My MYSQL code isn't running - php

function UpdateTable(){
global $connection;
$username = $_POST['username'];
$password = $_POST['password'];
$id = $_POST['id'];
$query="UPDATE users SET ";
$query .="username = '$username' , ";
$query .="password = '$password' ";
$query .="WHERE id = $id ";
$result = mysqli_query($connection, $query);
if(!$result){
die("Database connection failed ".mysqli_error($connection));
}
}
this is the error message i get :
Database connection failed You have an error in your SQL syntax; check
the manual that corresponds to your MariaDB server version for the
right syntax to use near '' at line 1

Related

why i trying to update the data, but it show me the error on the line "$result=mysqli_query($connection,$query);"

I have a problem on this, I can't find where is the problem in my code, anyone help me, pls.
<?php
if($_POST['submit']) {
$username = $_POST['username'];
$password = $_POST['password'];
$id = $_POST['id'];
$query = "UPDATE users SET ";
$query .="username = '$username' ";
$query .="password = '$password' ";
$query .="WHERE id = $id";
$result = mysqli_query($connection, $query);
if(!$result) {
die ('QUERY FAILED' . mysqli_error($connection));
}
}
?>
I need to update the new data into MySQL, but it show me the error message:
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'password='av' WHERE id='

Missing ',' in your query.
<?php
if($_POST['submit']) {
$username = $_POST['username'];
$password = $_POST['password'];
$id = $_POST['id'];
$query = "UPDATE users SET ";
$query .= "username = '$username', "; // missing ','
$query .= "password = '$password' ";
$query .= "WHERE id = $id";
$result = mysqli_query($connection, $query);
if(!$result) {
die ('QUERY FAILED' . mysqli_error($connection));
}
}
?>
The Update query should be :
UPDATE users SET username = 'username', password = 'password' where id = 1

As correctly pointed out by Majharul, the error is caused by the missing comma (,) between the columns listed in your SET clause. The error is almost always immediately preceding the part of the query returned in the error: password='av' WHERE id=.
More importantly, you should never store passwords in plain text, nor should you be simply concatenating strings and/or interpolating variables directly into your SQL. This is a very obvious SQL Injection vulnerability and easy to exploit. You should be using parameterized prepared statements to pass your variables into your query.
This is a simplistic example (validation of user input should be added) of how you might improve your code:
<?php
if($_POST['submit']) {
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$id = $_POST['id'];
/* Prepare your UPDATE statement */
$stmt = mysqli_prepare($connection, 'UPDATE users SET username = ?, password = ? WHERE id = ?');
/* Bind variables to parameters */
mysqli_stmt_bind_param($stmt, 'ssi', $username, $password, $id);
/* Execute the statement */
$result = mysqli_stmt_execute($stmt);
if(!$result) {
die ('QUERY FAILED' . mysqli_error($connection));
}
}
Please read PHP docs for password_hash() for more detailed explanation.

Query FailedYou have an error in your SQL syntax

I am trying to update mysql database using php.
$connection=mysqli_connect('localhost','root','','loginapp');
if(!$connection){
die("database connection failed");
}
if (isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$id = $_POST['id'];
$query = "UPDATE users SET ";
$query .= "username = '$username', ";
$query .= "password = '$password' ";
$query .= "WHERE id = $id";
$result = mysqli_query($connection, $query);
if (!$result) {
die("Query Failed".mysqli_error($connection));
}
}
I have tried every possible way of writing the following code, but everytime I am getting the error:
Query FailedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

You must use prepared statements and switch on proper error reporting. Do not use die() to display error message. Do not store plaintext passwords in the DB, use password_hash() instead. A correct, but simple example of such code would be as follows:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connection = new mysqli('localhost','root','','loginapp');
$connection->set_charset('utf8mb4');
if (isset($_POST['submit'])) {
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt = $connection->prepare('UPDATE users SET username=?, password=? WHERE id=?');
$stmt->bind_param('sss', $_POST['username'], $password, $_POST['id']);
$stmt->execute();
}

what is for SQL syntax; check the manual that corresponds to your MariaDB server version?

the code is totally true but during execute i face error
whats wrong with this code ... of course im beginner coder guys but help me please
THE ERROR IS :
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near '52, v#test.com)VALUES ('niki','52','v#test.com')' at line 1
THE CODE IS :
<?php
if(isset($_POST['submit'])){
$Name= $_POST ['Name'];
$Password = $_POST [ 'Password'];
$Email= $_POST [ 'Email'];
$connection = mysqli_connect('127.0.0.1','root','','loginapp');
if($connection){
echo "Hi Dude , we are conneted";
}else{
die('DataBase is Failed');
}
$query = "INSERT INTO `users`($Name , $Password, $Email)" ;
$query .= "VALUES ('$Name','$Password','$Email')";
$result = mysqli_query($connection , $query);
if (!$result){
die('Query FAILED'. mysqli_error($connection));
}
}else {
echo "Record Create";
}

You must use column names in place of variables in the insert statement.
Insted of
$query = "INSERT INTOusers($Name , $Password, $Email)" ;
$query .= "VALUES ('$Name','$Password','$Email')";
Use something like this
$query = "INSERT INTOusers(Name , Password, Email)" ;
$query .= "VALUES ('$Name','$Password','$Email')";

php mysql database connection error

I have the following php code that gets user login details from a html form:
$con=mysqli_connect("host","user","pass","db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "select username from users where user='$_POST[username]' limit1";
$result = mysql_query($query);
echo result;
But when I run it, i seem to be getting these errors:
Warning: mysql_query() [function.mysql-query]: Can't connect to local
MySQL server through socket '/directory omitted' (2) in
/directory omitted on line 10
Warning: mysql_query() [function.mysql-query]: A link to the server
could not be established in
/directory omitted on line 10
Can anyone please help out? thanks very much!

You have mixed mysqli with mysql so there's a lot of typos
Code should be:
$con = mysqli_connect("host","user","pass","db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$u = $_POST['username'];
$sql = "SELECT username FROM users WHERE user='$u' LIMIT 1";
$query = mysqli_query($con, $sql);
if ($row = mysqli_fetch_assoc($query)) {
echo $row['username'];
}
Hope it worked.
Or if you need all rows printed it should be:
while ($row = mysqli_fetch_assoc($query)) {
echo $row['username'];
}

$query = "select username from users where user='$_POST[username]' limit1";
$result = mysql_query($query);
These lines should be Like the following
$query = "SELECT username FROM users WHERE user='".$_POST['username']."' LIMIT 0,1";
$result = mysqli_query($con,$query);
print_r(mysqli_fetch_array($result));

MySQL wrong syntax but no line 114

I am getting the following error
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '' at line 114
but my code is only 27 lines long
<?php
$DB_NAME = 'QCSYSTEM';
$DB_HOST = 'monitor';
$DB_USER = 'QCSYSTEM';
$DB_PASS = '247#Direct';
$mysqli = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
// A QUICK QUERY ON A FAKE USER TABLE
$query = "SELECT username FROM `users` WHERE";
$result = $mysqli->query($query) or die($mysqli->error.__LINE__);
// GOING THROUGH THE DATA
if($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo stripslashes($row['username']);
}
}
else {
echo 'NO RESULTS';
}
// CLOSE CONNECTION
mysqli_close($mysqli);
?>

You are missing to state your WHERE clause here
$query = "SELECT username FROM `users` WHERE";
Either remove it
$query = "SELECT username FROM `users`";
or apply any clause
$query = "SELECT username FROM `users` WHERE column = 'something'";

$query = "SELECT username FROM `users` WHERE";
$result = $mysqli->query($query) or die($mysqli->error.__LINE__);
You have no where clause specified so the query is failing.

Categories