This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'keys) VALUES ('1','159')' at line 1' in C:\xampp\htdocs\***\index12.php:93 Stack trace: #0 C:\xampp\htdocs\***\index12.php(93): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\***\index12.php on line 93
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
for($i = 1; $i < sizeof($counts_index);$i++){
//echo $i.": ".$counts_index[$i]."<br/>";
$index = $counts_index[$i];
$sql1 = "INSERT INTO asce (idn,keys) VALUES (:idn,:keys)";
$q1 = $dbh->prepare($sql1);
$params1 = array(
':idn'=>$i,
':keys'=> $index
);
$q1->execute($params1);
}
Keys is a reserved word in MySQL. Either change your column name (better solution) or update your query wrapping keys in backticks.
INSERT INTO asce (idn, `keys`...
Related
I'm trying to do a form to insert values on a data base, but it's not working.
In fact, I used to use a VM that is now dead. And when I switched to Xammp my program didn't work anymore.
$titre = $_POST["titre"];
$categorie = $_POST["categorie"];
$portion = $_POST["portion"];
$heure_cuiss = $_POST["heure_cuiss"];
$minute_cuiss = $_POST["minute_cuiss"];
$heure_prepa = $_POST["heure_prepa"];
$minute_prepa = $_POST["minute_prepa"];
$heure_rep = $_POST["heure_rep"];
$minute_rep = $_POST["minute_rep"];
$cuiss = $_POST["cuiss"];
$cost = $_POST["cost"];
$dif = $_POST["dif"];
$histoire = $_POST["histoire"];
$region = $_POST["region"];
$temps = intval($heure_cuiss) + intval($minute_cuiss)/60 + intval($heure_prepa) + intval($minute_prepa)/60 + intval($heure_rep) + intval($minute_rep)/60;
$query = $bdd -> prepare('INSERT INTO recette (titre, categorie, portion, heure_cuiss, minute_cuiss, heure_prepa, minute_prepa, heure_rep, minute_rep , cuiss, cost, dif, histoire, region, temps)
VALUES(:titre, :categorie, :portion, :heure_cuiss, :minute_cuiss, :heure_prepa, :minute_prepa, :heure_rep, :minute_rep, :cuiss, :cost, :dif, :histoire, :region, :temps)');
$query -> execute(array('titre'=>$titre, 'categorie'=>$categorie, 'portion'=>$portion, 'heure_cuiss'=>$heure_cuiss, 'minute_cuiss'=>$minute_cuiss, 'heure_prepa'=>$heure_prepa, 'minute_prepa'=>$minute_prepa, 'heure_rep'=>$heure_rep, 'minute_rep'=>$minute_rep, 'cuiss'=>$cuiss, 'cost'=>$cost, 'dif'=>$dif, 'histoire'=>$histoire, 'region'=>$region, 'temps'=>intval($temps)));
I get this error
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'portion, heure_cuiss, minute_cuiss, heure_prepa, minute_prepa, heure_rep, min...' at line 1 in C:\xampp\htdocs\ptut\upload\back-index.php:46 Stack trace: #0 C:\xampp\htdocs\ptut\upload\back-index.php(46): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\ptut\upload\back-index.php on line 46
I've tried to rewrite my database, to write my insert with '?' but nothing works.
I've been working on this problem for 5 hours. I really need your help !
Thanks, Thomas
Make sure your password is empty like this :
$bdd = new PDO('mysql:host=localhost;dbname=yourDataBase', 'root', '');
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 3 years ago.
I get this error
(Uncaught PDOException: SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax;)
I know it's regarding the code below as I get this error code in my console
([Tue Jan 21 21:32:11.564497 2020] [proxy_fcgi:error] [pid 14681:tid
140542562248448] [client 81.226.126.93:39132] AH01071: Got error 'PHP
message: PHP Fatal error: Uncaught PDOException: SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'WHERE rakel IN ('3
31-1710')' at line 1 in
/var/www/vhosts/stockholmblaljusklan.se/httpdocs/cad/assets/includes/utl/larm.php:144\nStack
trace:\n#0
/var/www/vhosts/stockholmblaljusklan.se/httpdocs/cad/assets/includes/utl/larm.php(144):
PDOStatement->execute(Array)\n#1
/var/www/vhosts/stockholmblaljusklan.se/httpdocs/cad/sos/index.php(37):
include('/var/www/vhosts...')\n#2 {main}\n thrown in
/var/www/vhosts/stockholmblaljusklan.se/httpdocs/cad/assets/includes/utl/larm.php
on line 144', referer:
https://stockholmblaljusklan.se/cad/sos/index.php)
Someone that knows how to solve this problem? Much appreciated!
if(isset($_POST['submit_units'])){
$units = $_POST['enheter'];
$units_2 = implode(", ", $units);
$query_3 = "UPDATE larm SET enheter=:enheter WHERE id=:id";
$stmt = $db->prepare($query_3);
$stmt->bindparam(":enheter",$units_2);
$stmt->bindparam(":id",$id);
$stmt->execute();
$enheter_3 = explode(", ", $units_2);
$count_2 = str_repeat('?,', count($enheter_3) - 1) . '?';
$query_4 = "UPDATE fordon SET on_call=$id WHERE rakel IN ($count_2)";
$stmt = $db->prepare($query_4);
$stmt->execute($enheter_3);
}
I was not sure how to add all the below points in readable form in comments, so I am adding it here in the Answer section. Have a look at the below points:
$id not set
$stmt not closed after completing the query
You did not set $id for 2nd query
Comment out $enheter_3 = explode(", ", $units_2); $count_2 = str_repeat('?,', count($enheter_3) - 1) . '?';
and you can directly use $count_2 = str_repeat('?,', count($_POST['enheter']) - 1) . '?';
Your last query is susceptible to the SQL injection attack
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 4 years ago.
i want to search a title that include apostrophe in it.
i call the title from variable.
for example:
$mytitle = "Daddy's Home";
then i try to search it.
$apostrophe = $val;
$replacementsapostrophe = [
"'" => "''",
];
$newval = strtr($apostrophe, $replacementsapostrophe);
$query2 = $db->prepare ("SELECT category, id_master_post, master_post_name FROM `master_post` WHERE master_post_name = '$newval'");
$query2->execute();
$value2 = $query2->fetch();
Error given
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the right
syntax to use near 's Home 2'' at line 1 in
C:\xampp\htdocs\piratefiles\list.php:31 Stack trace: #0
C:\xampp\htdocs\piratefiles\list.php(31): PDOStatement->execute() #1
{main} thrown in C:\xampp\htdocs\piratefiles\list.php on line 31
im already try '%''%' still not working.
You should use prepared statements to avoid sql injection but to answer your question . An example;
try{
$db=new PDO(DSN,USER,PASS);
}catch(PDOException $e){
echo "couldn't connect cos of $e";
}
$sqlQuery = "SELECT category, id_master_post, master_post_name FROM `master_post` WHERE master_post_name = ? "
$prepared= $db->prepare($sqlQuery);
$prepared->execute($myTitle);
$resultObject = $prepared->fetchObject() ;
I want to add data to my table with stored procedure, but I have this error:
Gönder
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)' at line 1' in C:\xampp\htdocs\berat\isyerikayit.php:142 Stack trace: #0 C:\xampp\htdocs\berat\isyerikayit.php(142): PDO->query('CALL isyerikayi...', 2) #1 {main} thrown in C:\xampp\htdocs\berat\isyerikayit.php on line 142
<?php
if (isset($_POST['gonder']))
{
$adi = $_POST["adi"];
$calismaturu = $_POST["calismaturu"];
$iscigucu = $_POST["iscigucu"];
$hizmetturu = $_POST["hizmetturu"];
$butce = $_POST["butce"];
if($calismaturu == 'V')
{
$sorgu= $db->query("CALL isyerikayitV($adi,$calismaturu,$iscigucu,$hizmetturu)",PDO::FETCH_ASSOC);
echo '<script>alert("Hizmet Veren Firma Eklendi.");</script>';
}
else
{
$sorgu= $db->query("CALL isyerikayitE($adi,$calismaturu,$butce)",PDO::FETCH_ASSOC);
echo '<script>alert("Hizmet Edilen Firma Eklendi.");</script>';
}
}
?>
My isyerikayitE() and isyerikayitV procedures are 7.
It seems that $iscigucu is empty:
"that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)'"
And all your string variables are missing the quotes:
A quick solution is to do:
$iscigucu = empty($_POST["iscigucu"]) ? "''" : "'".$_POST["iscigucu"]."'";
for each one of them.
or
$iscigucu = "'".$iscigucu."'"
But the right way to solve this is to use prepared statements:
$call = mysqli_prepare($mysqli, 'CALL test_proc(?, ?, ?, ?)');
mysqli_stmt_bind_param($call, 'ssss', $adi,$calismaturu,$iscigucu,$hizmetturu);
mysqli_stmt_execute($call);
Take a look at: http://php.net/manual/en/mysqli-stmt.bind-param.php
I am inserting the values using PDO but i am getting error as:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,price,nick_name,gender,size,color,birth_date,uname,uphone,ucountry,ustate,u' at line 1' in C:\wamp\www\aa\abc.php:58 Stack trace: #0 C:\wamp\www\www\aa\abc.phpphp(58): PDOStatement->execute(Array) #1 {main} thrown in C:\wamp\www\www\aa\abc.php.php on line 58
also getting Warning: implode() [function.implode]: Bad arguments for implode function
Code:
foreach ($_POST['pcheck'] as $p_check) ////storing checkbox values
{
$pcheckp[] = $p_check;
} $finalcheck = implode(',', $pcheck);
foreach ($_POST['pinc'] as $p_inc) ////storing inputfield values
{
$pinc[] = $p_inc;
} $finalpinc = implode(',', $pinc);
$sql = "INSERT INTO list (u_id,list_type,list_ff,breed,title,desc,price,nick_name,gender,size,color,birth_date,uname,uphone,ucountry,ustate,ucity,usite,pcheck,pinc,photo)
VALUES(:uid,:list_type,:list_ff,:breed,:title,:desc,:price,:nick_name,:gender,:size,:color,:date,:uname,:uphone,:ucountry,:ustate,:ucity,:usite,:pcheck,:pinc,:p_photo)";
$q = $db->prepare($sql);
$q->execute(array(':uid'=>dd,
':list_type'=>$list_type,
':breed'=>$breed,
':title'=>$title,
':desc'=>$desc,
':price'=>$price,
':list_ff'=>$list_ff,
':nick_name'=>$nick_name,
':gender'=>$gender,
':size'=>$size,
':color'=>$color,
':date'=>$date,
':uname'=>$uname,
':uphone'=>$uphone,
':ucountry'=>$ucountry,
':ustate'=>$ustate,
':ucity'=>$ucity,
':usite'=>$usite,
':pcheck'=>$finalcheck,
':pinc'=>$finalpinc,
':p_photo'=>$p_photo));
$_POST['pcheck'] and $_POST['pinc'] is used to get checkbox and input values which i am going to store in column in mysql.
I have checked many times to find the syntax error in insert query but nothing wrong is in it
Hoping to get help
Thanks!
for Warning: implode()
$finalcheck = implode(',', $pcheck);
should be
$finalcheck = implode(',', $pcheckp);
also desc is reserved for mysql you need to use it with `
$sql = "INSERT INTO list (`u_id`,`list_type`,`list_ff`,`breed`,`title`,`desc`,`price`,`nick_name`,`gender`,`size`,`color`,`birth_date`,`uname`,`uphone`,`ucountry`,`ustate`,`ucity`,`usite`,`pcheck`,`pinc`,`photo`)
VALUES(:uid,:list_type,:list_ff,:breed,:title,:desc,:price,:nick_name,:gender,:size,:color,:date,:uname,:uphone,:ucountry,:ustate,:ucity,:usite,:pcheck,:pinc,:p_photo)";