I am having error inserting values to a database table in mysql.The connection is allright. I have checked it. My code is :
$emails = implode(",", $not_submitted);
$sql_update_query = "INSERT INTO reminders_table(id,group_name,runtimes,emails) VALUES(NULL, '".mysql_real_escape_string($group_name) ."' ,'".mysql_real_escape_string($runtimes) ."' , '".mysql_real_escape_string($emails) ."')";
mysql_query(sql_update_query, $con);
echo $sql_update_query, "<br>";
echo mysql_error(), "<br>";
After seeing the error in my console, it says :
"responseText: "INSERT INTO reminders_table(id,group_name,runtimes,emails) VALUES(NULL, 'BIT' , 'tue,wed-02:45,23:15' , 'c_faw,)<br>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sql_update_query' at line 1<br>"Reminders have been sent....! Please close this page."↵"
Any help is appreciated. So far I have tried debugging a lot. I added "mysql_real_escape_string" also, but still it doesn't work.
It a missing a Single quote after email variable.
Related
I have an error on insert value mysql.
Please see my PHP code
<?php
$ali = $_POST['ali'];
$con = #mysqli_connect('localhost', 'root', '', 'mohammad');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$insertinto_ic_add = "INSERT INTO sq (text) VALUES ('" . $ali . "')";
mysqli_query($con, $insertinto_ic_add) or die("database error:" . mysqli_error($con));
?>
<form action="" method="post">
<input name="ali">
</form>
I input the values " n't " and an error occurs:
database error:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 't')' at line 2
I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";
I have the following coding and would like to insert a sql into mysql but I got the following error :
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"**
<?php
date_default_timezone_set('Hongkong');
include('fun.php');
$outlet="Da Da";
$officehrStr = "11:00"; // morning
$officehrEnd = "02:00"; // midnight
if (isset($_POST['confirm'])) {
$dt1=new DateTime($officehrStr);
$dt2=new DateTime($officehrEnd);
$values=array();
while ($dt1 <= $dt2) {
$values[]="('". $outlet ."','". $dt1->format('H:i') ."')";
$dt1->modify("+".$_POST['slot']." minute");
}
include('db.php');
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES ". implode(',',$values);
mysql_query($sql) or die(mysql_error());
mysql_close($conn);
?>
If this is SQL syntax error, my guess is a problem with this line
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES ". implode(',',$values);
Try to change it with this
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES (". implode(',',$values).");";
the problem get solved by adding the following coding "$dt2->add(new DateInterval('PT86400S')); " between $dt2=new DateTime($officehrEnd); and while ($dt1 <= $dt2) {" Thank you for all your valuable time
Please have a look in your sql statement.
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES (". implode(',',$values).");";
You can see that you are trying to insert data in two columns (outlet,timeslot) but assigning values to inly 1 column. You must assign 2 values like.
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES (". implode(',',$values).", '$replace_variable_name');";
Please update your statement with my statement but don't forget to edit "replace_variable_name" with your defined value.
Hope this will help you.
I get an error with my PHP code when updating the table patient. I cannot find the problem.
Here is my error:
Verification Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
<?php
$edit = mysql_query("UPDATE `patient` SET `date`='$date', `fname`='$fname', `lname`='$lname', `birthday`='$dob', `address`='$address', `work`='$work', `civil`='$civil', `gender`='$sex', `btype`='$bloodtype', `height`='$hgt', `weight`='$wgt', `fallergy`='$fallergy', `mallergy`='$mallergy' WHERE `patientid`='$vara'");
$result = mysql_query($edit) or die("Verification Error: " . mysql_error());
You are calling mysql_query twice; the second time you pass the result, of the first call, into it as an argument. That is not how mysql_query works. The SQL should just be a string:
$edit = "UPDATE `patient` SET `date`='$date', `fname` ...";
$result = mysql_query($edit) or die("Verification Error: " . mysql_error());
We cannot see the rest of your code, so we do not know if there are more problems, but this should fix the problem in your question.
I've been searching around for a solution, but each one I've found seems to not be helpful, I'm not actually sure whats causing the issue.
If I run the below mysql, this inserts a record into the database.
INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)
What my program is currently doing is creating the above statement using parameters from page 1, then posting the mysql to page 2. On page 2 my code is simple.
$mysqli = $_POST['sqli'];
echo $mysqli; #this echo's out the above SQL insert line.
$result = mysqli_query($conn, $mysqli);
$updated = mysqli_affected_rows($conn);
$message = "You have inserted $updated row to the 'cust_v_lists' table.";
echo $message;
if (!mysqli_query($conn, $mysqli))
{
echo("Error description: " . mysqli_error($conn));
}
If I hard code the below:
$sqli = ;INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)';
This works fine, but when I post it I get the error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('w' at line 1
I first thought this was a post limit or something to 40 chars, but when I echo out the mysqli posted it seems ok, I changed the limits in php.ini just in case but this didn't help. I then updated this to a string using $mysqli = (string)$mysqli but this also didn't help. Has anyone seen this before? I don't want to hard code this, I need the query to be completely dynamic and readable from $_POST.
$sqli = ;INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)';
needs to be
$sqli = "INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)";
Try this insert statement
$sqli = "INSERT INTO cust_v_lists (Customer_name, Customer_ref)
VALUES ('wouldja',133)";
Got this query:
mysql_query("INSERT INTO leaderboard (user_id, lines)
VALUES (". $rowUser['id'] .",". $linesDone .")") or die("ERROR 29: ". mysql_error());
Giving this error:
ERROR 29: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'lines) VALUES (1,50)' at line 1
I've tried all kind of syntaxing, like using ´´ and '' in the query, but all resulting in approx. the same error.
Can anyone see what is wrong?
Lines is a reserved word in MySQL - you have to escape this word with backticks
mysql_query("INSERT INTO leaderboard (user_id, `lines`)
VALUES (". $rowUser['id'] .",". $linesDone .")") or die("ERROR 29: ". mysql_error());
btw.. mysql_* is deprecated as mentioned in the manual. Better use mysqli_* or pdo
Secure your query.
mysql_query(
sprintf("INSERT INTO leaderboard (user_id,`lines`)
VALUES ('%d','%s')",
mysql_real_escape_string($rowUser['id']),
mysql_real_escape_string($linesDone)
) or die("ERROR 29: ". mysql_error());