I'm trying to insert some html special characters inside my MySql MyIsam table
Used query :
INSERT INTO place_menu (menu_ref_place, menu_name, menu_price, menu_card_price, menu_full_price, menu_desc) VALUES ('1', 'SUPPLÌ CASERECCI x3', '', '', '', 'asdasd')
Returned error :
SQLSTATE[42000]: Syntax error or access violation
Note :
This request work perfectly with mysqli but with pdo the insert is truncated to SUPPLÌ
Anther problem is where I insert html tags and quotes, for example if i try to insert this string "$%&\'12\'12\'3\'12\'3123" I get nothing at all...just blank space :/
Another debug info :
INSERT INTO place_menu (menu_ref_place, menu_name, menu_price, menu_card_price, menu_full_price, menu_desc) VALUES ('1', 'adasd'asdasd', '2', '3.80', '400', 'asdasda sasdasda s0d8aèsdaysd8sd8asdèa0sd8yè0=?£!(/\"=)(!?)(\"?!)\"')
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'asdasd', '2', '3.80', '400', '<b>asdasda s</b>asdasda s0d8a?sdaysd8sd8asd?a0sd8y' at line 1' in /home/contat13/public_html/app/menu/app/inc/db.cl.php:36 Stack trace: #0 /home/contat13/public_html/app/menu/app/inc/db.cl.php(36): PDO->query('INSERT INTO pla...')
#1 /home/contat13/public_html/app/menu/app/inc/db.cl.php(146): DB->sql_query('INSERT INTO pla...')
#2 /home/contat13/public_html/app/menu/insert_dish.php(15): DB->insert('place_menu', Array, false)
#3 {main} thrown in /home/contat13/public_html/app/menu/app/inc/db.cl.php on line 36
Used php class :
The problem with HTML. I have discovered that the form were not UTF-8 encoded.
The solutions is to check same encoding on:
1) the page/form
2) table and column (if any) charset (not collation)
3) db connection.
All 3 of them must have utf-8 encoding.
Related
When I run this code:
$addUniverseColumn = $db->prepare("ALTER TABLE spaceships ADD :universe int");
$addUniverseColumn->bindParam(":universe", $name);
$addUniverseColumn->execute();
I get the following error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''asfa' int' at line 1' in D:\XAMPP\htdocs\php\locationconfig.php:63 Stack trace: #0 D:\XAMPP\htdocs\php\locationconfig.php(63): PDOStatement->execute() #1 {main} thrown in D:\XAMPP\htdocs\php\locationconfig.php on line 63
Note: $addUniverseColumn->execute(); is the line 63.
I have little to no idea as to what the problem is. I've searched for an answer to the problem but I can't find anything. Any help would be appreciated. :)
Placeholders can only work for VALUES, never field/table names. You cannot use a placeholder for the field name in an ALTER query. You'll have to use good old string interpolation for it:
$db->prepare("ALTER TABLE spaceships ADD $name int");
i am trying to use this PHP PDO prepared statement to run an SQL Query:
$stmt = $pdo_conn->prepare("SELECT *, LEAST(:col_list) as num FROM callplandata WHERE number LIKE :number HAVING num != 0 ");
$stmt->execute(array(':col_list' => implode(',',$column_list), ':number' => '%'.$_POST["prefix"].'%'));
but its showing this error message:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1582 Incorrect parameter count in the call to native function 'LEAST'' in /home/integra/public_html/included_pages/call_tarrif_search.php:62 Stack trace: #0 /home/integra/public_html/included_pages/call_tarrif_search.php(62): PDOStatement->execute(Array) #1 /home/integra/public_html/index.php(119): include('/home/integra/p...') #2 {main} thrown in /home/integra/public_html/included_pages/call_tarrif_search.php on line 62
what am i doing wrong?
LEAST accepts 2 or more values and returns the least one.
You're passing a single value, that is the roots of the error.
PS: and as soon as you haven't explained the original issue - there is nothing to add here. Please don't ask "how to fix it" because we have no idea what you're trying to achieve.
I am using PDO, and am thrown an error when using the following code:
$stmt = $pdo->prepare("SELECT username FROM users WHERE
WHERE INSTR(`games`, '{$gameid}') > 0
");
$gameid = $gamedata['id'];
$stmt->execute(array(
':gameid'=>$gameid
));
$players = $stmt->fetch(PDO::FETCH_ASSOC);
Through looking at past answers this is supposed to work, however I am met with the following error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax
error or access violation: 1064 You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use near 'WHERE
INSTR(`games`, 'crysis') > 0' at line 2' in C:\xampp\htdocs\gs\gamepage.php:19 Stack
trace: #0 C:\xampp\htdocs\gs\gamepage.php(19): PDOStatement->execute(Array) #1 {main}
thrown in C:\xampp\htdocs\gs\gamepage.php on line 19
It also appears it's grabbing 'games' as a literal and not the column
What am I doing wrong?
You have a double WHERE:
SELECT username FROM users WHERE
WHERE
You're also doing some funny things with $gameid, namely setting the variable after substitution, and binding an unused :gameid parameter. You also have a SQL injection vulnerability and should really use a parameter to pass $gameid instead of creating dynamic SQL.
You have the word games encased in "back quotes" and not "single quotes" like the {$gameid} variable is using. They are probably making the db engine assume it is a column name instead of text.
$stmt = $pdo->prepare('SELECT `username` FROM `users`
WHERE INSTR(`games`, :gameid) > 0;');
And you should use $stmt->bindValue() or $stmt->bindParameter() before executing the query.
This won't work if gameid is an ... INTEGER ! ? ! ?
Im using PHP PDO to let my Android app talk to a MySQL database.
Here's my PHP file:
<?php
$pdo = new PDO("mysql:host=x;dbname=x", "x", "x");
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO k_user_groep(group, user, rol) VALUES (?, ?, ?)";
$q = $pdo->prepare($sql);
$q->execute(array($_GET['groupid'], $_GET['user'], $_GET['rol']));
?>
The table is designed as follows:
groupid references a unique index in other table,
user references a primary key in other table,
rol references nothing.
Directly in MySQL the following query works:
INSERT INTO `k_user_groep`(`group`, `user`, `rol`) VALUES ('1', 'test', 'v');
This is my call on the PHP file:
x.php?groupid=1&user=test&rol=v
It returns the following:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group, user, rol) VALUES ('1', 'test', 'v')' at line 1' in x.php:7 Stack trace: #0 x.php(7): PDOStatement->execute(Array) #1 {main} thrown in x.php on line 7
Any advice?
group is a reserved word in mySQL.
It works in your second example because you're wrapping the column name in backticks.
Well it clearly is not the same query you're trying in your PDO code and in the MySQL client — you have all your identifiers quoted in the client, while none are quoted in the PDO code.
I'm trying to run a simple query with an ORM that is built on top of PDO.
Here's the code I'm trying to run:
$message = ORM::for_table("messages")
->where("to_user_id", $user_id)
->where("deleted", 0)
->where("reply_id", $message_id)
->where("read", 0)
->order_by_desc("time")
->limit(1)
->count();
(This is using j4mie's Idiorm, https://github.com/j4mie/idiorm)
This code seems like it would work, but I get the following MySQL error:
Error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation:
1064 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near 'read = '0' ORDER BY time DESC LIMIT 1'
at line 1' in /Users/chromium/Documents/root/e119/lib/classes/ORM.class.php:492
Stack trace:
#0 /Users/chromium/Documents/root/e119/lib/classes/ORM.class.php(492): PDOStatement->execute(Array)
#1 /Users/chromium/Documents/root/e119/lib/classes/ORM.class.php(289): ORM->run()
#2 /Users/chromium/Documents/root/e119/app/models/Message.class.php(73): ORM->count()
#3 /Users/chromium/Documents/root/e119/app/views/Messages/IndexView.php(42): Message::conversation_changed('3', '4', true)
#4 /Users/chromium/Documents/root/e119/app/templates/GameTemplate.php(13): require('/Users/chromium...')
#5 /Users/chromium/Documents/root/e119/lib/classes/Load.class.php(83): require('/Users/chromium...')
#6 /Users/chromium/Documents/root/e119/app/controllers/M on line 492 of /Users/chromium/Documents/root/e119/lib/classes/ORM.class.php
read and time are reserved words in mySQL.
You'll have to rename the columns, or wrap backticks around the columnn names:
->order_by_desc("`time`")
->where("`read`", 0)
(provided the ORM allows that, of course.)