Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have this code:
<?php
include "../Header.php";
$verify = mysql_query("SELECT * FROM Users WHERE Verified = 'YES'");
while($row = mysql_fetch_array($verify))
{
mysql_query("INSERT INTO Inventory (UserID, ItemID, File, Type, code1, code2) VALUES ('" .
$row['ID']."','96','40_c4cf313e76fc072a6be0a0959427246a.png','Accessory'," . sha1('40_c4cf313e76fc072a6be0a0959427246a').",'".sha1($row['ID'])."')") or die(mysql_error());
echo $row['ID'];
}
I get this error:
Unknown column '6c59be3b2b3c1ad356402243bf9a3eba66dee96d' in 'field list'
But there is nothing about that column in my code.
Just put single quotes around your Sha value like this:
mysql_query("INSERT INTO inventory
(
userid,
itemid,
FILE,
type,
code1,
code2
)
VALUES
(
'" . $row['id'] . "',
'96',
'40_c4cf313e76fc072a6be0a0959427246a.png',
'Accessory',
'" . sha1('40_c4cf313e76fc072a6be0a0959427246a') . "',
'" . sha1($row['id']) . "'
)") or die(mysql_error());
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I'm trying to add a where statement to this query so it only shows records that have been set as published.
$query = "SELECT id, heading, summary, date, keyword1, keyword2, keyword3
FROM " . DB_TABLE . "";
I've tried
$query = "SELECT id, heading, summary, date, keyword1, keyword2, keyword3, publish
WHERE publish ='y' FROM " . DB_TABLE . "";
And
$query = "SELECT `id`, `heading`, `summary`, `date`, `keyword1`, `keyword2`, `keyword3`, `publish`
WHERE `publish` ='y' FROM " . DB_TABLE . "";
But none of them seem to work, any help greatly appreciated, thank you
How about this:
$query = "SELECT `id`, `heading`, `summary`, `date`, `keyword1`, `keyword2`, `keyword3`, `publish` FROM " . DB_TABLE . " WHERE `publish` ='y' ";
If you look at MySQL documentation you will see that SELECT statement comes first, then is FROM statement and WHERE comes last. Of course there are various other statements that can be used, you can find all them in the link above
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have a query with some parameters that I bind with PDO. This is my code:
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
$query = $DBobj->dbConn->prepare($sql);
$query->bindValue(':marca', $marca, PDO::PARAM_STR);
$query->bindValue(':larghezza', $larghezza, PDO::PARAM_STR);
$query->execute();
But it does not work. I have this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\Users\mydoc\Documents\pjct\web_gomme_new\class\class.Pneumatico.php on line 116
What is the problem? I printed both variables used in binding function, and they have correct values.
I can not say for sure if this is the problem, but there is an error in your query. (missing space).
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza[ ]"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
See the brackets behind :larghezza.
Your query will end up being "..AND larghezza_pneumatici = :larghezzaGROUP BY altezza_pneumatici...".
You do not need to break up the SQL query string.
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici
WHERE sigla_produttore = :marca
AND larghezza_pneumatici = :larghezza
GROUP BY altezza_pneumatici
ORDER BY altezza_pneumatici ASC";
Is fine. Whitespace at end of each line. This should do the trick.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Im trying to update a table in MySQL database, but the data cannot be updated.
the value for $id is 2 and $status is empty.
echo $id;
echo $status;
$sql="UPDATE maklumat_tempahan
SET
status = '$status',
WHERE id_tempahan = '$id' ";
mysql_select_db('psmbaru');
$retval = mysql_query( $sql, $conn );
?>
<?php if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Permohonan Anda Dalam Proses\n";
mysql_close($conn);}?>
This is the error that came out
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id_tempahan = '2'' at line 7
remove , after $status
$sql="UPDATE maklumat_tempahan
SET
status = '$status'
WHERE id_tempahan = '$id' ";
Yes, remove comma after => status = '$status',
and are you sure not to add mysql_real_escape_string() for your input brother?
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have problem with update data to database - I'm getting 0000-00-00. To the input field I'm writing data as "2010-08-10". For insert it works correctly, only for update not.
In inserting it works properly also for dates like that, for update this dates also don't work.
Above codes the both queries:
$rec_query = mysql_query ("INSERT INTO `" . $tb_best_ps . "` (id, name, date, author, www, image) VALUES ('','" . mysql_escape_string ($_POST ["name"]) . "','" . $_POST ["date"] . "','" . mysql_escape_string ($_POST ["author"]) . "','" . mysql_escape_string ($_POST ["www"]) . "','" . mysql_escape_string ($_POST ["image"]) . "')");
$query1 = mysql_query ("UPDATE `" . $tb_best_ps . "`
SET `name` = '" . mysql_escape_string ($_POST ["name"]) . "',
`date` = " . $_POST ["date"] . ",
`author` = '" . mysql_escape_string ($_POST ["author"]) . "',
`www` = '" . mysql_escape_string ($_POST ["www"]) . "',
`image` = '" . mysql_escape_string ($_POST ["image"]) . "'
WHERE `id` = '" . $_POST ["edit"] . "'");
Output when I'm using echo on update query:
UPDATE `swt_best_ps` SET `name` = 'Best Paper Award at ADAPTIVE 2014 for Paper XYZ', `date` = 2010-08-10, `author` = 'David Bowie', `www` = 'http://thinkmind.org/', `image` = 'http://randomweb.com/iaria2014.png' WHERE `id` = '1'
You didn't quote your dates, so if you're getting something like 2014-04-08 in your $_POST value, you're actually doing
... date = 2014-04-08 ...
which will be seen as a math operation: two subtractions, and you end up doing
... date = 2002 ...
Since you haven't quoted your dates, nor escaped them, you're both inserting bad data, and vulnerable to SQL injection attacks. ANY external data going into a query string MUST be properly escaped and quoted.
The query building line should be
"`date` = '" . mysql_real_escape_string($_POST['date']) . "'"
^---note the added quote ^---note the added quote
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Well please help to correct syntax fo the following code. I have to select 2 values from one table and insert them in another table. one value is taking from PHP variable.this all needs to be done using Opencart model file
$this->db->query("UPDATE " . DB_PREFIX . "rate_cost SET rate_cost = " . $this->db->escape($data['rate_cost']) );
$sql = "SELECT DISTINCT competition_rate, customer_id FROM " . DB_PREFIX . "customer WHERE competition_rate NOT LIKE 0";
$query = $this->db->query($sql);
$rates = array();
$customer_ids = array();
foreach($query->row['competition_rate'] as $result){
$rates[] = $result * $data['name'];
}
foreach($query->row['customer_id'] as $result2){
$customer_ids[] = $result2;
}
$sums = $rates;
$ids = $customer_ids;;
$sql = ("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES'".$ids.",".$sums"'");
}
I am getting the folowing error:
Parse error: syntax error, unexpected '"'"' (T_CONSTANT_ENCAPSED_STRING) in C:\xampp\htdocs\sport\admin\model\competition\newsletter.php on line 18
You have some syntax errors in your $sql query, the correct syntax for INSERT query is
INSERT INTO table (columns) VALUES ('values');
So youre missing paranthesis for your values and you dind't surround correctly with quotes. So change as follow
VALUES ('".$ids."','".$sums"')");
So the complete query will look like that
("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES ('".$ids."','".$sums"')");