UPDATE displays error but is successful - php

I'm attempting to UPDATE a table and it displays an SQL syntax error but it properly updates the table. I'm not really sure what the reasoning is behind it and I just don't want to turn off the error completely.
Error: 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
This is the function:
function logTime($time){
$sql1 = mysqli_query($this->con, "UPDATE `pilots` SET `active`='0',`total_time`='".$time."' WHERE username = '".$this->whoMe()."'");
if (mysqli_query($this->con, $sql1)) {
header('Location: index.php?pausedtime');
die();
}
else {
echo "Error: " . $sql1 . "<br>" . mysqli_error($this->con);
}
}


That's because you're using mysqli_query() twice... $sql1 line should be enough. Try this:
function logTime($time){
$sql1 = mysqli_query($this->con, "UPDATE `pilots` SET `active`='0',`total_time`='".$time."' WHERE username = '".$this->whoMe()."'");
if($sql1){
header('Location: index.php?pausedtime');
die();
} else {
echo "Error: " . $sql1 . "<br>" . mysqli_error($this->con);
}
}
Also note, that such queries should be executed with prepared statements for security reasons (at least).

Related

I am using prepared statements to make a SQL request in PHP but I am getting an error

I've been trying to figure this out for about four hours. I've searched every corner of the internet and can't seem to figure this out. The error I'm receiving is "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '? TO ?' at line 1" This is happening at the mysqli_stmt_prepare line.
I also tried
$sql = "ALTER TABLE orders CHANGE ? ? varchar(50);";
but that didn't help either.
Any help is greatly appreciated
if(isset($_POST['newField']) && isset($_POST['oldField'])){
$pst_New_Field_Name = mysqli_real_escape_string($link, $_POST['newField']);
$pst_Old_Field_Name = mysqli_real_escape_string($link, $_POST['oldField']);
$sql = "ALTER TABLE orders CHANGE ? ? varchar(50)";
$stmt = mysqli_stmt_init($link);
if(!mysqli_stmt_prepare($stmt, $sql)){
echo "SQL statement prepare failed";
echo mysqli_error($link);
}else{
mysqli_stmt_bind_param($stmt, 'ss', $pst_Old_Field_Name, $pst_New_Field_Name);
if(!mysqli_stmt_execute($stmt)){
"order could not be changed " . mysqli_error($link);
}else{
echo "<p class='fieldSuccess'>Order successfully changed</p>";
}
}
}else{
echo "fields not set";
}

Check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id ='2'' at line 4

I have a problem with my UPDATE code. It gives me this error:
Update Failed!! You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id ='2'' at line 4
I'm searching online and I cant find any solution to my problem.
THIS IS MY UPDATE CODE:
<?php
include('db.php');
$id = $_GET['id'];
if (isset($_POST['id'])){
$sql = "UPDATE tbl_student SET stud_id ='".$_POST['stud_id']."',
fullname ='".$_POST['fullname']."',
course ='".$_POST['course']."',
WHERE id ='".$_POST['id']."'";
$result = $conn->query($sql) or die ("Update Failed!!" . $conn->error);
header("location: index.php");
}
else {
echo "ERROR" . $conn->error;
header ("location: update.php");
}
?>

You have added , at last after course . Remove it. Change your query to:
$sql = "UPDATE tbl_student SET stud_id ='".$_POST['stud_id']."',
fullname ='".$_POST['fullname']."',
course ='".$_POST['course']."'
WHERE id ='".$_POST['id']."'";

MySQL syntax error says "near '1'" but I don't have a '1' in my query [duplicate]

This question already has an answer here:
MySQL syntax error: near '1' at line 1
(1 answer)
Closed 1 year ago.
I'm making a website for the first time using PHP with a MySQL database and getting a syntax error that I don't understand. I just want to delete everything from tblreparation with a certain ID and also everything from rblrepstat with that same ID. I am using this code:
<?php
$con=mysqli_connect("localhost","root","MYPASS","repair");
$ID = $_REQUEST['ID'];
$sql = mysqli_query($con, "DELETE FROM tblreparation WHERE ID = {$ID}");
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
$sql = mysqli_query($con, "DELETE FROM tblrepstat WHERE repID = {$ID}");
if (!mysqli_query($con,$sql)) {
die('Error2: ' . mysqli_error($con));
}
echo "1 record deleted";
mysqli_close($con);
?>
And this is the error I am getting:
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '1' at line 1
Near 1? I don't even see a '1'...

You're calling mysqli_query twice for each query.
The second time you call it you're actually passing a resource as the query parameter, which causes the error you're getting.
Try changing your code to this:
<?php
$con=mysqli_connect("localhost","root","MYPASS","repair");
$ID = $_REQUEST['ID'];
$sql = "DELETE FROM tblreparation WHERE ID = {$ID}";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
$sql = "DELETE FROM tblrepstat WHERE repID = {$ID}";
if (!mysqli_query($con,$sql)) {
die('Error2: ' . mysqli_error($con));
}
echo "1 record deleted";
mysqli_close($con);
?>

Your $ID might contain 1. Which also the location of the error in the query.
DELETE FROM tblreparation WHERE ID = $ID
Or if ID is containing a string or stored in another format which is string related (varchar) then wrap it in quotes:
DELETE FROM tblreparation WHERE ID = '$ID'

Cannot find error in my php script. Can someone point it out to me

I have written a php script on my web server to insert values into the table table3. The variables used to get values are username and image. username contains varchar type data and image contains text type data in it. I need to insert it into my table table3 . The table3 is having two columns username and imagename which is of varchar type and text type respectively.
When I try to run the above script by entering values, an error shows as given below:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1.
I don't understand what the error is and I'm stuck here with knowing the error. Can someone please clear the errors for me. I'm a newbie in php and doesnot know much about php. So a little help from anyone is needed... Please help me out. My php script is shown below:
<?php
$con=mysqli_connect("localhost","username","password","db_name");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = $_POST['username'];
$image = $_POST['image'];
$result = mysqli_query($con,"INSERT INTO table3 (username,imagename) VALUES ('$username','$image')");
if (!mysqli_query($con,$result))
{
die('Error: ' . mysqli_error($con));
}
else
echo "1 record added";
mysqli_close($con);
?>

1) **You have an error in your SQL syntax; ** means that You have error in your query. It seems that your query is okay but that error may come from your post data. you need to mysqli_real_escape_string for post data.
2) you have executed twice the query.
try like this :
$username = mysqli_real_escape_string($con, $_POST['username']);
$image = mysqli_real_escape_string($con,$_POST['image']);
$result = mysqli_query($con,"INSERT INTO table3 (username,imagename) VALUES ('$username','$image')");
if (!$result)
{
die('Error: ' . mysqli_error($con));
}
else
echo "1 record added";
mysqli_close($con);

You should have written something like
$result = mysqli_query($con,"INSERT INTO table3 (username,imagename) VALUES ('$username','$image')");
if (!$result)
{
die('Error: ' . mysqli_error($con));
}

the condition should be something like
if (!$result)
{
die('Error: ' . mysqli_error());
}

Your SQL request (INSERT) is sent at the 9th line and the result is caught in $result.
$result contains the number of lines affected by the previous request (1).
Then you call the mysqli_query method again with the value of $result as a SQL request : "1" is not a valid SQL request.

Need new eyes on a mysql query statement

I'm new at this, what are the problems with this statement:
$sql=" SELECT * FROM `calendar` WHERE `DayId` ='".$day."'";
$result = mysql_query($sql, $conn);
if (!$result){
echo "DB Error, could not query the database\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
while ($row = mysql_fetch_array($result)) { //set $dayType
$dayType = $row[DayType];
}
I keep getting the error:
DB Error, could not query the database
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '' at line 1
but when I put an "echo $result;" in after the line that starts with $result=... then I get a value for $result of "Resource id #2"

You need to enclose your "day" variable in quotes (and you should be escaping it if you haven't already!)
$sql = "SELECT * FROM calendar WHERE DayId = '" . mysql_real_escape_string($day) . "'";

Shouldn't it be
$sql="SELECT * FROM `calendar` WHERE `DayId` = '".$day."'";

It seems likely to me that your $day variable is not getting populated ... Try echoing the SQL statement before you run it to make sure everything looks as it should ...

If it's date(z) change it to date('z').

Categories