Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have a query with some parameters that I bind with PDO. This is my code:
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
$query = $DBobj->dbConn->prepare($sql);
$query->bindValue(':marca', $marca, PDO::PARAM_STR);
$query->bindValue(':larghezza', $larghezza, PDO::PARAM_STR);
$query->execute();
But it does not work. I have this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\Users\mydoc\Documents\pjct\web_gomme_new\class\class.Pneumatico.php on line 116
What is the problem? I printed both variables used in binding function, and they have correct values.
I can not say for sure if this is the problem, but there is an error in your query. (missing space).
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici "
. "WHERE sigla_produttore = :marca "
. "AND larghezza_pneumatici = :larghezza[ ]"
. "GROUP BY altezza_pneumatici "
. "ORDER BY altezza_pneumatici ASC";
See the brackets behind :larghezza.
Your query will end up being "..AND larghezza_pneumatici = :larghezzaGROUP BY altezza_pneumatici...".
You do not need to break up the SQL query string.
$sql = "SELECT altezza_pneumatici FROM tbl_catalogo_pneumatici
WHERE sigla_produttore = :marca
AND larghezza_pneumatici = :larghezza
GROUP BY altezza_pneumatici
ORDER BY altezza_pneumatici ASC";
Is fine. Whitespace at end of each line. This should do the trick.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am having some trouble getting my search query to work. I get this error:
PDOException: SQLSTATE[HY093]: Invalid parameter
$test = $_POST["test"];
$query='SELECT * FROM news WHERE name LIKE :search OR category LIKE :search';
$stmt = $dbh->prepare($query);
$stmt->bindValue(':search', '%' . $test . '%', PDO::PARAM_INT);
$stmt->execute();
foreach ($stmt as $row) {
echo $row ['id'];
echo $row ['name'];
}
it only works if i remove OR category LIKE :search
I believe it's because you are trying to re-use the same bind variable again. Try using a different one like
$query='SELECT * FROM news WHERE name LIKE :search OR category LIKE :search1';
$stmt = $dbh->prepare($query);
$stmt->bindValue(':search', '%' . $test . '%', PDO::PARAM_INT);
$stmt->bindValue(':search1', '%' . $test . '%', PDO::PARAM_INT);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I'm trying to add a where statement to this query so it only shows records that have been set as published.
$query = "SELECT id, heading, summary, date, keyword1, keyword2, keyword3
FROM " . DB_TABLE . "";
I've tried
$query = "SELECT id, heading, summary, date, keyword1, keyword2, keyword3, publish
WHERE publish ='y' FROM " . DB_TABLE . "";
And
$query = "SELECT `id`, `heading`, `summary`, `date`, `keyword1`, `keyword2`, `keyword3`, `publish`
WHERE `publish` ='y' FROM " . DB_TABLE . "";
But none of them seem to work, any help greatly appreciated, thank you
How about this:
$query = "SELECT `id`, `heading`, `summary`, `date`, `keyword1`, `keyword2`, `keyword3`, `publish` FROM " . DB_TABLE . " WHERE `publish` ='y' ";
If you look at MySQL documentation you will see that SELECT statement comes first, then is FROM statement and WHERE comes last. Of course there are various other statements that can be used, you can find all them in the link above
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am getting an error in select query line. Here it is:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE),
expecting identifier (T_STRING) or variable (T_VARIABLE) or number
(T_NUM_STRING
And the code:
<?php
include('dbconnection.php');
$sql = "select * from 'user' where id ='.$_REQUEST['id'].' ";
$result = mysql_query( $sql);
if(!$result )
{
die('Could not enter data: ' . mysql_error());
}
$sql="select * from `user` where id ='".$_REQUEST['id']."' ";
This will solves your problem But look mysqli_query to limit your SQL-injection vulnerability.
Replace query:
$sql="select * from 'user' where id ='.$_REQUEST['id'].' ";
with:
$sql="select * from `user` where id =".$_REQUEST['id']."";
You can try this:
$id = (int) $_REQUEST['id']; // interger value
$sql = "select * from `user` where id = '$id' ";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Well please help to correct syntax fo the following code. I have to select 2 values from one table and insert them in another table. one value is taking from PHP variable.this all needs to be done using Opencart model file
$this->db->query("UPDATE " . DB_PREFIX . "rate_cost SET rate_cost = " . $this->db->escape($data['rate_cost']) );
$sql = "SELECT DISTINCT competition_rate, customer_id FROM " . DB_PREFIX . "customer WHERE competition_rate NOT LIKE 0";
$query = $this->db->query($sql);
$rates = array();
$customer_ids = array();
foreach($query->row['competition_rate'] as $result){
$rates[] = $result * $data['name'];
}
foreach($query->row['customer_id'] as $result2){
$customer_ids[] = $result2;
}
$sums = $rates;
$ids = $customer_ids;;
$sql = ("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES'".$ids.",".$sums"'");
}
I am getting the folowing error:
Parse error: syntax error, unexpected '"'"' (T_CONSTANT_ENCAPSED_STRING) in C:\xampp\htdocs\sport\admin\model\competition\newsletter.php on line 18
You have some syntax errors in your $sql query, the correct syntax for INSERT query is
INSERT INTO table (columns) VALUES ('values');
So youre missing paranthesis for your values and you dind't surround correctly with quotes. So change as follow
VALUES ('".$ids."','".$sums"')");
So the complete query will look like that
("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES ('".$ids."','".$sums"')");
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I am novice to php-mysql ...please help me to rectify the syntax error
the error is:
Parse error: syntax error, unexpected T_VARIABLE in /home/u831097172/public_html/php/update.php on line 13
line 13:
UPDATE $tbl_name SET password= '$password' WHERE email='$email';
maybe you mean something like
$query = "UPDATE $tbl_name SET password = '$password' WHERE email='$email'";
remeber to add slashes to your $password and $email variable to avoid sql-injection
I think you should learn directly with statements:
$mysqliConnection = new mysqli($SERVER, $USER, $PW, $TABLE);
$stmt = mysqliConnection->prepare("UPDATE ? SET password = ? WHERE email = ?");
$stmt->bind_param("sss", $tbl_name, $password, $email);
$stmt->execute();
Here's the doc :) http://es1.php.net/manual/en/mysqli.prepare.php
Are the variables filled?
Maybe its better you make
$query = "UPDATE " . $tbl_name . " SET password='" . $password . "'
WHERE email='" . $email . "'";
And then you can check simple if you print the String out. There you can see if your variables are filled:
print_r($query);
You have your variable $tbl_name not in quotes $tbl_name has to be '$tbl_name'