I'm trying to construct a query for a cron that will run.
mysql_query("UPDATE `stocks` SET price='$pricez', open='$openz', high='$highz', low='$lowz', change='$changez', time='$times', percent='$percentz' WHERE symbol = '$symbolz' ");
The error I get is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'change='-0.10', time='1406050151', percent='-0.35%' WHERE symbol = 'ALMB.CO'' at line 1
Scavenged SOF and have yet to find a solution.
Reserved words just bit you:
Change is a reserved word thus needs to be escaped: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
mysql_query("UPDATE `stocks` SET price='$pricez', open='$openz', high='$highz',
low='$lowz', `change`='$changez', time='$times', percent='$percentz' WHERE symbol = '$symbolz' ");
So what is a reserved word?
They are words the engine uses to interpert specific requested commands. When these words are used as identifiers for tables or columns they must be treated in a specific manner usually escaping the words for the RDBMS involved.
Looks like you are using some reserved words for column names: Change and Time
You can escape these with backticks (`), or choose new coumn names
UPDATE `stocks`
SET `price`='$pricez',
`open`='$openz',
`high`='$highz',
`low`='$lowz',
`change`='$changez',
`time`='$times',
`percent`='$percentz'
WHERE symbol = '$symbolz'
Related
I'm a newbie in the php programming.
I would like to apply an insert query but I get this error :
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'left) VALUES ('****df','****2135gh','***#yahoo.com' at line 2"}
$sql_insert_new_user = "insert into users (username,password,email,status,finance,province,city,address,tell,
mobile,admin_seen,type,left) VALUES ('$username','$password','$email',1,0,$town,$city,
'$address','$telephone','$mobile',0,'employe',0)";
mysql_query($sql_insert_new_user);
$error = mysql_error();
left is a reserved word and in the query you need escape with backtics
`left`
https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
left is a reserved word and in the query you need to use like this for all reserved word
'left'
This gives all the details about reserved word https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
$sql_insert_new_user = "insert into users (username,password,email,status,finance,province,city,address,tell,
mobile,admin_seen,type,`left`) VALUES ('$username','$password','$email',1,0,$town,$city,
'$address','$telephone','$mobile',0,'employe',0)";
left is a mysql reserved word. So you have to rename the column left.
See here : reserved Words for furhter information
I've a little question.
I've written this code to add the values to mysql database but when i run the code and I got an error. Can anybody help me?
the code:
$fel = $mysqli->query("INSERT INTO deleted (uid,buy_type,prop_type,district,street,room_min,room_max,price_min,price_max,condition_type,heat_type,lift_type,parking_type,type_of_del,when)
VALUES ('".$mysqli->real_escape_string($letomb['uid'])."',
'".$mysqli->real_escape_string($letomb['buy_type'])."',
'".$mysqli->real_escape_string($letomb['prop_type'])."',
'".$mysqli->real_escape_string($letomb['district'])."',
'".$mysqli->real_escape_string($letomb['street'])."',
'".$mysqli->real_escape_string($letomb['room_min'])."',
'".$mysqli->real_escape_string($letomb['room_max'])."',
'".$mysqli->real_escape_string($letomb['price_min'])."',
'".$mysqli->real_escape_string($letomb['price_max'])."',
'".$mysqli->real_escape_string($letomb['condition_type'])."',
'".$mysqli->real_escape_string($letomb['heat_type'])."',
'".$mysqli->real_escape_string($letomb['lift_type'])."',
'".$mysqli->real_escape_string($letomb['parking_type']).",
'".$mysqli->real_escape_string($type_of_del)."',
now())") or die($mysqli->error);
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'when) VALUES ('3', 'kiado', 'lakas', '1'' at line 1
WHEN is a reserved word. Enclosing it in backticks should fix your problem, as it will then be treated as an identifier.
`when`
You should use backticks around your column names. when is a MySQL keyword so it's being interpreted incorrectly. At the very least use backticks around when.
my basic insert query is not working.. i know its a very basic, raw sort of question to ask but m unable to sort out
my code
$a="nvsdjkvn";
$b="bhjxcbncj";
mysql_select_db("vas1",$con);
$s = "insert into updates(update,dates) values ('$b','$a')";
$re = mysql_query($s);
i got this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'update,dates) values ('nvsdjkvn','bhjxcbncj')' at line 1
my table name is: updates with two columns 'update' and 'dates' both of type 'varchar'
update is a reserved word in SQL and must therefore be enclosed in backticks if not used as a reserved word:
$s = "insert into updates(`update`,dates) values ('$b','$a')";
UPDATE is a reserved word in MySQL. To use in your query, you should properly escape it.
Here is a complete list of MySQL reserved words.
Change -
$s = "insert into updates(update,dates) values ('$b','$a')";
To
$s = "insert into updates(`update`,`dates`) values ('".$b."','".$a."')";
Mysql extension is deprecated as of PHP 5.5.0, and is not recommended
for writing new code as it will be removed in the future. Instead,
either the mysqli or PDO_MySQL extension should be used. See also the
MySQL API Overview for further help while choosing a MySQL API.
I'm afraid to say so but we are not allowed to name a table just like a keyword.
Please go through the rule set for naming conventions
http://www.isbe.state.il.us/ILDS/pdf/SQL_server_standards.pdf
Long story short, I'm trying to write a PHP code that will parse a text file into MySQL queries. Everything works fine except for the queries, which consist of UPDATE statements.
The entire code is kinda long, but if you want to see it - http://pastebin.com/xVR6ArD0
Here is just the part which is problematic :
while ($i<=$no_collumns)
{
$j = $i-1;
if (!
mysql_query
("UPDATE ResultsPredmet
SET ${parsed_collumns[$i]} = '${parsed_words[$j]}'
WHERE ${parsed_first_collumn} LIKE '${parsed_first_word}'")
)
{echo mysql_error()."\n"; break;}
// echo "\nUPDATE ResultsPredmet SET ${parsed_collumns[$i]} = '${parsed_words[$j]}' WHERE ${parsed_first_collumn} LIKE \"${parsed_first_word}\"";
$i++;
}
... where $parsed_collumns and $parsed_words are arrays of strings and $parsed_first_collumn and $parsed_first_word are strings.
I tried all combinations of quotes and escapes for the variables. I tried putting them in double quotes and escaping them, or double quotes and concatenating them, then maybe i thought it was the fact that I was comparing strings via the '=' operator so i tried with 'LIKE'. I googled for several hours and everywhere people said to use single quotation marks for variables so I tried that too and it didn't work.
In the end I echoed the queries and I get:
UPDATE ResultsPredmet SET grade = '10' WHERE name LIKE "Vildur"
UPDATE ResultsPredmet SET index = '117/2010' WHERE name LIKE "Vildur"
Updating table.
UPDATE ResultsPredmet SET grade = '6' WHERE name LIKE "NinoDoko"
UPDATE ResultsPredmet SET index = '132/2011' WHERE name LIKE "NinoDoko"
Updating table.
UPDATE ResultsPredmet SET grade = '10' WHERE name LIKE "Koco"
UPDATE ResultsPredmet SET index = '130/2011' WHERE name LIKE "Koco"
Done.
Which seem fairly fine to me. Other queries I got were the same only with the names with single quotes around them, or with no quotes or any other combinations.
The errors I get are :
Updating table.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'index = '117/2010' WHERE name LIKE 'Vildur'' at line 1
Updating table.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'index = '132/2011' WHERE name LIKE 'NinoDoko'' at line 1
Updating table.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'index = '130/2011' WHERE name LIKE 'Koco'' at line 1
Apparently, the server that I'm using is MariaDB 5.5, but after a bit of research I figured it would be similar to just generic MySQL, though I might be completely off. The "Updating table." is just a random echo in my code. I've also tried the query without indenting it, still got the same errors. The values I get for grade and index are strings - or at least I hope so, since I'm getting them with explode().
index is a reserved word
UPDATE ResultsPredmet SET `index` = '10' WHERE name LIKE 'Vildur'
http://dev.mysql.com/doc/refman/4.1/en/reserved-words.html
Why this:
$query = "SET NAMES 'utf8'";
$query = str_replace("'", "\'", $query);
$pdo->query($query);
Would cause problem?
I'm currently getting this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'utf8\''
If I don't escape it, everything's fine, but the problem exists with further queries!
The sql you are trying to run is perfectly safe as is, it contains no user input and as such can be run without escaping.
Also you are actually escaping the delimiters of a string, not the value of the string itself.
You don't have to escape every single quote in a query, some are valid such as:
UPDATE table SET field='blah' WHERE id=10
Where field would be a varchar or similar. You would escape the quotes if they need to be part of the value of the field, such as:
UPDATE table SET field='This \'value\' uses quotes.' WHERE id=10
Hope that makes sense.