Notice: Undefined variable: table_name in /Applications/MAMP/htdocs/welcometowarwick/scripts/php/insert_imagery.php on line 106
Error: UPDATE SET business_description='', image1='profiles/sadsadas/', image2='profiles/sadsadas/', image3='profiles/sadsadas/', image4='profiles/sadsadas/', image5='profiles/sadsadas/' WHERE id='307' LIMIT 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET business_description='', image1='profiles/sadsadas/', image2='pr' at line 1
Here is the UPDATE code
$updatesql = sprintf("UPDATE $table_name SET
business_description='$business_description',
image1='$insert_upload1',
image2='$insert_upload2',
image3='$insert_upload3',
image4='$insert_upload4',
image5='$insert_upload5'
WHERE id='$user_id' LIMIT 1");
if (mysqli_query($link, $updatesql)) {
header('Location: ../../register/complete.php');
} else {
echo "Error: " . $updatesql . "<br>" . mysqli_error($link);
}
mysqli_close($link);
Can anyone see what the error with the syntax is?
This is too long for a comment, therefore I am submitting the following.
The syntax error is clear:
right syntax to use near 'SET it starts at SET, so this tells me that:
$table_name is either not defined, or it contains a character that MySQL doesn't agree with. Possibly a space, a hyphen; who knows. Only you know that and how $table_name is defined, or whether it's defined at all.
Plus, as I stated in comments; you're using sprintf but there is no syntax to support that. You can just get rid of it, far as I'm concerned.
It is also unclear which MySQL API you are using to connect with, so make sure you are indeed using mysqli_ to connect with and not mysql_ or PDO.
Those different MySQL APIs do not intermix with each other.
If you have any questions, please do not hesitate to place a comment underneath my answer.
You may also want to make use of mysqli_real_escape_string() in order to escape your data. There might be characters in there that MySQL will also want to buck about.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
this query can't get the table name so it happens try to first echo $updatesql and check the query get table name
Related
I am currently attempting to create a dashboard for a personal trainer where they can update client records. I have a mySQL database and I am using PHP as the scripting language.
What I want to do: Be able to update client information via HTML input boxes. (Which I have already created). The first being username - which should correspond to a username in the mySQL database. Then the information in the next three input boxes should be inserted into the correct fields in the database.
The Problem: I currently cannot get the SQL statement to work correctly as the Client username is not recognized. This is the error message I am currently receiving :
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') WHERE Client_username = JSmith' at line 1
JSMith is a valid username in the database.
Below is the PHP I am attempting to use:
//insert
$value1 = $_POST['height1'];
$value2 = $_POST['weight1'];
$value3 = $_POST['bodyfat1'];
$value4 = $_POST['username'];
$sql = "UPDATE client SET Height='$value1', Weight='$value2', Body_fat='$value3') WHERE Client_username = $value4";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
My connection etc is working just fine.
If ayone could help me out that would be great!
Here's the deal.
The first error is coming from the bracket just before your where clause:
$sql = "UPDATE client SET Height='$value1', Weight='$value2', Body_fat='$value3') WHERE...
^ there
Remove it.
MySQL was telling you:
...right syntax to use near ') WHERE
^
Then, the "username" which is a string, needs to be treated as such, therefore wrapping the $value4 variable in your where clause with quotes.
WHERE Client_username = '$value4'
However, I need to point out that your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
An insight:
Make sure that your form contains name attributes to go with your POSTs, and contain no typos, and that letter-case matches.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
srno is being successfully fetched from a textbox
<?php
$srno = $_POST['srno'];
mysql_connect("localhost","root","");
mysql_select_db("visit");
$sql ="UPDATE visitor SET Exit='".$ab."' WHERE srno=$srno";
mysql_query($sql) or die ("Error: ".mysql_error());
?>
If $srno is a string you're missing quotes around it
$ab is not defined
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
You are also wide open to SQL injections
To further elaborate on John (Conde's) answer, exit is a MySQL reserved word:
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Either rename it to something else, or wrap it in backticks:
$sql ="UPDATE visitor SET `Exit`='".$ab."' WHERE srno=$srno";
^ ^ backticks
or (if $srno is a string, as John stated in his answer)
$sql ="UPDATE visitor SET `Exit`='".$ab."' WHERE srno='$srno'";
You have used mysql_error() on mysql_query() which should have signaled the syntax error, something you have not shared completely in your question, only as the question's title which does not show us the complete error message, however I am certain it is something to the effect of
...MySQL server version for the right syntax near 'Exit...
Add error reporting to the top of your file(s) which will help during production testing.
error_reporting(E_ALL);
ini_set('display_errors', 1);
which will signal an Undefined variable... warning for $ab.
Here is a small sample of code that is giving me a MySQL Syntax Error. Connect.php is connecting to the correct database and can be used with other projects and code. I know as a fact that the code in connect.php is correct. It is giving me a MySQL Syntax Error about. It doesn't give any more detail than this:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'keys WHERE key='xxxxxxxxxxxx'' at line 1
I pulled this small sample of code from the main project and it still throws the error.
<?php
require "connect.php";
$keyCheck = mysql_query("SELECT * FROM keys WHERE `key`='".$_POST['betakey']."'" , $con);
if (!$keyCheck) {
echo mysql_error();
exit;
} else {
$keyRows = mysql_num_rows($keyCheck);
if ($keyRows == 0) {
echo "This key is invalid!";
exit;
}
?>
EDIT: I got the admin to rename the table and you guys helped me fix some potential security hazards.
I'm fairly sure keys is a reserved word. In any case, you should always enclose database, table and column names in backticks. Not just "sometimes" as you have in this example. Always.
Source.
I cant really figure out whats wrong with this. I used to write the exact same thing and got it working.
$check = mysql_query("SELECT encrypt FROM database WHERE word='$word'") or die(mysql_error());
Error returned is : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'database WHERE word='asdaasdasdd'' at line 1
DATABASE is a mysql reserved word, eclose it with backticks ``
$check = mysql_query("SELECT encrypt FROM `database` WHERE word='$word'")
or die(mysql_error());
Try backquoting database. It's probably a reserved word.
Database or Databases is a keyword. See the following link for Reserve words
The or die() trick is a very poor choice for several reasons:
It's not a very nice way to present the user with an error message.
Using for instance the mysql_error() call with it, as many people do, exposes information that should never get output in a production environment
You cannot catch the error in any way.
You cannot log the error.
You cannot control whether it should be output to the screen or not. It's okay to do that in a development environment, but certainly not in a production environment.
It prevents you from doing any sort of cleanup. It just ends the script abruptly.
An easy way to implement is :
$result = mysql_query('SELECT foo FROM bar', $db) or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);
Encrypt is a function so, even tho' it is not causing the problem, I would avoid using it as a column name.
The exact error message is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where rfflag='0'' at line 1
Hi,
I'm trying to get some php scripts working and it dies with the above error message. There are two locations where rfflag is used in the SQL query:
$_SESSION['lang']=$objTerm->my_get_one("select min(id) from "
.$objTerm->TABLE['languages']." where status='1' and rfflag='0'");
$rs_lang=$objTerm->execute_query("select id,language from "
.$objTerm->TABLE['languages']." where `status`='1' and `rfflag`='0'");
How do I determine which one is causing the problem? Or is the problem something else altogether?
Echo this:
"select id,language from ".$objTerm->TABLE['languages']." where status='1' and rfflag='0'"
and this:
"select min(id) from ".$objTerm->TABLE['languages']." where status='1' and rfflag='0'"
Then run execute each output in your favorite sql developer tool.
Errors will be displayed there.
How do I determine which one is causing the problem?
Remove one of the queries. See if it still happens.
On a secondary thought, I would suggest that you change your MySQL query code so, that it doesn't use die() to print out the error message. Use trigger_error or exceptions instead, this way you will automatically get a trace of which line caused it.
How do I determine which one is causing the problem?
use trigger_error() to output an error message.
I guess (I have to guess because you supply no code) that you are using die() to output an error.
if you change this bad practice function to trigger_error(), you will be able to see the line number, where error occurred.
If you add non only mysql_error() to it's output, but also query itself, you will be able to see the problem code too.
I guess $objTerm->TABLE['languages'] is undefined or does not have the value you’re expecting.
As sheeks06 has already suggested, just echo the query to see if everything is as expected:
$query = "select min(id) from "
.$objTerm->TABLE['languages']." where status='1' and rfflag='0'";
echo $query;
$_SESSION['lang']=$objTerm->my_get_one($query);
$query = "select id,language from "
.$objTerm->TABLE['languages']." where `status`='1' and `rfflag`='0'";
echo $query;
$rs_lang=$objTerm->execute_query($query);