$sql = "SELECT post_title, post_body, post_author FROM forum_post WHERE post_id='".$pid."' forum_id='".$id."' AND post_type='o'";
if($topicPost = $mysql->prepare($sql)) {
$topicPost->bind_param('ss',$pid,$id);
$topicPost->bind_result($post_title, $post_body, $post_author);
$topicPost->execute();
$topicPost->store_result();
} else {
echo "ErrorinSQLLL, ".$mysql->error;
exit();
}
So there is my SQL query statement.
I get this printed on my page :
ErrorinSQLLL, You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'forum_id='1'' at line 1
If needed I can post more of my code.
You are missing AND in your query, here post_id='$pid' forum_id='$id'.
You missed one AND, after post_id key:
"SELECT
post_title,
post_body,
post_author
FROM
forum_post
WHERE
post_id = " . $pid . "
AND
forum_id= " . $id . "
AND
post_type = 'o'";
Missing and in where condition
... WHERE post_id = " . (int)$pid . " AND forum_id = " . (int)$id . " ...
Ids are number, so without quotes.
Related
I have a query that is using $wpdb->query but every time I run it, it doesn't seem to work and is providing me with the following error message:
WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''4'' at line 1 for query SELECT * FROM wp_mytable OFFSET '4'
This is the code that is causing the error:
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . MY_TABLE . " OFFSET %s", $offset);
$fetch = $wpdb->get_results($query, 'ARRAY_A');
What am I doing wrong here? I've looked at some other questions but nothing seems to be similar to my issue so I don't know what I'm missing.
Offset should be integer not a string. Also offset comes along with limit
Replace
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . MY_TABLE . " OFFSET %s", $offset);
with
$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . MY_TABLE . " LIMIT %d OFFSET %d", $limit,$offset);
Not tested.
I am trying to updata a database table using pq_query in PHP. I have the following code:
$q = "UPDATE tableName SET ('data1 = " . $data1 . "', data2='" . $data2 . "') WHERE user=".$user;
$success = pg_query($q);
if (!$success) {
$errormessage = pg_last_error();
echo "Error " . $errormessage;
}
I am getting the following error message:
ERROR: syntax error at or near "'data1 = '"
LINE 1: UPDATE tableName SET ('data1 = 10', data2= 20'') WHERE user=
Replace your query with this query
$q = "UPDATE tableName SET data1 = '$data1', data2='$data2' WHERE user='$user'";
Explaination: You should pass variable in single quotes('') if your query in double quotes.
You are using a lot of quotes which it is not understood by PostgreSQL, try simply this :
$q = "UPDATE tableName SET data1 = " . $data1 . ", data2=" . $data2 . " WHERE user=".$user;
Remove those single quotes !
I want to get total transfered items from table inv_site_item where 'item_id' in inv_sie_item = 'item_code' in inv_items, I am getting packing also from packing table which works fine in this query only inv_site_item is giving problem.
error is: Unknown column 'inv_site_item.site_id' in 'field list'
$where .= " AND inv_items.item_code = $item_code";
$query = "SELECT inv_items.*,packing.name_en `packing_name`,"
. " COUNT(inv_site_item.site_id) `transfer_out`, COUNT(inv_site_item.location_site_id) `transfer_in` FROM inv_items"
. " left join "
. "inv_packing as packing on packing.id=inv_items.packing"
. " left join "
. "inv_site_item as transfer on transfer.item_id=inv_items.item_code"
. " WHERE item_code !='' " . $where . "";
you must use your table alias transfer instead, So:
change from
inv_site_item.site_id
to
transfer.site_id
also with inv_site_item.location_site_id to be transfer.location_site_id
For any query related errors you should always check to print the query if possible. Your "WHERE" clause is not getting populated correctly.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE item_code !=''' at line 1
This means that your query is giving error near your "WHERE" clause.
Print your $query variable to see the actual query that is built then you will be able to find the error and fix it.
<?php echo "<pre>"; print_r($query); echo "</pre>"; ?>
you must use your table alias transfer instead, So:
change from
inv_site_item.site_id
to
transfer.site_id
also with inv_site_item.location_site_id to be transfer.location_site_id
And also change $where .= " AND inv_items.item_code = $item_code"; to
$where .= "inv_items.item_code = $item_code";
and
change query statement to
$query = "SELECT inv_items.*,packing.name_en `packing_name`,"
. " COUNT(transfer.site_id) `transfer_out`, COUNT(transfer.location_site_id) `transfer_in` FROM inv_items"
. " left join "
. "inv_packing as packing on packing.id=inv_items.packing"
. " left join "
. "inv_site_item as transfer on transfer.item_id=inv_items.item_code"
. " WHERE " . $where . " AND item_code !=' '";
For let not empty clause come at last...
so I am building a search script and meed to pass on two variables, but first I want to make sure that the SQL QUery is correct so I am hard-coding the variable for now. So my variable is
$comma_separated = "'Alberta','Ontario'";
This is getting passed through to the query, which looks like this:
$sql = "SELECT * FROM persons WHERE 1=1";
if ($firstname)
$sql .= " AND firstname='" . mysqli_real_escape_string($mysqli,$firstname) . "'";
if ($surname)
$sql .= " AND surname='" . mysqli_real_escape_string($mysqli,$surname) . "'";
if ($province)
$sql .= " AND province='" . mysqli_real_escape_string($mysqli,$comma_separated) . "' WHERE province IN ($comma_separated)";
$sql .= " ORDER BY surname";
and then when the query runs, I get this message:
cannot run the query because: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE province IN ('Alberta','Ontario') ORDER BY surname LIMIT 0, 5' at line 1
But to me the query looks right, what am I missing here?
Thanks in advance.
You can't have WHERE in there twice. You also seem to be trying to filter on province values in two different ways. Based on the assumption that $province will always be an array of values (even if only a single value is given), you can try this:
$sql = "SELECT * FROM persons WHERE 1=1";
if (!empty($firstname)) {
$sql .= " AND firstname='" . mysqli_real_escape_string($mysqli,$firstname) . "'";
}
if (!empty($surname)) {
$sql .= " AND surname='" . mysqli_real_escape_string($mysqli,$surname) . "'";
}
if (!empty($province)) {
array_walk($province, function($value, $key_not_used) use ($mysqli) {
return mysqli_real_escape_string($mysqli, $value);
});
$sql .= " AND province IN ('" . implode(',', $province) . "')";
}
$sql .= " ORDER BY surname";
Your SQL contains two WHERE's.
SELECT * FROM persons WHERE 1=1
AND firstname='fn'
AND surname='sn'
AND province='p'
WHERE province IN ($comma_separated)
ORDER BY surname
Change the last bit to:
$sql .= " AND province='" . mysqli_real_escape_string($mysqli,$comma_separated) . "' AND province IN ($comma_separated)";
Which becomes:
AND province='p'
AND province IN ('Alberta','Ontario')
Change the last part to:
if ($province)
$sql .= " AND province IN (" . mysqli_real_escape_string($mysqli,$comma_separated) . ")";
I'm getting a syntax error on this PHP code:
<snip>
$last = (isset($_GET['last']) && $_GET['last'] != '') ? $_GET['last'] : 0;
$query = "SELECT message_id, user_name, message, date_format(post_time, '%h:%i') AS post_time" .
" FROM message WHERE chat_id = " . db_input($_GET['chat']) . " AND message_id > " . $last . ";";
$message_query = db_query($query);
</snip>
And db_query:
function db_query($query, $link = 'db_link') {
global $$link;
$result = mysql_query(mysql_real_escape_string($query), $$link) or db_error($query, mysql_errno(), mysql_error());
return result;
}
The exact error is this:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '\' %h:%i\')
AS post_time FROM message WHERE chat_id = 1 AND message_id > 0' at line 1<br><br>
SELECT message_id, user_name, message, date_format(post_time, '%h:%i') AS
post_time FROM message WHERE chat_id = 1 AND message_id > 0;
As you can see, it's throwing an error on a character that I don't have/see in my code. What is going on here?
You need to use mysql_real_escape_string only on your variables, not on the whole sql query.
Now it is translating:
date_format(post_time, '%h:%i')
to:
date_format(post_time, \'%h:%i\')
By the way, I´m assuming that your db_input function prepares your variables for use with a database, so you definitely need to use that for your $last variable as well.
Try this:
$query = "SELECT message_id, user_name, message, " .
date_format(post_time, '%h:%i') . "AS post_time" . " FROM message
WHERE chat_id = " . db_input($_GET['chat']) . "AND message_id > " . $last . ";";
Try to call date_format outside the string " . date_format(post_time, '%h:%i') . "