We Keep Coding

MySQL Error No: 1064 when INSERTING to Database

Below is my table which is similar to another existing table. But I get one error when executing the query.
//
public function addFirstChild() {
$this->db->query("INSERT INTO " . $this->db->table("genealogy") . "
WHERE parent_id = '" . (int)$this->getSponsorID() . "'
SET first_child = '" . (int)$this->getId()."',
genealogy_id = '" . (int)$this->getId() ."'");
}
When executed I get the below Error:
SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE parent_id = '1' SET first_child = '2', ' at line 2
Error No: 1064
SQL: INSERT INTO ci_genealogy WHERE parent_id = '1' SET first_child = '2', genealogy_id = '2' in C:\wamp64\www\s1nb2\core\database\amysqli.php on line 108
There's no other way that I can think of to pull of this function and I have searched online and read multiple posts with the same error but still no solution. Please help. I spent over 4 hours trying to get this right.

Since you're using a WHERE it appears that you want to change an existing record. You want an UPDATE, not an INSERT
"UPDATE " . $this->db->table("genealogy") . "
SET first_child = '" . (int)$this->getId()."', genealogy_id = '" . (int)$this->getId() ."'
WHERE parent_id = '" . (int)$this->getSponsorID() . "'"

PHP Json to MySql (opencart) [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
I have small script that reeds cell from Database and anfter write to it. But it cause Error 1064.
It looks like this:
public function update($cart_id, $quantity) {
$this->db->query("UPDATE " . DB_PREFIX . "cart SET quantity = '" . (int)$quantity . "' WHERE cart_id = '" . (int)$cart_id . "' AND customer_id = '" . (int)$this->customer->getId() . "' AND session_id = '" . $this->db->escape($this->session->getId()) . "'");
//starts here
$cart_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "cart WHERE cart_id = '" . (int)$cart_id. "' AND session_id = '" . $this->db->escape($this->session->getId()) . "'");
$option= ($cart_query->row['option']);//success
$this->db->query("UPDATE " . DB_PREFIX . "cart SET option = '" . (string)$option . "' WHERE cart_id = '" . (int)$cart_id . "' AND customer_id = '" . (int)$this->customer->getId() . "' AND session_id = '" . $this->db->escape($this->session->getId()) . "'");//error
}
Thats What i see in log
2016-09-18 20:43:06 - PHP Notice: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option = '{"options":{"product_id":"176","colors":["000000"],"print":{"colors":{' at line 1<br />Error No: 1064<br />UPDATE oc_cart SET option = '{"options":{"product_id":"176","colors":["000000"],"print":{"colors":{"front":["FF0000"]},"elements":{"front":[{"width":"52.9375","height":"25.0938","type":"text"}]}},"attributes":{"sizememos":"0"},"attribute":[["0","0"]],"print_type":"screen","quantity":"0","design":{"vectors":{"front":[{"type":"text","width":"54.9375px","height":"27.0938px","top":"151px","left":"86px","zIndex":"1","svg":"<svg width="54.9375" height="27.09375" viewBox="0 0 54.9375 27.09375" xmlns="http:\/\/www.w3.org\/2000\/svg" xmlns:xlink="http:\/\/www.w3.org\/1999\/xlink"><g id="0.15760551612925844"><text fill="#FF0000" stroke="none" stroke-width="0" stroke-linecap="round" stroke-linejoin="round" x="" y="" text-anchor="start" font-size="24px" font-family="arial" data-textcurve="1" data-itemzoom="1 1" data-textspacing="0"><textPath xmlns:xlink="http:\/\/www.w3.org\/1999\/xlink" xlink:href="http:\/\/138.68.62.219\/Buy-Hanes-T-shirt-PC61LS#textPath-item-0"><tspan dy="0">Hello<\/tspan><\/textPath><\/text><\/g><defs><path id="textPath-item-0" d="M 0.125 22.117808976867764 A 3093.9720937064453 3093.9720937064453 0 0 1 54.124314613414626 22.117808976867764"><\/path><\/defs><\/svg>","rotate":"0","text":"Hello","color":"#FF0000","fontFamily":"arial","align":"center","outlineC":"none","outlineW":"0"}]},"images":{"front":"cart-designes\/2016\/09\/\/cart-front-1474230421.png","back":"cart-designes\/2016\/09\/\/cart-back-1474230421.png"}},"fonts":""}}' WHERE cart_id = '387' AND customer_id = '0' AND session_id = 'kkfj9svfssdnsph8pf8i5atjn3' in /var/www/html/system/library/db/mysqli.php on line 41
What the reason? i'm just saving data that already in this cell.
option column is UTF-8 , LongText

Error 1064 points to a Syntax error on your MySQL query, It seems there are some quotations not well escaped on your JSON string, to prove that try to fix a value of option to some short value and call your function again.
The best practice is to use parameterized queries, these will save you from all the escaping tasks and most importantly offer some protection from SQL injection
This is just an example of how your query will look like:
$sql="UPDATE table SET opton=:option WHERE cart_id=:id AND customer_id=:customer_id and session_id=:session_id";
$parameters = array(
'option'=>$option,
'cart_id'=>$cart_id,
'customer_id'=>$customer_id,
'session_id'=>$session_id
);
$sql = $this->db->prepare($sql);
$sql->execute($parameters);
You can find more details on the official php documentation
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/pdo.prepared-statements.php
Happy Coding friend:)

It doesn't work becouse of OPTION coz it's part of MySql syntaxis. This is work
$customer_id=(int)$this->customer->getId();
$session_id=$this->db->escape($this->session->getId());
$this->db->query("UPDATE " . DB_PREFIX . "cart SET `option` = '" . (int)$quantity . "' WHERE cart_id = '" . (int)$cart_id . "' AND customer_id = '" . $customer_id . "' AND session_id = '" . $session_id . "'");

I get error SQL

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''stats' WHERE ip = '::1' && date = '28-11-2013'' at line 1.
<?php
require_once 'includes/config.php';
$getStats = mysql_query("SELECT * FROM 'stats' WHERE `ip` = '" . $ip . "' && `date` = '" . $time ."'") or die(mysql_error());
if( mysql_num_rows($getStats) == 0)
{
$select = mysql_query("INSERT INTO `stats` (`ip`,`data`,`hits`,`online`) VALUES ('" . $ip . "','" . $time . "', '1', '" . $timestamp ."')") or die(mysql_error());
}
else
{
$select = mysql_query("UPDATE `stats` SET `hits` = `hits`+1, `online` = '" . $timestamp . "' WHERE `ip` = '" . $ip . "' && `date` = '" . $time . "'");
}
?>

MySQL quotes identifiers with a backtick like `stats`, and not like 'stats' - which is what causes the syntax error.
Either remove the useless identifier quote (stats is not reserved) or switch to proper identifier quotes.
The subsequent issue is that there is no data column, which is just as the error says. The correct column is probably date (which should be quoted, or perhaps renamed).
Also, dates should be supplied in the form of 'YYYY-MM-DD' (or variant). The fact that the query works with a locale-specific date makes me believe a proper DATE column is not used as it ought to be. Correcting the column type now will avoid issues in the future, especially with sorting.
In addition to the above corrections, also update the query to use mysqli/PDO and placeholders - this will tidy up the code, eliminate the use of deprecated functions, and prevent SQL injection (accidental or otherwise).

PHP Array only writing 1st record to MySQL database

I have the following code trying to catch up to 15 entries upon submission, however it is only catching the first entry in the database and I am receiving the following error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1.
<?php
for($i = 0; $i < 15; $i++)
{
$tournament = $_POST['tournament'];
$agegroup = $_POST['agegroup'];
$teamname = $_POST['teamname'];
$coach = $_POST['coach'];
$coachaau = $_POST['coachaau'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$astcoach = $_POST['astcoach'];
$astno = $_POST['astno'];
$astphone = $_POST['astphone'];
$astemail = $_POST['astemail'];
$manager = $_POST['manager'];
$managerno = $_POST['managerno'];
$managerphone = $_POST['managerphone'];
$manageremail = $_POST['manageremail'];
$name = $_POST['name'][$i];
$grade = $_POST['grade'][$i];
$bday = $_POST['bday'][$i];
$aauno = $_POST['aauno'][$i];
if(empty($name) || empty($grade) || empty ($bday) || empty ($aauno))
{
echo ' ';
}
elseif(
$result = mysql_query("INSERT INTO roster (tournament, agegroup, teamname, coach, coachaau, phone, email, astcoach, astno, astphone, astemail, manager, managerno, managerphone, manageremail, name, grade, bday, aauno)
VALUES (
'". mysql_real_escape_string($tournament) . "',
'". mysql_real_escape_string($agegroup) . "',
'". mysql_real_escape_string($teamname) . "',
'". mysql_real_escape_string($coach) . "',
'". mysql_real_escape_string($coachaau) . "',
'". mysql_real_escape_string($phone) . "',
'". mysql_real_escape_string($email) . "',
'". mysql_real_escape_string($astcoach) . "',
'". mysql_real_escape_string($astno) . "',
'". mysql_real_escape_string($astphone) . "',
'". mysql_real_escape_string($astemail) . "',
'". mysql_real_escape_string($manager) . "',
'". mysql_real_escape_string($managerno) . "',
'". mysql_real_escape_string($managerphone) . "',
'". mysql_real_escape_string($manageremail) . "',
'". mysql_real_escape_string($name) . "',
'". mysql_real_escape_string($grade) . "',
'". mysql_real_escape_string($bday) . "',
'". mysql_real_escape_string($aauno) . "');"));
#mysql_query($result)or die(mysql_error());
};
?>

The problem is that you have two mysql_query calls here, and while the first one works on the valid query string, the second - #mysql_query($result) works on its result - i.e., string '1'. But you actually don't need that call, as the first query should have already sent the data to DB.
The quick fix would be checking $result itself (instead of #mysql_query($result)or die(mysql_error()); line):
if (!$result) {
die('Invalid query: ' . mysql_error());
}
Said all that, I'd like to remind you that mysql_query (as whole family of mysql_ functions) is deprecated. If you used PDO or MySQLi, you would be able to use a single prepared statement, filled by new data at each iteration.
Also (kudos to #djot for mentioning that) it's not efficient to extract non-array variables from $_POST again and again, instead of doing it just once - before the loop. This way (if you stay with mysql) you won't have to escape them each time as well. Actually, I'd use something like that here:
$fieldsToInsert = array('tournament', 'agegroup', 'teamname', ...);
$valuesToInsert = [];
foreach ($fieldsToInsert as $field) {
if (! isset($_POST[$field])) {
// actually it's not clear what to do here:
// should we signal an error immediately with, or use some fallback value
}
else {
$valuesToInsert[$field] = mysql_real_escape_string($_POST[$field]);
}
}
This way you'll be able to streamline the code that creates a query as well.

hacking an INSERT query to become a mysql UPDATE query

I am a MySQL noob and basically hacking an insert query to become an update query instead. So I am sure it's something simple with the grammar. But what's wrong with this?
// Save data
$mySQLQuery = 'update `'. $fl['mysql_table']. '` SET '. $fl['mysql_query']. "' WHERE speres = '" . mysql_real_escape_string($_POST['speres']);
$rs = #mysql_query($mySQLQuery);
the original INSERT query (working) was
// Save data
$mySQLQuery = 'INSERT INTO `'. $fl['mysql_table']. '` SET '. $fl['mysql_query'];
$rs = #mysql_query($mySQLQuery);
The data is generated here:
$fl['mysql_query'] = "menrecin = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_17'])) . "', menrecvej = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_18'])) . "', menrecser = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_19'])) . "', menrecud = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_20'])) . "', menresmor = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_22'])) . "', menresfro = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_23'])) . "', menresmid = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_24'])) . "', menresres = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_25'])) . "', menrumind = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_28'])) . "', menrumren = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_29'])) . "', menrumved = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_30'])) . "', tekip = '" . $_SERVER['REMOTE_ADDR'] . "', tekbro = '" . $_SERVER['HTTP_USER_AGENT'] . "', tektid = NOW()";
I have an entry with speres = 100525 in the database, so please try:
http://www.konferencer.nu/form/index.php?speres=100525

Good practices of troubleshooting dynamic SQL:
Look at the SQL, not the code that builds the SQL. In other words, echo out $mySQLQuery to see the final SQL, and most of the time you can see the error right away.
Don't suppress errors. Error-checking is helpful and necessary in any code.
It looks to me like your query ends up being:
update `tablename` SET ..., tektid = NOW()' WHERE speres = '...;
So you have a spurious quote after the NOW() and a missing quote at the end.
If you had checked for errors, you'd get something like this:
ERROR 1064 (42000): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for
the right syntax to use near '' WHERE speres = '...' at line 1

The quoting around the start of the WHERE clause looks odd:
UPDATE `...some table...` SET ...some query... 'WHERE speres = ' ... some criterion ...
Note the single quote placement. Maybe you want to remove the single quotes from inside the double quotes?

you query should look like
$mySQLQuery = 'update'. $fl['mysql_table'].'SET'. $fl['mysql_query'].'= <some value>' ' WHERE speres = '.mysql_real_escape_string($_POST['speres']);
$rs = #mysql_query($mySQLQuery);