This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
I am making myself a website and I am onto the backend administration section, I'm currently stuck on submitting the details from a form into my database, however I keep getting the same error over and over again no matter what, which is:
Error:
You have an error in your SQL syntax; check the manual that corresponds to your >MySQL server version for the right syntax to use near 'Change) VALUES ('Connor', >'Connor')' at line 1
This is the code which is giving me the error (it connects perfectly to the database):
$query = "INSERT INTO changes (DevName,Change) VALUES ('$dev', '$changed')";
$a = mysql_query($query);
It keeps saying syntax error when I have been looking at other code, and it shows the exact same thing as the code that I have (except the variables of course).
That's cause Change is a reserve word in MySQL.. You will have to escape it using backtique.
The following works fine, otherwise explosions:
create table changes
( DevName varchar(100),
`Change` varchar(100)
);
insert changes(DevName,`Change`) values ('1','2');
Please don't use mysql_* methods because they are deprecated in PHP5.5 and removed in PHP7. Instead of that you should use PDO or mysqli
$sth = $dbh->prepare('INSERT INTO changes ('DevName', 'Change') VALUES (:dev, :changed)');
$sth->bindParam(':dev', $dev, PDO::PARAM_STR);
$sth->bindParam(':changed', $changed, PDO::PARAM_BOOL);
$sth->execute();
For more details about PDO visit site http://php.net/manual/en/book.pdo.php
Related
I am currently undergoing the process to convert my code from MySQL to PDO however I am having an issue passing a variable. I have edited the content of the variable to give you an idea of exactly what is happening.
$status = 'Pending';
$stmt = $db->prepare("INSERT INTO
cusbuilder_sites(userid,name,imgurl,url,explain,status,incustom) VALUES
(:userid,:campname,:imgurl,:targeturl,:explain,:status,:incustom)");
$explain = '<p>Testing Input</p>';
$stmt->bindParam(':userid', $username);
$stmt->bindParam(':campname', $_POST['campname']);
$stmt->bindParam(':imgurl', $_POST['imgurl']);
$stmt->bindParam(':targeturl', $_POST['targeturl']);
$stmt->bindValue(':explain', $explain, PDO::PARAM_STR);
$stmt->bindParam(':status', $status);
$stmt->bindParam(':incustom', $_POST['incustom']);
$stmt->execute();
Now this is the error I am getting:
: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'explain,status,incustom) VALUES ('myuserid','testing12','http://testingsite.com' at line 1'
As you can see the $explain variable contains HTML code and when I remove the p tags it works fine but I need it to actually store the HTML in the database as it did with MySQL.
I have read the answers to this question and have checked if magic_quotes or gpc are enabled. They aren't. In my previous code I was using mysql_real_escape_string which obviously I cannot use in PDO so I just want to know how do i pass HTML in a variable and insert it into a database using PDO?
For those who are going to answer 'use bindValue instead of bindParam' you will see I have already done this and the error is the same.
This doesn't have anything to do with HTML. The SQL query itself is invalid. explain is a reserved word. Enclose your identifiers in back-ticks (assuming MySQL, other characters may be used by other databases) to specify them as identifiers:
INSERT INTO `cusbuilder_sites`
(`userid`,`name`,`imgurl`,`url`,`explain`,`status`,`incustom`) VALUES
(:userid,:campname,:imgurl,:targeturl,:explain,:status,:incustom)
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
When I try to insert data where with code:
$query = dbConnect()->prepare("INSERT INTO users(key) WHERE mail='$mail' VALUES ('$key')");
I'm using XAMPP, it gives me an error:
Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'key) WHERE mail='maciej#localhost' VALUES (key)' at line 1 in C:\xampp\htdocs\PHP7_login\restore\index.php:38
You should use backticks for key (because is a reserved word)
and not use where
"INSERT INTO users(`key`) VALUES ('$key')"
or if you need an update
"UPDATE users
set `key` = '$key'
where mail = '$mail'"
The guess is that you want update:
update users
set key = '$key'
where mail = '$mail' ;
You should also learn to use parameters for values in queries. Substituting strings into the query string introduces the possibility of unexpected errors and makes the code vulnerable to SQL injection attacks.
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 9 years ago.
I need to know can I use question marks (?) in PDO prepared statements as table name or not.
$table = $_POST['table'];
$id = $_POST['id'];
$sql = "UPDATE ? SET priority = priority + 1 WHERE id = ?";
$q = $db->prepare($sql);
$q->execute(array($table,$id));
I'm getting this error:
Warning: PDO::prepare() [pdo.prepare]: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? SET priority = priority + 1 WHERE id = ?'
Aside from that simple problem, there is another one - your code smells of bad database design. In a properly planned database you would never need to receive a table name via POST request.
Most likely you are using multiple tables where you have to use only one.
You need to bind the parameters like this:
$q->bindParam(1, $table);
$q->bindParam(2, $id);
Source (see Example #2)
my basic insert query is not working.. i know its a very basic, raw sort of question to ask but m unable to sort out
my code
$a="nvsdjkvn";
$b="bhjxcbncj";
mysql_select_db("vas1",$con);
$s = "insert into updates(update,dates) values ('$b','$a')";
$re = mysql_query($s);
i got this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'update,dates) values ('nvsdjkvn','bhjxcbncj')' at line 1
my table name is: updates with two columns 'update' and 'dates' both of type 'varchar'
update is a reserved word in SQL and must therefore be enclosed in backticks if not used as a reserved word:
$s = "insert into updates(`update`,dates) values ('$b','$a')";
UPDATE is a reserved word in MySQL. To use in your query, you should properly escape it.
Here is a complete list of MySQL reserved words.
Change -
$s = "insert into updates(update,dates) values ('$b','$a')";
To
$s = "insert into updates(`update`,`dates`) values ('".$b."','".$a."')";
Mysql extension is deprecated as of PHP 5.5.0, and is not recommended
for writing new code as it will be removed in the future. Instead,
either the mysqli or PDO_MySQL extension should be used. See also the
MySQL API Overview for further help while choosing a MySQL API.
I'm afraid to say so but we are not allowed to name a table just like a keyword.
Please go through the rule set for naming conventions
http://www.isbe.state.il.us/ILDS/pdf/SQL_server_standards.pdf
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Whats wrong with this query mysql?
I am using mysql and php to update a record. Here is my code:
$n=mysql_query("UPDATE chondas SET model='$model1', yearstart=$yearstart1,
yearstop=$yearstop1, desc='$desc1', hp='$hp1',
engine='$engine1',trim='$trim1', weight='$weight1' WHERE id=$id1");
In the following code if I take out desc='$desc1' everything works perfectly. What would cause this error?
When i tested the following code in phpmyadmin I got this error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='text of the textarea' at line 1.
DESC is a reserved word in mysql so you need to use backticks:
UPDATE chondas SET model='$model1', yearstart=$yearstart1, yearstop=$yearstop1, `desc`='$desc1', hp='$hp1', engine='$engine1',trim='$trim1', weight='$weight1' WHERE id=$id1
You should also switch to PDO (or mysqli) and prepared statements with bound variables to avoid potential sql injection.
DESC is a reserved word in MySQL.
Escape it with backticks
`desc` = '$desc1'
Your query won't run if you include the variable names in phpMyAdmin, such as:
UPDATE chondas SET model='$model1', yearstart=$yearstart1,
yearstop=$yearstop1, **desc='$desc1'**, hp='$hp1',
engine='$engine1',trim='$trim1', weight='$weight1' WHERE id=$id1
Also, the PHP won't run if you mix your "" and '' e.g: "UPDATE chondas SET model='$model1'...