I'm almost sorry to ask this question but I'm drawing a complete blank. I'm getting the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE number='7'' at line 1"
It seems whenever I try to use just an integer in the following code, I get the syntax error;
$go = mysql_query("UPDATE $db1 SET count='$t1c', WHERE number='$input2'") or die(mysql_error());
As you can see the page gets the value, that's not the issue.. it just doesn't seem to like the WHERE = 7 part. I've tried with and without the quote marks, I've tried changing that column in the table from a int to a varchar. Still get the same thing yet the code BEFORE this piece that runs:
$check1 = mysql_query("SELECT * FROM $db1 WHERE number='$input2'");
Run's absolutely fine. It finds the value where number equals $input2...
Can someone help me PLEASE? I'm drawing a complete blank here :/
Remove the , in the query:
mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'");
Remove comma(,) which is placed before WHERE in UPDATE query
$go = mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'") or die(mysql_error());
Change
"UPDATE $db1 SET count='$t1c', WHERE number='$input2'"
to
"UPDATE $db1 SET count='$t1c' WHERE number='$input2'"
The comma shouldn't be there (before WHERE) and is causing an error.
number is a reserved word in mysql sql
it is better not to name columns with that words or you need to backtick them in query
example:
`number`=3
mysql reserved words
Related
I am trying to update an SQL table with PHP.
I have a form that is submitted to the database - this is working fine.
I have retrieved the entries from the database and this is also working fine.
The problem I am having is when I try to update the database with additional information into the comment field (a 'cell' that already has information in).
Here is my SQL code. Can you please point me where the problem is?
There error I am getting is:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 36tWHERE id = 0' at line 1
My code is below :
$commy = $_POST['comment'];
$ident = $_POST['id'];
$sql = "UPDATE issuelog".
"SET comment = $commy".
"WHERE id = $ident";
I know there are security issues here but this is only for localhost use at the moment and only by my self as an example.
You don't need to concatenate and you should put quotes around values.
$sql = "UPDATE issuelog
SET comment = '$commy'
WHERE id = '$ident';";
Update: As others pointed out you need spaces, but this is the reason you don't need to concatenate. By closing each line and concatenating, you are removing spaces between them. Be sure you use prepared statements, because as you said, this is subject to injections.
$sql = "UPDATE issuelog".
" SET comment = $commy".
" WHERE id = $ident";
You need spaces - try echoing out your $sql - you will see SET and WHERE are merged with the previous words.
been learning php for 3 weeks now and i find myself with a simple error that does not make sense:
I cant see what is wrong with this code.
Could someone please point me to why this is happening.
Its a simple insert and set sql query which is like this:
code:
$insertresults = "UPDATE usage SET message='".$message."',islive='".$islive."' WHERE id=1";
$insertresults_doit = mysql_query($insertresults) OR die(mysql_error());
the error i am getting is this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usage SET message='hello',islive='0' WHERE id=1' at line 1
as you can see, the variables are correct and to what i can see the sql string is correct also.
Thanks
Your table name, usage, is actually a reserved word in MySQL. You'll have to quote it with backticks:
UPDATE `usage` SET ...
$insertresults = "UPDATE usage SET message=$message,islive=$islive WHERE id=1";
$insertresults_doit = mysql_query($insertresults) OR die(mysql_error());
You don't need to wrap the variables the way you did, give this a try :) Taking a look at that error shows you the extra ' surrounding the column names - you don't want that.
Try removing the quotes from $islive
Check whether you have a single quote in the variable values. It is always better to escape it before using in the sql statement
$message=addslashes($message);
$islive=addslashes($islive);
$insertresults = "UPDATE usage SET message='".$message."',islive='".$islive."' WHERE id=1";
$insertresults_doit = mysql_query($insertresults) OR die(mysql_error());
Assuming both the columns are of varchar type
"UPDATE usage SET message='{$message}',islive='{$islive}' WHERE id=1" – Nick 21 mins ago
#Nick i still get the exact same error if i use braces and even if i do not use the ' on int's the message is a message and the islive is either a 0 or a 1. – Robert 6 mins ago
#Robert, have you made sure $message and $islive has been properly escaped? use: addslashes() or mysql_real_escape_string()
moved to answer (grew)
Hello guys and girls im trying to a sql update but think i forgot a ' or a "
im getting this error messege
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Brock'='1'WHERE username = 'admin'' at line 1
The fault lies with in this bit of code if i take the code out the page loads witht he rest of the scripts on it. But need it two do the update.
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Were am i going wrong ?
You miss a space between the '1' and the WHERE if I am not mistaken. And you should use backticks (`) when you want to escape a column name
So your code becomes:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
Note the ` instead of the ' around the column name (right after the SET).
Further possible improvements:
In case the column is of type INT, you can replace the '1' by 1 (without the ')
You should never directly use the $_SESSION,$_POST,$_GET or other values which can be altered by users in your queries. Do a Google search on SQL injection for more information
UPDATE user SET field = '1' WHERE ...
instead of
UPDATE user SET 'field' = '1' WHERE ...
and if your field is of type int, you might use
UPDATE user SET field = 1 WHERE
If you want to escape your fieldname, use
`field`
in backticks `
Besides the fact that this looks like a bad idea to code like this, assuming you have a column named Brock then you should use this types of quotes instead:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Notice I replaced your ' with `
I have a following code:
<?php
include("config.php");
$key = 'blahblah';
$sql = "INSERT INTO softversions SET key='$key'";
$result = mysql_query($sql) or die ($mysql_error());
echo "dude";
?>
This gives me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='svksskjfvns'' at line 1
The thing is that I've used this script about a hundred times on other pages and it worked.
Table and field names are 100% correct.
I don't understand what is going on.
Do you see the syntax error there?
KEY is a reserved word in MySQL and you need to escape it using backticks to use it as a column name and also you should not use SET when inserting.
$sql = "INSERT INTO softversions (`key`) VALUES ('$key')";
key is a reserved word in MySQL. To use it as a column, you need to escape it every time you call it.
$sql = "INSERT INTO softversions SET `key`='$key'";
$sql = "INSERT INTO softversions(keyName) values('{$key}')";
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
See something wrong in my code? I can't get the update function to work.. weird thing is the rest works correctly, and the same code works 100% on another page.
<?php
include("config.php");
$id = $_GET['id'];
$number = $_GET['no'];
$result = mysql_query("SELECT * FROM comments WHERE commentid = '$id'")
or die(mysql_error());
$row = mysql_fetch_array( $result );
mysql_query("update `comments` set like = like +1 where commentid = '$id'"); <--- only this here doesnt work
?>
And there is 1 line of html after that, a span tag getting some information out of the comments table.
My 'like' column is set to int(11), so I don't see that being the problem.
Hope this isnt another innatention mistake :/
Thanks alot to anyone who can help me out!
This is the error
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near 'like = like
+1 where commentid = '61'' at line 1
As EboMike posted, LIKE is a reserved keyword in MySQL.
You can either rename your column to something else that is not a keyword (preferred), or you can put a backtick (a backwards single quote) around it to tell MySQL it's a literal name.