php stored procedure adding error - php

I want to add data to my table with stored procedure, but I have this error:
Gönder
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)' at line 1' in C:\xampp\htdocs\berat\isyerikayit.php:142 Stack trace: #0 C:\xampp\htdocs\berat\isyerikayit.php(142): PDO->query('CALL isyerikayi...', 2) #1 {main} thrown in C:\xampp\htdocs\berat\isyerikayit.php on line 142
<?php
if (isset($_POST['gonder']))
{
$adi = $_POST["adi"];
$calismaturu = $_POST["calismaturu"];
$iscigucu = $_POST["iscigucu"];
$hizmetturu = $_POST["hizmetturu"];
$butce = $_POST["butce"];
if($calismaturu == 'V')
{
$sorgu= $db->query("CALL isyerikayitV($adi,$calismaturu,$iscigucu,$hizmetturu)",PDO::FETCH_ASSOC);
echo '<script>alert("Hizmet Veren Firma Eklendi.");</script>';
}
else
{
$sorgu= $db->query("CALL isyerikayitE($adi,$calismaturu,$butce)",PDO::FETCH_ASSOC);
echo '<script>alert("Hizmet Edilen Firma Eklendi.");</script>';
}
}
?>
My isyerikayitE() and isyerikayitV procedures are 7.


It seems that $iscigucu is empty:
"that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)'"
And all your string variables are missing the quotes:
A quick solution is to do:
$iscigucu = empty($_POST["iscigucu"]) ? "''" : "'".$_POST["iscigucu"]."'";
for each one of them.
or
$iscigucu = "'".$iscigucu."'"
But the right way to solve this is to use prepared statements:
$call = mysqli_prepare($mysqli, 'CALL test_proc(?, ?, ?, ?)');
mysqli_stmt_bind_param($call, 'ssss', $adi,$calismaturu,$iscigucu,$hizmetturu);
mysqli_stmt_execute($call);
Take a look at: http://php.net/manual/en/mysqli-stmt.bind-param.php

Related

SQLSTATE[42000]: Syntax error or access violation: 1064 Error

I am getting the following error on a website. I create ticket for this reason in my hosting provider. It told me "You need to edit the select query, not a select query suitable for the mariadb version on the server." they said.
error_log File:
[25-Dec-2021 19:50:24 Europe] PHP Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'and dripfeed= 2' at line 1 in /home/user/public_html/script.php:461
Stack trace:
#0 /home/user/public_html/script.php(461): PDO->query('SELECT * FROM o...')
#1 /home/user/public_html/index.php(35): require_once('/home/user/...')
#2 {main}
thrown in /home/user/public_html/script.php on line 461
script.php File:
$dripfeedvarmi = $conn->query("SELECT * FROM demo WHERE user=$user_id and dripfeed=2");
if ($dripfeedvarmi->rowCount())
{
$dripfeedcount = 1;
}
else
{
$dripfeedcount = 0;
}
Current DB Version: 10.2.41-MariaDB-cll-lve
PHP Version: 7.4.25
OS: Linux
Thank you in advance for your help.

even if the MySQL syntax is correct, do not write code like this. Always prepare your query to make it secure!
Try this example:
$query = 'SELECT * FROM demo WHERE user = ? AND dripfeed = ?';
$array = array($user_id, 2);
$init = $conn->prepare($query);
$init->execute($array);
$rowCount = $init->rowCount();
if($rowCount > 0){
$dripfeedcount = 1;
}else{
$dripfeedcount = 0;
};
Also if you are storing the id of the user, so why the column name is not user_id instead of user? Be clean...

You can also try like this to execute the query using prepare() and execute() methods.
$dripfeedvarmi = $conn->prepare("SELECT * FROM demo WHERE user=:user and dripfeed=:dripfeed");
$dripfeedvarmi->execute([':user'=>$user_id,':dripfeed'=>2]);
if ($dripfeedvarmi->rowCount()>0)
{
$dripfeedcount = 1;
}
else
{
$dripfeedcount = 0;
}

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax;

I'm trying to do a form to insert values on a data base, but it's not working.
In fact, I used to use a VM that is now dead. And when I switched to Xammp my program didn't work anymore.
$titre = $_POST["titre"];
$categorie = $_POST["categorie"];
$portion = $_POST["portion"];
$heure_cuiss = $_POST["heure_cuiss"];
$minute_cuiss = $_POST["minute_cuiss"];
$heure_prepa = $_POST["heure_prepa"];
$minute_prepa = $_POST["minute_prepa"];
$heure_rep = $_POST["heure_rep"];
$minute_rep = $_POST["minute_rep"];
$cuiss = $_POST["cuiss"];
$cost = $_POST["cost"];
$dif = $_POST["dif"];
$histoire = $_POST["histoire"];
$region = $_POST["region"];
$temps = intval($heure_cuiss) + intval($minute_cuiss)/60 + intval($heure_prepa) + intval($minute_prepa)/60 + intval($heure_rep) + intval($minute_rep)/60;
$query = $bdd -> prepare('INSERT INTO recette (titre, categorie, portion, heure_cuiss, minute_cuiss, heure_prepa, minute_prepa, heure_rep, minute_rep , cuiss, cost, dif, histoire, region, temps)
VALUES(:titre, :categorie, :portion, :heure_cuiss, :minute_cuiss, :heure_prepa, :minute_prepa, :heure_rep, :minute_rep, :cuiss, :cost, :dif, :histoire, :region, :temps)');
$query -> execute(array('titre'=>$titre, 'categorie'=>$categorie, 'portion'=>$portion, 'heure_cuiss'=>$heure_cuiss, 'minute_cuiss'=>$minute_cuiss, 'heure_prepa'=>$heure_prepa, 'minute_prepa'=>$minute_prepa, 'heure_rep'=>$heure_rep, 'minute_rep'=>$minute_rep, 'cuiss'=>$cuiss, 'cost'=>$cost, 'dif'=>$dif, 'histoire'=>$histoire, 'region'=>$region, 'temps'=>intval($temps)));
I get this error
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'portion, heure_cuiss, minute_cuiss, heure_prepa, minute_prepa, heure_rep, min...' at line 1 in C:\xampp\htdocs\ptut\upload\back-index.php:46 Stack trace: #0 C:\xampp\htdocs\ptut\upload\back-index.php(46): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\ptut\upload\back-index.php on line 46
I've tried to rewrite my database, to write my insert with '?' but nothing works.
I've been working on this problem for 5 hours. I really need your help !
Thanks, Thomas

Make sure your password is empty like this :
$bdd = new PDO('mysql:host=localhost;dbname=yourDataBase', 'root', '');

i'm unable to insert database using PDO

I'm trying to use PDO to insert data into my database but I'm getting this error
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1 in C:\xampp\htdocs\pfe\users\execute.php:21 Stack trace: #0 C:\xampp\htdocs\pfe\users\execute.php(21): PDOStatement->execute() #1 {main} thrown in C:\xampp\htdocs\pfe\users\execute.php on line 21'
this is my code :
<?php
session_start();
require_once("database.php");
$req = $dbh ->prepare('INSERT INTO idad
(etat, description, image, localisation,
statut, categorie, author_num, created_at)
VALUES(:etat, :description, :image, :localisation,
:statut, :categorie, :author_num, NOW() ');
$req ->bindParam(':etat' , $_POST["etat"]);
$req ->bindParam(":description" , $_POST["description"]);
$req ->bindParam(":image" , $_POST["image"]);
$req ->bindParam(":localisation" , $_POST["localisation"]);
$req ->bindParam(":statut" , $config['STATUS'][0]);
$req ->bindParam(":categorie" , $_POST["categorie"]);
$req ->bindParam(":author_num" , $_SESSION["id"]);
$req ->execute();
var_dump($_POST);
var_dump($_SESSION);
var_dump($config);
?>

Instead of having multiple lines of bindParam, did you try :
$req -> execute(array(
':param1' => $my_param1,
':param2' => $my_param2,
':param3' => $my_param3,
));
I'm not sure your solution work or not, it's just I always did it my way because got recommended to do it this way, for security purposes if I'm right (still learning).
Also my code may be clearer and if I'm right about it, your code doesn't verify your $_POST variables aren't undefined nor empty so maybe it will lead to problems one day.

PHP PDO data does not inserting [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'keys) VALUES ('1','159')' at line 1' in C:\xampp\htdocs\***\index12.php:93 Stack trace: #0 C:\xampp\htdocs\***\index12.php(93): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\***\index12.php on line 93
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
for($i = 1; $i < sizeof($counts_index);$i++){
//echo $i.": ".$counts_index[$i]."<br/>";
$index = $counts_index[$i];
$sql1 = "INSERT INTO asce (idn,keys) VALUES (:idn,:keys)";
$q1 = $dbh->prepare($sql1);
$params1 = array(
':idn'=>$i,
':keys'=> $index
);
$q1->execute($params1);
}

Keys is a reserved word in MySQL. Either change your column name (better solution) or update your query wrapping keys in backticks.
INSERT INTO asce (idn, `keys`...

unexpected error on inserting values and error with implode()

I am inserting the values using PDO but i am getting error as:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,price,nick_name,gender,size,color,birth_date,uname,uphone,ucountry,ustate,u' at line 1' in C:\wamp\www\aa\abc.php:58 Stack trace: #0 C:\wamp\www\www\aa\abc.phpphp(58): PDOStatement->execute(Array) #1 {main} thrown in C:\wamp\www\www\aa\abc.php.php on line 58
also getting Warning: implode() [function.implode]: Bad arguments for implode function
Code:
foreach ($_POST['pcheck'] as $p_check) ////storing checkbox values
{
$pcheckp[] = $p_check;
} $finalcheck = implode(',', $pcheck);
foreach ($_POST['pinc'] as $p_inc) ////storing inputfield values
{
$pinc[] = $p_inc;
} $finalpinc = implode(',', $pinc);
$sql = "INSERT INTO list (u_id,list_type,list_ff,breed,title,desc,price,nick_name,gender,size,color,birth_date,uname,uphone,ucountry,ustate,ucity,usite,pcheck,pinc,photo)
VALUES(:uid,:list_type,:list_ff,:breed,:title,:desc,:price,:nick_name,:gender,:size,:color,:date,:uname,:uphone,:ucountry,:ustate,:ucity,:usite,:pcheck,:pinc,:p_photo)";
$q = $db->prepare($sql);
$q->execute(array(':uid'=>dd,
':list_type'=>$list_type,
':breed'=>$breed,
':title'=>$title,
':desc'=>$desc,
':price'=>$price,
':list_ff'=>$list_ff,
':nick_name'=>$nick_name,
':gender'=>$gender,
':size'=>$size,
':color'=>$color,
':date'=>$date,
':uname'=>$uname,
':uphone'=>$uphone,
':ucountry'=>$ucountry,
':ustate'=>$ustate,
':ucity'=>$ucity,
':usite'=>$usite,
':pcheck'=>$finalcheck,
':pinc'=>$finalpinc,
':p_photo'=>$p_photo));
$_POST['pcheck'] and $_POST['pinc'] is used to get checkbox and input values which i am going to store in column in mysql.
I have checked many times to find the syntax error in insert query but nothing wrong is in it
Hoping to get help
Thanks!

for Warning: implode()
$finalcheck = implode(',', $pcheck);
should be
$finalcheck = implode(',', $pcheckp);
also desc is reserved for mysql you need to use it with `
$sql = "INSERT INTO list (`u_id`,`list_type`,`list_ff`,`breed`,`title`,`desc`,`price`,`nick_name`,`gender`,`size`,`color`,`birth_date`,`uname`,`uphone`,`ucountry`,`ustate`,`ucity`,`usite`,`pcheck`,`pinc`,`photo`)
VALUES(:uid,:list_type,:list_ff,:breed,:title,:desc,:price,:nick_name,:gender,:size,:color,:date,:uname,:uphone,:ucountry,:ustate,:ucity,:usite,:pcheck,:pinc,:p_photo)";

Categories