You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET =test WHERE =test' at line 1] in EXECUTE("UPDATE SET =test WHERE =test")
$sql = 'UPDATE ' . $this->recipientDbTable . ' SET ' . $this->recipientDbColumn['result_id'] . '=' . 'test' . ' WHERE ' . $this->recipientDbColumn . '=' . 'test';
It looks like $this->recipientDbColumn['result_id'] is null or empty. Look at your error log with error_reporting(E_ALL), it may have an Undefined index error.
Also, echo out the actual SQL query and post it here, it should be obvious what the problem is.
Also, use prepared statements.
$this->recipientDbColumn['result_id'] and $this->recipientDbColumn as the error suggests return empty string.
... right syntax to use near 'SET =test WHERE =test' at line 1] in EXECUTE("UPDATE SET =test WHERE =test")
As you could see, the call returned empty string. Check the code for where you missed it!
According to the error, it seems that your $this->recipientDbTable & other variables doesn't contains the values.
Try
echo $this->recipientDbColumn;
Check if it prints the values
Related
I have a table with all the cities in my country, but they are in uppercase. Im trying to convert the first letter to uppercase and the rest to lower case.
Some of them have the single quote accent (Example: Sao Martinho D'oeste) and they are the only ones that give me an error when i try to update the table after converting them.
$cidadeNome = strtolower($cidade['desc_cidade']);
$cidadeNome = ucwords($cidadeNome);
$sql = "UPDATE cidades SET desc_cidade = '".$cidadeNome."' WHERE cidade_id = ".$cidade['cidade_id']."";
$atualizado = $db->query($sql);
if (!$atualizado)
{
echo "Erro (" . $db->errno . ") " . $db->error . "\n";
$db->close();
exit;
}
My code is very simple. The error i get is
Erro em (1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'oeste' WHERE cidade_id = 88382' at line 1
My code work for every city, unless it has an single quote.
I am trying to insert a url to mysql(through php) column but unable to do it.
I am getting the following error
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%2F%2Flocalhost%2Fclient%2Fsave_file.php%3Ffilename%3D9 WHERE queryid='29'' at line 1
The code snippet :
$_POST['url1']="//localhost/client/save_file.php?filename=9";
$_POST['query_id']=29;
$var=$_POST['url1'];
$query_id=$_POST['query_id'];
// echo "$var";
$var=rawurlencode($var);
//echo "$var";
$sql1 = "UPDATE query_audio SET query_content=$var WHERE queryid='".$query_id."' ";
if (!mysql_query($sql1)) {
die('Error: ' . mysql_error($connection));
}
You have a fundamental misunderstanding of how to defend against SQL injection attacks You need to use mysql_real_escape_string(), not urlencode().
Plus, you forgot to quote your $var variable, so your query is litterally:
... SET query_content=http:%2F%2Fetc...
Without quotes around that url, mysql is free to interpret the http: portion as an (invalid) field name.
Try
$var = mysql_real_escape_string($_POST['url1']);
$query_id = mysql_real_escape_string($_POSt['query_id']);
$sql = "UDPATE ... SET query_content='$var' WHERE queryid='$query_id';";
^----^-- note these quotes.
After a long search not able to find the solution
Undefined index: coursename in C:\wamp\www\StudentInformationProject\Student_new\courseinsert.php on line 17
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'>
Here is the code
if(isset($_POST["button"]))
{
$sql="INSERT INTO course(courseid, coursename, comment, coursekey)
VALUES('".$_POST['courseid']."','".$_POST['coursename']."',
'".$_POST['comment']."','".$_POST['coursekey']."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
else
{
echo "1 record Inserted Successfully...";
}
}
One of your substituting variables has a double quote in it. Given the error message, it probably looks like:
foo "1" bar
You should escape such characters by doubling them, so it looks like:
foo ""1"" bar
It is possible that your value in comment contains a single quote, which would invalidate the SQL syntax...
I am creating an App in php
in which i am getting an error on this line #
$sql="INSERT INTO table ( `rollnum`,'sessionid', `class`, `subject`, `theory`, `practical`, `type_of`, `term`) VALUES ('$students['rollnum']', '$session','$class','$subject['id']','$_REQUEST[$subject['id'].'_'.$students['rollnum'].'_th']','$_REQUEST[$subject['id'].'_'.$students['rollnum'].'_pr']', '$examtype', '$examsubtype')";
I dont knoe what's wrong with this line.
i even checked at an online platform.They said the same that there is error on Line #(above).
Anyone who can help me with this
Thanks
you likely need to surround the variables in a double quoted string with braces.
$string = "I want to use {$variable1} and {$variable['thisKey']}";
or the following, which is a little faster to run;
$string = 'I want to use'.$variable1.'and '.$variable['thisKey'];
So that should solve your immediate problem, however your query is very open to an injection which can be very bad, especially if your using $_REQUEST right in your query string. I'd recommend looking into preparing your query statements before running them and ensuring all the dangerous stuff is escaped.
I answered another question that includes a safe way of doing a query over here with this answer
If your PHP environment had had these settings: display_errors = On; error_reporting = E_ALL, you would have seen:
PHP Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)
Like in this example:
$array['value'] = 'test';
echo "$array['value']";
It should be like that:
echo "".$array['value']."";
echo "{$array['value']}";
Anyway, you can use numeric keys:
$array[0] = 'test';
echo "$array[0]";
You need to surround your variable names with braces inside the string:
$sql="INSERT INTO stdexamrecord ( `rollnum`,'sessionid', `class`, `subject`, `theory`, `practical`, `type_of`, `term`) VALUES (
'${students['rollnum']}',
'$session',
'$class',
'${subject['id']}',
' " . $_REQUEST[ $subject['id'] . '_' . $students['rollnum'] . '_th'] . "',
' " . $_REQUEST[ $subject['id'] . '_' . $students['rollnum'] . '_pr'] . "',
'$examtype',
'$examsubtype')";
try to use dreamweaver or net bean that might help you to find the error at the correct place
I have a series of check boxes that are coming out of one MySQL table:
<?php
$result = mysql_query("SELECT * FROM strategies");
if (!$result) {
die("Database query failed: " . mysql_error());
}
while($row = mysql_fetch_array($result)) {
$strategylist = $row['name'];
$strategyname = htmlspecialchars($row['name']);
echo '<input type="checkbox" name="strategy[]" value="' . $strategylist . '" />' . $strategyname;
}
?>
I want to be able to store multiple "strategies" to each row on a "studies" table, so I am employing another table (sslink) to store the id of the study and the name of the strategy. This is partly because there will be an ever growing number of "strategies", so they need to be stored in the database. This is the code I'm currently using:
<?php
if(isset($_POST['update1']))
{
$strategy=serialize($_POST['strategy']); //line 66, where the warning is happening
if(!get_magic_quotes_gpc())
{
$strategy = addslashes($strategy);
}
// update the article in the database
$query ="INSERT INTO sslink('study_id', 'strategyname') VALUES ('".$_GET['id']. "', '" .$strategy. "')";
mysql_query($query) or die('Error : ' . mysql_error());
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
#unlink($cacheFile);
#unlink($cacheDir . 'index.html');
echo "<b>Article '$title' updated</b>";
$strategy = stripslashes($strategy);
}
?>
And this is the error that gets returned:
Notice: Undefined index: strategy in /casestudyform.php on line 66
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''study_id', 'strategyname') VALUES ('1', 'N;')' at line 1
Does anyone know how to fix this? or a better way to do it?
Thanks in advance!
Try this:
$query ="INSERT INTO sslink (study_id, strategyname) VALUES ('".$_GET['id']. "', '" .$strategy. "')";
Undefined index suggests that $_POST['strategy'] wasn't set. Could you do a sanity check that your form has it? Also, an echo of the actual query would be nice.
You have two errors that are unrelated to one another:
Notice: Undefined index: strategy in /casestudyform.php on line 66
As #montooner points out, this notice is from PHP, because the $_POST array contains no value for the 'strategy' key. That is, the form was submitted with no strategy checkbox checked. You should test that the key exists before trying to reference it.
if (array_key_exists('strategy', $_POST)) ...
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''study_id', 'strategyname') VALUES ('1', 'N;')' at line 1
This is an SQL parsing error. You have put single-quotes around the columns in your INSERT statement. In SQL, single-quotes delimit string constants, not column names.
If you need to delimit column names (because they contain SQL keywords, whitespace, special characters, etc.), you should use back-quote in MySQL or double-quotes in ANSI SQL.
Also be careful of SQL injection. Don't assume that the HTTP request parameters contain only integers or friendly strings. Filter the values or escape them before you use them in SQL. The addslashes() function is not a good solution to protect against SQL injection.
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$strategy_esc = mysql_real_escape_string($strategy);
$query ="INSERT INTO sslink(`study_id`, `strategyname`)
VALUES ($id, '$strategy_esc')";