Mysql delete query using zend - php

i'm developing an application where there is a function (correctly called) that receive an id an should delete records from a table where the id is present.
This is my code:
public function deleteAction($id) {
if ($id) {
$where[] = $this->_db->quoteInto('transazione = ?', $id);
$this->_db->delete($this->_name, $where);
}
}
The function is correctly called but i receive this error:
An error occurred
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 1
How can i solve this?

try
$n = $this->_db->delete('tablename', "column_id = $id");
/*or*/
$q = $this->_db->quoteInto('DELETE * FROM bugs WHERE reported_by = ?', $id);
$this->_db->query($q);

Related

PHP Mysql does not accept table name as variable

mysql does not recognize the name of my table in a variable in a function, what can it be?
My PHP Code:
$TableMaster = "table_name";
function recursiveDelete($id,$db,$table){
$db_conn = $db;
$query = $db->query("SELECT * FROM ".$table." WHERE Padre = '".$id."' ");
if ($query->rowCount()>0) {
while($current=$query->fetch(PDO::FETCH_ASSOC)) {
recursiveDelete($current['id'],$db_conn);
}
}
$db->exec("DELETE FROM ".$table." WHERE id = '".$id."' ");
}
recursiveDelete($_POST['id'],$db,$TableMaster);
ERROR PHP LOG:
PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE Father = '99'' at line 1' in
Note: But when I write the name of my mysql table directly in the statement there is no problem.
Whats happen?
You left out the $table argument when making the recursive call.
There's also no need for the $db_conn variable, you can just use $db.
function recursiveDelete($id,$db,$table){
$query = $db->query("SELECT * FROM ".$table." WHERE Padre = '".$id."' ");
if ($query->rowCount()>0) {
while($current=$query->fetch(PDO::FETCH_ASSOC)) {
recursiveDelete($current['id'],$db,$table);
}
}
$db->exec("DELETE FROM ".$table." WHERE id = '".$id."' ");
}

how to update table with session variable in php pdo?

i have one table called post_data, In that i want to update columns based on session variable.
this is my query.
$id = $_SESSION['userSession'];
$stmt = $user_home->runQuery("UPDATE post_data
set
cam_name='$cname',
cam_model ='$model',
cam_rent='$rent',
cam_img='$upic',
mobile='$umob'
upd_date='$jdate'
where userID='$id'
");
$stmt->bindParam(':cname',$camname);
$stmt->bindParam(':model',$modelname);
$stmt->bindParam(':rent',$rentpday);
$stmt->bindParam(':upic',$userpic);
$stmt->bindParam(':umob',$usermob);
$stmt->bindParam(":jdate",$upd_date);
if($stmt->execute())
{
$successMSG = "Record saved success";
}
else
{
$errMSG = "error while inserting....";
}
this is runQuery() implementation in USER class
public function runQuery($sql)
{
$stmt = $this->conn->prepare($sql);
return $stmt;
}
i got error like this
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'upd_date='2017-09-24 21:29:18' where ' at line 8 in C:\xampp\htdocs\DSLR_proj\profile.php:97
You are missing , just after mobile='$umob'.
Also, $cname is not same :cname. I would prefer to use placeholder as ? instead of any specific string to avoid any typo.
Also, you are missing binding for userID column.
UPDATE post_data
set cam_name=?,cam_model =?, cam_rent=?, cam_img=?, mobile=?, upd_date=?
where userID=?
$stmt->bindParam(1,$camname);
$stmt->bindParam(2,$modelname);
$stmt->bindParam(3,$rentpday);
$stmt->bindParam(4,$userpic);
$stmt->bindParam(5,$usermob);
$stmt->bindParam(6,$upd_date);
$stmt->bindParam(7,$id); // you are missing this as well

SQL Syntax Error with update

I'm trying to set up a way for users to set settings, i'm saving the settings in a json format in the databse. When I try to update the user though I get this syntax error:
Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the right
syntax to use near ''settings' = '{\"background-color\":\"050505\"}'
WHERE ID = '2'' at line 1 in
C:...\htdocs\app\model\model.database.php on line 29
Here is the code that I have.
public function setColor(){
$modUser = $this->model('user');
$modInput = $this->model('input');
$modViewData = $this->model('viewData');
$modUser->setSetting("background-color",str_replace('#', "", $modInput->returnPost("color")));
$this->view('profile/view.profile', $modViewData->getData());
}
//in User model
public function setSetting($name, $value){
$settings = $this->getSetting();
$settings[$name] = $value;
$settings = json_encode($settings);
$this->update("settings", $settings);
}
public function update($field, $value){
$sql = "UPDATE `users` SET :field = :value WHERE `ID` = :id";
$params = [":field" => $field, ":value" => $value, ":id" => $this->_data->ID];
$database = $this->model('database');
$database->query($sql,$params);
}
You cannot a parameterize table and column names. You need to insert those directly into the query string. One method is:
$sql = "UPDATE `users` SET $field = :value WHERE `ID` = :id";

Syntax error or access violation: 1064 don t get it?

the text i get in the browser:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' WHERE 'username'= 'cAASDASD'' at line 1
maybe it is in this part?
otherwise i have no more 'WHERE'.
public function user_exists($username) {
$query = $this->db->prepare("SELECT COUNT('id') FROM 'users' WHERE 'username'= ?");
$query->bindValue(1, $username);
try {
$query->execute();
$rows = $query->fetchColumn();
if($rows == 1) {
return true;
}
else {
return false;
}
}
catch (PDOException $e) {
die($e->getMessage());
}
}
in the real code you run there are 'single quotes' are used around table name, not backticks as in one posted here
And you have no idea where this error occurred because of the wrong way of using exceptions. So, as soon as you remove that useless try-catch, as soon you will be informed of the exact place where error occurred
The error doesn't relate to the snippet of PHP code you're showing. Going by the error message, it looks like you're using something like:
$query = $this->db->prepare("SELECT * FROM 'users' WHERE 'username' = ?");
Here, the table and column are both using single quotes rather than back ticks. What you want is:
$query = $this->db->prepare("SELECT * FROM `users` WHERE `username` = ?");

SQLSTATE[42000]: Syntax error or access violation: 1064 PDO

I get this every time I use my Mysql PDO class:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? WHERE ?' at line 1
Heres the code:
function mysql_execute_safe_search($table, $where, $query){
global $db;
try{
$preparedQuery = $db->prepare("SELECT * FROM ? WHERE ?");
$preparedQuery->execute([$table, $where, $query]);
return $preparedQuery->fetchAll(PDO::FETCH_ASSOC);
}
catch(PDOException $Exception){
echo $Exception->getMessage();
return;
}
}
Heres how I execute:
$search_query = mysql_execute_safe_search("people", "name", "Nathan");
You can't bind a table name:
$preparedQuery = $db->prepare("SELECT * FROM yourtable WHERE ?");

Categories