This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 4 years ago.
Im trying to add an extra AND statement to my SQL query.
I work fine as:
SELECT * FROM tsv WHERE YEAR(`Reporting Date`) = 2017 AND MONTH(`Reporting Date`) = 6
But when I try to add the extra line (AND ISRC = QZERG1727327) in the end it dosen´t work any more
SELECT * FROM tsv WHERE YEAR(`Reporting Date`) = 2017 AND MONTH(`Reporting Date`) = 6 AND ISRC = QZERG1727327
It´s hard to find any solutions online, I really don´t know what to do.
Strings in SQL have to be enclosed in single quotes, so your query should be
SELECT * FROM tsv
WHERE YEAR(`Reporting Date`)=2017 AND MONTH(`Reporting Date`)=6
AND ISRC='QZERG1727327'
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
One of my MySQL columns contains a hyphen. While the query works fine when tested through a mysql browser, it returns the key rather than the value when using using php mysqli_fetch_array($result).
The query I am running looks like this:
if($test_base_name==='isolation-mer') {
$test_name="`".$ds_channel[$i]."_isolation-mer`";
}
else {
$test_name=$ds_channel[$i]."_isolation-mer";
}
$query="select serial_number, $test_name from table_name";
if($result=mysqli_query($dbc,$query)) {
while($row=mysqli_fetch_arrya($result) {
$sid=$row['serial_number'];
$pass_fail=$row[$test_name];
...
The serial number is retrieved successfully. However, the $pass_fail variable always retrieves nothing. The test name is embedded with quotes. Even if I hardwire the key name within all kinds of quotes, it always retrieves the key and not the value.
This is an old version of PHP and I wonder if that is the issue. Perl has no issues with this.
PHP reads the below code as a variable and not as the name of your database column:
$pass_fail=$row[$test_name];
The below code should work:
$pass_fail=$row['$test_name'];
Using ...
select serial_number, 'isolation-noise' from table_name
means that 'isolation-noise' is a literal value which is selected and will return a result set of (e.g.)
1234,'isolation-noise'
1235,'isolation-noise'
whereas...
select serial_number, `isolation-noise` from table_name
using backticks, will return the actual value of the column.
Update:
When doing the assignment - you definitely shouldn't have backticks in the name of the field, so
$test_name=$ds_channel[$i]."_isolation-mer";
$query="select serial_number, `$test_name` from table_name";
if($result=mysqli_query($dbc,$query)) {
while($row=mysqli_fetch_arrya($result) {
$sid=$row['serial_number'];
$pass_fail=$row[$test_name];
So this always puts backticks round column name in the select statement and uses the raw name in fetching the data from the result set.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I think I have all the syntax correct here but for some reason my table will not update when this code is executed. Does anyone know why?
Here is the code of my php page:
<?php
include_once("connexionMysql.php");
if(isset($_GET['valider'])){
$titreIci=$_GET['titre'];
$idIci=(int)$_GET['id'];
$preparedStatement = $bdd->prepare("UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'");
$preparedStatement->bindValue(':titreIci', $titreIci);
$preparedStatement->bindValue(':idIci', $idIci);
$preparedStatement->execute();
}
header("Location: pageDaccueilAdmin.php");
?>
You should remove the quotes.
Instead of this:
UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'
Do this:
UPDATE AY_albums SET titre=:titreIci WHERE id=:idIci
This question already has answers here:
Escaping single quote in PHP when inserting into MySQL [duplicate]
(8 answers)
Closed 7 years ago.
I'm having an issue with my MySQL query/php, I try to update a row in my database that will work usually, but when the string has a ' in it, for example
I don't like green eggs and ham.
The ' in it will cancel the whole response out and not update the row, so if I put something like this without the ' for example:
I dont like green eggs and ham.
The string will save to the row. Below is the MySQL query used and where I get the string from.
$NewMessage = $_POST['message123'];
mysql_query("UPDATE Account SET `function` = 'Message', `note` = '$NewMessage' WHERE `id` = '$ID' AND `Online` = '1'");
If you need anymore source or anything, please let me know, let me know what you think, thanks!
Use *_real_escape_string
$NewMessage = mysql_real_escape_string($_POST["message123"]);
But of course, mysql_* API is already deprecated and I would recommend to you to use prepared statement instead.
Hey friend you are need to change single ' with '' commas 2 times. then it is insert your value correct in table other generate error.
Real escape string use where we are need value like this doest. if we user value in database like it does't then right one is use '' 2 time single commas no doule commas
Use simply addslashes() To read more about it click here
E.g in you code simply use addslashes() something like this
$NewMessage = addslashes($_POST['message123']);
I hope it will work for you.
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
Many posts similar to mine,none of them work.
Have an array $data['date'], $data['name'], $data['value'].
Trying to insert into MySQL table MyValues (Date, Name, Value)
Have tried 7-8 different methods, none working.
Would like something like
for ($a=0;$a<10;$a++) {
mysql_query("INSERT INTO MyValues('Date','Index_Name','Index')
VALUES ($data['date'][$a] ,$data['name'][$a], $data['value'][$a])"
}
Have also tried foreach, building a single string to give to MySQL, etc.
Get this error
Warning: mysql_error() expects parameter 1 to be resource, boolean given on line 45
columnName shouldn't be wrap with single quotes as they are identifiers not string literals.
INSERT INTO `Values` (Date,Index_Name,Index) VALUES (....)
one more thing, the only identifier here that needs to be wrap with backtick is the tableName VALUES because it is a Reserved Keyword.
MySQL Reserved Keywords List
When to use single quotes, double quotes, and backticks in MySQL
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
Since Values is a reserved word, you can't use it as is for a table name. You must use backticks to enclose it. Similarly, it is not valid to use single quotes to name columns, you need backticks there too.
Try this:
$out = Array();
$esc = "mysql_real_escape_string";
foreach($data['date'] as $k=>$v) {
$out[] = "('".$esc($data['date'][$k])."', '".$esc($data['name'][$k])."', "
."'".$esc($data['value'][$k])."')";
}
mysql_query("INSERT INTO `Values` (`Date`, `Index_Name`, `Index`) values ".implode(",",$out));
try this, use $a++ not $ee++
for ($a=0;$a<10;$a++) {
mysql_query("INSERT INTO `Values` (`Date`,`Index_Name`,`Index`)
VALUES ('".$data['date'][$a]."' ,'".$data['name'][$a]."', '".$data['value'][$a]."' ")
}
First, I believe you want your query values quoted, so the result is 'value' and not just value. Example:
mysql_query("INSERT INTO Values(Date,Index_Name,Index) VALUES ('$data['date'][$a]' ,'$data['name'][$a]', '$data['value'][$a]');
If you are doing multiple queries, do something like:
$q = "INSERT INTO Values(Date,Index_Name,Index) VALUES ";
for {
// Add to the string here for each insert item
}
mysql_query($q);
Additionally, please start phasing out PHP's mysql_* library in favor of mysqli or PDO.
First of all, just use PDO/mysqli with prepared statements so you wont ever have any issues like this.
This will solve it though (column names with back-ticks instead of single quotes, and escaped data):
for ($a=0;$a<10;$a++) {
mysql_query("INSERT INTO `Values` (`Date`,`Index_Name`,`Index`)
VALUES ('".mysql_real_escape_string($data['date'][$a])."' ,
'".mysql_real_escape_string($data['name'][$a])."',
'".mysql_real_escape_string($data['value'])[$a]."'");
}
And try to avoid reserved names for your columns like indexand values.
This works:
for ($a=0;$a<10;$a++) {
mysql_query("INSERT INTO Values('Date','Index_Name','Index')
VALUES ('".$data['date'][$a]."','".$data['name'][$a]."','".$data['value'][$a]."')"
}