Please help I have no clue what is wrong here. I have submitted the error and the actual query below.
Error:
UPDATE `WWM_Login` SET `Username`='RyzeAlchemist',`Email`='smadger#live.co.uk',`FirstName`='test',`MiddleName`='test',`LastName`='test',`DiscordID`='#RyzeAlchemist#6043',`P_openCompletedOrders`=1,`P_openCurrentOrders`=1,`P_openRequestedOrders`=1,`P_openCreateAnOrder`=1,`P_OpenEditUsers`=0,`P_CreateStaff`=1,`P_CreateClient`= WHERE UserID = 9
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE UserID = 9' at line 1
Query:
"UPDATE `WWM_Login` SET `Username`='$uid',`Email`='$email',`FirstName`='$firstname',`MiddleName`='$middlename',`LastName`='$lastname',`DiscordID`='$DiscordID',`P_openCompletedOrders`=$field[1],`P_openCurrentOrders`=$field[2],`P_openRequestedOrders`=$field[3],`P_openCreateAnOrder`=$field[4],`P_OpenEditUsers`=$field[5],`P_CreateStaff`=$field[6],`P_CreateClient`=$field[7] WHERE UserID = $id"
The error seems to be towards the end of your query:
`P_CreateClient`= WHERE
Shouldn't this be:
`P_CreateClient`='x' WHERE
Where x is the value you want to set
Encase your variables in single quotes, like so:
P_CreateStaff`= '$field[6]'
This way, if there is an empty to NULL value it will take it as such. I see some of your variables are encased in signle quotes, but that particular variable is not so when there is no value MySQL is trying to look for a value equal to WHERE, so it's taking your WHERE clause as the condition for P_CreateStaff. To avoid this, encase all your variables in single quotes.
Related
I've been using this for loop to insert information into my database:
$values = array();
for($x=1;$x<=3;$x++){
$values[]= $_POST["FCKeditor".$x];
}
echo implode(",",$values);
$sql = "INSERT INTO virus (v1,v2,v3) VALUES(".implode(",",$values).")";
However, when I looked at the result on the webpage, it gave me this message:
a1
,b2
,c3
INSERT INTO virus (v1,v2,v3) VALUES(a1
,b2
,c3
)You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '>,b2
,c3
)' at line 1
Can someone help solve this issue?
Very likely the problem is the missing quotes, and you probably wanted something like the following for your values portion:
"'".implode("','",$values)."'"
Which gives you something like:
'abc','xyx','123'
Of course I am assuming that they are all of string type. If some are not, then you need to make sure strings are quoted and numbers are not etc.
The best is for sure to use place holders, then you do not need to go through this trouble at all.
Long story short, I'm trying to write a PHP code that will parse a text file into MySQL queries. Everything works fine except for the queries, which consist of UPDATE statements.
The entire code is kinda long, but if you want to see it - http://pastebin.com/xVR6ArD0
Here is just the part which is problematic :
while ($i<=$no_collumns)
{
$j = $i-1;
if (!
mysql_query
("UPDATE ResultsPredmet
SET ${parsed_collumns[$i]} = '${parsed_words[$j]}'
WHERE ${parsed_first_collumn} LIKE '${parsed_first_word}'")
)
{echo mysql_error()."\n"; break;}
// echo "\nUPDATE ResultsPredmet SET ${parsed_collumns[$i]} = '${parsed_words[$j]}' WHERE ${parsed_first_collumn} LIKE \"${parsed_first_word}\"";
$i++;
}
... where $parsed_collumns and $parsed_words are arrays of strings and $parsed_first_collumn and $parsed_first_word are strings.
I tried all combinations of quotes and escapes for the variables. I tried putting them in double quotes and escaping them, or double quotes and concatenating them, then maybe i thought it was the fact that I was comparing strings via the '=' operator so i tried with 'LIKE'. I googled for several hours and everywhere people said to use single quotation marks for variables so I tried that too and it didn't work.
In the end I echoed the queries and I get:
UPDATE ResultsPredmet SET grade = '10' WHERE name LIKE "Vildur"
UPDATE ResultsPredmet SET index = '117/2010' WHERE name LIKE "Vildur"
Updating table.
UPDATE ResultsPredmet SET grade = '6' WHERE name LIKE "NinoDoko"
UPDATE ResultsPredmet SET index = '132/2011' WHERE name LIKE "NinoDoko"
Updating table.
UPDATE ResultsPredmet SET grade = '10' WHERE name LIKE "Koco"
UPDATE ResultsPredmet SET index = '130/2011' WHERE name LIKE "Koco"
Done.
Which seem fairly fine to me. Other queries I got were the same only with the names with single quotes around them, or with no quotes or any other combinations.
The errors I get are :
Updating table.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'index = '117/2010' WHERE name LIKE 'Vildur'' at line 1
Updating table.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'index = '132/2011' WHERE name LIKE 'NinoDoko'' at line 1
Updating table.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'index = '130/2011' WHERE name LIKE 'Koco'' at line 1
Apparently, the server that I'm using is MariaDB 5.5, but after a bit of research I figured it would be similar to just generic MySQL, though I might be completely off. The "Updating table." is just a random echo in my code. I've also tried the query without indenting it, still got the same errors. The values I get for grade and index are strings - or at least I hope so, since I'm getting them with explode().
index is a reserved word
UPDATE ResultsPredmet SET `index` = '10' WHERE name LIKE 'Vildur'
http://dev.mysql.com/doc/refman/4.1/en/reserved-words.html
Why this:
$query = "SET NAMES 'utf8'";
$query = str_replace("'", "\'", $query);
$pdo->query($query);
Would cause problem?
I'm currently getting this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'utf8\''
If I don't escape it, everything's fine, but the problem exists with further queries!
The sql you are trying to run is perfectly safe as is, it contains no user input and as such can be run without escaping.
Also you are actually escaping the delimiters of a string, not the value of the string itself.
You don't have to escape every single quote in a query, some are valid such as:
UPDATE table SET field='blah' WHERE id=10
Where field would be a varchar or similar. You would escape the quotes if they need to be part of the value of the field, such as:
UPDATE table SET field='This \'value\' uses quotes.' WHERE id=10
Hope that makes sense.
been learning php for 3 weeks now and i find myself with a simple error that does not make sense:
I cant see what is wrong with this code.
Could someone please point me to why this is happening.
Its a simple insert and set sql query which is like this:
code:
$insertresults = "UPDATE usage SET message='".$message."',islive='".$islive."' WHERE id=1";
$insertresults_doit = mysql_query($insertresults) OR die(mysql_error());
the error i am getting is this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usage SET message='hello',islive='0' WHERE id=1' at line 1
as you can see, the variables are correct and to what i can see the sql string is correct also.
Thanks
Your table name, usage, is actually a reserved word in MySQL. You'll have to quote it with backticks:
UPDATE `usage` SET ...
$insertresults = "UPDATE usage SET message=$message,islive=$islive WHERE id=1";
$insertresults_doit = mysql_query($insertresults) OR die(mysql_error());
You don't need to wrap the variables the way you did, give this a try :) Taking a look at that error shows you the extra ' surrounding the column names - you don't want that.
Try removing the quotes from $islive
Check whether you have a single quote in the variable values. It is always better to escape it before using in the sql statement
$message=addslashes($message);
$islive=addslashes($islive);
$insertresults = "UPDATE usage SET message='".$message."',islive='".$islive."' WHERE id=1";
$insertresults_doit = mysql_query($insertresults) OR die(mysql_error());
Assuming both the columns are of varchar type
"UPDATE usage SET message='{$message}',islive='{$islive}' WHERE id=1" – Nick 21 mins ago
#Nick i still get the exact same error if i use braces and even if i do not use the ' on int's the message is a message and the islive is either a 0 or a 1. – Robert 6 mins ago
#Robert, have you made sure $message and $islive has been properly escaped? use: addslashes() or mysql_real_escape_string()
moved to answer (grew)
hi all i have a field "ammount" in mysql database which have "varchar(50)" type. When i insert data into that field e.g ammount= 4 kg its ok but when i update that field it gives me the following error.
Error in query: UPDATE ingredients SET ingredient_name='test recipe',ammount=4 gm where ingredient_id='59'. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'gm where ingredient_id='59'' at line 1
and my query is
$query="UPDATE ingredients SET ingredient_name='$ingredient',ammount=$ammount where ingredient_id='$ingredient_id'";
1) The correct spelling is "amount".
2) You should not be using variable interpolation like this for an SQL query. It is very unsafe. Use a prepared statement.
3) You didn't put quotes around $amount when defining $query, so they don't end up in the final substituted query string. Look closely at the error message: it shows you the query that SQL tried to process. Notice how it says ammount=4 gm? It can't handle that, because there are no quotes.
If you use prepared statements like you are supposed to, the quoting takes care of itself.
Your query has:
...,ammount=4 gm where...
which is incorrect. You need quotes around 4 gm.
Change
,ammount=$ammount where
to
,ammount='$ammount' where