I'm trying to set up a way for users to set settings, i'm saving the settings in a json format in the databse. When I try to update the user though I get this syntax error:
Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the right
syntax to use near ''settings' = '{\"background-color\":\"050505\"}'
WHERE ID = '2'' at line 1 in
C:...\htdocs\app\model\model.database.php on line 29
Here is the code that I have.
public function setColor(){
$modUser = $this->model('user');
$modInput = $this->model('input');
$modViewData = $this->model('viewData');
$modUser->setSetting("background-color",str_replace('#', "", $modInput->returnPost("color")));
$this->view('profile/view.profile', $modViewData->getData());
}
//in User model
public function setSetting($name, $value){
$settings = $this->getSetting();
$settings[$name] = $value;
$settings = json_encode($settings);
$this->update("settings", $settings);
}
public function update($field, $value){
$sql = "UPDATE `users` SET :field = :value WHERE `ID` = :id";
$params = [":field" => $field, ":value" => $value, ":id" => $this->_data->ID];
$database = $this->model('database');
$database->query($sql,$params);
}
You cannot a parameterize table and column names. You need to insert those directly into the query string. One method is:
$sql = "UPDATE `users` SET $field = :value WHERE `ID` = :id";
Related
I'm trying to update my database with the following query:
$sth = "UPDATE rpacks SET rpacks_location VALUES (:location) WHERE rpacks_id = (:id)";
$q = $conn->prepare($sth);
$q->execute(array(':location'=>$location, ':id'=>$id));
But I'm getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('test') WHERE rpacks_id = ('2')' at line 1' in
There is a mistake in your update query because you used insert query syntax.
Here is the correct query:
$sql = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
$stmt = $conn->prepare($sql);
$stmt->execute([':location'=>$location, ':id'=>$id]);
Reference:
http://dev.mysql.com/doc/refman/5.0/en/update.html
Change to:
$sth = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
I'm trying to update my database with the following query:
$sth = "UPDATE rpacks SET rpacks_location VALUES (:location) WHERE rpacks_id = (:id)";
$q = $conn->prepare($sth);
$q->execute(array(':location'=>$location, ':id'=>$id));
But I'm getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('test') WHERE rpacks_id = ('2')' at line 1' in
There is a mistake in your update query because you used insert query syntax.
Here is the correct query:
$sql = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
$stmt = $conn->prepare($sql);
$stmt->execute([':location'=>$location, ':id'=>$id]);
Reference:
http://dev.mysql.com/doc/refman/5.0/en/update.html
Change to:
$sth = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
mysql does not recognize the name of my table in a variable in a function, what can it be?
My PHP Code:
$TableMaster = "table_name";
function recursiveDelete($id,$db,$table){
$db_conn = $db;
$query = $db->query("SELECT * FROM ".$table." WHERE Padre = '".$id."' ");
if ($query->rowCount()>0) {
while($current=$query->fetch(PDO::FETCH_ASSOC)) {
recursiveDelete($current['id'],$db_conn);
}
}
$db->exec("DELETE FROM ".$table." WHERE id = '".$id."' ");
}
recursiveDelete($_POST['id'],$db,$TableMaster);
ERROR PHP LOG:
PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE Father = '99'' at line 1' in
Note: But when I write the name of my mysql table directly in the statement there is no problem.
Whats happen?
You left out the $table argument when making the recursive call.
There's also no need for the $db_conn variable, you can just use $db.
function recursiveDelete($id,$db,$table){
$query = $db->query("SELECT * FROM ".$table." WHERE Padre = '".$id."' ");
if ($query->rowCount()>0) {
while($current=$query->fetch(PDO::FETCH_ASSOC)) {
recursiveDelete($current['id'],$db,$table);
}
}
$db->exec("DELETE FROM ".$table." WHERE id = '".$id."' ");
}
i'm developing an application where there is a function (correctly called) that receive an id an should delete records from a table where the id is present.
This is my code:
public function deleteAction($id) {
if ($id) {
$where[] = $this->_db->quoteInto('transazione = ?', $id);
$this->_db->delete($this->_name, $where);
}
}
The function is correctly called but i receive this error:
An error occurred
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 1
How can i solve this?
try
$n = $this->_db->delete('tablename', "column_id = $id");
/*or*/
$q = $this->_db->quoteInto('DELETE * FROM bugs WHERE reported_by = ?', $id);
$this->_db->query($q);
so I recently switched to use pdo instead of mysqli. now I have a question about binding key values with mysqli. I looped through it escaped the key's and values and used them in my queries now I want to do the same thing in pdo but this isn't working and I don't know why this is my code:
foreach($userdata as $key => $value){
$sql = $this->db->prepare("UPDATE `users` SET :key = :value WHERE `id` = :userid");
$sql->execute(
array(
'key' => $key,
'value' => $value,
'userid' => $userid
)
);
}
ofcourse there's more code to see if it needs update and other type of inputs that need more validation but this is the main query i used but without binding. is this possible with pdo and binding parameter's and values?
this is the error i'm getting:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'username' = 'sjerdus' WHERE `id` = '2''
You have this error because you tried to update a field named dynamically. The SET :key = ... can't work because when the parameter will be replaced by its value, it will be escaped (and quoted) by PDO.
If you want to put a variable field name that will be updated, you have to manually concatenate the field name, but you'll have to check for the security yourself.
Try something like this :
//Security checks for $field variable...
$sql = $this->db->prepare("UPDATE `users` SET " . $field . " = :value WHERE `id` = :userid");
$sql->execute(
array(
'value' => $value,
'userid' => $userid
)
);
Here is you could do. I assume that the $userid you have provided is an integer. Where as when you use params in execute() directly. They are considered as string.
foreach($userdata as $key => $value){
$sql = $this->db->prepare("UPDATE `users` SET :key = :value WHERE `id` = :userid");
$sql->bindParam(':key', $key);
$sql->bindParam(':value', $value);
$sql->bindParam(':userid', $userid);
$sql->execute()
);
}
http://php.net/manual/en/pdostatement.bindparam.php