I am using this database class for my project: GitHub.
When trying to execute a SHOW query to determine whether a table exists or not I receive this error:
Fatal error: Problem preparing query (SHOW TABLES LIKE users) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'users' at line 1 in mysqli.php on line 679
The query looks like this:
$result = $DATABASE->rawQuery("SHOW TABLES LIKE " . $TABLE);
$TABLE is obviously filled with a string, I double checked that.
Any idea what could be wrong?
You probably missed the quotes:
$result = $DATABASE->rawQuery("SHOW TABLES LIKE '" . $TABLE . "'");
The like statement it's value is wrong.
You should use:
BAD
$result = $DATABASE->rawQuery("SHOW TABLES LIKE 'value here' ");
Good
$result = $DATABASE->rawQuery("SHOW TABLES LIKE ? ");
$DATABASE->addParam($table);
I think you allso want to add % in front and after your $table :)
Related
I am trying to do a simple insert into my MySQL database, but I get this syntax error:
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'Combined Authority - ICT Service Desk Technician (WYCA 53) ' at line 2
Why?
Query:
$conn->exec("INSERT INTO jobs (jobname, category, contract, link)
SELECT * FROM (" . $name[$i] . "," . $category[$i] . "," . $contract[$i]
. "," . $link[$i] . ") AS tmp
WHERE NOT EXISTS (
SELECT link FROM jobs WHERE link = '" . " " . $link[$i] . ") LIMIT 1;");
$sql printed:
INSERT INTO jobs (jobname, category, contract, link) SELECT * FROM ( West
Yorkshire Combined Authority - ICT Service Desk Technician (WYCA 53)
Details ,' Other ',' Other
','https://bradford.engageats.co.uk/ViewVacancyV2.aspx?
enc=mEgrBL4XQK0+ld8aNkwYmF3VpPuSfX9mpz94c96U/BBgu1IZbwnQ0d+smFL6YrlPhdWkSGi559WmVou+xCXKsYHbHKP0EyHRCwf+vYTu8aYRJbtJgz78Wm2KQgu+LktushGT2Rg0PHjiRMA2Xyn4gw==') AS tmp WHERE NOT EXISTS ( SELECT link FROM jobs WHERE link ='https://bradford.engageats.co.uk/ViewVacancyV2.aspx?enc=mEgrBL4XQK0+ld8aNkwYmF3VpPuSfX9mpz94c96U/BBgu1IZbwnQ0d+smFL6YrlPhdWkSGi559WmVou+xCXKsYHbHKP0EyHRCwf+vYTu8aYRJbtJgz78Wm2KQgu+LktushGT2Rg0PHjiRMA2Xyn4gw==') LIMIT 1;
Apologies for the poor formatting above. Please copy and paste it into a text editor to view it better.
EDIT:
Strangely, this query works with dummy values, but it's still not working for arrays
INSERT INTO jobs (jobname, category, contract, link)
SELECT * FROM (SELECT 'Test', 'Test2',
'Test3','https://bradford.engageats.co.uk/ViewVacancyV2.aspx?
enc=mEgrBL4XQK0+ld8aNkwYmEUlxXraCLcDtY5P6rS92ks+pMDnlWa9QO6M/Df/HLticzgbgVWV
YayJj+zNDXalJnejkDY/4/gH0pIF9KyvMFXjn0u0quGSUzf4M/Gh0wF0MqIRgwLERFf+xXj6lw4s
tQ==') AS tmp
WHERE NOT EXISTS (
SELECT link FROM jobs WHERE link = 'https://bradford.engageats.co.uk/ViewVacancyV2.aspx?enc=mEgrBL4XQK0+ld8aNkwYmEUlxXraCLcDtY5P6rS92ks+pMDnlWa9QO6M/Df/HLticzgbgVWVYayJj+zNDXalJnejkDY/4/gH0pIF9KyvMFXjn0u0quGSUzf4M/Gh0wF0MqIRgwLERFf+xXj6lw4stQ=='
) LIMIT 1;
try this select query and do same with other variables :
SELECT * FROM ("'".$name[$i]."','".$category[$i]."', '".$contract[$i] ."', '". $link[$i] ."'") AS tmp
I can spot three different problems:
First of all, you are inventing your own SQL syntax and the server is not amused. You cannot SELECT * FROM (anything you want). You can only select from tables, views or subqueries.
Secondly, when you type e.g. foo in SQL the database engine needs a way to figure out if you mean a table or column or you mean literal word. The method used is single quotes:
SELECT foo AS this_is_a_column, 'foo' AS this_is_a_value
FROM bar
You can find more details at What is the difference between an identifier and a literal?
Last but not least, your overall use of the PDO extension is wrong. PDO provides a way to separate code and data but you are not using it. Rather than this:
$conn->exec("SELECT link FROM jobs WHERE link = '" . " " . $link[$i] . ") LIMIT 1;");
... you should be doing something like this:
$stmt = $conn->prepared("SELECT link FROM jobs WHERE link=? LIMIT 1");
$stmt->execute($stmt, array($link[$i]));
Use Quotes for string litterals
backticks for columns and tables names.
For more reference Check: http://php.net/manual/en/pdo.errorinfo.php
I have a two MySQL queries I'd like to combine, it works when I enter them directly to phpmyadmin.
I get those queries like this:
$sqlCombine = $sqlStart.";".$sqlStartBefore;
$conn->query($sqlCombine);
echo $sqlCombine;
echo gives the following:
UPDATE rn_slots_availability SET slot_avail_noclean = slot_avail_noclean -1 WHERE hotel_id = '5' AND room_type_id = '6' AND slot_date = '2014-09-05';UPDATE rn_slots_availability SET slot_avail_clean = slot_avail_clean -1 WHERE hotel_id = '5' AND room_type_id = '6' AND slot_date = '2014-09-06'
copy/paste to phpmyadmin works like a charm, executing directly does not, gives the following error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE rn_slots_availability SET slot_avail_clean = slot_avail_clean -1 WHERE ho' at line 1
That is the second query, but I don't see why?
Your current configuration doesn't support multiquery for some reason. If you don't care about the way you are executing them, just do the queries one at a time like this:
$conn->query($sqlStart);
$conn->query($sqlStartBefore);
Error should be gone.
can't figure out what's the problem with this code
keep getting error on
Notice: Undefined index: userID in C:\wamp\www\myProject\editProfile\edit_save.php on line 10
and
Could not run query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(UserID, matrix_num,student ,username ,town ,email , txtFavorite,noDate,txtMobil' at line 1
if($_GET) {
$noEdit = $_POST[''];
//"SELECT *FROM "
$sql = "SELECT * FROM tblmyprofile where student='$name', username='$username', matrix_num='$matric', town='$town' and mail='$email'";
$query = mysql_query($sql, $masuk,$boleh) or die ("Gagal query".mysql_error());
$data = mysql_fetch_array($query);
}
The comma operator is invalid in the WHERE clause.
It looks like you wanted logical AND or OR operators. A query of the form something like this:
SELECT t.*
FROM tblmyprofile t
WHERE t.student = 'fee'
AND t.username = 'fi'
AND t.matrix_num = 'fo'
AND t.town = 'fum'
AND t.mail = 'foo'
But that's a very odd construct for a SQL query; there's nothing invalid with it. But usually, with SELECT, we're usually intending to retrieve rows based on a few predicates, and then getting the values from the row back.
For debugging issues with SQL queries, it's often a good idea to string together the SQL text you intend to send to the database, and then echo (or printf or vardump) the string, e.g.
$sql = "SELECT col, expr, col FROM mytable WHERE col = 'abc'";
echo $sql;
Then, reference $sql in the call to parse and execute a SQL statement.
I believe part of the issue you are encountering may be the construction of the string containing the SQL text. Some languages are persnickety about including variables and quotes within string literals.
e.g.
$sql = " WHERE t.fee = '" . mysql_real_escape_string($foo) . "'"
. " AND t.fi = '" . mysql_real_escape_string($bar) . "'"
. ... ;
Again, after you put together the SQL text, echo it out for debugging, and verify that it's the string you intend to send to the database.
Also note that the mysql_ interface is deprecated. New development should be using mysqli_ or PDO. Also note that including any unsafe variables in SQL text can lead to SQL injection vulnerabilities. Either "escape" special characters in variables you include in the SQL text, or better, use prepared statements with bind parameters, to avoid SQL injection.
What exactly is the correct syntax for adding PHP variables to a MySQL string?
This is my query:
"SELECT cd.SectionID, cd.CompanyName, cd.ShowOnSite, cd.LiveDate, cd.EndDate, cds.SiteID, s.SiteName
FROM CompanyDirectory cd
LEFT JOIN CompanyDirectorySections cds ON cd.SectionID = cds.SectionID
LEFT JOIN Sites s ON cds.SiteID = s.SiteID
WHERE s.SiteID = " . $id . " AND cd.ShowOnSite = 'y'
ORDER BY cd.EndDate DESC"
But it throws the following:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND cd.ShowOnSite = 'y' ORDER BY cd.EndDate DESC' at line 5
I have also tried WHERE s.SiteID = $id and WHERE s.SiteID = '" . $id . "' but to no avail. The former gives a blank screen, and the latter gives the aforementioned error. The variable is an integer.
I have tried the query in phpMyAdmin and it works perfectly, substituting the variable for an actual ID.
Note: if it's important, $id has been received from a form via $id = $_POST['id']; before the query, and then stripped and escaped.
Thanks.
If MySQL is saying there is an error near "AND cd.ShowOnSite = 'y'", this normally means there's an issue with whatever comes before it - in this case, the $id.
Can you print out the query in your PHP file? This may show you that $id is in fact blank, which would make the query look like "WHERE s.SiteID = AND cd.ShowOnSite = 'y'".
If it's blank, there's obviously something wrong with the $id value which you will need to sort out before your MySQL code.
This is the code giving me issue - I'm trying to update multiple records with one insert. The values are put in an array and using a foreach I've prepared the mysqli update. But it's not working. Just gives a MySqli error about the syntax on the update.
foreach($users as $user){
if(empty($course)) continue;
$query_string .= " SET group_id='$group_id' WHERE user_id='".$user."'; ";
}
$query_string = substr($query_string,0,-1);
$query = "UPDATE users" . $query_string;
$result = mysqli_query($dbc, $query) or trigger_error("Query: $query");
The error it gives is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET group_id='10' WHERE user_id='5''. I think it's the ';' in the middle that mysqli isn't accepting.
Assuming you've got more than one user, your query will look like
UPDATE users SET ... SET ... SET ... SET ...
which is incorrect. You cannot do updates to multiple rows in this fashion. Either do multiple queries, each updating one student, or you'll have to build a huge case/if block to do this in a single query.
You'd be better off doing the multiple queries, as you'll probably spend more time BUILDING the monolithic query than it'd take to run the individual updates.
How about WHERE...IN
UPDATE foo SET bar = 0 WHERE baz IN (1,2,3,4,5,6)
(presuming that you are setting them all to the same group ID, which is not clear in the context provided)
try this code:
<?php
$queries = array();
foreach($users as $user){
if(empty($course)) continue;
$queries[] = "update users set group_id = '" . mysql_real_escape_string($group_id) . "' where user_id = '" . mysql_real_escape_string($user) . "'";
}
array_map('mysql_query', $queries);
?>
Your problem is that you don't separate the different users with ;. Since you're updating all users to have the same group (I'm not sure this is the case, otherwise it will get much more complex) you can simply expand the criteria with OR. Your resulting query would look something like the following:
UPDATE users SET group_id='42' WHERE user_id='1' OR user_id='2' OR user_id='3';
Another solution would be to use WHERE ... IN. Here's an example of that:
UPDATE users SET group_id='42' WHERE user_id IN (1, 2, 3);