I have this SQL statement:
$sql = "SELECT CONCAT_WS (" ",Firstname, Surname) AS FullName FROM Applicant WHERE AppID=10010";
This statement returns Error 500 on my page despite of that it is a completely correct statement. I run this query on Sequel Pro and it is returning exactly what I need.
I tried a simple query and its working fine:
$sql = "SELECT * FROM Cases";
I don't know why PHP is doing that. Maybe an extra pair of eyes can solve this.
wrong double quotes sequence
$sql = "SELECT CONCAT_WS (' ',Firstname, Surname) AS FullName
FROM Applicant WHERE AppID=10010";
you must a different quote char inside the query string
Related
The following code is returning no results where I use the variable in the code of $dep if I manually put the value in of 1 it returns the expected result. I have tried it with no quotes single quotes and double quotes. I have looked though loads of examples and I cannot see what I am doing wrong
$dep = 1;
if (!$names) {
$sql = "SELECT topic_id, topic_pid, ispublic, isactive, topic, dept_id FROM '.TOPIC_TABLE
. ' WHERE dept_id='$dep' ORDER BY `sort`";
$res = db_query($sql);
I'm pretty sure your error is related to wrong quotes used.
In your code, you write
$sql = "SELECT topic_id, topic_pid, ispublic, isactive, topic, dept_id FROM '.TOPIC_TABLE
. ' WHERE dept_id='$dep' ORDER BY `sort`";
After FROM, you are using single-quotes('), but your whole query has been enclosed into double-quotes("), so that creates the issue.
It should be:
$sql = "SELECT topic_id, topic_pid, ispublic, isactive, topic, dept_id FROM ".TOPIC_TABLE
. " WHERE dept_id='$dep' ORDER BY `sort`";
EDIT: Forgot to point out you should seriously use PDO or any other SQL Injection prevention methods. If, under any circumstance, your $dep variable could be sent via a public form, you could end up by having your DB dumped in the best case.
There's a syntax error in the second line of the query - if you want single-quotes in the query, then you need to enclose it all in double-quotes:
$sql = "SELECT topic_id, topic_pid, ispublic, isactive, topic, dept_id FROM ' .TOPIC_TABLE
. " WHERE dept_id='$dep' ORDER BY `sort`";
By the way, building a query like this, using string concatenation, is a REALLY BAD IDEA and leaves you open to SQL injection attacks - you should use prepared statements and parameters instead.
First as Fred -ii says make sure the if statement is executing properly. Then if dept_id is an integer value then you should not need the single quotes as scaisEdge says. Otherrwise the SQL looks fine. Make sure that there are in deed records in the database for the dept_id that is being passed in.
I am new to php and mysql and i am using delete query with CONCAT function, but it is showing some error.
My sql query is
$sql = "delete from wp_users_friends where userid ='$username'
and frid LIKE CONCAT('%',$frUserID)";
And the error is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
I am having a lot of trouble in this, try to help me
Correct it to:
$sql = "delete from wp_users_friends where userid ='$username'
and frid LIKE '%$frUserID'";
MySQL CONCAT() function is made for concatenating the strings to make them a single string. Which is not required here.
If you want to find ids which start with $frUserID, use like keywords with wild card operator % in the beginning.
This operator % will search for all rows which have frid starting from $frUserID.
Make your query as below:
$sql = "DELETE FROM wp_users_friends WHERE userid ='$username' AND frid LIKE '%".$frUserID."'";
You should not use CONCAT() for a LIKE expression, use a query like one of the other answers instead.
Just wanted to add, you should use single quotes (') for the variable you pass into CONCAT().
So instead of doing this :
$someSql = "CONCAT('%',$frUserID)";
You should do :
$sql = "CONCAT('%','$frUserID')";
Notice the single quotes around $frUserId.
This is bizarre, I'm changing some code from mysql to mysqli functions cause of php 5.5+, in these two basic examples, mysql_query had no ' single quote nor ` backtick and worked fine.
$sql = "SELECT * FROM `".$table."`"; // requires: ` ` or fails
$result = mysqli_query($con,$sql);
$sql = "SHOW TABLES LIKE '".$table."'"; // requires: ' ' or fails
$result = mysqli_query($con,$sql);
Can someone explain why?
EDIT: I guess the essence of my question is that: Both functions worked fine without any kind of quotes with mysql_query, and both failed mysqli_query without some kind of quotes. Meaning I will have to fiddle around with half my query's when changing from mysql_ to mysqli_
In your first select statement you are trying to select a table by it's name, hence it will accept the name either with ` or without them, but now with single or double quotes. These should work :
$sql = "SELECT * FROM `table_name`";
$sql = "SELECT * FROM table_name";
In the second case you need to pass in a string to be compared by the like statement hence you need to surround it either with single ' or double " quotes:
$sql = "SHOW TABLES LIKE 'string'";
$sql = "SHOW TABLES LIKE \"string\"";
Edit:
Check out this previous answer on SO as well:
Using backticks around field names
Edit 2:
Since we (me and in comments) suggested that backticks are somehow optional, keep in mind that as a best practise use them whenever you can since although it will allow you to pass most queries without them, some queries using MySql reserved words would break when containing mysql reserved words
I have a weird problem please take a look at this query:
select * from myfriend where name like "%n%";
when execute this query on phpMyAdmin the query returned correct results, but when execute it using php no result returned.
please note this query executed in drupal 6.
what is the problem with char "n" and PHP?
Percent signs are used as placeholders in Drupal 6 queries, so you need to escape them:
$query = db_query('select * from myfriend where name like "%%n%%"');
$searchChar = "n";
$query = "SELECT * FROM `myfriend` WHERE `name` LIKE '%" . $searchChar . "%'";
Then use the $query variable in your statement.
Eg:
$mysql->query($query);
mysql_query($query);
Your query is perfect. Give some brief on it. You can check if your connection of database from php to mysql is correct. You can echo that query from php file and run into phpmyadmin if that gives correct output then surely database connectivity problem will be there.
There is absolutely no issues with any character in php.
I'm trying to query my MySQL database to get information about a user. You submit a form on a previous page and then you go into the page and connect to the database and all that good stuff. I just have a quick question on syntax for the SELECT function for a query. I'm trying to say "select from tbl_name where the field first name concatenated with the field last name (with a space in between) equals the variable $user.
I figured with PHP I need to put slashes in front of the quotation marks. It doesn't seem to return any value though. Am I just using incorrect syntax?
$user=$mysqli->real_escape_string($_POST['user']);
$sql="SELECT * FROM tbl_name WHERE firstname.\" \".lastname='$user'";
You will have to use SQL's CONCAT() in your WHERE clause to join the firstname and lastname columns together:
SELECT
*
FROM
tbl_name
WHERE
CONCAT(firstname. ' ', lastname) = ?
Using your existing code in PHP (for copy+paste):
$sql = "SELECT * FROM tbl_name WHERE CONCAT(firstname, ' ', lastname) = '" . $user . "'";
* Also worth noting: since you're using MySQL you can legally-use single-quotes and/or double-quotes for strings in your queries (T-SQL is bound to single quotes for strings). Because of this, if you're wrapping your whole query with double-quotes in PHP you can use single-quotes inside your SQL-query instead of having to escape your double-quotes. This is more of a programmer's-preference tip, but one that may save you a quote-escaping headache one day =P
i think it is this what you are looking for??
$sql = 'SELECT * FROM '.$tbl_name .' WHERE CONCAT(firstname," ",lastname )='.$user.' ';