PHP file showing syntatical error - php

I'm trying to send title and content to my table named write . But i'm having error while running this php file .
Below is the error shown
not sucessfullyYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'write values('','','')' at line 1
<?php
require "connection.php";
$id = $_POST["id"];
$title =$_POST["title"];
$content =$_POST["content"];
$sql_query ="insert into write values('$id','$title','$content');";
if(mysqli_query($con,$sql_query))
{
echo"data insertion sucess";
}
else
{
echo "not sucessfully".mysqli_error($con);
}
?>


WRITE is a reserved keyword in MySQL so you should escape it using backticks:
insert into `write` ...
But I would recommend you rename the table into something more sensible.

Related

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version

I am trying to update a row in mysql, however, error no 1024 comes up every time
#$name= $_POST['name'];
#$bio=$_POST['bio'];
#$email=$_POST['email'];
if(!empty($_POST['name']) && !empty($_POST['bio']) && !empty($_POST['email']) )
{
$result="SELECT * FROM accounts where email='$email'";
$row = mysqli_fetch_array(mysqli_query($con,$result),MYSQLI_ASSOC);
$row['id']=$id;
$Sql_Query = mysqli_query($con,"UPDATE profile SET name= '$name', bio = '$bio' WHERE id = '$id'");
if(mysqli_query($con,$Sql_Query)){
echo 'Record Updated Successfully';
}
else{
echo 'Something went wrong, whether id is not present or something else'.mysqli_error($con);
}
}else
{
echo 'missing parameters';
}
error
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
Any help will be deeply appreciated

(See the edit near the bottom).
What happened here is that you executed the same query twice for the UPDATE and the error that you should be getting is a "1". (This before the edit).
Change your
$Sql_Query = mysqli_query($con,"UPDATE profile SET name= '$name', bio = '$bio' WHERE id = '$id'");
// ^^^^^^^^^^^^^^^^^
if(mysqli_query($con,$Sql_Query)){
// ^^^^^^^^^^^^^^^^^
echo 'Record Updated Successfully';
}
to just
if($Sql_Query){
echo 'Record Updated Successfully';
}
and use a prepared statement to help against an SQL injection.
https://en.wikipedia.org/wiki/Prepared_statement (General information).
http://php.net/manual/en/mysqli.prepare.php (MySQLi_).
http://php.net/manual/en/pdo.prepared-statements.php (PDO).
As per your edit where you added:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
...which is what I suspected and posted in a comment earlier.
By the way; those # characters are error suppressors and should be removed during development.
Using PHP's error reporting would help to a certain extent, but not for those #'ed variables for the POST arrays should there be anything wrong for them.
Edit:
As stated in a comment given by IncredibleHat, this line:
$row['id']=$id;
is reversed and should be written as:
$id = $row['id'];
The id is to be assigned "to" the row and not the other way around.
I failed to see that, my bad. Good catch on that.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''soft_name'

I am having this error in the following code. Please tell me my mistake.
Error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''soft_name', 'soft_ver', 'soft_size', 'sdesc', 'slink') VALUES ('h', ' ', ' ', '' at line 1
Code
<?php
$sname=$_POST['name'];
if (!empty($_POST['ver'])) $ver=$_POST['ver']; else $ver=" ";
if (!empty($_POST['ssize'])) $ssize=$_POST['ssize']; else $ssize=" ";
if (!empty($_POST['description'])) $desc=$_POST['description']; else $desc=" ";
if (!empty($_POST['link'])) $slink=$_POST['link']; else $slink=" ";
mysql_select_db('1027593',mysql_connect('','',''));
$qry="INSERT INTO downloads ('soft_name', 'soft_ver', 'soft_size', 'sdesc', 'slink') VALUES ('".$sname."', '".$ver."', '".$ssize."', '".$desc."', '".$slink."')";
mysql_query($qry);
echo mysql_error();
die();
?>

Change Query
$qry="INSERT INTO downloads ('soft_name', 'soft_ver', 'soft_size', 'sdesc', 'slink') VALUES ('".$sname."', '".$ver."', '".$ssize."', '".$desc."', '".$slink."')";
to
$qry="INSERT INTO downloads (`soft_name`, `soft_ver`, `soft_size`, `sdesc`, `slink`) VALUES ('".$sname."', '".$ver."', '".$ssize."', '".$desc."', '".$slink."')";
your mistake is you add a single quote(') in field name and it is not allow in sql field.
hope this solution help for you

SQL optional values breaking statement

I am trying to do simple insert in php and MySQL.
The HTML form has 3 fields with 1st one being mandatory and other 2 optional.
their names being :
name, address and phoneno
table name is users : id(int)|name(varchar)|address(varchar)|phoneno(int) , id is primary-key and auto-increment
and all except name and id are allow-nulls
assuming i have connection created and held in $con ,providing a value just for name and submitting the form
$name = $_POST['name']?$_POST['name']:NULL;
$address= $_POST['address']?$_POST['address']:NULL;
$phoneno= $_POST['phoneno']?$_POST['phoneno']:NULL;
$q="INSERT INTO users (name,address,phoneno)
VALUES('{$name}','{$address}',{$phoneno})";
if(mysql_query($q,$con)){
echo "data inserted successfully";
}
else{
echo "ERROR: ".mysql_error();
}
Is giving me
ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

Never do this in production environments! But for learning, try this:
$name = $_POST['name']?$_POST['name']:'NULL';
$address= $_POST['address']?$_POST['address']:'NULL';
$phoneno= $_POST['phoneno']?$_POST['phoneno']:'NULL';
$q="INSERT INTO users (name,address,phoneno) VALUES('$name','$address',$phoneno)";
if(mysql_query($q,$con)){
echo "data inserted successfully";
}
else{
echo "ERROR: ".mysql_error();
}
You have to use 'NULL' as string
Do not wrap variables with {}. this is only needed when you use object properties like {$obj->foo}
There are some other serious security issues in this code like sql injection. So never do this in production environments!

MYSQL error while inserting data using php

I am practicing php and sql. at a stage when I'm trying to enter a record into a table with 2 exiting records. but it doesn't add and show an error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=('Aqeela','Nasreen','Hakeem Chattah')' at line 1"
Why is it not entering a record in data base. Is there any syntax error?
$username="root";
$pass="";
$database="addressbook";
$server="127.0.0.1";
$con=mysql_connect($server,$username,$pass);
$db_found=mysql_select_db($database,$con);
if($db_found)
{
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES=('Aqeela','Nasreen','Hakeem Chattah')";
$result=mysql_query($sql_insert);
if(!$result){
print "sorry cannot proceed your request<br>".mysql_error();
}
else
{
// print "recorded entered successfuly<br>";
// print "now dATABASES AFTER EDITING ARE<BR><br>";
$new_sql="SELECT*FROM table_address_book";
$result_after_editing=mysql_query($new_sql);
while($db_field_edited=mysql_fetch_assoc($result_after_editing))
{
print $db_field_edited['ID']."<br>";
print $db_field_edited['f_name']."<br>";
print $db_field_edited['l_name']."<br>";
print $db_field_edited['address']."<br>";
print "<BR><BR><BR>";
}
mysql_close($con);
}
}
else
{
die("unable to connect database ".mysql_error());
}

The error clearly shows place where error in syntax occur.
Remove that =
INSERT INTO table_address_book(f_name,l_name,address) VALUES('Aqeela','Nasreen','Hakeem Chattah')"

I think there is an error in your INSERT INTO statment, you have written wrong VALUES part.
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES=('Aqeela','Nasreen','Hakeem Chattah')";
you need to remove "=" from your VALUES= part like this.
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES('Aqeela','Nasreen','Hakeem Chattah')";
please correct this line of code in your code and check it again.

Remove the = sign from VALUES=(...)

There's no '=' after VALUES, just:
VALUES (val1, val2, .., valN)

Insertion failed error in MySQL

while($row=mysql_fetch_array($result2)){
//return $row['ProjectID'];
$sql="INSERT INTO `tycodashboard` (ProjectID,DesignationID,ReqcompID,IntOrgID,FinishedTimeID,ProjectStatusID,PhaseID
) VALUES('{$row['ProjectID']}','$pm,'$req','$initiating,'$initiating','$ftime,'$ProjectStatus,'$Phase)";
$result=mysql_query($sql);
if(!$result){
if(mysql_errno() == ER_DUP_ENTRY){
throw new Exception("INSERT FAILED.\n\nThe database already contains a Project with the Project Name \"$ldesc\", please pick another.");
}else{
throw new Exception("INSERT FAILED.\n\n".mysql_error());
}
}
}//exits
INSERT FAILED.
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the
right syntax to use near '3','2,'2','2,'2,'3)' at line 2

You are missing a whole bunch of quotes as you can see from the error message:
'3','2,'2','2,'2,'3
Try adding the quotes where they are missing and see if that helps:
$sql="INSERT INTO `tycodashboard` (ProjectID,DesignationID,ReqcompID,IntOrgID,FinishedTimeID,ProjectStatusID,PhaseID
) VALUES ('{$row['ProjectID']}','$pm','$req','$initiating','$initiating','$ftime','$ProjectStatus','$Phase')";

Categories