-Function (journal.php):
$checkJournal -> updateJournal([
"summary" => $summaryField,
"wentWell" => $wentWellField,
"doBetter" => $doBetterField,
"ideas" => $ideasField,
"mood" => $sliderValueMood,
"motivation" => $sliderValueMotivation,
"concentration" => $sliderValueConcentration,
"tranquility" => $sliderValueTranquility,
"physical" => $sliderValuePhysical,
"journalId" => $journalId
]);
This is my Database:
Database
first in your set query the syntax is wrong, you need to replace : with = .
Then no variable of the array is passed in your query you would need something like :
$query = "UPDATE journal SET summary=".$array['summary'].",
wentWell=".$array['wentWell'].",...
I recommend you to look for sql update doc and maybe some php help
The correct and safe way to do this is to use bound parameters like so (you were almost there):
public function updateJournal($array) {
$query = "UPDATE journal SET
summary=:summary,
wentWell=:wentWell,
doBetter=:doBetter,
ideas=:ideas,
mood=:mood,
motivation=:motivation,
concentration=:concentration,
tranquility=:tranquility,
physical=:physical WHERE id=:journalId";
$stmt = $this->connection->prepare($query);
$stmt->execute($array);
}
You were only missing the equal signs in the assignements, which is what caused the syntax error.
I want to perform this mysql search :
SELECT ida, MotsClef FROM Actes WHERE MATCH (MotsClef )
AGAINST ('+"dette" +"plège"' IN BOOLEAN MODE);
Using php, I use regular expressions to add the +" and " to the expressions received via $_POST so a var_dump gives :
'motcle' => string '+"dette" +"plège"'
So that's fine too. However, I use prepared statements using PDO class and I have this piece of code for that:
if($r['motcle']!=''){
$motclef = $r['motcle'];
$demMotsClef = " AND WHERE MATCH (MotsClef ) AGAINST (:motsclef IN BOOLEAN MODE) ";
}
else{
$demMotsClef='';
}
than:
$f = "SELECT COUNT(*) FROM Actes, Bibliographie WHERE id = idBiblio".$demMotsClef;
$demande = $this->prepare($f);
if($r['motcle']!=''){$demande->bindValue(':motsclef',stripslashes($motclef));}
$demande->execute(); //the error is on this line//
I get a MySQL error message saying I have an error in your SQL syntax:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near 'WHERE MATCH (MotsClef ) AGAINST
('+\"dette\" +\"plège\"' IN BOOLEAN MODE) AND a' at line 1' in
/Library/WebServer/Documents/messources/actions.class.php on line 547.
The error in mysql syntax is that the slashes are added, hence the use of stripslashes (doesn't work).
Any idea on how to solve that - I would rather not change ini settings either in php.ini or in a .php function since that would mess up all my other mysql requests.
Thanks!
Ohh, well took me a while to find the error but this is definetly wrong:
$demMotsClef = " AND WHERE MATCH (MotsClef ) AGAINST (:motsclef IN BOOLEAN MODE) ";
$f = "SELECT COUNT(*) FROM Actes, Bibliographie WHERE id = idBiblio".$demMotsClef;
If you look at this, you'll have double WHERE, which is not allowed, you should make this change:
$demMotsClef = " AND MATCH (MotsClef ) AGAINST (:motsclef IN BOOLEAN MODE) ";
Because putting NULLs inside the variables gives headache here in PHP, I resorted to explicitly putting NULL on the prepared statement
The script is a csvupload script originally came from here Import CSV into MySQL
$linemysql = implode("','",$linearray);
$linemysql = "'".$linemysql."'";
$sql="SELECT * FROM `".$tblmei."` WHERE `".$shuHint."` = ".$linearray[0];
$stmt = $setsu->query($sql);
$rwCnt=$stmt->rowCount();
if ($rwCnt==0){
$fumeiKazu=substr_count($linemysql,"'Unknown'");
echo "<br>fumeiKazu=".$fumeiKazu;
if ($fumeiKazu==1)
{
$fumeiPos=mb_strpos($linemysql,"'Unknown'");
$l1=mb_substr($linemysql,0, $fumeiPos);
echo "<br>l1=".$l1;
$sfumeiPos=$fumeiPos+9;
echo "<br>sfumeiPos=".$sfumeiPos;
$l2=mb_substr($linemysql,$sfumeiPos);
echo "<br>l2=".$l2;
echo "<br>".$l1.NULL.$l2;
$tsuika = $setsu->prepare("INSERT INTO ".$tblmei." VALUES (".$l1.NULL.$l2.")");
$tsuika->execute();
$dataHaitaKazu++;
}
}
The idea of this php script block is when it finds Unknown, post it as NULL as the row's Risk during query
I made sure the the Risk column in the table structure phpmyadmin accepts null and default is null.
This is what I came up
$tsuika = $setsu->prepare("INSERT INTO ".$tblmei." VALUES (".$l1.NULL.$l2.")");
And it yiedls this error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,'testArea','0')' at line 1' in
I am getting and error when I enter any special character in artist_as field. Error no 1064 in CodeIgniter while entering the data with special character " or '
Here is my model code:
$this->db->query("Delete from tv_cast where tv_id = '{$tvid}'");
if(array_key_exists('tv_cast_as_artist_id', $post)){
$count = count($post['tv_cast_as_artist_id']);
$i = 0;
$this->db->query("Delete from tv_cast where tv_id = '{$tvid}'");
while($i < $count){
$this->db->query("Insert into tv_cast (tv_id, artist_id,artist_as)
Values ('{$tvid}','{$post['tv_cast_as_artist_id'][$i]}','{$post['tv_cast_as_artist_as'][$i]}'
)");
$i++;
}
}
Error I am getting:
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Ex-Boyfriend' )' at line 2
Insert into tv_cast (tv_id, artist_id,artist_as) Values ('29','7174','Rashmi's Ex-Boyfriend' )
Filename: /home/divazmed/public_html/design/models/admin_model.php
Line Number: 612
It looks like your artist_as field has not been escaped properly.
Use something like:
$data = array(
'tv_id' => $tvid ,
'artist_id' => $post['tv_cast_as_artist_id'][$i] ,
'artist_as' => $post['tv_cast_as_artist_as'][$i]
);
$this -> db -> insert('tv_cast', $data);
All of your values will be auto-escaped producing safer queries, etc
You can read more about the Codeigniter Active Record class here:
http://ellislab.com/codeigniter/user-guide/database/active_record.html#insert
For adding data in mysql:
html_entities(mysql_real_escape_string($variable));
For print on page you can use:
html_entity_decode(stripslashes($variable));
when i try to execute an update statement i got the following error :
Erreur : SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Issy-les-Moulineaux ' where ssiphone_idstation=46' at line 1
my update statement is :
$bdd->exec("update ssiphone_stationdeservice set $cle='$element' where ssiphone_idstation=$id");
this is in a php code, THX in advance for your help :)
$cle and $element are in array, my code is :
foreach($table1 as $cle => $element)
{
$bdd->exec("update ssiphone_stationdeservice set $cle='$element' where ssiphone_idstation=$id");
}
now table1 is an array which contain the columns name of my table and its values :
$table1=array();
$table1['ssiphone_etatstation']=$etat;
$table1['ssiphone_commerce']=$commerce;
$table1['ssiphone_stationdelavage']=$lavage;
$table1['ssiphone_typescarburants']=$lescarburants;
$table1['ssiphone_joursdelasemaine']=$jourssemaines;
$table1['ssiphone_horaires ']=$this->horaires;
$table1['ssiphone_telephone ']=$telephone;
$table1['ssiphone_sensdecirculation ']=$this->sensDeCirculation;
$table1['ssiphone_adresse ']=$this->adresse;
$table1['ssiphone_ville']=$this->ville;
$table1['ssiphone_departement']=$this->departement;
$table1['ssiphone_nomstation ']=$this->nomStation;
Most likely your $cle variable isn't set, making the query look like:
... set ='Issy-les-moulineaux ' where ...
comment followup:
Change your code to look like this, then:
$query = "update ssiphone_stationdeservice set $cle='$element' where ssiphone_idstation=$id";
$result = $bdd->exec($query);
if ($result === FALSE) {
print_r($bdd->errorInfo());
die("Query: " . $query);
}
This way you have the complete query string in a variable you can inspect (e.g. by echoing out). Obviously there's something wrong with the query - but the mysql error string doesn't show the entire query, so you have to take measures to capture it.