Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Im trying to order By "ItemLevel" in shops in a game I'm currently developing. it should be correct as because this code
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT)
Displays no errors.
Heres the ORDER BY ItemLevel line.
$item = mysql_query("SELECT * FROM knightG_{$shop["ItemCategory"]}s WHERE
ItemId='{$shop["ItemId"]}' ORDER BY ItemLevel ASC") or die (mysql_error());
I can give anyone more information if requested.
Thanks.
It should be
$item = mysql_query("SELECT * FROM knightG_{$shop['ItemCategory']}s WHERE
ItemId='{$shop['ItemId']}' ORDER BY ItemLevel ASC") or die (mysql_error());
instead. Inside of double string variable interpolation you must obmit the quotes around array indexes.
This is not valid if using braces surrounding arrays within strings allows constants, so you've got to use single quotes in your case. It may seem odd, but it's valid.
Better would be to move from the deprecated mysql_* functions to PDO or mysqli and use prepared statements with placeholders to bind inut values to. This will not take care of the problem of input parameters in identifiers for the names of columns or tables (the first input substitution here).
$sql = "SELECT * FROM knightG_{$shop['ItemCategory']}s";
$sql.= " WHERE ItemId='".$shop["ItemId"]."'";
$sql.= " ORDER BY ItemLevel ASC";
$item = mysql_query($sql) or die (mysql_error());
You should make sure though that your variables are safe from mysql injections.
Also I would advice to use PDO instead of the mysql extension. It is deprecated.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
Please explain to me why it is not working.
$sql = "SELECT nombre,precio,presentacion FROM '$keywords'";
I used the next code and it worked but it's not what I need
$sql = "SELECT nombre,precio,presentacion FROM productos";
You're using the incorrect quotes (Identifier Qualifiers) for your table, being single quotes.
$sql = "SELECT nombre,precio,presentacion FROM '$keywords'";
needs to read as
$sql = "SELECT nombre,precio,presentacion FROM `$keywords`";
While unknown as to which MySQL API you are using to connect with, using error checking on the query, would have thrown a syntax error.
Now, if your table name doesn't contain spaces or hyphens or a reserved word or anything else to give MySQL to complain about, you can just remove the quotes.
$sql = "SELECT nombre,precio,presentacion FROM $keywords";
For more information on Identifier Qualifiers, visit:
https://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html
Error checking link references:
http://php.net/manual/en/function.mysql-error.php - MySQL_*
http://php.net/manual/en/mysqli.error.php - MySQLi_*
http://php.net/manual/en/pdo.error-handling.php - PDO
Footnotes:
If you're assigning "productos" to the $keywords variable (which seems to be the case), such as:
$keywords = "productos";
then you can omit the quotes/ticks around that variable in your query.
Remove the ticks from your table name. Hopefully $keywords is not a user supplied value or you will need to sanitize it
$sql = "SELECT nombre,precio,presentacion FROM $keywords";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I definitely regret asking such a simple question, but it's been driving me off the wall, and I'm not sure if it's because of an update or anything. But can anyone tell me what the error with the following SQL statement is?
$iname = mysql_query("SELECT * FROM calendarevents WHERE 'EventMonth'="January" AND 'EventDay'="1"")
or die(mysql_error());
This should work better, using correct quotes and backticks, please have a look at the query
$iname = mysql_query("SELECT * FROM calendarevents WHERE `EventMonth`= 'January' AND `EventDay`= 1 ")
SIDENOTE:
Please consider using PDO or mysqli_ instead of mysql_* functions.
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Use the following:
$iname = mysql_query("SELECT * FROM calendarevents WHEREEventMonth='January' ANDEventDay='1'")
or die(mysql_error());
The way that you have used double quotes (") is the first and the biggest of issues, and you should use backticks(`) instead of single quotes(') for escaping table and column names in mysql.
you cannot use double quotes ["] inside of a sql statement.
january and 1 need to be in single quotes instead of double.
You also don't need quotes around the field names.
"SELECT * FROM calendarevents WHERE 'EventMonth'="January" AND 'EventDay'="1""
should be
"SELECT * FROM calendarevents WHERE EventMonth='Januay' AND EventDay='1'"
$iname = mysql_query("SELECT * FROM `calendarevents` WHERE `EventMonth`="January" AND `EventDay`=1")
or die(mysql_error());
Try this:
$query = "SELECT * FROM calendarevents WHERE EventMonth='January' AND EventDay = '1'";
$iname = mysql_query($query);
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I have problem only if I use select * but if I select exact field from my database it is working fine
$sql = "SELECT * FROM `product id`;";
$resutl = mysql_query($sql);
while ($row = mysql_fetch_assoc($result))
{
echo $row["product name"];
};
It is working if I use
SELECT `product name` FROM `product id`
Thank you
$sql = "SELECT * FROM `product id`";
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result))
{
print_r($row);
}
and check your array and traverse it perfectly as when you call all rows it will not be same as fetching one row.
Try this it should work fine, and you will get more idea.
only 2 errors I found is $result variable was not correct and semicolon in query!
Table names e column names that include white-space are not a good idea because may be in conflict with mysql sintax (when mysql parse the query). You can use var_dump($row).
Use mysql_fetch_array() instead of mysql_fetch_assoc()
While the two are similar mysql_fetch_assoc() only returns an associative array.
Also you should think of moving from mysql to mysqli or PDO. mysql is being removed as of PHP6 and already depreciated as of PHP5.5.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm trying myself in mysql now, but there is a problem. I can't insert values to my table.
Can you help me ?
Here is my code:
$con=mysql_connect('127.0.0.1','root','','taxon');
$query='INSERT INTO order (phone, pointA, pointB)
VALUES ("43532", "daram", "pampam")';
$result= mysql_query($query, $con);
echo $result;
database: taxon
table name : order
table values: id(A_I), phone, pointA, pointB
You're missing quotes around your string values in your query, plus order is a reserved word which need to be wrapped in backticks:
$query='INSERT INTO `order` (phone, pointA, pointB)
VALUES (43532, hye, moe)';
should be
$query="INSERT INTO `order` (phone, pointA, pointB)
VALUES (43532, 'hye', 'moe')";
This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !
try this:
$con = mysql_connect("127.0.0.1", "root", "");
mysql_select_db("taxon");
..
mysql_close($con);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have this MySQL query:
$querynotis = "SELECT * FROM notifications WHERE pid = " . $_SESSION['sess_id'] . " AND read = 0";
And it gives me the error;
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read = 0' at line 1
If I remove the:
AND read = 0
part, it works perfectly fine. What could I have done wrong?
READ is a Reserved Keyword and happens to be the name of your column. In order to avoid syntax error, the column name should be escaped using backticks. Ex,
$pid = $_SESSION['sess_id'];
$querynotis = "SELECT * FROM notifications WHERE pid = $pid AND `read` = 0";
MySQL Reserved Keywords List
Another way, rather than escaping it with backtick:
$pid = $_SESSION['sess_id'];
$querynotis = "SELECT * FROM notifications n WHERE pid = $pid AND n.read = 0";
If you have the privilege to alter the table, change the column name that is not on the Reserved Keyword List to prevent the same error from getting back again on the future.
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
use this query, you are trying to use reserved keyword of mysql. READ is a reserve keyword. Use backtick operator
$querynotis = "SELECT * FROM notifications WHERE pid = " . $_SESSION['sess_id'] . " AND `read` = '0'";