This question already has answers here:
delete * from table not working [closed]
(2 answers)
Clear data in MySQL table with PHP? [duplicate]
(7 answers)
Closed 7 years ago.
I am trying to delete entries from a mysql database by using a php file and for some reason it doesn't work. The connection (in "connect.php") works, as I am using the same file for my SELECT statements and those work. I am only having trouble with deleting them. Any ideas what I'm doing wrong?
Thanks in advance!
<?php
include "include/connect.php";
if($link === false){
die("ERROR: Could not connect. " . mysql_connect_error());
}
$word = (isset($_GET['email']) ? $_GET['email'] : null);
$sql = "DELETE * from tbl_sbs WHERE eml='" . word . "'";
$result = mysql_query($sql);
?>
You don't use * or column name for DELETE statement unless in WHERE clause for filtering purpose same as in SELECT statement. It should just be
$sql = "DELETE from tbl_sbs";
DELETE general syntax is
DELETE FROM TABLE_NAME WHERE COLUMN_NAME <comparison_operator> SOME_FILTER_CONDITION
So, in your case it should just be
$sql = "DELETE FROM tbl_sbs WHERE eml='" . $word . "'";
Error reporting would have thrown you an undefined constant word notice; IF that wasn't a typo in '" . word . "'.
The * and having checked for errors, would have thrown you the following:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '*
References:
https://dev.mysql.com/doc/refman/5.0/en/delete.html
http://php.net/manual/en/function.error-reporting.php
http://php.net/manual/en/function.mysql-error.php
And you must use the $ before a variable name (word)
$sql = "DELETE from tbl_sbs WHERE eml='" . $word . "'";
Related
This question already has answers here:
MySQL Insert query doesn't work with WHERE clause
(31 answers)
Closed 2 years ago.
please help me to solve this error.i tired from searching solution...
error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE name=NULL' at line 1
my database have 3 column=id(int),name(varchar),comment(varchar) and i want insert comment to it.
my php code :
<?php
include "./Config.php";
include './MyPDO.php';
$response = array() ;
$connect = MyPDO::getInstance();
$name = $_REQUEST['name'];
$comment=$_REQUEST['comment'];
$query = " INSERT INTO user "
. " (comment) "
. " VALUES "
. " (:comment) "
. " WHERE name=:name ";
$stmt = $connect->prepare($query);
$stmt->bindParam(":name",$name);
$stmt->bindParam(":comment",$comment);
try {
$stmt->execute();
$response['massage'] = "sucess";
echo json_encode($response);
exit;
} catch (PDOException $ex) {
$response['massage'] = "error";
$response['error']=$ex->getMessage();
echo json_encode($response);
}
Looks like you mixed the syntax here. You seem to want to update an existing record. Use
update user
set comment = :comment
where name = :name
insert if for creating a new record.
The insert into ... values() syntax does not take a where clause.
If you want to insert, then:
insert into user(name, comment) values(:name, :comment)
But actually it looks like you might want an update:
update users set comment = :comment where name = :name;
The former creates a new record in the table, with the given name and comment.
The latter modifies the already-existing record that has the same name and sets its comment value.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
This is my code and I can't figure out how to update the product_info:
include_once "dbconnect.php";
session_start();
$p_id = $_SESSION['rbtn'];
$p_name=securethis( $_POST['p_name']);
$p_unit=securethis( $_POST['p_unit']);
$p_price=securethis( $_POST['p_price']);
$p_details=securethis($_POST['p_details']);
$query= "UPDATE product_info SET p_name=$p_name,p_unit=$p_unit,p_price=$p_price,p_details=$p_details,p_directory=hi WHERE p_id=$p_id";
mysql_query($query) or die(mysql_error()) ;
$_SESSION['rbtn'] = "";
header("Location: admin.php");
Your used query should be in valid format to execute by MySQL . May be there are some columns in product_info table are VARCHAR type like as p_name . So use single quote (') to create a valid query . You can also check it by echoing your query and execute this on MYSQL prompt . It will tell the exact problem.
echo $query= "UPDATE product_info SET p_name=$p_name,p_unit=$p_unit,p_price=$p_price,p_details=$p_details,p_directory=hi WHERE p_id=$p_id";
and execute the the printed query directly to the MYSQL shell .
Write the query like this-
$query= "UPDATE product_info SET p_name='$p_name',p_unit='$p_unit',p_price='$p_price',p_details='$p_details',p_diretory='hi' WHERE p_id='$p_id'";
This question already has answers here:
Call to undefined method mysqli_stmt::get_result
(10 answers)
Closed 8 years ago.
I'm tryign to creat user_login system for my website. And now i got problems with selection of user_info from database , using mysqli and prepared statements .
My problem is , that i can't get any output . But i'm using the manual at php.net .
Here is what i have got the moment:
<?php
require_once 'php/includes/constants.php';
$connection = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME)or die("Error");
$phone = "0661488342";
$password = "1234";
$query = " SELECT *
FROM userinfo
WHERE phone = ? AND password = ?
LIMIT 1";
$stmt = $connection->prepare($query);
$stmt->bind_param('ss', $phone, $password);
$stmt->execute();
$res = $stmt->get_result();
$row = $res->fetch_assoc();
echo "Password = ".$row['password'];
The error :
Call to undefined method mysqli_stmt::get_result() in Z:...
Can you advise me something about this ?
Edition 1
PHP version is 5.2.12.(sorry, i forgot this)
But the question remains the same . How can i get the user_info ?
You need to have PHP 5.3.0 and also this method requires the mysqlnd driver. Othervise you will get this error:
Call to undefined method mysqli_stmt::get_result()
Which is what appears to be happening to you.
What is your PHP version, and mysql version?
You should learn more about MySQLi here: http://www.php.net/manual/en/book.mysqli.php
You have an error in your SQL, which you can detect by checking for errors (in this case it outputs them but there are better ways to handle errors.
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!($res = $stmt->get_result())) {
echo "Getting result set failed: (" . $stmt->errno . ") " . $stmt->error;
}
$row = $result->fetch_row()
In your case password column name is a reserved word in MySQl (there is a PASSWORD function). Your SQL should backtick column names and table names:
$query = " SELECT *
FROM `userinfo`
WHERE `phone` = ? AND `password` = ?
LIMIT 1";
FINALLY, it looks like you are stroing passwords in the clear which means you are doing it wrong. See PHP The Right Way: Password Hashing
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do I handle single quotes inside a SQL query in PHP?
Greeting ,
I have a small script which is used for applications and it saves questions answer into the database. The script is given below:
while(list($QKey,$QVal) = each($AppQuestions)) {
$result2= mysql_query("
INSERT INTO forum_app_answers (AID, AppID, Question, Answer)".
" VALUES (NULL, '$AppID', '$Questions[$QKey]', '$QVal')"
) or die(mysql_error());
Now the problem is that if someone write ' character in the answer , the data doesnt get saved. For simple writing its okay . The problem is only if the answer contains ' in it. any help will be highly appreciated tx
The following error occures:
You Have An Error In Your SQL Syntax; Check The Manual That Corresponds To Your MySQL Server Version For The Right Syntax To Use Near 's GF. Channel Services')' At Line 1
Use prepared statements. Look up PDO and use prepared statements.
mysql_ is deprecated.
After connecting with $dbh = new PDO(),
$sql = 'sql';
$stmt = $dbh->prepare($sql);
$stmt->execute($params);
do the following:
$QVal = $mysqli->real_escape_string($QVal);
$query = "INSERT INTO forum_app_answers (AID, AppID, Question, Answer)
VALUES (NULL, '$AppID', '$Questions[$QKey]', '$QVal')";
// $mysqli is previously defined
$mysqli->query($query);
if ($mysqli->errno !=0){
printf("you have an error in your query %s", $mysqli->error);
}
You may try:
while(list($QKey,$QVal) = each($AppQuestions)) {
$result2= mysql_query("
INSERT INTO forum_app_answers
(AID, AppID, Question, Answer)". "
VALUES (
NULL,
'$AppID',
'$Questions[$QKey]',
'". mysql_real_escape_string($QVal). "')
") or die(mysql_error());
Without mysql_real_escape_string() your script also has huge security issues.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Mysql can't perform more than 1 query at a time
$query = "TRUNCATE TABLE nw_world;";
$query = $query . " INSERT INTO `nw_world`";
$query = $query . " SELECT * FROM `x_world` WHERE x <0 AND y >=0";
$query = $query . " AND tid !=5 AND aid NOT IN ( 29, 908, 935, 941, 950 )";
$query = $query . " AND population <=50";
echo "$query";
mysql_query($query,$con) or die("error ".mysql_error());
This results in an error
error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `nw_world` SELECT * FROM `x_world` WHERE x <0 AND y >=0 AND tid !=5 ' at line 1
But when i execute the same query in mysql it works fine. Due to which i am having a feeling that i am making some mistake in the php coding. Please help
PHP, by default, will only execute 1 query per mysql_query call (security measure).
If you want to execute more than one at a time look at http://se2.php.net/manual/en/mysqli.multi-query.php
mysql_query does not let you execute more than 1 query. Use mysqli::multi_query
or execute each command separately.