This question already has answers here:
Sql syntax error using UPDATE database query [closed]
(2 answers)
Closed 7 years ago.
I'm trying to Update Data in MySQL using PDO.
I have set up the code below but get the error
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in >your SQL syntax; check the manual that corresponds to your MySQL server version >for the right syntax to use near '(h1, text) values ('Blah blah' at line 1
if (isset($_POST['Submit']))://if admin wants to edit category
$h1 = $_POST['h1'];
$text = $_POST['text'];
$servername = "localhost";
$username = "user";
$password = "password";
$dbname = "dbname";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Prepare statement
$stmt = $conn->prepare('UPDATE sections (h1, text) values (:h1, :text) WHERE id=1');
$stmt->bindParam(':h1', $h1);
$stmt->bindParam(':text', $text);
// execute the query
$stmt->execute();
// echo a message to say the UPDATE succeeded
echo $stmt->rowCount() . " records UPDATED successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
Update syntax should be:
UPDATE table_name SET `field1` = new-value1, `field2` = new-value2.
Your query should be:
UPDATE sections SET `h1` = :h1, `text` = :text WHERE id = 1;
See the Update query syntax
text is a reserved word in mysql.
Write your query as below:-
UPDATE sections SET `h1` = :h1, `text` = :text WHERE id = 1;
Related
After almost a day of researching I cannot really see what the error with my code is. I am trying to create a small prototype function that returns the number of rows of query results.
The error I get is: Uncaught PDOException: SQLSTATE[42000]: [Microsoft][ODBC Driver 17 for SQL Server][SQL Server]The multi-part identifier "my#email.com" could not be bound. in C:\inetpub\wwwroot\index.php:59
Row 59 being $stmt->execute();.
I believe the issue comes from my SQL query but I am not 100% sure.
The way the code works is by getting values from a POST input and it checks in a row and column if it contains said value in a schema.
Additionally, I am using MSSQL(not MySQLi) and PHP for the task.
This is the main bit where I want the php code to send an SQL query and the check if the result exists.
<?php
include "connect.php";
if(isset($_POST['login']))
{
$email = $_POST['EMAIL'];
$password = $_POST['PASSWORD'];
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $conn->prepare("SELECT * FROM users WHERE EMAIL=$email;");
$stmt->execute();
$count= $stmt->rowCount();
echo "Row count: $count \n";
}
?>
Just to mention I have tried all kinds of changes to the SQL query like:
$stmt = $conn->prepare("SELECT * FROM users WHERE EMAIL='".$email."';");
and
$stmt = $conn->prepare("SELECT * FROM users WHERE EMAIL=?;");
with an array input that had $email in it.
All returned the same identical error.
Here I have the connect.php, just in case the issue might come from here.
<?php
$servername = "localhost";
$username = "sa";
$password = "";
try
{
$conn = new PDO("sqlsrv:Server=$servername; Database=db", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected!";
return $conn;
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
Basically the way I solved the problem was to have the EMAIL and PASSWORD converted to VARCHAR's:
$stmt = $conn->prepare("SELECT ID, EMAIL, LAST_NAME FROM users WHERE CONVERT(VARCHAR, EMAIL)='my#email.com' AND CONVERT(VARCHAR, PASSWORD)='1234'");
I understand this is a duplicate of previously asked questions. However, I have followed previous answers and still getting no results.
I am using a prepared statement to take a comment from a html <form> with the method post. the comment along with the unique id in the session is being passes to the page addComment.php
This is the contents of "addComment.php"
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "somedatabase";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO patients( comments ) VALUES ( :comment ) WHERE unique_id = :unique_id");
$stmt->bindParam( ':comment', $comment );
$stmt->bindParam( ':unique_id', $unique_id );
$comment = $_POST[ 'comment' ];
$unique_id = $_SESSION[ 'unique_id' ];
$stmt->execute();
//header('Location: newMedicine.php');
}
catch(PDOException $e){
echo "Error: " . $e->getMessage();
}
$conn = null;
?>
I have done an echo on
$comment = $_POST[ 'comment' ];
$unique_id = $_SESSION[ 'unique_id' ];
and both of them print fine.
The error I am getting is
Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'WHERE
unique_id = 'JohnDoe20RG2018-01-23 11:43:' at line 13
The unique_id field in the patients table in the database has the same value
JohnDoe20RG2018-01-23 11:43:17
I don't see where I am going wrong. I have used multiple prepared statements with Selects and Inserts throughout my project, and they all work fine.
Any help would be appreciated.
If you are creating a new record with the id and comment, then use...
$stmt = $conn->prepare("INSERT INTO patients ( unique_id, comments )
VALUES ( :unique_id, :comment ) ");
If it's an existing record -
$stmt = $conn->prepare("UPDATE patients SET comments=:comment
WHERE unique_id = :unique_id");
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
I have a PHP code, it gets data from HTML form and insert in into SQL table. But I can do this because of error:
Here is my code:
<html>
<?
$name = $_get['name'] ;
$mob = $_get['mob'] ;
$email = $_get['email'] ;
//config
$servername = "localhost";
$username = "lozaair_datam";
$password = ".8#l2)S3+d%*";
//end-config
//db connect
try {
$conn = new PDO("mysql:host=$servername;dbname=lozaair_orders", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//data input
$sql = "INSERT INTO `orders` (`name`, `mob`, `email`) VALUES ($name , $mob , $email )";
$conn->exec($sql);
//end- data input
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
//end- db connect
//db close
$conn = null;
//end- db close
?>
</html>
i tried many ways but is not working.
I think you need to surround your variables with single quotes in your query. Try below one:
$sql = "INSERT INTO `orders`(`name`, `mob`, `email`) VALUES('$name', '$mob', '$email')";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I'm new on StackOverflow. Hope I'm doing the questioning correctly.
I'm trying to insert data from an external XML (URL) into an SQL table, but I get:
Error: INSERT INTO 'table_name' ('price')VALUE ('5.95')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
near ''BBB' ('price')VALUE ('5.95')' at line 1
I'm able to ECHO and PRINT values from the XML and also able to INSERT non-xml values into the table. The code I'm using is:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$xml=simplexml_load_file("external_xml_url") or die("Error: Cannot create object");
foreach ($xml->product as $row) {
$price = $row -> price;
$sql = "INSERT INTO 'table_name' ('price')"
. "VALUES ('$price')";
}
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
Would be great if someone can help me out on this one. I've the feeling I'm pretty close...
As far as I know, with MariaDB you have to use Backticks to "qoute" an object's name.
Try it like this:
$sql = "INSERT INTO `table_name` (`price`) VALUES ('$price')";
If you do not deal with dangerous object names you might use just
$sql = "INSERT INTO table_name (price) VALUES ('$price')";
If you got your price properly then you should check your query
Ex.
INSERT INTO table_name (price) VALUES ('$price')
SQL error in a PHP script, I'm very new to SQL. It's probably something silly that's been asked loads before, but I'm probably searching for the wrong thing and therefore can't find an answer - I did look!
SQL error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET approved = '1' WHERE primary = '16'' at line 1
The problem line:
$query = "UPDATE $table SET approved = '1' WHERE primary = '$id';";
Rest of my code:
<?PHP require ('config.php');
$id = $_GET['id'];
$query = "UPDATE $table SET approved = '1' WHERE primary = '$id';";
$execute = mysqli_query($conn,$query);
if ($execute){
echo "Entry $id successfully approved.";
}
else { echo "Error: " . $sql . "<br>" . mysqli_error($conn);};
?>
Try this way to set your $table variable first as it causes Syntax Error & add backtick (`) to your primary column name, because it's RESERV Keyword of MYSQL, But this may be not the main reason here.
<?php
require ('config.php');
try {
$id = $_GET['id'];
$approved=1;
$table="your_table_name"; // set table name here
$database="your_database_name";
$dbUser="your_user_name";
$dbPass="your_password";
$dbh = new PDO("mysql:host=your_host_name;dbname=$database", $dbUser, $dbPass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("UPDATE $table SET approved =? WHERE `primary` = ?");
$stmt->execute(array($approved,$id));
echo "Entry $id successfully approved.";
} catch(PDOException $e) {
echo $e->getMessage();
}
?>