I am trying to Insert data from a form with the use of a query. The query ( below ) has a WHERE clause to pick a position from visitorsystem.position.
$query = "INSERT INTO visitorsystem.employee(idNumber,name,surname,position,email)
VALUES ('$idNumber','$name','$surname',SELECT positionid FROM visitorsystem.position WHERE position LIKE '%$position%','$email')";
When executed the following error is given. I have tried adding quotes and single quotes around the SELECT...WHERE clause with no luck. Any ideas if the problem is with the query itself or the SELECT...WHERE clause ?
Error in query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near '','fdsf',SELECT positionid FROM visitorsystem.position WHERE
position LIKE '%inf' at line 2
Change your query to :
$query = "INSERT INTO visitorsystem.employee(idNumber,name,surname,position,email)
SELECT '$idNumber','$name','$surname',positionid,'$email' FROM visitorsystem.position WHERE position LIKE '%$position%'";
First of all, learn about prepared Statements to prevent SQL injection.
Second you should add all values to the select Statement:
query = "INSERT INTO visitorsystem.employee(idNumber,name,surname,position,email)
SELECT $idNumber,'$name','$surname',positionid,'$email' FROM visitorsystem.position WHERE position LIKE '%$position%'";
Also you do not need singlequotes around $idNumber, because it is numeric
Related
I am having with my query because Insert into value and select is not working, Is this the proper way of using it? thankyou!
This is my query line
$sql = "INSERT INTO `stud_class` (`stud_fullname`, `stud_uid`,`stud_code`, `stud_subject`, `stud_cname`,`stat`) VALUES ('$stud_full','$stud_uid',(SELECT subject_code,subsubject,class_Name FROM subject WHERE subject_code = '$subcode'),1)";
A subquery that's used as an expression is only allowed to return one value, not multiple columns.
You need to use the SELECT query as the source of all the values, not as an expression inside the VALUES list.
$sql = "INSERT INTO `stud_class` (`stud_fullname`, `stud_uid`,`stud_code`, `stud_subject`, `stud_cname`,`stat`)
SELECT '$stud_full','$stud_uid', subject_code,subsubject,class_Name, 1
FROM subject WHERE subject_code = '$subcode')";
You should also use a prepared statement rather than substituting variables into the SQL string. See How can I prevent SQL injection in PHP?
I'm creating a sentence prepared in PHP, and I run into a rare syntax error, I do not know if it is breaching any of MySQL or why I show that error
The syntax is as follows, I want to sort by row and by ascending or descending type and limit the results
$query = "SELECT * FROM myTable ORDER BY ? ? LIMIT? ,?"
if($conn->prepare($query)){ .. } // error
The error is
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '? LIMIT ? , ?' at line 1
If you execute said statement in MySQL, it correctly throws the results
Parameters to ORDER BY are not values, and cannot be parametrised. One is a column reference, the other is a keyword.
For example do like this and try.
$query = "SELECT * FROM myTable ORDER BY column_name LIMIT 0,10";
I am attempting to insert some user-inputted data into my MySQL table using the following command:
$sql = "INSERT INTO Queued ('$role') VALUES ('$sname')";
Interestingly enough, I get the following error:
Error: INSERT INTO Queued ('Tops') VALUES ('Summoner')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Tops') VALUES ('Summoner')' at line 1
To be honest, I am relatively new at using PHP as well as MySQL, but I can't seem to find the error in my syntax; the Queued table does exist, $role and $sname are both strings so I encased them in single quotes. I suspect this is a newbie mistake, could anyone point me in the right direction?
This is due to use of single quotes ' around the column name. The query should be like:
$sql = "INSERT INTO Queued ($role) VALUES ('$sname')";
OR
$sql = "INSERT INTO Queued (`$role`) VALUES ('$sname')";
Try this format
$sql = "INSERT INTO Queued ('".$role."') VALUES ('".$sname."')";
`s role is to differentiate between built in SQL words and the column names, so if a word is used for name of a column that might be also a built in sql expression then `` are needed around it
$query = "INSERT INTO directory_level_one (child_categories)
VALUES
('$category_name')
WHERE
category = '$parent'";
currently, I get the following error when I add the WHERE part in the above sql query.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE category = 'Philosophy'' at line 4
You can't have a where clause for an Insert statement. Are you trying to update existing database records instead? In that case, use the Update statement.
INSERT statements don't have a WHERE clause.
Perhaps you want an UPDATE statement instead?
UPDATE directory_level_one
SET child_categories = 'your_category_name'
WHERE category = 'your_parent'
you can't use a where clause with an insert statement.
where clause can not be used in INSERT statment
please read this before preceding further http://dev.mysql.com/doc/refman/5.5/en/insert.html
What you want to do is this:
$query = "UPDATE directory_level_one SET child_categories='$category_name' WHERE category = '$parent'";
I think you might want to change your INSERT to an UPDATE
hi all i have a field "ammount" in mysql database which have "varchar(50)" type. When i insert data into that field e.g ammount= 4 kg its ok but when i update that field it gives me the following error.
Error in query: UPDATE ingredients SET ingredient_name='test recipe',ammount=4 gm where ingredient_id='59'. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'gm where ingredient_id='59'' at line 1
and my query is
$query="UPDATE ingredients SET ingredient_name='$ingredient',ammount=$ammount where ingredient_id='$ingredient_id'";
1) The correct spelling is "amount".
2) You should not be using variable interpolation like this for an SQL query. It is very unsafe. Use a prepared statement.
3) You didn't put quotes around $amount when defining $query, so they don't end up in the final substituted query string. Look closely at the error message: it shows you the query that SQL tried to process. Notice how it says ammount=4 gm? It can't handle that, because there are no quotes.
If you use prepared statements like you are supposed to, the quoting takes care of itself.
Your query has:
...,ammount=4 gm where...
which is incorrect. You need quotes around 4 gm.
Change
,ammount=$ammount where
to
,ammount='$ammount' where