We Keep Coding

Query in PHP not working when using variables [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 months ago.
Improve this question
This query works fine:
$query = "SELECT * from hired WHERE username = 'kaas' and dvd = 'dvd 2'";
But then I change it to this query:
$query = "SELECT * from hired WHERE username = " . $_SESSION['name'] . " AND dvd = " . $_POST['dvd'];
and it doesn't work, even though the values should be the same as the top query. It goes straight to my error message, You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '2' at line 1
The dvd's are having names like 'dvd 1' 'dvd 2' 'dvd 3'. Why is it not working? Is there anything wrong in my query?
I tried to use the query with the data written down instead of using the session and post. It worked as I expected, and showed me an echo.

You are not wrapping your string values in quotes
You must use prepared statements for security reasons (SQL Injection and escaping invalid values
$query = "SELECT * from hired WHERE username = :name AND dvd = :dvd";
$statement = $pdo->prepare($query);
$statement->execute([':name' => $_SESSION['name'], ':dvd' => $_POST['dvd']]);
$result = $statement->fetchAll();

It needs to be
$query = "SELECT * from hired WHERE username = '" . $_SESSION['name'] . "'" . "AND dvd = '" . $_POST['dvd'] . "'";
I forgot to put a ' around them, so it would see it (for example) as 'username = Fal' instead of 'username = 'Fal'

You have to concatenate variables inside query properly. Try this it will work.
$query = "SELECT * from hired WHERE username = '" . $_SESSION['name'] . "' AND dvd = '".$_POST['dvd']."'";

Error when building the MySQL query [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am getting an error in select query line. Here it is:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE),
expecting identifier (T_STRING) or variable (T_VARIABLE) or number
(T_NUM_STRING
And the code:
<?php
include('dbconnection.php');
$sql = "select * from 'user' where id ='.$_REQUEST['id'].' ";
$result = mysql_query( $sql);
if(!$result )
{
die('Could not enter data: ' . mysql_error());
}

$sql="select * from `user` where id ='".$_REQUEST['id']."' ";
This will solves your problem But look mysqli_query to limit your SQL-injection vulnerability.

Replace query:
$sql="select * from 'user' where id ='.$_REQUEST['id'].' ";
with:
$sql="select * from `user` where id =".$_REQUEST['id']."";

You can try this:
$id = (int) $_REQUEST['id']; // interger value
$sql = "select * from `user` where id = '$id' ";

Unknown column in field list that's not there [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have this code:
<?php
include "../Header.php";
$verify = mysql_query("SELECT * FROM Users WHERE Verified = 'YES'");
while($row = mysql_fetch_array($verify))
{
mysql_query("INSERT INTO Inventory (UserID, ItemID, File, Type, code1, code2) VALUES ('" .
$row['ID']."','96','40_c4cf313e76fc072a6be0a0959427246a.png','Accessory'," . sha1('40_c4cf313e76fc072a6be0a0959427246a').",'".sha1($row['ID'])."')") or die(mysql_error());
echo $row['ID'];
}
I get this error:
Unknown column '6c59be3b2b3c1ad356402243bf9a3eba66dee96d' in 'field list'
But there is nothing about that column in my code.

Just put single quotes around your Sha value like this:
mysql_query("INSERT INTO inventory
(
userid,
itemid,
FILE,
type,
code1,
code2
)
VALUES
(
'" . $row['id'] . "',
'96',
'40_c4cf313e76fc072a6be0a0959427246a.png',
'Accessory',
'" . sha1('40_c4cf313e76fc072a6be0a0959427246a') . "',
'" . sha1($row['id']) . "'
)") or die(mysql_error());

Why PDO does not bind my params? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have a query with some parameters that I bind with PDO. This is my code:
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
$query = $DBobj->dbConn->prepare($sql);
$query->bindValue(':marca', $marca, PDO::PARAM_STR);
$query->bindValue(':larghezza', $larghezza, PDO::PARAM_STR);
$query->execute();
But it does not work. I have this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\Users\mydoc\Documents\pjct\web_gomme_new\class\class.Pneumatico.php on line 116
What is the problem? I printed both variables used in binding function, and they have correct values.

I can not say for sure if this is the problem, but there is an error in your query. (missing space).
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza[ ]"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
See the brackets behind :larghezza.
Your query will end up being "..AND larghezza_pneumatici = :larghezzaGROUP BY altezza_pneumatici...".

You do not need to break up the SQL query string.
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici
WHERE sigla_produttore = :marca
AND larghezza_pneumatici = :larghezza
GROUP BY altezza_pneumatici
ORDER BY altezza_pneumatici ASC";
Is fine. Whitespace at end of each line. This should do the trick.

values from 2 arrays to mysql table php [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Well please help to correct syntax fo the following code. I have to select 2 values from one table and insert them in another table. one value is taking from PHP variable.this all needs to be done using Opencart model file
$this->db->query("UPDATE " . DB_PREFIX . "rate_cost SET rate_cost = " . $this->db->escape($data['rate_cost']) );
$sql = "SELECT DISTINCT competition_rate, customer_id FROM " . DB_PREFIX . "customer WHERE competition_rate NOT LIKE 0";
$query = $this->db->query($sql);
$rates = array();
$customer_ids = array();
foreach($query->row['competition_rate'] as $result){
$rates[] = $result * $data['name'];
}
foreach($query->row['customer_id'] as $result2){
$customer_ids[] = $result2;
}
$sums = $rates;
$ids = $customer_ids;;
$sql = ("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES'".$ids.",".$sums"'");
}
I am getting the folowing error:
Parse error: syntax error, unexpected '"'"' (T_CONSTANT_ENCAPSED_STRING) in C:\xampp\htdocs\sport\admin\model\competition\newsletter.php on line 18

You have some syntax errors in your $sql query, the correct syntax for INSERT query is
INSERT INTO table (columns) VALUES ('values');
So youre missing paranthesis for your values and you dind't surround correctly with quotes. So change as follow
VALUES ('".$ids."','".$sums"')");
So the complete query will look like that
("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES ('".$ids."','".$sums"')");