I get an error when i import a .sql file. How do i fix it?
Query:
insert into authorized_users values (sha1('".$name."'), sha1('".$password."');
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Here is the code:
create table authorized_users ( name varchar(20),
password varchar(40),
primary key (name)
);
insert into authorized_users values ( 'username',
'password' );
insert into authorized_users values ( 'testuser',
sha1('password') );
insert into authorized_users values (sha1('".$name."'), sha1('".$password."');
You need to edit your code and end the line with a closing parenthesis )
insert into authorized_users values (sha1('".$name."'), sha1('".$password."'));
You have missed ) here, so change
insert into authorized_users values (sha1('".$name."'), sha1('".$password."');
to
insert into authorized_users values (sha1('".$name."'), sha1('".$password."'));
I always prefer to enclose MySql queries inside double-quotes so I can use the variables directly without open and closing tags.
Answering to your question:
You missed the last parenthesis )
$myQuery = "insert into authorized_users values (sha1('$name'), sha1('$password'));";
Related
I'm creating a page where I have the option for attaching files. When the files have single quotes in their names is attached, I get an error. This is how I tried:
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["id"]));
$upload_directory = "uploads/attachments/";
$result = file_upload("attachment", "../".$upload_directory);
if($result[status] == true) {
$query = "insert into `attachments`
(
`id`,
`file_name`,
`file_extension`,
`file_size`,
`uploaded_file_name`,
`uploaded_file_path`
)
values
(
'$id',
'".$result[file_name]."',
'".$result[file_extension]."',
'".$result[file_size]."',
'".$result[uploaded_file_name]."',
'".$upload_directory.$result[uploaded_file_name]."'
)";
This is the error I got:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '2016.xlsx'
'xlsx',
'7988',
'1466056157029.xlsx',
'upload' at line 15
I know this is the place where the problem is: '".$result[file_name]."'. The problem is because of the single quote I've used. What is the change I should do? What should I add?
Add single quotes. You are using ' in filename so use addslashes() and when fetching use stripslashes(). OR remove ' from filename.
See below code
$query = "insert into `attachments`
(
`id`,
`file_name`,
`file_extension`,
`file_size`,
`uploaded_file_name`,
`uploaded_file_path`
)
values
(
'$id',
'".addslashes($result['file_name'])."',
'".$result['file_extension']."',
'".$result['file_size']."',
'".$result['uploaded_file_name']."',
'".$upload_directory.$result['uploaded_file_name']."'
)";
Number of arguments are mismatched in your insert query.
Use single quote,
ex: '".$result['file_name']."'
I wrote this mySQL query and I keep getting an error. Included are the query and the error:
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, $lastkey, $time())") or die(mysql_error());
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
Any help would be greatly appreciated! Thank you.
If your column in 'umeta_id' is default NULL then you don't need to specify it on the insert. 'CURTIME()' is an SQL function that returns current time. Should work if the column 'meta_value' is set to hold only time. I'm assuming you are using PHP. I've found including the variables in tick marks ' works. Also mysql_query is deprecated. You should use mysqli_query(yourDatabaseConnection, yourQuery)
mysql_query("INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES ('$value', '$lastkey', CURTIME())") or die(mysql_error());
You are passing String thru query to mysql Without putting in Single/Double quotes. Use
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, '".$lastkey."', '".$time()."')") or die(mysql_error());
this query with string concatenation.
Check type of values was matched with database and umeta_id allow be null .
may be on of field has autoincrement or not null check database again .
you should use NOW()
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, $lastkey, NOW())") or die(mysql_error());
Everyone!
I am working on application using php and mysql. Basically, initially, I am inserting the new data entries using html form into the database where store# is my primary key. For now I can not update the existing store# (as its my primary key) and get a message saying "Duplicate entry for store 967 (example)".
I want to update the "store" table if entery exists. Here is my code posted below, but I am getting another error message
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '['967'],address=['500 kipling avenue 1'],dsm_name=['n/a'],phone=['416-967-' at line 1
I am not sure if I am using the if conditional at right spot.
**$sql = "INSERT INTO `stores`(`store_num`, `address`, `dsm_name`, `phone`, `router_type`, `high_speed_pri`, `dsl_log`, `dsl_pass`, `secondary_conn`, `sec_dsl`, `sec_pass`) VALUES ('$store' , '$address', '$dsm', '$phone', '$router', '$highspeedpr', '$dsllog', '$dslpas', '$secondary_conn' , '$secdsl' , '$sec_pass')";
$mysqli_query = "SELECT * from 'stores' WHERE $store = 'store_num'";
if ($mysqli_query == TRUE){
$sql = "UPDATE `stores` SET `store_num`=['$store'],`address`=['$address'],`dsm_name`=['$dsm'],`phone`=['$phone'],`router_type`=['$router'],`high_speed_pri`=['$highspeedpr'],`dsl_log`=['$dsllog'],`dsl_pass`=['$dslpas'],`secondary_conn`=['$secondary_conn'],`sec_dsl`=['$secdsl'],`sec_pass`=['$sec_pass'] WHERE 1";
}
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>**
Replace instead of Insert
Since your update statement includes all the same fields as Insert, you can simply use a REPLACE Statement. As stated on the linked documentation:
REPLACE works exactly like INSERT, except that if an old row in the
table has the same value as a new row for a PRIMARY KEY or a UNIQUE
index, the old row is deleted before the new row is inserted. See
Section 13.2.5, “INSERT Syntax”.
So, changing the code to the following should work:
$sql = "REPLACE INTO `stores`(`store_num`, `address`, `dsm_name`, `phone`, `router_type`, `high_speed_pri`, `dsl_log`, `dsl_pass`, `secondary_conn`, `sec_dsl`, `sec_pass`) VALUES ('$store' , '$address', '$dsm', '$phone', '$router', '$highspeedpr', '$dsllog', '$dslpas', '$secondary_conn' , '$secdsl' , '$sec_pass')";
Error Reason
Your problem is with the syntax in the update statement. What is store_num, is it a number or a string?
You should change your syntax to not include the square brackets in the actual mysql query.
If $Store is Number:
=['$store'], to =$store
If $Store is Text:
=['$store'], to ='$store'
Final Recommendation
Even better though will be use prepared statements which are also secure and avoid against SQL injection attacks.
You can do this logic with a single query, using on duplicate key update. First, you have to define store_num as a unique key, if it is not already a unique or primary key:
CREATE UNIQUE INDEX idx_stored_storenum on stores(store_num);
Then use this insert:
INSERT INTO `stores`(`store_num`, `address`, `dsm_name`, `phone`, `router_type`, `high_speed_pri`,
`dsl_log`, `dsl_pass`, `secondary_conn`, `sec_dsl`, `sec_pass`
)
VALUES ('$store' , '$address', '$dsm', '$phone', '$router', '$highspeedpr',
'$dsllog', '$dslpas', '$secondary_conn' , '$secdsl' , '$sec_pass')
ON DUPLICATE KEY UPDATE address = values (address),
dsm_name = values(dsm_name),
. . .
sec_pass = values(sec_pass);
Your particular problem is the square braces, which MySQL doesn't recognize.
$sql="INSERT INTO $p (q,o1,o2,o3,o4,ta,ma) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma')";
this query is getting executed but shows error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '(q,o1,o2,o3,o4,ta,ma) VALUES
('','','','','','','')' at line 1
any idea??
use this query
$sql=" INSERT INTO '$p' ( `q` , `o1` ,`o2` ,`o3` , `o4` ,`ta` ,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma') "
use single quotes for '$p'
$sql="INSERT INTO '$p' (`q`,`o1`,`o2`,`o3`,`o4`,`ta`,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma')";
Always use single comma on php variable if you are using double comma at the start. Like this
$query = "INSERT INTO 'table' WHERE 'user' = '$user'";
in your case:
" INSERT INTO '$p' ( `q` , `o1` ,`o2` ,`o3` , `o4` ,`ta` ,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma') "
Using a form, I was trying to insert data into my database. The initial SQL query had variables for values, but it didn't work. After trying a few things and using mysqli_error I wasn't able to find the problem. I then replaced all the variables with strings, still, my data does not insert.
I've tried the below code nested amongst other bits of PHP, doesn't work. I tried it on a different page, didn't work. So I stripped everything and left just the mysql_connect link and the mysqli_query and it still will not insert.
This is the MySQL error I am getting:
error - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2
My code below is as follows:
$link = mysqli_connect("host", "username", "password", "database") or die("cannot connect"));
$try = mysqli_query($link,"INSERT INTO troubleshooting_files (`title`, `asset`, `image`, `category`, `file`)
VALUES ('title', 'asset', 'image', 'cat', 'file'");
//$try = mysqli_query($link,"INSERT INTO troubleshooting_users (`name`)
//VALUES ('title'");
if($try === false){
echo 'error - ';
echo mysqli_error($link);
} else{
echo 'all good';
}
I have tried entering just one field, I tried without the `s in the field names, I tried a different table name and it doesn't work. phpMyAdmin inserts data into the tables fine.
I also have PHP code in a different directory on the server that inserts data fine into this database, although that code still uses the deprecated mysql_query at the minute. I also have code that inserts rows fine on this server into a different database. I assume the database must be fine if PMA can insert data okay, and elsewhere in my script, other mysqli_query's work fine as I can fetch objects and update tables fine.
The closing bracket for the VALUES is missing...
$try = mysqli_query($link,"INSERT INTO troubleshooting_files (`title`, `asset`, `image`, `category`, `file`)
VALUES ('title', 'asset', 'image', 'cat', 'file')");
You have missing brackets:
VALUES ('title', 'asset', 'image', 'cat', 'file') ");
^^--------here missing bracket
you missed a bracket for the values()
$try = mysqli_query($link,"INSERT INTO troubleshooting_files (`title`, `asset`, `image`, `category`, `file`)
VALUES ('title', 'asset', 'image', 'cat', 'file')");