I am new to php and mysql and i am using delete query with CONCAT function, but it is showing some error.
My sql query is
$sql = "delete from wp_users_friends where userid ='$username'
and frid LIKE CONCAT('%',$frUserID)";
And the error is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
I am having a lot of trouble in this, try to help me
Correct it to:
$sql = "delete from wp_users_friends where userid ='$username'
and frid LIKE '%$frUserID'";
MySQL CONCAT() function is made for concatenating the strings to make them a single string. Which is not required here.
If you want to find ids which start with $frUserID, use like keywords with wild card operator % in the beginning.
This operator % will search for all rows which have frid starting from $frUserID.
Make your query as below:
$sql = "DELETE FROM wp_users_friends WHERE userid ='$username' AND frid LIKE '%".$frUserID."'";
You should not use CONCAT() for a LIKE expression, use a query like one of the other answers instead.
Just wanted to add, you should use single quotes (') for the variable you pass into CONCAT().
So instead of doing this :
$someSql = "CONCAT('%',$frUserID)";
You should do :
$sql = "CONCAT('%','$frUserID')";
Notice the single quotes around $frUserId.
Related
I would like to query my database so that it shows me the result of the query based on my PHP's superglobal $_GET. I have tried this:
LIKE '%".$_GET["name"]."%'"
AND
LIKE '%{$_GET["name"]}%'
However, it was in vain. Can anyone help me with this?
This is my php code:
$places = query( "SELECT * FROM places WHERE MATCH (postal_code, country_code, admin_name1, admin_code1, place_name) AGAINST (?) OR LIKE '%".$_GET["geo"]."%'", $_GET["geo"]);
The error message shows me:
Fatal error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE '%akutan%''
It is not good idea to use global variable directly in your mysql query.
so, you must first assign it to some variable and use it
Like:
$getName = mysql_real_escape_string($_GET['name']);
$mysql = "SELECT * FROM places WHERE `postal_code` LIKE '%".$getName."%' ";
I hope it will help you
Use this
$mysql = "SELECT * FROM table WHERE input LIKE '%".mysql_real_escape_string($_GET['name'])."%' ";
I am getting an error when other same page is working good but another gives an error on same query code.
Here is my code what is wrong with this?
$ttt = mysql_query("SELECT * FROM like WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like WHERE (user_id='' AND sound_id='')' at line 1
like is an SQL reserved word and you should use "like" inside backticks ``
$ttt = mysql_query("SELECT * FROM `like` WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
like
Is a reserved word and cannot be used as a tablename the way you try to. Either try setting it into backticks or rename the table.
like is a reserved keyword use backtick for it
`like`
https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Usage of LIKE in mysql
select * from table where username like '%aaa';
select * from table where username like '%aaa%';
select * from table where username like 'aaa%';
etc
As a rule you shouldn't use reserved words, but if you must, and for the purpose of this question, put brackets around it.
$ttt = mysql_query
("SELECT *
FROM [like]
WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
Like is reserved word. Better to change your table name or surrounded with back tick like this like
Try this.
$ttt = mysql_query("SELECT * FROM like_table WHERE user_id=$user_id AND sound_id=$sound_id",$link) or die(mysql_error());
I have a weird problem please take a look at this query:
select * from myfriend where name like "%n%";
when execute this query on phpMyAdmin the query returned correct results, but when execute it using php no result returned.
please note this query executed in drupal 6.
what is the problem with char "n" and PHP?
Percent signs are used as placeholders in Drupal 6 queries, so you need to escape them:
$query = db_query('select * from myfriend where name like "%%n%%"');
$searchChar = "n";
$query = "SELECT * FROM `myfriend` WHERE `name` LIKE '%" . $searchChar . "%'";
Then use the $query variable in your statement.
Eg:
$mysql->query($query);
mysql_query($query);
Your query is perfect. Give some brief on it. You can check if your connection of database from php to mysql is correct. You can echo that query from php file and run into phpmyadmin if that gives correct output then surely database connectivity problem will be there.
There is absolutely no issues with any character in php.
My code is
$user_query = '
UPDATE
users
SET
`password`="$password",
`email`="$email",
`position`="$position",
WHERE
`username`=".$uname."';
$user_result = mysql_query($user_query, $connection);
confirm_query($user_result);
When I run this query it gives me an error:
Database query failed: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username=".$uname."' at line 7
Can any body help me resolve this error?
Your query is in single quotes, so the variables aren't parsed. As you can see in error, the string is literally
`username`=".$uname."
You need to either use double quotes around the enitre thing, to parse variables correctly.
$user_query = "
UPDATE
users
SET
`password`='$password',
`email`='$email',
`position`='$position'
WHERE
`username`='$uname'";
Or correctly use the string concatanation operator, ..
$user_query = '
UPDATE
users
SET
`password`="'.$password.'",
`email`="'.$email.'",
`position`="'.$position.'"
WHERE
`username`="'.$uname.'"';
As others have noted, there's also an extra , after postion="$position".
Remove the comma , before the WHERE clause
Just change quotes, and better escape data with DB driver funcs like mysql_real_escape_string()
Difference between quotes: https://stackoverflow.com/a/3446286/765634
Escaping: http://php.net/mysql_real_escape_string
Complete query:
$user_query = <<<SQL
UPDATE
users
SET
`password`="{$password}",
`email`="{$email}",
`position`="{$position}",
WHERE
`username`="{$uname}"
SQL;
There is a trailing comma between position="$position", and the where clause. Remove the comma just before the where clause.
UPDATE
users
SET
`password`="$password",
`email`="$email",
`position`="$position"
WHERE
`username`=".$uname."';
You had a trailing , after position
You have an extra comma after position="$position". Remove that.
i want to recober all the users with "blo" in their full name, for example: "Pablo"
I pass the "blo" parameter with user PHP parameter:
$q=mysql_query("select * From user Where fullName Like '%'".$_REQUEST['user']."'%'",$link );
something is wrong in the php SQL sentence, because when i try the sentence with the argument "blo" on my SQL database, i see that the SQL sentence is correct, because it returns me correct result, this is the sentence with the argument "blo" on it: select * From user Where fullName Like "%blo%"
i'm sure that the PHP is receiven the "blo" parameter correctly, then, it have to be a sintax error of the SQL sentence on the PHP.... but i can't find it
EDIT : OK!! the last sentence is solved, but now i have this new sentence with the same problem, it have a error but i dont know where
$query = sprintf("SELECT u.*
FROM USER u
WHERE u.fullName LIKE '%%%s%%' AND email NOT IN (select pp.fk_email2 from permission pp where pp.fk_email1='".mysql_escape($_REQUEST['mymail'])."') AND email NOT LIKE '".mysql_escape($_REQUEST['mymail'])."' ",
mysql_real_escape_string($_REQUEST['user']));
SQL requires single quotes to indicate a string for comparison, and the wildcard character (%) must be included inside of those single quotes. Double quotes are used for column and table aliasing only, if at all.
$query = sprintf("SELECT u.*
FROM USER u
WHERE u.fullName LIKE '%%%s%%'",
mysql_real_escape_string($_REQUEST['user']));
$q = mysql_query($query, $link);
Secondly, you're leaving yourself open to a SQL injection attack by not sanitizing the user request variable. Always use mysql_real_escape_string when dealing with strings being submitted to a MySQL database.
You have the quotes messed up. use this:
$q=mysql_query('SELECT *
FROM user
WHERE fullName LIKE "%' . $_REQUEST['user'] . '%"',$link );
BTW, this is bad practice. You are using un-escaped input in your query and are open to SQL injection.
It looks like your quotes are off.. try something like...
$q=mysql_query("select * From user Where fullName Like '%".$_REQUEST['user']."%'",$link);
Also, you will want to make sure that the incoming param is sql-escaped to prevent sql injection. I don't know php, but it's probably something similar to...
$q=mysql_query("select * From user Where fullName Like '%".mysql_escape($_REQUEST['user'])."%'",$link);
I think it must be ... Where fullname like '%" . $_REQUEST['user']."%'"...
with the % symbol inside the simple quotes.
#AndroidUser99: Change the query to --
$q = mysql_query("select * from user Where fullName like '%" . $_REQUEST['user'] . "%'", $link);
Update
I think we may need more code since none of the answers seem to be 'working'. Is the database link even being instantiated in $link? If there are errors what are they?