Subject Update Failed!!You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1
I am stuck here can anyone help me what I am missing in this code.The error is in Update Query.
Everything is ok, and I don't get any syntax error when I write the code (I am using a Dreamviwer code editor software. However, when I run it, I get this error:
//Process the form
$id= $current_subject["Id"];
$name=mysql_prep($_POST["Name"]);
$position=(int)$_POST["Position"];
$visible=(int)$_POST["Visible"];
$query="UPDATE subjects SET Name='{$name}',Position=$position,Visible=$visible WHERE Id={$id}";
$result= mysqli_query($conn, $query);
if($result && mysqli_affected_rows($conn)==1){
//success
$_SESSION["message"]="Subject updated.";
redirect_to("manage_content.php");
}else{
//Failure
$message="Subject Update Failed" . $conn->error;
}
Most likely you mistyped the parameter name. Đ•cho your parameters first.
And use prepared statements to prevent SQL injections:
$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);
$query="UPDATE subjects SET Name = ? ,Position = ?,Visible = ? WHERE Id = ?";
$stmt = $dbh->prepare($query);
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $position);
$stmt->bindParam(3, $visible);
$stmt->bindParam(4, $id);
$stmt->execute();
$stmt->fetchAll();
Further reading: PDO.
Related
I want to do normalization on data that I have
I wrote the following code but it always fill the db with 0s and it shows the following error message. Fatal error: Uncaught exception you have an error in your sql syntax
// normalizaiton
$queryNorm0= $this->db->query("SELECT score from score where customer_id =".$customer_id." ");
foreach ($queryNorm0->rows as $scoreV)
{
$scoreValue= $scoreV['score'];
$queryNorm= $this->db->query(" SELECT MIN(`score`) as mins, MAX(`score`) as maxs FROM score WHERE customer_id= ".$customer_id."");
if($queryNorm->num_rows > 0)
{
$normValue= ($scoreValue - $queryNorm->row['mins'])/ (($queryNorm->row['maxs']) - ($queryNorm->row['mins']) );
$queryNorm2= $this->db->query("insert into score set normalized= ".$normValue." WHERE score= ".$scoreValue."");
}
}
any help?
Updated
$mysqli = new mysqli($hostname, $username, $password, $dbname);
$customer_id='Your_Customer_Id';
$query = "SELECT score from score where customer_id =?";
$stmt = $conn->prepare($query);
$stmt->bind_param("s", $customer_id);
$stmt->execute();
$res = $stmt->get_result();
$data = $res->fetch_all();;
This code is using prepared statement. It is more safe and ensures that you will not escape your query. The problem in your code was that the double-quotes you were using were escaping your query. That's where the error was coming from. Have a look also in this link for prepared statements
I have the following code in php:
$id=1;
$query = 'select id from role_perm where perm_id = :id';
if($statement =$GLOBALS["DB"]->prepare($query)){
$result =& $statement->execute(array(':id' => $id));
$t = $result->fetch_all();
But when I try to ran this code i get an error:
1064 You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ':id' at line 1
I looked through a lot of questions and info on internet trying to put my statements in different ways, but I always end up with error like this, I tried ? for parameters too. How can I make it recognize parameters?
My database config:
$databaseConnection = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($databaseConnection->connect_error)
{
die("Database selection failed: " . $databaseConnection->connect_error);
}
// Create tables if needed.
prep_DB_content();
$GLOBALS['DB'] = $databaseConnection ;
$query = 'select id from role_perm where perm_id = ?';
if($statement = $GLOBALS["DB"]->prepare($query)){
$statement->bind_param("i", $id);
$statement->execute();
$statement->store_result();
$statement->bind_result($id_result);
while ($statement->fetch()) {
// code here
}
$statement->close();
}
I am new to PDO and I'm trying to build my own CRUDS application. I already created CRD but I'm getting stuck with Updating user information. It seems that I have a problem with my syntax, but I thoroughly checked the documentation and I can't figure out what is wrong with the code. It's passing me this error:
ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Doe, email=johndoe#gmail.com, location=New York City WHERE id=1' at line 1
Here is my code:
include('database.inc.php');
if (isset($_POST['submit'])) {
$id = $_POST['userId']; // 1
$name = $_POST['employee_name']; // John Doe
$email = $_POST['email']; // johndoe#gmail.com
$location = $_POST['location']; // New York City
try {
$query = "UPDATE users SET employee_name=$name, email=$email, location=$location WHERE id=$id";
$statement = $conn->prepare($query);
$statement->execute();
header('Location: ../index.php');
} catch(PDOException $e) {
echo 'ERROR: ' .$e->getMessage();
}
}
The problem with your code is that you didn't put quotes around the string values in the SQL. But you should use parametrized queries, not substitute variables into the SQL. This solves the quoting problem, and also prevents SQL injection.
$query = "UPDATE users SET employee_name=:name, email=:email, location=:location WHERE id=:id";
$statement = $conn->prepare($query);
$statement->execute(array(':name' => $name,
':email' => $email,
':location' => $location,
':id' => $id));
Try surrounding the variables in the statement with single quotes ( ' )
$query = "UPDATE users SET employee_name='$name', email='$email',
location='$location' WHERE id='$id'";
Why am I getting the error below? The code works, and updates the database like it should It just gives me this error. I'm pretty new to PHP so please forgive me ignorance.
mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of
variables doesn't match number of parameters in prepared statement
here are my code:
<?php
require_once('connection.inc.php');
$conn = dbConnect('write');
// prepare SQL statement
$sql = "UPDATE reimbursements
SET presidentstatus='$p_submit',
treasurerstatus='$t_submit',
checknumber='$check_submit',
paid='$paid_submit'
WHERE id='$id'";
$stmt = $conn->stmt_init();
$stmt = $conn->prepare($sql);
// bind parameters and insert the details into the database
$stmt->bind_param('ssss', $p_submit, $t_submit, $check_submit, $paid_submit);
$stmt->execute();
if ($stmt->affected_rows == 1) {
$success = "Information has been updated.";
} else {
$errors[] = 'Sorry, there was a problem with the database.';
}
Thanks for any help.
You forgot to bind the $id as a parameter.
$stmt->bind_param('ssssi', $p_submit, $t_submit, $check_submit, $paid_submit, $id);
^------ (assuming id is an integer thus `i`) ^^^------- (added)
I just learned I had magic_quotes_gpc on (much to my chagrin). I turned that off.
My database connection is made prior to this query. I have the following:
$subject = mysqli_real_escape_string($link, $_POST["subject"]);
$body = mysqli_real_escape_string($link, $_POST["body"]);
$id = mysqli_real_escape_string($link, $_POST["id"]);
mysqli_query($link, "UPDATE press SET press_title = '$subject', press_release = '$body' WHERE press_id = '$id'") or die( mysqli_error($link) );
With magic quotes on, this works fine. Once I turn it off, single quotes jam up the works (with a MySQL syntax error at the quote). I thought I understood the concept but I must be missing something. Can someone explain what I'm doing wrong?
UPDATE
Error spit out by MySQL:
you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's what she said' at line 1
UPDATE #2
Here's the echo'd query:
UPDATE press SET press_title = \'That\'s what she said\', press_release = \'That\'s what she said again!\' WHERE press_id = \'513\'
Use a parametrized query:
$stmt = mysqli_prepare($link, "UPDATE press SET press_title = ?, press_release = ? WHERE press_id = ?") or die (mysqli_error($link));
mysqli_stmt_bind_param($stmt, "ssi", $_POST['subject'], $_POST['body'], $_POST['id']);
mysqli_stmt_execute($stmt);
Manual