SQL Server Version Error with PHP - php

I built a simple website, it's like a watered down directory. You list all entries and then can click on an entry to know more details.
It works fine on my test server, but swapped over to another server it breaks. I am unsure why exactly, and I have not altered the code from the working code. So I assume that it is a version error.
However I am unsure what, and therefore can't think of alternative ways to write it.
Here is the sample of code causing problems:
$username456 = 'username';
$password456 = 'password';
$entryid = $_POST['entryid'];
$conn = new PDO('mysql:host=hostaddress;dbname=dbname', $username456, $password456);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$tlo = $conn->query("SELECT * FROM entries WHERE entryID = {$entryid} ");
$tlo->setFetchMode(PDO::FETCH_ASSOC);
while($row = $tlo->fetch()) {
//loop stuff
}
I don't see how it's different from the code working on another page, however this is the error I keep getting thrown:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1' in /homepages/11/d211013232/htdocs/WEBSITE/entry.php:54 Stack trace: #0 /homepages/11/d211013232/htdocs/WEBSITE/entry.php(54): PDO->query('SELECT * FROM e...') #1 {main} thrown in /homepages/11/d211013232/htdocs/WEBSITE/entry.php on line 54
Anyone know what it might be?


Remove the curly brackets around $entryid, and you need to close the string before concatenating variables:
$tlo = $conn->query("SELECT * FROM entries WHERE entryID = '" $entryid "' ");


Try changing this
$tlo = $conn->query("SELECT * FROM entries WHERE entryID = {$entryid} ");
to this
$tlo = $conn->query("SELECT * FROM `entries` WHERE entryID = '$entryid'");

Related

PDOExceptionERROR 42000 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right

I'm using the wamp server but unfortunately, I face a problem that I can't solve. Please someone find the error from my code and tell me How can I solve it?
##While I am trying to get data from the request id by PDO method, I'm getting the following errors##
<?php require_once('header.php'); ?>`
<?php
if (isset($_POST['form1']))
{
$q = $pdo->prepare("UPDATE slider SET
slider_title=?,
slider_subtitle=?,
slider_buttontext=?,
slider_buttonurl=?,
WHERE slider_id=?
");
$q->execute(array(
$_POST['slider_title'],
$_POST['slider_sub_title'],
$_POST['slider_button_text'],
$_POST['slider_button_url'],
$_REQUEST['id']
));
$success_message = "Slider Information Is Updated Successfully";
}
?>
<?php
$q= $pdo->prepare("SELECT * FROM slider WHERE slider_id=?");
$q->execute([$_REQUEST['id']]);
$res= $q->fetchAll();
foreach ($res as $row) {
$slider_title = $row['slider_title'];
$slider_subtitle = $row['slider_subtitle'];
$slider_buttontext = $row['slider_buttontext'];
$slider_buttonurl = $row['slider_buttonurl'];
$slider_photo = $row['slider_img'];
}
?>
The browser output is like the below text
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE slider_id='9'' at line 6 in F:\wamp\www\hotel\admin\slider_edit.php on line 18

don't use comma in last field in sql statment
if (isset($_POST['form1']))
{
$q = $pdo->prepare("UPDATE slider SET
slider_title=?,
slider_subtitle=?,
slider_buttontext=?,
slider_buttonurl=?, // <- here - remove this comma
WHERE slider_id=?

(PHP - MYSQL) I want to count "likes". When they click on a button it adds 1 like

this is my dao file
<?php
require_once( __DIR__ . '/DAO.php');
class insertVoteDAO extends DAO {
public function insertVote1() {
$sql = "UPDATE `ic_items` SET `flames`+1 WHERE id=1";
$stmt = $this->pdo->prepare($sql);
$stmt->execute();
return $stmt->fetch(PDO::FETCH_ASSOC);
}
}
?>
and in my index.php I do this:
<?php
require_once( __DIR__ . '/dao/insertVoteDAO.php');
$voteDAO = new insertVoteDAO();
if (!empty($_POST)) {
$insertVote = $voteDAO->insertVote1();
}
?>
This is the error I get:
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or
access violation: 1064 You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near '+1 WHERE id=1' at line 1 in
/Applications/MAMP/htdocs/backend/major-IC/dao/insertVoteDAO.php:9
Stack trace: #0
/Applications/MAMP/htdocs/backend/major-IC/dao/insertVoteDAO.php(9):
PDO->prepare('UPDATE `ic_item...') #1
/Applications/MAMP/htdocs/backend/major-IC/collection.php(72):
insertVoteDAO->insertVote1() #2 {main} thrown in
/Applications/MAMP/htdocs/backend/major-IC/dao/insertVoteDAO.php on
line 9
It says I do something wrong with syntax in my query.
I hope someone can help me.

This line is wrong at flames+1:
$sql = "UPDATE ic_items SET flames+1 WHERE id=1";
It should be
$sql = "UPDATE ic_items SET flames = flames+1 WHERE id=1";

Agreed with BanNsS1,
you can check the following link for further reference: Increment a database field by 1

Fatal error: Uncaught exception 'PDOException' thrown in C:\xampp\htdocs\register.php on line 19

I have received:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5538ac14bb2ca7514f9f4d8826f3c45e'')' at line 1' in C:\xampp\htdocs\register.php:19 Stack trace: #0 C:\xampp\htdocs\register.php(19): PDO->exec('insert into use...') #1 {main} thrown in C:\xampp\htdocs\register.php on line 19.
How can this be solved, like what should be done?
<?php
session_start();
// If the form has been submitted
if (isset($_POST['submitted'])){
// Create a database connection
$db = new PDO("mysql:dbname=johnsoa7_db;host=localhost", "root", "");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Get and sanitise the inputs, we don't need to do
// this with the password as we hash it anyway
$safe_forename = $db->quote($_POST['forename']);
$safe_lastname = $db->quote($_POST['lastname']);
$safe_email = $db->quote($_POST['email']);
$hashed_password = $db->quote(md5($_POST['password']));
// Insert the entry into the database
$query = "insert into users values (default, $safe_forename, $safe_lastname, $safe_email, '$hashed_password')";
$db->exec($query);
// Get the ID
$id = $db->lastInsertId();
// Output success or the errors
echo "Congratulations! You are now registered. Your ID is: $id";
}
?>

You have an error in this line:
$query = "insert into users values (default, $safe_forename, $safe_lastname, $safe_email,'$hashed_password')";
default should be quoted if it is string.
If it is a variable, you missed $.
Please see the comment by #ceejayoz:
As he said you don't need quoted around $hashed_password...

pdo OPENJSON insert with php not working (Azure SQL)

Normally this code works as a T-SQL script in Visual Studio except in T-SQL I add in:
declare #json nvarchar(MAX) = '{...}'
#json goes in the OPENJSON function
I am attempting to create a PHP script for the OPENJSON insert but this doesn't seem to work. I am a total beginner to all things Azure/SQL/PHP.
For reference on the OPENJSON function:
https://blogs.msdn.microsoft.com/sqlserverstorageengine/2015/09/22/openjson-the-easiest-way-to-import-json-text-into-table/
<?php
include_once("connection.php");
$JSONrow = $_POST["jsonrow"];
$table = $_POST["table"];
$with = "(jobticketnumber nvarchar(50), contractor nvarchar(50),joblocation nvarchar(50), ...";
$pdo_JSONinsert = $conn -> prepare('INSERT INTO '.$table.' SELECT * FROM OPENJSON('.$JSONrow.') WITH '.$with.'');
$pdo_JSONinsert -> execute();
$conn = null;
?>
Thanks for the help!
Edit: error from PDO
<br />
<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[42000]: [Microsoft][ODBC Driver 13 for SQL Server]Syntax error, permission violation, or other nonspecific error in D:\home\site\wwwroot\insertrow.php:7
Stack trace:
#0 D:\home\site\wwwroot\insertrow.php(7): PDO->prepare('INSERT INTO job...')
#1 {main}
thrown in
<b>D:\home\site\wwwroot\insertrow.php</b> on line
<b>7</b>
<br />

How to Insert and Retrieve plain HTML into MySQL table - Using PDO/PHP

Updated Question:
I have successfully added some html to my MySQL database using this code:
$emailaddress = $_SESSION["email_address"];
..
$html_content = '<div> Hello</div>';
..
$stmt = $db->prepare("INSERT INTO users(htmlcontent) VALUES (:hContent)");
$stmt->execute(array(':hContent' => $html_content));
Except that I need it to only insert into the "htmlcontent" column for the email which matches $emailaddress. So I tried including WHERE in my PDO statement like this:
$stmt = $db->prepare("INSERT INTO users(htmlcontent) VALUES (:hContent) WHERE email = :email");
$stmt->execute(array(':hContent' => $html_content, ':email' => $emailaddress));
but it returns the following error: Perhaps I should use Update instead? I'll try now
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE email = 'my#domain.com'' at line 1'
in /home/fire18/public_html/login/private.php:31 Stack trace: #0 /home/fire18/public_html/login/private.php(31): PDOStatement->execute(Array) #1 {main} thrown in /home/firer18/public_html/login/private.php on line 31
Old question:
I'm trying to insert plain html code into my MySQL database, in order to retrieve it later from a different page. I'm confused as to how I get the html into the database, and then later retrieve it. I've read that I should use TEXT and also mysql_real_escape_string() to prepare the html for the INSERT. But I'm using PDO and so I don't know what to do.
So, let's say I want to get this html into my database:
<li>
City Scene
<input id="keepbox5" type="checkbox" name="keepbox5" />
<label for="keepbox5">Keep</label>
<input id="cbox5" type="checkbox" name="cbox5" class="cboxes"/>
<label for="cbox5">Show</label>
<div class="tinybox">
<img src="http://www.example.com/img/temp.jpg" alt="tinypic" id="tinypic" style="display:none;">
</div>
</li>
I need to INSERT it into my users table, but I'm sure this is wrong:
$htmlCode = mysql_real_escape_string(<li> City Scene <input id="keepbox5" ...[ALL HTML]... </li>);
$query = "
INSERT INTO users (
db_html_code
) VALUES (
$htmlCode
)
";
Since I'm using PDO like so:
$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
Then at the end when I need to retrieve the data, I read that I need to use stripslashes() but again, don't know if this applies.
How do I properly insert plain html into my DB (PDO using PHP?
How do I then request/display the stored html on other pages?
Thanks for your feedback

I solved it by including:
$emailaddress = $_SESSION["email_address"];
..
$html_content = '<div> Hello</div>';
...
$stmt = $db->prepare("UPDATE users SET htmlcontent=:hcontent WHERE email=:email");
$stmt->bindValue(":hcontent", $html_content);
$stmt->bindValue(":email", $emailaddress);
$stmt->execute();
in my PHP document. Thanks to Fred for the link which guided me in the right direction.

Categories