i get this error. how to solve this error?

i get this error. how to solve this error? - php

Warning : odbc_exec(): SQL error: [Microsoft][ODBC SQL Server
Driver][SQL Server]Incorrect syntax near the keyword 'to'., SQL state
37000 in SQLExecDirect in
C:\xampp\htdocs\lendkarma\dashboard\viewpost.php
<?php
if($userconnection)
{
$sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ($empid,$title,$a,$status,$author)";
echo $sql_result;
$res=odbc_exec($userconnection,$sql_result);
// $res = odbc_prepare($userdatabase,"INSERT INTO t_blogs (empid,blog_title,blog_content,status,blog_author) VALUES ($empid,$title,$a,$status,$author)");
}
else
{
echo "connection error";
}
?>

I think you should add some apostrophe around your string type of value in your sql query string.
Something like this.
$sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ('".$empid."','".$title."','".$a."','".$status."','".$author."')";

Your values need quotes around them:
$sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ('$empid','$title','$a','$status','$author')";

Related

Why does Explicitly putting Null on sql statement yields SQLSTATE[42000] error?

Because putting NULLs inside the variables gives headache here in PHP, I resorted to explicitly putting NULL on the prepared statement
The script is a csvupload script originally came from here Import CSV into MySQL
$linemysql = implode("','",$linearray);
$linemysql = "'".$linemysql."'";
$sql="SELECT * FROM `".$tblmei."` WHERE `".$shuHint."` = ".$linearray[0];
$stmt = $setsu->query($sql);
$rwCnt=$stmt->rowCount();
if ($rwCnt==0){
$fumeiKazu=substr_count($linemysql,"'Unknown'");
echo "<br>fumeiKazu=".$fumeiKazu;
if ($fumeiKazu==1)
{
$fumeiPos=mb_strpos($linemysql,"'Unknown'");
$l1=mb_substr($linemysql,0, $fumeiPos);
echo "<br>l1=".$l1;
$sfumeiPos=$fumeiPos+9;
echo "<br>sfumeiPos=".$sfumeiPos;
$l2=mb_substr($linemysql,$sfumeiPos);
echo "<br>l2=".$l2;
echo "<br>".$l1.NULL.$l2;
$tsuika = $setsu->prepare("INSERT INTO ".$tblmei." VALUES (".$l1.NULL.$l2.")");
$tsuika->execute();
$dataHaitaKazu++;
}
}
The idea of this php script block is when it finds Unknown, post it as NULL as the row's Risk during query
I made sure the the Risk column in the table structure phpmyadmin accepts null and default is null.
This is what I came up
$tsuika = $setsu->prepare("INSERT INTO ".$tblmei." VALUES (".$l1.NULL.$l2.")");
And it yiedls this error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,'testArea','0')' at line 1' in

unable to encode url in mysql php insert

I am trying to insert a url to mysql(through php) column but unable to do it.
I am getting the following error
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%2F%2Flocalhost%2Fclient%2Fsave_file.php%3Ffilename%3D9 WHERE queryid='29'' at line 1
The code snippet :
$_POST['url1']="//localhost/client/save_file.php?filename=9";
$_POST['query_id']=29;
$var=$_POST['url1'];
$query_id=$_POST['query_id'];
// echo "$var";
$var=rawurlencode($var);
//echo "$var";
$sql1 = "UPDATE query_audio SET query_content=$var WHERE queryid='".$query_id."' ";
if (!mysql_query($sql1)) {
die('Error: ' . mysql_error($connection));
}

You have a fundamental misunderstanding of how to defend against SQL injection attacks You need to use mysql_real_escape_string(), not urlencode().
Plus, you forgot to quote your $var variable, so your query is litterally:
... SET query_content=http:%2F%2Fetc...
Without quotes around that url, mysql is free to interpret the http: portion as an (invalid) field name.
Try
$var = mysql_real_escape_string($_POST['url1']);
$query_id = mysql_real_escape_string($_POSt['query_id']);
$sql = "UDPATE ... SET query_content='$var' WHERE queryid='$query_id';";
^----^-- note these quotes.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ... at line 1

$pocasie = mysqli_connect("localhost","root","","pocasie");
mysqli_query($pocasie, "UPDATE `pocasie` SET `aktualnateplota`=$aktualna_teplota, `relativnavlhkost`=$relativna_vlhkost, `smervetra`=$smer_vetra, `rychlostvetra`=$rychlost_vetra, `barometrickytlak`=$barometricky_tlak, `rosnybod`=$rosny_bod, `pocitovateplota`=$pocitova_teplota, `ikonka`=$ikonka, `ikonkaurl`=$ikonka_url WHERE id=1") or die (mysqli_error($pocasie));
Can anyone help me? I get error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' smervetra=160, rychlostvetra=7, barometrickytlak=1024, rosnybod=5, `poc' at line 1
db and table name is pocasie

enclose values in ('')....change
`aktualnateplota`=$aktualna_teplota
to
`aktualnateplota`= '$aktualna_teplota' .../* notice single quoted value here */
In
mysqli_query($pocasie, "UPDATE `pocasie` SET `aktualnateplota`='$aktualna_teplota', `relativnavlhkost`=$relativna_vlhkost, `smervetra`='$smer_vetra', `rychlostvetra`='$rychlost_vetra', `barometrickytlak`='$barometricky_tlak', `rosnybod`='$rosny_bod', `pocitovateplota`='$pocitova_teplota', `ikonka`='$ikonka', `ikonkaurl`='$ikonka_url' WHERE id=1") or die (mysqli_error($pocasie));

Use this single quote (') to your variables. Your query should look like this:
mysqli_query($pocasie, "UPDATE `pocasie` SET `aktualnateplota`='$aktualna_teplota', `relativnavlhkost`='$relativna_vlhkost', `smervetra`='$smer_vetra', `rychlostvetra`='$rychlost_vetra', `barometrickytlak`='$barometricky_tlak', `rosnybod`='$rosny_bod', `pocitovateplota`='$pocitova_teplota', `ikonka`='$ikonka', `ikonkaurl`='$ikonka_url' WHERE `id`='1'");

Mysql Query Displays an error in SQL syntax when it's right

I got sick of this error. I'm pretty sure it works with '$_POST[name]' but sql doesn't accept it.
It gives me the error saying: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 2
$syn = mysql_real_escape_string($_POST['syn']);
$fore = mysql_real_escape_string($_POST['fore']);
$localfore = mysql_real_escape_string($_POST['localfore']);
$save = mysql_query("INSERT INTO tblforecast (Issued,Valid,Synopsis,Forecast,Local_Forecast,Station11,Station12,Station13,Station14,Station15,Station16,Station17,Station18,Station19,Forecaster)
VALUES (now(),'24','$syn','$fore','$localfore','sample','$sample','sample','sample','sample','sample','sample','sample','sample',$id)");
What's going on?
PS. Line 2 points at the start of VALUES

Try this
$sql = "INSERT INTO tblforecast (Issued,Valid,Synopsis,Forecast,Local_Forecast,Station11,Station12,Station13,Station14,Station15,Station16,Station17,Station18,Station19,Forecaster)
VALUES ('{$datetime}',24,'{$_POST[syn]}','{$_POST[fore]}','{$_POST[localfore]}','sample','sample','sample','sample','sample','sample','sample','sample','sample',$id)";
echo sql;
$save = mysql_query($sql);

This is very bad practice to save post data directly. Instead you can use $syn = mysql_real_escape_string($_POST['syn']); and $syn put into your sql query.

If you write the query in a more eadable way, you can spot some mistakes:
INSERT INTO
tblforecast
(
Issued
,Valid
,Synopsis
,Forecast
,Local_Forecast
,Station11
,Station12
,Station13
,Station14
,Station15
,Station16
,Station17
,Station18
,Station19
,Forecaster
) VALUES (
'$datetime'
,24
,'$_POST[syn]'
,'$_POST[fore]'
,'$_POST[localfore]'
,'sample'
,'$sample]' // <-- is that supposed to be there?
,'sample'
,'sample'
,'sample'
,'sample'
,'sample'
,'sample'
,'sample'
,$id // <-- where are the closing brackets?

SQL syntax error and undefine index error

After a long search not able to find the solution
Undefined index: coursename in C:\wamp\www\StudentInformationProject\Student_new\courseinsert.php on line 17
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'>
Here is the code
if(isset($_POST["button"]))
{
$sql="INSERT INTO course(courseid, coursename, comment, coursekey)
VALUES('".$_POST['courseid']."','".$_POST['coursename']."',
'".$_POST['comment']."','".$_POST['coursekey']."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
else
{
echo "1 record Inserted Successfully...";
}
}

One of your substituting variables has a double quote in it. Given the error message, it probably looks like:
foo "1" bar
You should escape such characters by doubling them, so it looks like:
foo ""1"" bar

It is possible that your value in comment contains a single quote, which would invalidate the SQL syntax...

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

i get this error. how to solve this error? - php

I think you should add some apostrophe around your string type of value in your sql query string. Something like this. $sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ('".$empid."','".$title."','".$a."','".$status."','".$author."')";

Your values need quotes around them: $sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ('$empid','$title','$a','$status','$author')";

Related

Why does Explicitly putting Null on sql statement yields SQLSTATE[42000] error?

unable to encode url in mysql php insert

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ... at line 1

Mysql Query Displays an error in SQL syntax when it's right

SQL syntax error and undefine index error

Categories

Resources