Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Im trying to update a table in MySQL database, but the data cannot be updated.
the value for $id is 2 and $status is empty.
echo $id;
echo $status;
$sql="UPDATE maklumat_tempahan
SET
status = '$status',
WHERE id_tempahan = '$id' ";
mysql_select_db('psmbaru');
$retval = mysql_query( $sql, $conn );
?>
<?php if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Permohonan Anda Dalam Proses\n";
mysql_close($conn);}?>
This is the error that came out
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id_tempahan = '2'' at line 7
remove , after $status
$sql="UPDATE maklumat_tempahan
SET
status = '$status'
WHERE id_tempahan = '$id' ";
Yes, remove comma after => status = '$status',
and are you sure not to add mysql_real_escape_string() for your input brother?
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
I'm trying to insert form value data to Oracle database But I get this error ... please help ... ?
if(isset($_POST['submit'])){
$id = $_POST['id'];
$username = $_POST['username'];
$password = $_POST['password'];
$nameen = $_POST['nameen'];
$namear = $_POST['namear'];
echo $sql = "INSERT INTO TESTTABLE (ID,USERNAME,PASSWORD,NAMEEN,NAMEEN) VALUES (:id,:username,:password,:nameen,:namear)";
$compiled = oci_parse($conn, $sql);
oci_bind_by_name($compiled, ':id', $id);
oci_bind_by_name($compiled, ':username', $username);
oci_bind_by_name($compiled, ':password', $password);
oci_bind_by_name($compiled, ':nameen', $nameen);
oci_bind_by_name($compiled, ':namear', $namear);
oci_execute($compiled);
if (! oci_execute($compiled)) {
var_dump(oci_error());
} }
You have twice the same field, called « NAMEEN », in your INSERT statement :
INSERT INTO TESTTABLE
(ID,USERNAME,PASSWORD,NAMEEN,NAMEEN) VALUES ...
You want :
INSERT INTO TESTTABLE
(ID,USERNAME,PASSWORD,NAMEEN,NAMEAR) VALUES ...
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am getting an error in select query line. Here it is:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE),
expecting identifier (T_STRING) or variable (T_VARIABLE) or number
(T_NUM_STRING
And the code:
<?php
include('dbconnection.php');
$sql = "select * from 'user' where id ='.$_REQUEST['id'].' ";
$result = mysql_query( $sql);
if(!$result )
{
die('Could not enter data: ' . mysql_error());
}
$sql="select * from `user` where id ='".$_REQUEST['id']."' ";
This will solves your problem But look mysqli_query to limit your SQL-injection vulnerability.
Replace query:
$sql="select * from 'user' where id ='.$_REQUEST['id'].' ";
with:
$sql="select * from `user` where id =".$_REQUEST['id']."";
You can try this:
$id = (int) $_REQUEST['id']; // interger value
$sql = "select * from `user` where id = '$id' ";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
hi i am getting this error though i tried to change the new to i am stil getting this problem can anyone tell me what should i do. I have completely changed the page also database but still same error.
error>
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''calendar_admin' WHERE teacher_id='ipcst123' and password='a141c47927929bc2d1fb6'
at line 1
my code >
<?php
$username=$_POST['teacherId'];
$password=$_POST['password'];
$password=md5($password);
try {
$bdd = new PDO('mysql:host=localhost;dbname=XXX', 'XXX', 'XXX');
} catch(Exception $e) {
exit('Unable to connect to database.');
}
$query ="SELECT * FROM 'calendar_admin' WHERE teacher_id="."'".$username."' and password="."'".$password."' ";
$resultat = $bdd->query($query) or die(print_r($bdd->errorInfo()));
$res = $resultat->fetchAll(PDO::FETCH_ASSOC);
foreach($res as $result){
$pass=md5($password);
$user=$result["teacher_id"];
if ($pass==$result["password"]&& $username == $user ){
echo "login Success";
session_start();
$_SESSION['teacher_id'] = $username;
header('Location:/addEvents.php');
}else{
header('Location:/login.php');
//echo "Incorrect Password";
}
}
You should use backticks instead of single quotes :
$query ="SELECT * FROM `calendar_admin` WHERE teacher_id='".$username."' and `password`='".$password."' ";
or just remove them
$query ="SELECT * FROM calendar_admin WHERE teacher_id='".$username."' and `password`='".$password."' ";
And since you use PDO, you should bind parameters, but not concatenate them into the query:
$query ="SELECT * FROM calendar_admin WHERE teacher_id= :teacher and `password`= :password ";
$sth = $bdd->prepare($query);
$sth->bindParam(':teacher',$username);
$sth->bindParam(':password',$password);
$sth->execute();
$res = $sth->fetchAll(PDO::FETCH_ASSOC);
Around column and table names has to be backticks, not single quotes. O rnothing if the names aren't from reserved words (or spaces, or hyphens, or anything else that MySQL will scream about, #Fred -ii- in comments below):
`calendar_admin`
The full query:
$query ="SELECT *
FROM `calendar_admin`
WHERE teacher_id = '" . $username . "' AND
password = '" . $password . "'";
Don't forget to escape data from user inputs.
$query = "
SELECT *
FROM calendar_admin
WHERE teacher_id = '$username'
AND password = '$password';
";
Next, take a look at prepared statements
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Well please help to correct syntax fo the following code. I have to select 2 values from one table and insert them in another table. one value is taking from PHP variable.this all needs to be done using Opencart model file
$this->db->query("UPDATE " . DB_PREFIX . "rate_cost SET rate_cost = " . $this->db->escape($data['rate_cost']) );
$sql = "SELECT DISTINCT competition_rate, customer_id FROM " . DB_PREFIX . "customer WHERE competition_rate NOT LIKE 0";
$query = $this->db->query($sql);
$rates = array();
$customer_ids = array();
foreach($query->row['competition_rate'] as $result){
$rates[] = $result * $data['name'];
}
foreach($query->row['customer_id'] as $result2){
$customer_ids[] = $result2;
}
$sums = $rates;
$ids = $customer_ids;;
$sql = ("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES'".$ids.",".$sums"'");
}
I am getting the folowing error:
Parse error: syntax error, unexpected '"'"' (T_CONSTANT_ENCAPSED_STRING) in C:\xampp\htdocs\sport\admin\model\competition\newsletter.php on line 18
You have some syntax errors in your $sql query, the correct syntax for INSERT query is
INSERT INTO table (columns) VALUES ('values');
So youre missing paranthesis for your values and you dind't surround correctly with quotes. So change as follow
VALUES ('".$ids."','".$sums"')");
So the complete query will look like that
("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES ('".$ids."','".$sums"')");
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I am novice to php-mysql ...please help me to rectify the syntax error
the error is:
Parse error: syntax error, unexpected T_VARIABLE in /home/u831097172/public_html/php/update.php on line 13
line 13:
UPDATE $tbl_name SET password= '$password' WHERE email='$email';
maybe you mean something like
$query = "UPDATE $tbl_name SET password = '$password' WHERE email='$email'";
remeber to add slashes to your $password and $email variable to avoid sql-injection
I think you should learn directly with statements:
$mysqliConnection = new mysqli($SERVER, $USER, $PW, $TABLE);
$stmt = mysqliConnection->prepare("UPDATE ? SET password = ? WHERE email = ?");
$stmt->bind_param("sss", $tbl_name, $password, $email);
$stmt->execute();
Here's the doc :) http://es1.php.net/manual/en/mysqli.prepare.php
Are the variables filled?
Maybe its better you make
$query = "UPDATE " . $tbl_name . " SET password='" . $password . "'
WHERE email='" . $email . "'";
And then you can check simple if you print the String out. There you can see if your variables are filled:
print_r($query);
You have your variable $tbl_name not in quotes $tbl_name has to be '$tbl_name'