I'm currently trying to use the following PHP function/SQL query with a page that edits medications on a project I'm building for school. I'm getting the following error and having trouble to finding where the error is :
Syntax error or access violation: 1064 You have an error in your SQL syntax;
function edit_medicine($medicine_name, $medicine_dose, $medicine_date, $medicine_current, $medicine_id) {
global $db;
$query = "UPDATE Medicine
SET MedicineName = :medicine_name,
Medicine Dose = :medicine_dose,
MedicineDatePrescribed = :medicine_date,
MedicineCurrent = :medicine_current
WHERE MedicineKey = :medicine_id";
$statement = $db->prepare($query);
$statement->bindValue(':medicine_name', $medicine_name);
$statement->bindValue(':medicine_dose', $medicine_dose);
$statement->bindValue(':medicine_date', $medicine_date);
$statement->bindValue(':medicine_current', $medicine_current);
$statement->bindValue(':medicine_id', $medicine_id);
$statement->execute();
$statement->closeCursor();
}
I'd appreciate any help anyone can offer- it's the end of finals week and I'm totally burnt out. Thanks!
Use quote to your column names, especially your Medicine Dose column because of its space (). Next time, don't use space to name your columns:
$query = "UPDATE `Medicine`
SET `MedicineName` = :medicine_name,
`Medicine Dose` = :medicine_dose,
`MedicineDatePrescribed` = :medicine_date,
`MedicineCurrent` = :medicine_current
WHERE `MedicineKey` = :medicine_id";
If double quotes or backtick does not work , try including the string within square brackets.
For example
SELECT [Business Name],[Other Name] FROM your_Table
Related
if (isset($_POST['update'])) {
$column=(isset( $_POST['column']));
$type= (isset($_POST['type']));
$value= (isset($_POST['value']));
mysql_query("UPDATE `combo1` SET column = '$column', type = '$type' ,value ='$value' WHERE id = '$id'");
}
The update query is not working I am not getting what is the solution please help me to overcome this problem
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 'column = '', type = '' ,value ='' WHERE id = '20'' at line 1
isset() method returns boolean value change like this
$column = isset( $_POST['column']) ? $_POST['column']:"";
Same for others
Modify your code as follows:
if (isset($_POST['update'])) {
$column = $_POST['column'];
$type = $_POST['type'];
$value = $_POST['value'];
mysql_query("UPDATE `combo1` SET column = '$column', type = '$type' ,value ='$value' WHERE id = '$id'");
}
If you remove the isset() method (refer to this link if you want more about the isset() method) as I have given above, the texts inside $column, $type and $value are substituted directly into the update string.
Update string does not contain any syntax errors in this case. Refer to this link if you want more information.
I also recommend you read up on SQL injection, as this sort of parameter passing is prone to hacking attempts if you do not sanitize the data being used:
MySQL - SQL Injection Prevention
The error message has virtually nothing to do with the 'version'. It is a syntax error complaining about "column". That word is a reserved word. Since you seem to have called the column column, put backtics around it, just as you did for the tablename.
mysqli_query($link,"UPDATE combo1 SET column='$column',type = '$type',value='$value' WHERE id ='$id'")
or die(mysqli_error($link));
I am working on a project that requires me to do a database insert with quite some columns to fill. I tried making my function dynamic so that I didn't have to type 28 insert into- columns, 28 placeholders, and then bind 28 values to 28 placeholders....and in the near future I might want to add more columns, so here's how I tried to set it up, the whole function and arrays are a bit to much to post here so I'll stick to the essential part with some psuedo code for my question:
-In my form, there are up to 28 inputs, and the input names are the same as the database column name
-The essential part of my code is as follows (some replaced by pseudo code to shorten this post)
<?php
//stacks holds 28 values in total
$stacks = array('name1','name2','name3','blablabla','etcetera');
// stacksDP is filled in a loop,
//contains the same as $stacks but it has a :
//in front of every value.
$stacksDP = array() // :name1',':name2', ....
$data = array(); // $data[stack / columnname] = "whatever";
$execArray = array();
//$execArray is filled like this in a foreach loop on $stacks as $stack:
//$execArray[$stacksDP[$stack]] = $data[$stack];
// so far so good, but now I want to make the actual query and the following gives me a "Syntax error or access violation: 1064 You have an error in your SQL syntax; "
$sql = "INSERT INTO stackoverflowplaceholder (".implode("','",$stacks)." VALUES (";
$sql .= implode(",",$stacksDP); // :columnname,
$sql .=")";
$q = $this->conn->prepare($sql);
echo $q->execute($execArray);
Any help on this matter would be appreciated :) Is it even possible what I'm trying to achieve here?
There is a missing, ), to close the column assignment, before the implode.
$sql = "INSERT INTO stackoverflowplaceholder (".implode("','",$stacks)." VALUES (";
will be
$sql = "INSERT INTO stackoverflowplaceholder (".implode("','",$stacks)." ) VALUES (";
I working in a php application where I must delete the selected items from a list where each item haves their own ID from mysql database, everything goes ok until execute the query in php.
This is the error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5
this is the String that I execute in the query:
$queryDE = "delete from md5_agenda
where id_empresa = $empi
and id_unidade = $unii
and id_usuario = $usrr
and id_item_agenda in ($deletar);"
The variable $deletar receives their value from post method and their value is like: 35,36,47,... and can be one ore many different values
But my problem is if I change $deletar for the exactly values everything goes fine, but if I use the php variable with THE EXACTLY SAME VALUE it doesn't work and returns the previous error message, I have no more ideas about what to do... I wanna keep in this way where I can choose all IDs that I want delete, without repeat the query.
Thanks.
edit:
foreach($deletar as $val)
{
$queryDE = "delete from md5_agenda
where id_empresa = $empi
and id_unidade = $unii
and id_usuario = $usrr
and id_item_agenda = $val;"
}
your code is not working because $deleter is return multiple value.
check code it's working.
Why don't you use a safe parametrized query?
$db =new PDO('... your connection string ... ');
$stmt = $db->prepare("delete from md5_agenda
where id_empresa = :empi
and id_unidade = :unii
and id_usuario = :usrr
and id_item_agenda in (:deletar);");
$stmt->execute(array(
':empi' => $empi,
':unii' => $unii,
':usrr' => $usrr,
':deletar' => $deletar
)
);
I'm inserting value to my MySQL table from php as:
$journey = $_POST['way'];
$from = $_POST['from'];
$to = $_POST['to'];
$dpdt = $_POST['dp_date'];
$rtdt = $_POST['rt_date'];
$fare = $_POST['fare'];
$sql = "insert into tours set " .
"journey='$journey', from='$from', to='$to', dp_date=CAST('$dpdt' AS DATE), " .
"rt_date=CAST('$rtdt' AS DATE), fare='$fare'";
on trying echo for $sql I'm getting output as:
insert into tours set journey='round', from='Aurangabad', to='Kashmir', dp_date=CAST('27-08-2013' AS DATE), rt_date=CAST('21-08-2013' AS DATE), fare='2500'
but I'm continuously getting the same error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from=Aurangabad, to='Kashmir', dp_date=CAST('27-08-2013' AS DATE), rt_date=CAST(' at line 1
even if I try to remove ' around the values of column names.
I'm using the same syntax for inserting data and that's working fine.
What's wrong with this?
Why MySQL does not give a proper error for such terrible mistake?
`from`='$from', `to`='$to'
FROM is reserved word use backtick around it.
FROM is reserved keyword and you should not use it. Refer Here
'from' and 'to' are reserve words
Try to do like this
[from] = 'Aurangabad', [to] ='Kashmir'
FROM is a SQL-Keyword. You must not use that without delimiters as a column name.
hey guys im trying to update my database using php ang ajax, but assuming that the textbox are dynamic thats why im trying to update the database using multiple updates with one click of a button but my fire bug says that "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '100' WHERE student_id = '33' AND subject_id = '2' AND school_id = '1' AND adv' at line 1 " im not pretty sure with my code because im just experimenting on how to do it in ajax with php.
PHP:
session_start();
$school_id = $_SESSION['school_id'];
$faculty_id = $_SESSION['user_id_fac'];
$subject_id = $_POST['subject_id'];
$year_grade_level = $_POST['year_level'];
$subject_handeler_id = $_POST['subject_handler_id'];
$student_grades_boy = $_POST['student_grades_boy'];
$student_grades_girl = $_POST['student_grades_girl'];
$update_grades_boys = "UPDATE registrar_grade_archive SET";
//SET status = '0' WHERE subject_id = '$subject_id'"
$vaues_girl = array();
$values_boy = array();
foreach ($student_grades_boy as $key=>$data) {
$student_id_B= $data['studnt_B_id'];
$grade_B = $data['studnt_grade_B'];
$values_boy[$key] = 'grade = \''.$grade_B.'\' WHERE student_id = \''.$student_id_B.'\' AND subject_id = \''.$subject_id.'\' AND school_id = \''.$school_id.'\' AND advisor_faculty_id = \''.$faculty_id.'\' AND subject_handler_id = \''.$subject_handeler_id.'\' ' ;
}
$values_boy = implode(', ', $values_boy);
$ready_edit_grades_boy = $update_grades_boys . $values_boy;
$save_grades_boy = mysql_query($ready_edit_grades_boy) or die(mysql_error());
please help guys. thanks in advance
Some problems here:
if $student_grades_boy contains more than 1 item, your sql will have multiple WHERE statements (you can only have 1);
you need a space between SET and the column name;
you have a serious sql injection problem;
you should switch to PDO or mysqli as the mysql_ functions are deprecated.
It appears you have no space between SET and grade.
Adding a space here should do the trick:
$update_grades_boys = "UPDATE registrar_grade_archive SET ";
If this doesn't do it, it would help tremendously if you could post the result of echo $ready_edit_grades_boy; and update your question.
try
$update_grades_boys = "UPDATE registrar_grade_archive SET ";
One space is needed after SET..
You are not escaping vars, so it could be some ' or " in your values.
http://php.net/manual/en/mysqli.real-escape-string.php