I am getting an error when other same page is working good but another gives an error on same query code.
Here is my code what is wrong with this?
$ttt = mysql_query("SELECT * FROM like WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like WHERE (user_id='' AND sound_id='')' at line 1
like is an SQL reserved word and you should use "like" inside backticks ``
$ttt = mysql_query("SELECT * FROM `like` WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
like
Is a reserved word and cannot be used as a tablename the way you try to. Either try setting it into backticks or rename the table.
like is a reserved keyword use backtick for it
`like`
https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Usage of LIKE in mysql
select * from table where username like '%aaa';
select * from table where username like '%aaa%';
select * from table where username like 'aaa%';
etc
As a rule you shouldn't use reserved words, but if you must, and for the purpose of this question, put brackets around it.
$ttt = mysql_query
("SELECT *
FROM [like]
WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
Like is reserved word. Better to change your table name or surrounded with back tick like this like
Try this.
$ttt = mysql_query("SELECT * FROM like_table WHERE user_id=$user_id AND sound_id=$sound_id",$link) or die(mysql_error());
Related
I am new to php and mysql and i am using delete query with CONCAT function, but it is showing some error.
My sql query is
$sql = "delete from wp_users_friends where userid ='$username'
and frid LIKE CONCAT('%',$frUserID)";
And the error is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
I am having a lot of trouble in this, try to help me
Correct it to:
$sql = "delete from wp_users_friends where userid ='$username'
and frid LIKE '%$frUserID'";
MySQL CONCAT() function is made for concatenating the strings to make them a single string. Which is not required here.
If you want to find ids which start with $frUserID, use like keywords with wild card operator % in the beginning.
This operator % will search for all rows which have frid starting from $frUserID.
Make your query as below:
$sql = "DELETE FROM wp_users_friends WHERE userid ='$username' AND frid LIKE '%".$frUserID."'";
You should not use CONCAT() for a LIKE expression, use a query like one of the other answers instead.
Just wanted to add, you should use single quotes (') for the variable you pass into CONCAT().
So instead of doing this :
$someSql = "CONCAT('%',$frUserID)";
You should do :
$sql = "CONCAT('%','$frUserID')";
Notice the single quotes around $frUserId.
My query:
$result = mysql_query("SELECT * FROM members WHERE email=$email")
or die(mysql_error());
In this case $email is filled with "info#frankkluytmans.nl". The error I get when this query gets executed is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#frankkluytmans.nl' at line 1
What am I doing wrong?
A couple things..
Don't use mysql_* functions, they're deprecated!
Sanitize the input. In your example, you should quote $email because it's a literal.
$result = mysql_query("SELECT * FROM members WHERE email='$email'")
quote it.
Also, the regular PHP mysql functions will be deprecated as of PHP 5.5.
Take a look at mysqli, pdo.
You need to put single quotes around $email
$result = mysql_query("SELECT * FROM members WHERE email='$email'")
for frankkluytmans.nl conflict with syntax for mysql query i.e tablename.columnname
$result = mysql_query("SELECT * FROM members WHERE email='".$email."'")
You need to put quotes around the email variable.
$result = mysql_query("SELECT * FROM members WHERE email='$email'")
or die(mysql_error());
You should know however, that the "mysql_" range of PHP functions are soon going to be deprecated and should be replaced with the mysqli API. A quick sample showing how to use it can be found at: http://www.php.net/manual/en/mysqli.query.php#refsect1-mysqli.query-examples
Try something like:
$result = mysql_query("SELECT * FROM members WHERE email='".$email."'")
or die(mysql_error());
You need to have quotes around the variable and its good practice to not have variables inside your string.
You might want to check out alternatives to MySQL_ though as its now deprecated. Try mysqli.
Please change your query.
$result = mysqli_query("SELECT * FROM members WHERE email='".$email"'");
This question already has answers here:
How can I write SQL for a table that shares the same name as a protected keyword in MySql? [duplicate]
(3 answers)
Closed 9 years ago.
I'm getting this error displayed on my screen I have been trying to debug.
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to = 'testname'' at line 1"
my function im using for this is as follows:
function recentMessages() {
$tbl_name="messages";
$username = $_SESSION['username'];
$result = mysql_query("SELECT * FROM $tbl_name WHERE to = '$username' ") or die(mysql_error());
while ($row = mysql_fetch_row($result))
{
return $row['date']." ".$row['time']." ".$row['from']." ".$row['subject']. "<br />";
}
}
Basically what im trying to do is to get all the rows of data from the database messages where who its 'to' is the username of the session and its echo'd out. Any ideas on what im doing wrong? thanks
to is a reserved word. Encase it in tick marks.
... WHERE `to` = '$username'
See the MySQL reserved words.
You should avoid using reserved words if possible.
The to is a reserved word. Try this:
$result = mysql_query("SELECT * FROM $tbl_name WHERE `to` = '$username' ")
or die(mysql_error());
In general try to avoid small words like to, between, from ... e.t.c. just to prevent this kind of issues. A better solution is to have a field name like : "receiver" or "message_to" or something similar
TO is Reserved Words in MySQL. Use backticks to Separates that.
SELECT * FROM $tbl_name WHERE `to` = '$username'
to is a reserved word I believe. Try changing to to [to]
Edit: Wasn't sure entirely. I put it in SQL Server and saw that TO was a reserved word.
Hello guys and girls im trying to a sql update but think i forgot a ' or a "
im getting this error messege
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Brock'='1'WHERE username = 'admin'' at line 1
The fault lies with in this bit of code if i take the code out the page loads witht he rest of the scripts on it. But need it two do the update.
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Were am i going wrong ?
You miss a space between the '1' and the WHERE if I am not mistaken. And you should use backticks (`) when you want to escape a column name
So your code becomes:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
Note the ` instead of the ' around the column name (right after the SET).
Further possible improvements:
In case the column is of type INT, you can replace the '1' by 1 (without the ')
You should never directly use the $_SESSION,$_POST,$_GET or other values which can be altered by users in your queries. Do a Google search on SQL injection for more information
UPDATE user SET field = '1' WHERE ...
instead of
UPDATE user SET 'field' = '1' WHERE ...
and if your field is of type int, you might use
UPDATE user SET field = 1 WHERE
If you want to escape your fieldname, use
`field`
in backticks `
Besides the fact that this looks like a bad idea to code like this, assuming you have a column named Brock then you should use this types of quotes instead:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Notice I replaced your ' with `
$sql="SELECT * FROM 'image_upload' where uid='$uid' ";
I have written this query and it is showing me error :-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''image_upload' where uid=''' at line 1
Can you please rectify it..
This will work:
$sql = "SELECT * FROM `image_upload` where uid='$uid' ";
Use backticks for table names:
SELECT * FROM `image_upload` ...
You should be using backticks (`) rather than single quotes ('). In fact, you shouldn't be using either in this case since it's not required:
$sql = "SELECT * FROM image_upload where uid='$uid'";
The backticks are only required if your table name has funny characters in it that would otherwise annoy the SQL parser (like a space for example).
And make sure that your uid column is a textual one (like char or varchar) - otherwise you should not be surrounding $uid with the single quotes.
$sql="SELECT * FROM image_upload where uid='$uid' ";
Can you remove the single quotes, and try again?
SELECT * FROM image_upload where uid='$uid'
try this:
$sql="SELECT * FROM image_upload where uid='".$uid."'";
$sql="SELECT * FROM `image_upload` where uid='$uid' ";
You've been rectified ;)
You need to protect against SQL injections. Please see this thread.
Remove single quotes in image_upload
Before Query
echo $uid;
then u ll know the answer