This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
I feel nothing is wrong with the query i have. i do not understand why i getting the error.
I already tried to remove the single quote on query but its still the same.
here's m code
ERROR
Couldn't enter data: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Hills, price='393787', sqmw='218', sqml='218', sqm='47524', income='3773773' at line 1
UPDATED thanks
PHP CODE MYSQL
require 'connection.php';
$conn = Connect();
$id= $conn->real_escape_string($_POST['id']);
$descr= $conn->real_escape_string($_POST['descr']);
$price= $conn->real_escape_string($_POST['price']);
$sqmw= $conn->real_escape_string($_POST['sqmw']);
$sqml= $conn->real_escape_string($_POST['sqml']);
$sqm = $sqmw * $sqml;
$income= $conn->real_escape_string($_POST['income']);
$statuss= $conn->real_escape_string($_POST['statuss']);
$query = " UPDATE wentwrong SET descr='$descr',
price='$price',
sqmw='$sqmw',
sqml='$sqml',
sqm='$sqm',
income='$income',
statuss='$statuss'
WHERE id='$id' ";
$success = $conn->query($query);
if (!$success) {
die("Couldn't enter data: ".$conn->error);
}
echo '<script language="javascript">';
echo 'alert("Edit Successfully!")';
echo '</script>';
echo '<script language="javascript">';
echo 'window.location.href = "http://google.com"';
echo '</script>';
$conn->close();
?>
You're missing quotes around a constant. Where you have
$query = " UPDATE wentwrong SET descr=$descr, /*wrong*/
you should have
$query = " UPDATE wentwrong SET descr='$descr',
The tricks to troubleshooting this kind of thing.
read error messages carefully. Then read them again.
believe the error messages. You're working with systems that have been around for a couple of decades. They aren't throwing random bogus errors any more.
In the case of MySQL's syntax error message, it shows you the erroneous query, starting with the first character it could not understand.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 11 months ago.
working with php and mysql as well. I have following create.php page and need save data to mysql table.
<?php
include "config.php";
if(isset($_POST['submit'])) {
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$gender = $_POST['gender'];
}
$sql = "INSERT INTO 'users' ('firstname','lastname','email','password','gender') VALUES ('$first_name','$last_name','$email','$password','$gender')"; // this is line 12
$result = $conn->query($sql);
if($result == TRUE) {
echo "New record has created successfully";
}
else {
echo "error:" . $sql . "<br>". $conn->error;
}
$conn->close();
?>
but got following error message
Undefined variable: first_name in C:\wamp64\www\simple\create.php on line 12 <br> error:INSERT INTO 'users' ('firstname','lastname','email','password','gender') VALUES ('','','','','') You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' ('firstname','lastname','email','password','gender') VALUES ('','','',''' at line 1
how to fix this?
You need to put the whole code logic inside the if(isset($_POST['submit'])) condition
What's happening right now is: if there is no $_POST['submit'], your if won't run, thus no variables are declared, but your SQL and rest of the code will still run and that's why it says var not defined
if(isset($_POST['submit'])) { ... }
Coming to the next issue is of using backticks. You really shouldn't have single quotes around the field name. You can use backticks (`) for table and column names, single quotes (') for strings. There is already an answer for it: When to use single quotes, double quotes, and backticks in MySQL
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I have issue with the query. i don't know why its not working,
it always shows , there is an error, and do not insert data into table, although it is collecting data from form.
there is no error or warning notification but it chooses the else option from if condition and does not insert data into table, don't know why.
<?php
$con=mysqli_connect('localhost','root','','flentox');
if(mysqli_connect_error($con))
{
echo "there is an error in connection";
}
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$email=$_POST['email'];
$phone=$_POST['phone'];
$area=$_POST['select'];
$address=$_POST['address'];
$eaddress=$_POST['eaddress'];
$query= mysqli_query($con, "INSERT INTO order(Fname,Lname,Email,Phone,Area,Address,Eaddress) VALUES(`$fname`,`$lname`,`$email`,`$phone`,`$area`,`$address`,`$eaddress`)");
if ($query) {
echo "order confirm";
}
else {
echo "There is an error";
}
?>
Your query is not correct, you don't need to use ( `` ) in VALUES. Don't forget to check if your values is empty or not.
So if there is no data has come from $_POST, your query also will be crashed.
Also don't forget about SQL injections. It is not recommended to insert $_POST or $_GET data immediately in query. Use Prepared Statements.
Try this.
$fname = (empty($_POST['fname']) ? 'default value' : $_POST['fname']);
.......... (for other params too).
"INSERT INTO order (`Fname`,`Lname`,`Email`,`Phone`,`Area`,`Address`,`Eaddress`)
VALUES('".$fname."','".$lname."','".$email."','".$phone."','".$area."','".$address."','".$eaddress."')";
Also to show your errors, run this code at the very top of the php file -
error_reporting(1);
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
the code is as under.....The Error is Invalid Query. and it is not Updating the table in database. Anyone help please..
<?php
include "connection.php";
$selecteditem=$_POST['salesitem'];
$name=$_POST['name'];
$type=$_POST['type'];
$purchasePrice=$_POST['purchase'];
$salePrice=$_POST['sale'];
$iteminPack=$_POST['nofiteminpack'];
$location=$_POST['location'];
$GenName=$_POST['genric'];
$norcotics=$_POST['radio1'];
$stockinHand=$_POST['stockInHand'];
$conn= mysql_connect("localhost","root","");
mysql_select_db("alkausar",$conn);
$qr2="UPDATE `item` SET name=$name,type=$type,pPrice=$purchasePrice,sPrice=$salePrice,Iteminpack=$iteminPack,location=$location,genricName=$GenName,norcotics=$norcotics,stockInHand=$stockinHand WHERE name='$selecteditem'";
$qr3=mysql_query($qr2);
echo $qr3;
if(!$qr3){
die('Invalid Query:'.mysql_error());
}
?>
You should put all inputs in '
$qr2="UPDATE `item` SET
name='$name',
type='$type',
Price='$purchasePrice',
sPrice='$salePrice',
Iteminpack='$iteminPack',
location='$location',
genricName='$GenName',
norcotics='$norcotics',
stockInHand='$stockinHand'
WHERE name='$selecteditem'";
Depending on what you have in $_POST this could already solve your problem.
If not, echo $qr2 and try to run in the the DB manually and see if you get an error message.
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 7 years ago.
i want to insert some lines of text(paragraph) in database that is coming from wikipedia page..but mysql is showing this error when i try to insert the data in db:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's capital." can anyone help me to fix this problem..
here is what i have done so far...
<?php
$loc=$_POST["new"];
$url1 ="https://en.wikipedia.org/w/api.php?format=json&action=query&prop=extracts&exintro=&explaintext=&titles=".$loc;
$opf = file_get_contents($url1);
$data = json_decode($opf, true);
$titles = array();
foreach ($data['query']['pages'] as $page) {
$des = $page['extract'];
}
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("location", $con);
$url = "http://upload.wikimedia.org/wikipedia";
echo $sql="INSERT INTO `search`(`id`, `name`, `text`) VALUES ('$loc', '$des');";
mysql_query($sql) or die(mysql_error());
echo "1 record added";
mysql_close($con);
?>
Ideally you should escape data before entering it into a database. The problem you have is the apostrophe is ending the SQL query on '$loc' so the query actually reads:
... VALUES ('Giant's Capital',
Syntax highlight should indicate why that's a problem :)
Use something like: mysql_real_escape_string() to escape your $_POST data before inputting.
$loc = mysql_real_escape_string($_POST['new']);
Doesn't explain why it should work
You have 3 fields and 2 values.
doesn't fix their error
Yes, it does.
uses obsolete code, and is wide open to SQL injections
It isn’t my code. I am adapting OPs code, I am not trying to write it from scratch. Also, I guess, you forgot to mention that mysql function is deprecated since 5.5
Further, although the fact that the code is SQL injectable is good to mention it does not in my opinion constitute an actual answer. It's a comment at best. ie. "hey btw did you know you misspelled a word?" or some such. An editorial nitpick. If questions are going to be closed as duplicates of SQL injection questions then 80% of the questions here would have to be closed as dupes.
If the OPs wants to know about SQL injection please refer to this site
Oh, btw,this is the code:
<?php
$loc=$_POST["new"];
$url1 ="https://en.wikipedia.org/w/api.php?format=json&action=query&prop=extracts&exintro=&explaintext=&titles=".$loc;
$opf = file_get_contents($url1);
$data = json_decode($opf, true);
$titles = array();
foreach ($data['query']['pages'] as $page) {
$des = $page['extract'];
}
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("location", $con);
$url = "http://upload.wikimedia.org/wikipedia";
echo $sql="INSERT INTO `search`(`name`, `text`) VALUES ('$loc', '$des');";
mysql_query($sql) or die(mysql_error());
echo "1 record added";
mysql_close($con);
?>
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
MySQL - when to use single quotes, double quotes, and backticks?
i have this piece of code, i can't get to work properly.
require_once("../Packages/Connection.php");
$text = mysql_real_escape_string($_POST["articleText"]);
$method = $_POST['method'];
$articleId = $_POST['articleId'];
if($method == "update")
{
mysql_query("UPDATE Articles SET 'text'='".$text."' WHERE 'id'='".$articleId."'") or die(mysql_error());
}
It is annoying me so much,
This is the error i get - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''text'='tester2' WHERE 'id'='29'' at line 1...
Thank in advance
Why do you have 'text' in your SQL...
It should simply be text as is and thats all: (Same thing for ID)
mysql_query("UPDATE Articles SET text = '".$text."' WHERE id='".$articleId."'") or die(mysql_error());
What you might have confused the "'" with, is the backtick or "`" that escapes characters and are good for reserved keywords...
mysql_query("UPDATE Articles SET text='".$text."' WHERE id='".$articleId."'") or die(mysql_error());
try
mysql_query("UPDATE Articles SET `text`='".$text."' WHERE `id`='".$articleId."'")
First build the query, then execute it:
$sql = "UPDATE Articles SET 'text'='".$text."' WHERE 'id'='".$articleId."'";
$r = mysql_query($sql);
if (!$r) {
echo "Query: ", $sql, "\n";
echo "Error: ", mysql_error();
die();
}
This will allow you to better review what exactly you've send to the database so that you can actually check the syntax as was suggested to you by the error message.
you should use this
mysql_query("UPDATE Articles SET text ={$text} WHERE id ={$articleId}") or die(mysql_error ());