I have a delete function implemented on my website. A normal customer can delete his/her account and this updates a "delete" field from 0 to 1.
My table is called "users" and everything seem to work fine. However when I test the delete function I get the following error:
" You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'delete='1' WHERE email='active#user.com'' at line 1"
The code for my update query is shown below:
mysql_query("UPDATE users SET delete='1' WHERE email='$email'")or die(mysql_error());
Your help will be much appreciated.
DELETE is a MySQL reserved keyword. If you're going to name a column after that you must wrap it in ticks;
mysql_query("UPDATE users SET `delete`='1' WHERE email='$email'")or die(mysql_error());
You really shouldn't use DELETE as a column identifier. I strongly recommend changing it.
Related
I wanted to update a column in my database table, the update should just add a numeric value to the existing one.
But this time around, I'm writing the query with CodeIgniter Query builder, the issue is that when I run the script, CodeIgniter throws an Sql Exception below:
"message": "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '11:01:37\nWHERE `user_id` = '26'' at line 1"
As you can see, it added a new line character to the query string.
The PHP code below is the query in CodeIgniter
$userModel->set('reputations', 'reputations+10', false)
->where('user_id', $user_id)
->update();
One thing I noticed is that if I removed the false (the third parameter) which tells CodeIgniter not to escape the column name, there won't be any error, instead '0' will be updated at reputation column.
I don't know what the problem might be, I could have moved on by writing a custom query, but, I wanted to be sure that I'm not doing something wrong.
P.S: custom one will look like this:
UPDATE users
SET reputations = reputations + 10 WHERE user_id = $user_id
Note: in the above error message you might be wondering where the digits in the error came from i.e
'11:01:37 in '11:01:37\nWHERE user_id
It is the value of a column in my table which is also updating along side reputation column.
Thanks amigos.
Could it be your code editor generating the newline?
Anyways, one fast way to avoid the problem is to use codeigniter query method:
$userModel->query("UPDATE `users` SET `reputations` = reputations + 10 WHERE `user_id` = $user_id)
Not the cleanest solution but it makes sure it works! :)
Mattia
I wrote some code for my login and registration system.
In my registration system, I have included this code:
<?php
$sql3="UPDATE users SET
firstname='$firstname', lastname='$lastname',
password='$password',bio='$bio',
dob='$dob',gender='$gender'
?>
But of course, this just updates all rows in the users table.
But when I add:
<?php WHERE username=$username ?>
I will get an error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1.
Let me be clear, this is NOT an error question, I know what the problem is. I just want to know how to troubleshoot my code so that it doesnt update the whole table instead of just one users row. Thank you in advance.
Yes, they do work. The WHERE clause will actually help you to update specific row(s) otherwise, it will update all the rows of the table.
UPDATE TABLE_NAME SET COLUMN_NAME=<VALUE> WHERE COLUMN_NAME=<VALUE>;
So, putting identifier column like username in WHERE clause will avoid updating all rows.
Something like using prepared statement
UPDATE users
SET firstname=?, lastname=?,password=?,bio=?, dob=?, gender=?
where username=?
Okay, so I'm currently using mysqli_real_escape_string to escape my SQL queries before sending them to MySQL via PHP. Yet, for some reason my queries aren't processing, and when I outputted the MySQL query and pasted it in to PHPMyAdmin, it gave the following error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE ind={A$RTkAIqah0J1N$Fqymnud9s5PwnWw2wC.Y02oDo4H3W8QJPoJ$6$KK8UearuUCDH$FQg' at line 1
Now, the following is my query:
INSERT INTO `db`.table(`colheader`) VALUES ('{\"hey\":[\"Hello world\",\"7\\/9\\/2013\"]}') WHERE ind='$6$RTkAIqah0J1N$Fqymnud9s5PwnWw2wC.Y02oDo4H3W8QJPoJ$6$KK8UearuUCDH$FQgSnLHIlkBOtDTzu9AuZIZTr6GS4Rzr.iW11041994'
Now, I know that the string assigned to 'ind' has some issues, but I tried putting a slash before every period and every dollar sign and it still doesn't work. I tried putting the whole thing in double quotes, even brackets. Nothing. Could anyone point out what I'm clearly missing? I've looked at the documentation and can't seem to find anything. Thank you in advance!!
WHERE serves to filter which records will be affected or retrieved by your query, and INSERT servers to append a whole new record to a table.
An INSERT can never affect existing records, therefore its nonsense to have a WHERE clause. INSERT does not support WHERE.
If you are trying to edit the value of a field on an existing record, use UPDATE instead.
Take a look at the MySQL Reference Manual for details about its usage.
if your trying to make an update to the specified index use
UPDATE `db`.table SET `colheader` = '{\"hey\":[\"Hello world\",\"7\\/9\\/2013\"]}' WHERE ind='$6$RTkAIqah0J1N$Fqymnud9s5PwnWw2wC.Y02oDo4H3W8QJPoJ$6$KK8UearuUCDH$FQgSnLHIlkBOtDTzu9AuZIZTr6GS4Rzr.iW11041994'
I've a customer table i that table in one i need to store data of customer as a text a declare that in db that varchar(1500) while am trying to update that field i getting following erro
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's standard dummy text ever since the 1500s, when an unknown printer took a galle' at line 1"
field name is "comments1 varchar(1500);"
My query is
$sql="UPDATE customer SET comments1='".$comments1."' WHERE sno='$sno'";
how to solve it...
before your query add this code
$comments1=mysql_real_escape_string($comments1);
<----your query goes here--->
According to the error message:
...or the right syntax to use near 's standard dummy text ever since
error starts here ^
Probably you are inserting a value that has single quote (which breaks the sql statement causing syntax error) on it. This is an indicator that you have not sanitized the values before inserting it on the database. There are several ways to avoid from sql injection:
by using PDO
and the other one: MySQLi.
For more details, please browse on this link.
How to prevent SQL injection in PHP?
you can also use mysql_real_escape_string (but will soon be deprecated)
$var = mysql_real_escape_string($comments1);
$sql="UPDATE customer SET comments1='$var' WHERE sno='$sno'";
Your comment variable contains single quotes you need to escape them with addslashes function.
Try this
$sql="UPDATE customer SET comments1='".addslashes($comments1)."' WHERE sno='$sno'";
It seems your column name is comments not comments1. field name is "comments varchar(1500);" so change
$sql="UPDATE customer SET comments1='".$comments1."' WHERE sno='$sno'";
to
$sql="UPDATE customer SET comments='".$comments1."' WHERE sno='$sno'";
Better try to use this function mysql_real_escape_string()
I'm running this code in PHP:
mysql_query("SET #update_id:=NULL");
echo mysql_error();
And this is what I get:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '' at line 1
Also this same code runs perfectly in PHPMyAdmin. What am I doing wrong?
Additional information. I'm trying to write a query described here:
How to get ID of the last updated row in MySQL?
But the problem right now is that I even can't run a simple query to create variable.
P.S. Ok, now it seems that it desn't work because of some previous queries that are not related to this one. If i move this query to the top of the php file it works. Also if I try to make this:
mysql_query("SET #update_id:=NULL; SELECT #update_id;");
It fails with syntax error. But this works fine:
mysql_query("SET #update_id:=NULL;");
mysql_query("SELECT #update_id;");
Does somebody knows what am I missing here?
Why can't I run two commands in one query and why they're the separate queries are related to each other?
mysql_query("UPDATE your_table SET update_id=NULL");
Check this it may be helpful
SELECT #update_id IN("SET #update_id:=NULL");