This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
This should be a very basic error, but based on the error-description I can't seem to figure it out. Either I misunderstood some part of the concept or it's just some sign missing.
The problem arises when I try to execute a query.
This is some of the code (I think it should be enough):
//Create database connection to my server
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//All single variables
$lan = $_POST["lan"];
$botyp = $_POST["botyp"];
//All variables with min and max value
$pris = $_POST["pris"];
$prisArray = explode(",", $pris); //Splits string "minvalue, maxvalue" by delimiter "," to become array with [minvalue, maxvalue]
$prisMin = $prisArray[0];
$prisMax = $prisArray[1];
$storlek = $_POST["storlek"];
$storlekArray = explode(",", $storlek);
$storlekMin = $storlekArray[0];
$storlekMax = $storlekArray[1];
$rum = $_POST["rum"];
$rumArray = explode(",", $rum);
$rumMin = $rumArray[0];
$rumMax = $rumArray[1];
$avgift = $_POST["avgift"];
$avgiftArray = explode(",", $avgift);
$avgiftMin = $avgiftArray[0];
$avgiftMax = $avgiftArray[1];
$query = "SELECT * FROM bostader
WHERE lan = ? AND
objekttyp = ? AND
(pris >= ? AND pris <= ?) AND
(area >= ? AND area <= ?) AND
(rum >= ? AND rum <= ?) AND
(avgift >= ? AND avgift <= ?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$lan, $botyp, $prisMin, $prisMax, $storlekMin, $storlekMax, $rumMin, $rumMax, $avgiftMin, $avgiftMax]); //Execute query using relevant variables
When I run this I get an error saying:
Parse error: parse error, expecting `']'' in /Library/WebServer/Documents/resultat.php on line 58
Which points to this line:
$stmt->execute([$lan, $botyp, $prisMin, $prisMax, $storlekMin, $storlekMax, $rumMin, $rumMax, $avgiftMin, $avgiftMax]);
Thank you in advance for your help.
Instead of this code
$stmt->execute([$lan, $botyp, $prisMin, $prisMax, $storlekMin, $storlekMax, $rumMin, $rumMax, $avgiftMin, $avgiftMax]);
you shuld try this one
$stmt->execute(array(
$lan,
$botyp,
$prisMin,
$prisMax,
$storlekMin,
$storlekMax,
$rumMin,
$rumMax,
$avgiftMin,
$avgiftMax
));
Related
This question already has answers here:
update a column by subtracting a value
(2 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 3 months ago.
i'm very confused right now, the last days the same code worked normally, yet now this error appears:
Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '00-0.006 WHERE usersUID = 'test'' at line 1 in
the session was set in the login as the name and it would also work to just output the uid.
thanks
$QT = $_GET['number'];
$url = $_GET['url'];
$serviceid = $_GET['serviceid'];
$lastprice = $_GET['price'];
$converted_price = sprintf('%.8f', floatval($lastprice));
$devidedamount = $converted_price * $QT;
$currentcredits = $_SESSION['credits'];
$v = (float)$currentcredits - (float)$devidedamount;
if($currentcredits < $devidedamount){
header("location: ../newOrder.php?error=nobalance");
}
else{
$sqldevidecredits = "UPDATE users SET credits= ? WHERE usersUID = ? ";
$devidestm = mysqli_stmt_init($conn);
mysqli_stmt_prepare($devidestm, $sqldevidecredits);
mysqli_stmt_bind_param($devidestm, "ds", $v, $_SESSION['useruid']);
mysqli_stmt_execute($devidestm);
mysqli_query($conn, $sqldevidecredits);
}
Both $currentcredits and $devidedamount are string. You can't do arithmetic operations on strings. Convert them to numeric first. I think you can do something like that :
$currentcredits = floatval($currentcredits);
$devidedamount = floatval($devidedamount);
$sqldevidecredits = "UPDATE users SET credits= $currentcredits-$devidedamount WHERE usersUID = '" .$_SESSION['useruid']. "'";
You may subtract them first :
$v = (float)$currentcredits - (float)$devidedamount;
$sqldevidecredits = "UPDATE users SET credits= $v WHERE usersUID = '" .$_SESSION['useruid']. "'";
I have query in which I would like to pass the result of a MS SQL statement to a variable. Not sure how to do this.
My query:
if($view->id() == 'program_search' &&
!empty($searched_miles_value) &&
!empty($searched_zip_value) &&
($searched_miles_value != 'any')) {
$connection = \Drupal\Core\Database\Database::getConnection();
$result = $connection->query("SELECT to_zip FROM zipmaster_xref WHERE from_zip = '".$searched_zip_value."' AND miles = '".$searched_miles_value."'")-> fetchAll();
$target_zips = $result ; //this line is not working
foreach($result as $zip) {
$target_zips[] = $zip->to_zip;
}
$query->addWhere('new_group', 'node__field_zip.field_zip_value', $target_zips, 'IN');
I want to pass the $result array into $target_zips and loop through it. Can any one help me to fix this?
Thanks!
before fetch your data you have to execute the query for example :
$result = $connection->query("SELECT to_zip FROM zipmaster_xref WHERE from_zip = '".$searched_zip_value."' AND miles = '".$searched_miles_value."'")->execute()->fetchAll();
But this usage is not correct at all.Passing variable to the query directly causing SQL Injection be avoid from this you should use placeholders read the documentations first please.
An example for placeholders :
$query = $database->query("SELECT id, example FROM {mytable} WHERE created > :created", [
':created' => REQUEST_TIME - 3600,
]);
Drupal 8 static query documentation can be found at : https://www.drupal.org/docs/8/api/database-api/static-queries
This question already has answers here:
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 4 years ago.
I want to execute one and the same sql statement for a series of tables e.g. 37 tables.
For the table object name of each queried table I want to use a php variable named '$table'. The object names of the tables are provided in an included php file 'tables.php'.
The variable '$table' is generated repetitively from a concatenation of the string '$table' and an array '$numbers' for each table number, and put into the statement.
SQL reads the generated variable e.g. '$table1'. But I get an error from SQL Server for the FROM clause:
[SQL Server]Incorrect syntax near '$table1'.
I put the variable '$table' in brackets and quotation marks but it did not help.
Please help!
//php script one, 'tables.php':
$table1 = 'myTable1';
$table2 = 'myTable2';
...
$table37 = 'myTable37';
//php script two:
include_once('tables.php');
$numbers = range(1,37);
foreach($numbers as $number) {
$table = '$table' . $number;
$stmt = $db_conn->prepare("SELECT * FROM $table;");
$stmt->execute();
}
This is the solution provided by Hasan. The magic is to put the concat for variable '$table' in curly brackets led by $:
include_once('tables.php'); //provides table object names for variables $table1, $table2, etc., e.g. $table1 = 'mytable1_in_database';
//first number of a closed range of variables for tables to be queried
$i = 1;
//last number of closed range of variables for tables to be queried
$j = 37;
for($i=1; $i<=$j; $i++) {
$table = ${'table' . $i};
$stmt = $db_conn->prepare("SELECT * FROM $table;");
$stmt->execute();
}
You're getting error because you're using single quotes and variables can't interpreted, you may use double quotes or choose my below approach
$i = 1;
foreach($numbers as $number) {
$table = 'myTable' . $i;
//$table = "${'table' . $i}"; use it if you have already defined variables
$stmt = $db_conn->prepare("SELECT * FROM $table;");
$stmt->execute();
$i++;
if($i == 38) break;
}
As the question is now on Hold, hope you dont mind me adding a suggestion in your answer its to long for a comment.
This shoudl get you where you want to be, I hope :)
foreach($numbers as $number) {
$t = '$table' . $number;
$table = $t;
$stmt = $db_conn->prepare("SELECT * FROM $table");
$stmt->execute();
}
This question already exists:
PHP's white screen of death [duplicate]
Closed 5 years ago.
I've been working on a project where searching for matches between two databases, but when the cronjob runs i'll get an 503 error.
The variable source is the name like 'Peter' or 'Margot'.
And name_key is the key of the array like 'name' or 'event'.
global $dbh;
global $dbh_second;
$import_sql = $dbh->prepare('SELECT name_key FROM imports WHERE name = :source');
$import_sql->bindParam(':source', $source, PDO::PARAM_STR);
$import_sql->execute();
$name = $import_sql->fetch(PDO::FETCH_ASSOC);
$source = strtolower($source);
$import_data_sql = $dbh->prepare('SELECT * FROM import_data WHERE source = :source AND import_key = :key');
$import_data_sql->bindParam(':key', $name['name_key'], PDO::PARAM_STR);
$import_data_sql->bindParam(':source', $source, PDO::PARAM_STR);
$import_data_sql->execute();
$import_data = $import_data_sql->fetchAll(PDO::FETCH_ASSOC);
foreach ($import_data as $filter) {
$column = $filter['import_key'];
$party_sql = $dbh_second->prepare("SELECT * FROM `digi_gz_parties` WHERE name LIKE :value");
$party_sql->bindParam(':value', $filter['import_value'], PDO::PARAM_STR);
$party_sql->execute();
if($party = $party_sql->fetch(PDO::FETCH_ASSOC)) {
$import_check_sql = $dbh->prepare('UPDATE import_data SET status = 1 WHERE source = :source AND import_value LIKE :value AND created_at = :max');
$import_check_sql->bindParam(':max', $filter['max_data'], PDO::PARAM_STR);
$import_check_sql->bindParam(':value', $filter['import_value'], PDO::PARAM_STR);
$import_check_sql->bindParam(':source', $source, PDO::PARAM_STR);
$import_check_sql->execute();
}
}
Is their another solutions to do this or do i need to set up the timeout seconds higher?
Thanks a lot!
You need to get the records in batches because otherwise it takes too long and gives a timeout. And have a look at some optimization: Indexes, caching and such.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How to prevent SQL injection in PHP?
I have a following MySQL query :
if($obj->{'parentId'} == null){
$parentID = 'NULL';
} else{
$parentID = $obj->{'parentId'};
}
$q = 'UPDATE tasks SET
Name = "'.$obj->{'Name'}.'",
Cls = "'.$obj->{'Cls'}.'",
parentId = '.$parentID.',
PhantomId = '.$obj->{'PhantomId'}.',
PhantomParentId = '.$obj->{'PhantomParentId'}.',
leaf = "'.$leaf.'" WHERE Id = "'.$obj->{'Id'}.'"';
The problem is, that if any of my non-string values is empty, the whole query throws error. How can I fix it crashing when for example $obj->{'PhantomId'} is empty without any aditional libs ?
Better consider to opt out to bound parameters. But if you still want to construct SQL queries use conditions
$q = "UPDATE ...";
...
if (!empty($obj->{'PhantomId'})) {
$q .= ", PhantomId = '" . $obj->{'PhantomId'}. "'";
}
...