I am getting an error on attempting to insert/update single field with multiple entries.
Here is database scheme:
id INT(8) NOT NULL auto_increment,
name VARCHAR(64),
hobby VARCHAR(500)
HostServer Php version is 5
Here is what my form code is :-
<form method=post>
<label>name</label>
<input type=text name=name>
<label>hobby</label>
<select name="hobby[]" multiple="multiple">
<option value=1>gardening
<option value=2>Music
<option value=3>Movies
<option value=4>Games
</select>
</form>
Now for processing the multiple values am using following php code :-
foreach($_POST['hobby'] as $key => $value){
$_POST['hobby'][$key] = mysql_real_escape_string($value);}
$hobby = $_POST['hobby'];
$hobby = "('" . implode("'),('" , $hobby). "')";
$sql = mysql_query("UPDATE `users` SET name='".$name."',hobby='".$hobby."'");
But am getting the following error on output :-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2'),('3')' on line....
I know this is the entries related to hobby field but am unable to find an way to
correct it. Any help will be appreciated.
try to help your self
change this line
$sql = mysql_query("UPDATE `users` SET name='".$name."',hobby='".$hobby."'");
for debugging into
$query = "UPDATE `users` SET name='".$name."',hobby='".$hobby."'";
echo $query;
die;
after this you can see that your query isn't valid. check out the error and fix your implode
The Database schema looks a little strange but the only reason this isn't working is you need to escape the single quotes that you want to be entered into the database. This is done with a preceding '\'
$hobby = "(\'" . implode("\'),(\'" , $hobby). "\')";
There are other issues to consider though, for one this statement will update every record in the database because you haven't specified a where clause.
you also are not passing the content of the name field to to the SQL statement. you should chnage:
$name to $_POST['name']
Related
I am trying to update a field when particular function is called but its value is not getting updated in db . And also no errors showing up . Field type is text .
I tried by adding new field to table and then updated that field in my query and it worked fine, but after some time same issue with new field .
$con=mysqli_connect("localhost","username","password","dbname");
mysqli_query($con,"UPDATE sales_flat_quote SET extra_params = 'aaa',new_params = 'bbb' WHERE entity_id = 362214") or die(mysqli_error($con));
Above query was working earlier but later it doesn't update the value in database and if you run query directly on phpmyadmin it works fine .
Any Ideas ?
There's an error in your syntax, you forgot to close the double quote:
mysqli_query($con,"UPDATE sales_flat_quote SET extra_params = 'aaa',new_params = 'bbb' WHERE entity_id = 362214") or die(mysqli_error($con));
This should work. Syntax coloring is your friend ;)
I'm not a newbie to PHP but I have encountered a [seemingly] simple problem which I cannot figure out how to resolve.
MySQL throws error that the syntax is wrong.
My Statement is this:
if($value){
$query = "UPDATE ".$preuploads." SET words = '$words_amount' WHERE id= $sn_id";
$db->sql_query( $query ) or die( mysql_error() );
}
And then $words_amount is an integer, $sn_id is also an integer. They are double checked.
The statement when printed before execution is as follows:
UPDATE SET uploads words = '250' WHERE id= 8081
// edited, with the name of table added since the problem primarily was
// with the encapsulation and the name of table just was dropped in this question
// and not in the app
however words value ('250') is tested with integer data-type as well, but no change occurs and the error lingers on.
And the error thrown is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET words = '250' WHERE id= 8081' at line 1
If I understand your question (and preuploads is a table), then
$query = "UPDATE ".$preuploads." SET words = '$words_amount' WHERE id= $sn_id";
should be
$query = "UPDATE ".$preuploads." SET words = '".$words_amount."' WHERE id=".$sn_id;
Or, even better prepare and use bind_param,
$stmt = $mysqli->prepare("UPDATE ? SET words=? WHERE id=?");
$stmt->bind_param($preuploads, $words_amount, $snd_id);
$stmt->execute();
check your string ($words_amount) has any single quotes ' if it is then remove it by using this option on php $words_amount=string_replace("'","/'",$your_string_variable);
I have found two errors:
First, not encapsulation of the data should occur, thus:
$words_count should be left as is, not to be encapsulated with '
And the table and fields name should be encapsulated with backtick
I think your having problem with name of table. The syntax for update query is
UPDATE table_name SET words = '250' WHERE id= 8081
I am trying to insert data into Mysql table, but it is giving me an error as-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Scoretab VALUES ('UX 345','22','0.8562675')' at line 1
This is the php-mysql snippet that im using :
if($value >= 0.70){
$mu_id = $ros['c_id'];
$moc_id = $ram['t_id'];
$query="INSERT INTO Scoretab VALUES ('$mu_id','$moc_id','$value')";
$op1 = mysql_query($query) or die(mysql_error());
}
This is my table structure:
CREATE TABLE IF NOT EXISTS `Scoretab` (
`mu_id` varchar(10) NOT NULL,
`moc_id` int(5) NOT NULL,
`score` decimal(5,4) NOT NULL,
UNIQUE KEY `mu_id` (`mu_id`)
)
There could potentially be a few problems with this query
$query="INSERT INTO Scoretab VALUES ('$mu_id','$moc_id','$value')";
Does the number of columns match the fields your trying to insert? Have you tried using using specific column identifier Scoretab (col,col,col) values (val, val, val)
Does any of your values contain an unescaped apostrophe? You might want to consider using mysql_real_escape_string for $mu_id and intval for $moc_id maybe!
$value is a float you don't need to ad apostrophes while inserting
Are you sure you are connected to the same database you have this table in?
this could be a possible working solution (edit)
if ($value >= 0.70)
{
$mu_id = mysql_real_escape_string($ros['c_id']);
$moc_id = intval($ram['t_id']);
$query = "INSERT INTO `Scoretab` VALUES ('$mu_id', $moc_id, $value)";
$op1 = mysql_query($query) or die(mysql_error());
}
try this
$query="INSERT INTO Scoretab (mu_id,moc_id,score) VALUES ('$mu_id','$moc_id','$value')";
The error seems to be before the table name Scoretab. Did you check your syntax carefully?
Sometimes we don't see what's right in front of our eyes! :D
Just replicated the example and everything worked for me.
So I have this,
<?php
require "database.php";
$to=$_GET['toF'];
$content=$_POST['message_contentl'];
$from=$_GET['fromF'];
$ck_reciever = "SELECT Username FROM accounts WHERE username = '".$to."'";
if( mysql_num_rows( mysql_query( $ck_reciever ) ) == 0 ){
die("The user you are trying to contact don't exist. Please go back and try again.<br>
<form name=\"back\" action=\"Send_FR.php\" method=\"post\">
<input type=\"submit\" value=\"Try Again\">
</form>
");
}else{
$a1 = $_POST['message_contentl'];
$a2 = $_GET['fromF'];
$a3 = $_GET['toF'];
mysql_query("INSERT INTO Friends (fr_message, From, To) VALUES ('$a1', '$a2', '$a3')"); OR die("Could not send the message: <br>".mysql_error());
echo "The Friend Request Was Successfully Sent!";
?>
But it doesn't work.
All it does is give me this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'From, To) VALUES ('', 'Extro', 'Syncro')' at line 1
Help, please?
from and to are reserved words in SQL, in MySQL you can use reserved words as column or table names by wrapping them in backticks, but I'd strongly advise against the use of reserved word as column names, it's horribly confusing. Small example ex absurdo:
select `select`, `from` from `where` where `like` like 'like';
Yeah, the engine eats it, but you'll admit it could be more readable :-)
FROM is a reserved SQL keyword - if you have a column or a table with that name, you will have to back-quote (`) it.
I've looked around on stackoverflow for a similar question, but haven't found exactly what I was looking for, so here goes. In phpMyAdmin you can have multiple queries in one statement and it executes it for you, eg:'
UPDATE `test` WHERE `test2` = 4;
UPDATE `test` WHERE `test4` = 8;
UPDATE `test` WHERE `test8` = 1;
Now if I try to do something like that in PHP, it doesn't work at all. eg:
$test = 'UPDATE `test` SET `value` = "123" WHERE `test2` = 4;
UPDATE `test` SET `value` = "321" WHERE `test4` = 8;
UPDATE `test` SET `value` = "533" WHERE `test8` = 1;';
mysql_query($test);
Gives and error:
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near '; UPDATE
test SET value = "123" WHERE test2
= 4; UPDATE test SE' at line 1
Is it even possible to combine, say, multiple queries like above, in one statement? I want to do this in the following situation: (The logic behind this is probably very bad, but I don't have much MySQL experience, so please let me know if there's a better way to do it)
The following loops over a couple of times:
function SaveConfig($name, $value)
{
global $sql_save_query;
$sql = 'SELECT * FROM `config` WHERE `name` = "'.$name.'"';
$res = mysql_query($sql);
if($res)
{
$sql_save_query .= 'UPDATE `config` SET value = "'.$value.'" WHERE `name` = "' .$name. '"; '."\n";
}
else
{
$sql_save_query .= 'INSERT INTO `config`(`id`,`name`,`value`) VALUES("","' .$name. '","' .$value. '"); '."\n";
}
}
Then after the loop finishes it runs:
mysql_query($sql_save_query);
Which gives an error:
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near '; UPDATE
config SET value = "" WHERE name =
"fcolour2"; UPDATE config SE' at
line 1
Now my other option (in my mind) is to just execute an SQL query after each loop, one query at a time. But wouldn't that be bad/slow/bad practice?
the php API forbids you to issue multiple queries in a single call to reduce the chance of an SQL injection attack to your code (think of what would happen if I passed '; UPDATE users SET admin=1 WHERE username='hacker' to your login script as username). You need to either execute multiple statements, or wrap the logic of your statements into a single statement (which is not possible in your case).
It's not possible to execute multiple queries using mysql_query.
You can perform multiple inserts at once using this syntax:
INSERT INTO table (col1, col2) VALUES (0, 1), (2, 3), (4, 5); -- Insert 3 rows
In general less queries = better but for updates you just have to do them.
The loop you have in your example is indicative of an architectural problem.
If you are dealing with an existing record, pass the primary key - then you don't need the select at all - you can just run an update statement.
If you are dealing with a new record, pass no key - then you know to run an insert statement.
probably you can use INSERT ... ON DUPLICATE KEY UPDATE
INSERT INTO table (a,b,c) VALUES (1,2,3)
ON DUPLICATE KEY UPDATE c=c+1;
Some other useful links
http://dev.mysql.com/doc/refman/5.0/en/replace.html
http://www.mysqlperformanceblog.com/2007/01/18/insert-on-duplicate-key-update-and-replace-into/
$sqls = explode(";",$test);
foreach ($sqls as $key=>$sql) {
if (strlen(trim($sql))>0) {
mysql_query(trim($sql));
}
}