This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
include("db_connector.php");
$soru = "asdasds";
$tip = 1;
$soruId = 0;
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
$islem = mysql_query($sql)or die(mysql_error());;
if(isset($islem))
{
$soruId = mysql_insert_id();
}else
{
header("refresh:2;sorular.php");
}
this code give an error like this : Unknown column 'asdasds' in 'field list'
You need to change the SQL statement in this:
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."','".$soru."',".$tip.")";
Strings needs to be encapsulated with a single quote. :)
I just add ' before and after every variable in query. You cannot pass string to query without adding single quote '.
Change From:
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
to :
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."', '".$soru."', '".$tip."')";
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 3 years ago.
When I run this Script the strtotime and date functions work, but when the SQL query runs the date column in the db remains blank.
$date = mysqli_real_escape_string($conn, $_POST['date']);
$day1 = strtotime($date);
$day1 = date('Y-m-d', $day1);
$id = 1;
echo $day2;
$sql = "UPDATE essay SET date = $day1 WHERE id = $id";
You have to add a quote over the $day1 like this way :
$sql = "UPDATE essay SET date = '$day1' WHERE id = '$id'";
Another way to do it by concatenate :
$sql = "UPDATE essay SET date = ".$day1." WHERE id = ".$id;
Unless an SQL field is an integer type or similar numeric type, data written to it should be quoted in an insert statement. In this case, your $day1 is something like "2019-04-18" so your SQL should read:
$sql = "UPDATE essay set date = '$day1' where id = $id";
The single quote should allow the query to succeed. Note that debugging this sort of thing is fairly easy, but isn't taught in some tutorials; if the query fails, try logging or echoing the MySQL(i) error:
$query = $db->query($sql);
if (!$query) echo $db->error;
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am trying to make a simple shoutbox for a school project.
Everything seems to be working fine, except when i try and send a message. My sql query is simple, but seems to not be working for some reason.
<?php
session_start();
require_once("includes/connect.db.php");
$sql = "SELECT * FROM shoutbox";
$result = mysql_query($sql);
echo '<table border=1>';
while($rows = mysql_fetch_assoc($result)){
$sb_username = $rows['username'];
$sb_message = $rows['message'];
$sb_sent_time = $rows['sent_time'];
echo '<tr><td>' . $sb_username . ': </td><td>' . $sb_message;
}
echo '</table>';
?>
<form method=post action=shoutbox.php>
<input type=text name="message">
<input type=submit value="Send!">
</form>
<?php
if(isset($_POST['message'])){
$date = time();
$message = mysql_real_escape_string(htmlentities($_POST['message']));
$username = $_SESSION['user_name'];
$sql = "INSERT INTO shoutbox ('username', 'message', 'time_sent') VALUES ('$username', '$message', '$date')";
mysql_query($sql) or die(mysql_error());
}
?>
Produces the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''username', 'message', 'time_sent') VALUES ('c4sper', 'hello', '1461107151')' at line 1
Replace the following line in your code with this new one:
$sql = "INSERT INTO shoutbox (`username`, `message`, `time_sent`) VALUES ('$username', '$message', '$date')";
Note : Use `` (Backticks) instead of '' (Quotes) around your table column's (fields) names in your INSERT query.
For detailed guidance,Take a look at :
When to use single quotes, double quotes, and backticks in MySQL
You are using single quotes (') around the field names - it should be the ` (backtick) symbol instead.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
Here is the query:
$table = $_GET['type'];
$q="DELETE FROM '$table' WHERE cont_id='".$_GET['where']."'";
I also tried removing the single/double quotes on the $_GET part, but didn't work. I'm printing the values of my variables before executing the query and they are right so I don't think that's the problem.
Any ideas?
Database table names should not be enclosed with single quotes.
Corrected SQL:
$q="DELETE FROM $table WHERE cont_id='".$_GET['where']."'";
Tables and field names can be enclosed with backticks (`) to avoid clashes with
MySQL reserved keywords.
In that case, corrected SQL should be:
$q="DELETE FROM `$table` WHERE `cont_id` = '".$_GET['where']."'";
Also, do not trust input from user.
This can cause security vulnerability.
use mysqli_real_escape_string() for $_GET['where']
In you want quote table name you had to use symbol "`"
$table = $_GET['type'];
$q="DELETE FROM `$table` WHERE cont_id='".$_GET['where']."'";
$table = $_GET['type'];
$q="DELETE FROM $table WHERE cont_id='".$_GET['where']."'";
OR
$table = $_GET['type'];
$q="DELETE FROM `$table` WHERE cont_id='".$_GET['where']."'";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
This is my code and I can't figure out how to update the product_info:
include_once "dbconnect.php";
session_start();
$p_id = $_SESSION['rbtn'];
$p_name=securethis( $_POST['p_name']);
$p_unit=securethis( $_POST['p_unit']);
$p_price=securethis( $_POST['p_price']);
$p_details=securethis($_POST['p_details']);
$query= "UPDATE product_info SET p_name=$p_name,p_unit=$p_unit,p_price=$p_price,p_details=$p_details,p_directory=hi WHERE p_id=$p_id";
mysql_query($query) or die(mysql_error()) ;
$_SESSION['rbtn'] = "";
header("Location: admin.php");
Your used query should be in valid format to execute by MySQL . May be there are some columns in product_info table are VARCHAR type like as p_name . So use single quote (') to create a valid query . You can also check it by echoing your query and execute this on MYSQL prompt . It will tell the exact problem.
echo $query= "UPDATE product_info SET p_name=$p_name,p_unit=$p_unit,p_price=$p_price,p_details=$p_details,p_directory=hi WHERE p_id=$p_id";
and execute the the printed query directly to the MYSQL shell .
Write the query like this-
$query= "UPDATE product_info SET p_name='$p_name',p_unit='$p_unit',p_price='$p_price',p_details='$p_details',p_diretory='hi' WHERE p_id='$p_id'";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
When I use these statements works:
$sql = "UPDATE nametable SET column = '$number' WHERE username = '$text'";
$result = mysql_query($sql, $link) or die(mysql_error());
But, when I change 'column' to 'option1' like this:
$sql = "UPDATE nametable SET '$option1' = '$number' WHERE username = '$text'";
The query doesn't work. What's wrong with $option1? :/
Thanks!
column names must not be enclosed by quotes '
$sql = "UPDATE nametable SET " . $option1 . " = '$number' WHERE username = '$text'";