I've been trying to make a php form page for the users of my website.
When I open the .php page I got the standard error message :
Could not enter data: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE emp_id = $emp_id' at line 1
Can anybody help me with the syntax of these commands ???
The Code is here :
<?php
include 'dbc.php';
$emp_id = $_POST['emp_id'];
$emp_name = $_POST['emp_name'];
$emp_address = $_POST['emp_address'];
$emp_salary = $_POST['emp_salary'];
$emp_date = $_POST['join_date'];
$sql = 'INSERT INTO employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id';
mysql_select_db($dbname);
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>
The query syntax is wrong. You have to use UPDATE query. As you are enclosing the query in single quote, the PHP variables won't get replaced. So change
$sql = 'UPDATE employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id';
to
$sql = "UPDATE employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id";
or
$sql = 'UPDATE employee SET emp_salary = '.$emp_salary.' WHERE emp_id = '.$emp_id;
Hi again all you good people
I thanks very much for the amount of answers !
The right solution was found and the problem is solved with this statement:
$sql = "UPDATE `employee` SET `emp_salary` = '$emp_salary' WHERE emp_id = '$emp_id'";
Most of you was inded right about the syntax and the choice about UPDATE.
The above statement function very well, but it was a bit hard to find the way.
Thanks again for all your kindness, help and time to answer my help
John Engelsby-Hansen
$sql = 'UPDATE employee SET emp_salary=$emp_salary WHERE emp_id = '.$emp_id;
Insert query should be
$sql = 'INSERT INTO employee SET emp_salary = $emp_salary'; // it is valid without where clause
and there is no meaning for Where clause in Insert Qqery
Actually, if You want to update record then write an update query where we have to set values for column
Like
$sql = 'Update employee SET emp_salary= $emp_salary WHERE emp_id = $emp_id';
Your Update Query is wrong
If its an UPDATE query then it should be
UPDATE employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id
And if you are trying to insert a row then how can you use a WHERE condition?
WHERE condition are used in cases of UPDATE QUERY, NOT INSERT QUery
Related
i am trying to figure out the syntax problem in my query
the block of code goes like this:
$updatequery = "update patient_dim set dentist_id = $dentist_id where".
"patient_id = $patient_id";
$queryResult = mysql_query($updatequery,$con);
if(!$queryResul){
trigger_error("insert error" . mysql_error());
}
mysql_close($con);
then the error goes like this:
Notice: inssert errorYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"1" where patient_id = 4'
i suspect incorrect syntax in the $updatequery statement
for further information value of the $patient_id = 1 while the value of the $dentist_id = 4, i have tried all of your approaches still the same error. anyway thanks your helping
Your query needs space after where
$updatequery = "update patient_dim set dentist_id = $dentist_id where patient_id = $patient_id";
$updatequery = "update patient_dim set dentist_id = $dentist_id where".
" patient_id = $patient_id";
you forgot to add space after WHERE clause
After WHERE Clause there must be a blank space before the condition.
Use as follows.
<?php
$updatequery = "update patient_dim set dentist_id = ".$dentist_id ." where patient_id = ".$patient_id;
$queryResult = mysql_query($updatequery);
if(!$queryResult){
die("insert error" . mysql_error());
}
mysql_close($con);
?>
I have tried for hours now to update a MySQL table with PHP.
I used the following code (and several others) but it gives an error message:
$id = $_GET['id'];
if(isset($_POST['descr'])){
$go = $_POST['descr'];
mysql_query("UPDATE Rooms SET Desc='$go' WHERE Room_ID='$id'")
or die(mysql_error());
}
mysql_close($conn);
with the error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Desc='This room is the primary test-room. It is?' WHERE Room_ID='11'' at line 1"
The form is called: "descr", the table "Rooms", the field that needs update is "Desc" and it should be where the corresponding ID is, based on a dynamic URL.
If I write echo = $go it outputs the correct data, so I suppose it's the php.
It DOES connect correctly to the database.
Desc is a special word in mysql
try it by escape
mysql_query("UPDATE Rooms SET `Desc`='$go' WHERE Room_ID='$id'")
Assuming that ID is a number:
$id = $_GET['id'];
if(isset($_POST['descr'])){
$go = $_POST['descr'];
mysql_query("UPDATE Rooms SET `Desc`='".$go."' WHERE Room_ID=".$id.")
or die(mysql_error());
}
mysql_close($conn);
Desc is reserved for ORDER BY! Enclose it with '`' symbols!
mysql_query("UPDATE `Rooms` SET `Desc` = '".$go."' WHERE `Room_ID` = ".$id.")
or die(mysql_error());
I am trying to rename a table's name from a specific database. I have tried with both of the query given below, but it shows the same error message. I can't understand my mistakes.
The query
1st one :
<?php
$id = $_POST['id'];
$department = $_POST['department'];
$dept_id = $_POST['dept_id'];
$olddept_id = $_SESSION['olddept_id'];
if(isset($_POST['submit']))
{
$order = "UPDATE department SET department='$_POST[department]', dept_id='$_POST[dept_id]' WHERE id='$_POST[id]'";
mysql_query($order) or die (mysql_error());
mysql_query("RENAME TABLE $olddept_id TO $dept_id;") or die (mysql_error());
}
and
2nd one :
<?php
$id = $_POST['id'];
$department = $_POST['department'];
$dept_id = $_POST['dept_id'];
$olddept_id = $_SESSION['olddept_id'];
if(isset($_POST['submit']))
{
$order = "UPDATE department SET department='$_POST[department]', dept_id='$_POST[dept_id]' WHERE id='$_POST[id]'";
mysql_query($order) or die (mysql_error());
mysql_query("ALTER TABLE $olddept_id RENAME $dept_id;") or die (mysql_error());
}
The error message is :
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TO CSEE' at line 1"
The table names which i want to edit, are also stored in a table, named "department". This is done successfully, but the table doesn't renaming.
-thank you
Show the exact SQL that's generated by those queries. I'm guessing you're using a reserved word for the original table name, which means you'd have to escape it with backticks:
RENAME reservedword TO CSEE
code :
mysql_connect('localhost','root','root');
mysql_select_db('share_counter');
$sql_insert = "UPDATE wpshare SET '$social_name'='45' where post_title = '$post_title' ";
mysql_query($sql_insert) or die(mysql_error());
error :
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near
''twitter_count'='45' where post_title
= 'test'' at line 1
thanks advance
omit the quotes over $social_name
$sql_insert = "UPDATE wpshare SET $social_name='45' where post_title = '$post_title' ";
quotes around the column names (aka $social_name) should be like this ` not like this '
so $sql_insert = "UPDATE wpshare SET `$social_name`='45' where post_title = '$post_title' ";
and if your column names have no spaces , you can just remove the quotes ...
$sql_insert = "UPDATE `wpshare` SET `$social_name`='45' WHERE `post_title` = '$post_title'";
Hey, I wrote some code for extracting some information out of the database and checking to see if it met the $_COOKIE data. But I am getting the error message:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
My code so far is:
$con = mysql_connect("XXXX","XXXXX","XXXXXXX");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("XXXXXX", $con);
$id = $_COOKIE['id'];
$ends = $_COOKIE['ends'];
$userid = strtolower($_SESSION['username']);
$queryString = $_GET['information_from_http_address'];
$query = "SELECT * FROM XXXXX";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($queryString == $row["orderid"]){
$sql="UPDATE members SET orderid = ''WHERE (id = $id)";
$sql="UPDATE members SET level = 'X'WHERE (id = $id)";
$sql="UPDATE members SET payment = 'XXXX'WHERE (id = $id)";
$sql="UPDATE members SET ends = '$ends'WHERE (id = $id)";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
}
}
Any help would be appreciated,
Thanks.
$sql="UPDATE members SET ends = '$ends'WHERE (id = $id)";
should be
$sql="UPDATE members SET ends = '$ends'WHERE (id = '$id')";
(IE add the ' around $id)
I'm not sure if this is the error, but do you realize you're code only runs the last UPDATE? You're assigning $sql 4 time, and only running it after the fourth assignement...
If $_COOKIE['id'] does not have a value, then $id in your SQL statements will be blank, leaving your SQL looking like this:
UPDATE members SET ends = 'something' WHERE (id = )
which, of course, is invalid SQL.
Only one of the SQL statements will execute, and that's the last one. You need to add some whitespace before the WHERE clause, like this:
$sql="UPDATE members SET ends = '$ends' WHERE (id = $id)";
Also be wary of SQL injection attacks in the event that your cookie is altered by the end user. One other thing of note is your orderid column. Is it a VARCHAR or some other unique identifier? If it's an integer, then setting it to empty string will not work. You might want to rethink your schema a bit here.
EDIT: Another thing you need to do is check to make sure the cookies actually have values. If not, your SQL strings will be messed up. Have you though about using parameterized queries through PDO so you don't have to worry about SQL injection at all?
first of all you keep overwriting $sql variable so only the
$sql="UPDATE members SET ends = '$ends'WHERE (id = $id)";
is being executed.
And I would say that $id variable is not what you think it is (maybe empty as query like the one above without id:
$sql="UPDATE members SET ends = '$ends'WHERE (id = )";
would throw such error back.
Try
$id = NULL;
before
$id = $_COOKIE['id'];
if the error is gone that means that $id is not what you think it is