I really do not understand why the query below is giving a error.
$sql = "INSERT INTO telefoonnotitie
(
verzoek_id,
klant_id,
contact_id,
offerte,
order,
factuur,
bestelling,
bericht,
gemaakt_id,
gemaakt,
user_id
)
VALUES
(
'".$verzoek_id."',
'".$klant_id."',
'".$contact_id."',
'".$offerte."',
'".$order."',
'".$factuur."',
'".$bestelling."',
'".$bericht."',
'".$_SESSION['user_id']."',
NOW(),
'".$_SESSION['user_id']."'
)
";
The error is 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, factuur, bestelling, bericht, ' at line 7'
The output of this query is
INSERT INTO terugbellen ( verzoek_id, klant_id, contact_id, offerte,
order, factuur, bestelling, bericht, gemaakt_id, gemaakt, user_id )
VALUES ( '1', '472', '1127', '', '', '6161003', '', 'Dit is een
testbericht', '1', NOW(), '1' )
Any suggestions?
order is a SQL key-word. Wrap that column name in back ticks, like this:
$sql = "INSERT INTO telefoonnotitie
(
verzoek_id,
klant_id,
contact_id,
offerte,
`order`,
factuur,
bestelling,
bericht,
gemaakt_id,
gemaakt,
user_id
)
VALUES
Suggestion, you should really use Prepared Statements instead of concatenating your queries to eliminate the risk of SQL Injection attacks.
Related
I am currently working on the following sql code which should insert a new data set only if it doesn't exist so far. The sql code works fine when being executed in phpmyadmin. If I execute the code within php I get the error (see below).
The sql code is the following:
INSERT INTO `historiclist` (`id`, `date`, `name`, `idnumber`, `prop1`, `prop2`, `prop3`, `difflimit1`, `difflimit2`)
SELECT * FROM (SELECT
0 as `id`,
1515529465 as `date`,
'johndoe' as `name`,
'381' as `idnumber`,
105 as `prop1`,
240 as `prop2`,
60 as `prop3`,
'-10' as `difflimit1`,
'-10' as `difflimit2`
) AS tmp
WHERE NOT EXISTS (
SELECT `id` FROM historiclist
WHERE `date` = 1515529465
AND `name` = 'johndoe'
AND `idnumber` = '381'
) LIMIT 1;
The mysql error I receive is:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INSERT INTO historiclist (id, date, name, idnumber, prop1, `prop' at line 21
The mysterious situation is also that prop2 is not fully displayed. So it cuts the 2 in the end of the name as well as e. g. prop3.
What am I missing?
//Edit I was missing something else as well ... here my php code:
$sql1return = sqlQUERY($connection, $sql1);
$message = 'Invalid query: ' . mysql_error() . "\n";
function sqlQUERY($connection, $sqlinput){
$return = #mysql_query($sqlinput, $connection);
return $return;
}
The database connection works just fine in any other place (I know it is a bit outdated however).
I am using a logbook to track all user interaction.
When trying to save the search of an page to my MySQL database I get this error: You have an error in your SQL syntax; is MySQL seeing this as extra columns now?
$sql_lgb = "INSERT INTO logboek
(
omschrijving,
zoek,
sort,
soort,
user_id
)
VALUES
(
'".$omschrijving."',
'".$zoek_opdr."',
'".$sort_name."',
'pagina bezocht',
'".$_SESSION['user_id']."'
)
";
// resultaat van query
if(!$res_lgb = mysqli_query($mysqli, $sql_lgb)) { include('includes/error_database.php'); die; }
This is the output of the query:
INSERT INTO logboek ( omschrijving, zoek, sort, soort, user_id ) VALUES ( 'Pagina Manuals bezocht', ' (bedrijf LIKE 'torza' OR bedrijf LIKE 'thure' OR bedrijf LIKE 'mb' ) AND (naam LIKE '%%') ', 'naam', 'pagina bezocht', '1' )
The values you are sending to the database has multiple quotations ' in "zoek" value.
To avoid such errors you need to escape them \'.
Or even better use PDO with prepared statements.
I have a relational insert which works like a charm in mysql, but when I put in into a query in PHP, nothin' doin'. Can someone help?
$qry = "
INSERT into orders
( customerid, date, order_status )
VALUES
( '$customerid', '$date', $order_status );
INSERT into order_items
( orderid, isbn, item_price, quantity )
VALUES
( LAST_INSERT_ID(), '12345', 5, 1 )
";
when I remove the second insert, it works as advertised in PHP. I am running EasyPHP5.3.
Thanks!
Unless you are using mysqli_multi_query() you cannot run more than one query at a time in PHP. So you'll need to break that query into two queries or use the previously mentioned function.
Hope this work for you
$qry = "
INSERT into orders
( customerid, date, order_status )
VALUES
( '$customerid', '$date', $order_status )";
$qry.=" INSERT into order_items
( orderid, isbn, item_price, quantity )
VALUES
( LAST_INSERT_ID(), '12345', 5, 1 )
";
$mysqli->multi_query($query)
OK, so SQL and PHP may have some common grounds but they still have differences.
If you want to perform multiple queries, at time it might result into an error in PHP because PHP needs to send a request to SQL before it executes the query and one request is to one query. (I think meehee).
If you were to transfer your code to PHP this is the code, I guess you already know how to setup a connection between your php file and your database right, if not feel free to ask or update your question. But this is how to do your code in PHP:
<?php
$sqlOrders = "INSERT INTO orders (customer_id, date, order_status)
VALUES
('$customer_id','$date','$customer_status')";
$sqlOrderItems = "INSERT INTO order_items (orderid, isbn, item_price, quantity)
VALUES
(LAST_INSERT_ID(), '12345', 5, 1)";
After that you need to call this command for this is the request.
if(!mysqli_query($link <--- connection to your database,$sqlOrders)){
die('Error: ' . mysqli_error($link));
}
if(!mysqli_query($link,$sqlOrderItems)){
die('Error: ' . mysqli_error($link));
}
?>
this is the php code:
$stringquery = "INSERT INTO sikurim(name, title, desc, category, subcategory)
VALUES ('$contact', '$heading','$comments', '$catF', '$catS' ) ";
mysql_query($stringquery) or die(mysql_error());
And i get the error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'desc, category, subcategory) VALUES ('jhjh', ' fffff','fffff',
'2', '4' )' at line 1
I can't find what's wrong with the code, can someone help?
DESC is reserved MySQL keyword. You need to enclose it in backquotes:
$stringquery = "INSERT INTO sikurim(name, title, `desc`, category, subcategory) VALUES ('$contact', '$heading','$comments', '$catF', '$catS' )";
You should escape each value.
Use mysql_escape_string http://www.php.net/manual/en/function.mysql-escape-string.php
I have function that updates log table.
function wslog($userID, $log, $where) {
safe_query("INSERT INTO ".PREFIX."log ( time, userID, log, where ) values( '".time()."', '".$userID."', '".$log."', '".$where."' ) ");
}
And I have this php code:
wslog($userID, 'server|'.mysql_insert_id().'', 'servers');
But I keep getting syntax error:
Query failed: errorno=1064
error=You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where ) values( '1269208030', '1', 'server|14', 'servers' )' at line 1
query=INSERT INTO ws_DII_log ( time, userID, log, where ) values( '1269208030', '1', 'server|14', 'servers' )
Is it possible that SQL doesn't like your log field name as it is a reserved word?
If so, try putting it is backticks
log ( `time`, `userID`, `log`, `where` )