$select = "SELECT name FROM table_name WHERE location ='".$loc."' ";
$findname = mysql_query($select) or die(mysql_error());
I keep getting this error! I have tried everything!!!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE location ='Florida'' at line 1
$loc is determined by the following:
<input type="text" name="loc"> in the HTML
$loc = $_POST['loc']; in the PHP
Try this , use mysql_escape_string or mysql_real_escape_string mysql safe string functions
$select = "SELECT `name` FROM `table_name` WHERE `location` ='".mysql_escape_string($loc)."' ";
$findname = mysql_query($select) or die(mysql_error());
$select = "SELECT name FROM table_name WHERE location ='".mysql_real_escape_string($loc)."' ";
$findname = mysql_query($select) or die(mysql_error());
Just check for any single quotes or double quotes in the location variable. That might be a problem.
Use str_replace(find,replace,string) to replace single and double quotes in the string.
Example, when you can contain a double quote in the $loc variable.
$select = "SELECT name FROM table_name WHERE location ='Flo"rida' ";
The query will end at Flo.
use mysql_real_escape_string after WHERE location =
I fixed it. I was using a variable for the table name and was referencing a null value. Thanks for the help!
Related
Please help me to discover syntax error in my rename_table script. What i want is add date to the table name, but something goes wrong.
Now here's the code:
$date = date('d-m-Y');
$query = "RENAME order TO order".$date;
if(mysql_query($ren)){
...
You have to use backticks for order as it is a reserved keyword. Also you are executing the query wrongly.
if(mysql_query($ren))
^
Replace $ren with $query as your query is stored in a variable $query, not $ren..
So try with
$query = "RENAME TABLE `order` TO order".$date;
if(mysql_query($query))
change
$query = "RENAME order TO order".$date;
to
$query = "RENAME `order` TO `order".$date."`";
You cant use - sign as table name, use _ or dmy format 06nov2014
Try this
$date = date('d-m-Y');
$query = "RENAME `order` TO `order".$date."`";
if(mysql_query($ren))
This script is supposed to retrieve the CustomerID for the Customer_First_Name and Customer_Last_Name that has been entered into a form.
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = `.$db_customer_first_name.` AND Customer_Last_Name = `.$db_customer_last_name.`";
$result = mysql_query($query)
or die(mysql_error());
echo $result;
echo $query;
when the script runs I get this error:
Unknown column '.Christopher.' in 'where clause'
the query is never printed on the screen.
any help is appreciated.
Your quotes are bad use ' instead of the tick `
You have to use single quotes for strings. Try again:
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = '".$db_customer_first_name."' AND Customer_Last_Name = '".$db_customer_last_name."'";
This should work:
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = '$db_customer_first_name' AND Customer_Last_Name = '$db_customer_last_name'";
You need to use normal single quotes for values. Also you don't need to break the string if you're using double quotes - variables are detected within the string.
Make sure you're also correctly escaping your strings for mysql to prevent injection.
Better still, look at moving to mysqli and using prepared statements.
Use ' instead of remove `
$query = "SELECT CustomerID FROM customer WHERE Customer_First_Name = '".$db_customer_first_name."' AND Customer_Last_Name = '".$db_customer_last_name."'";
Whats wrong with my code?
Basically what I'm trying to do is add a number and update a field in the sql with what is connected to the variable. But since steamids look like this STEAM_0:0:123123123 or STEAM_0:1:123123123 I get this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':0:14166834' at line 1
This is just for learning, so I know my code has useless echos, but its just to see it being added and making sure i was doing it correctly anyways
addmoney.php
<?php
include("inc/config.php");
$mysteamid=mysql_real_escape_string($_POST['mysteamid']);
$sql = "SELECT * FROM $tbl_name WHERE steamid='$mysteamid'";
$result=mysql_query($sql);
$cash=mysql_result($result, 0, 'cash'); // outputs 7th
echo $cash;
$newcash= $cash + "10000";
echo "\n";
echo $newcash;
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
?>
index.php contains a working formdata its not really required with the error in my code.
my main problem is this line from addmoney.php which is
$mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
As your steamid field in your DB is a string (it seems to be, as possible values are STEAM_0:0:123123123 and STEAM_0:1:123123123), you must use quotes arround the value :
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = '$mysteamid'");
Using mysql_real_escape_string() is necessary, as it escapes quotes inside the variable you pass it as a parameter -- but you still have to put quotes arround the string, in your SQL queries.
In the first query you surrounded your $mysteamid value with simple quotes, and in the second query you didn't. If the steamid is a string type, you need to surround the value with quotes, like
"UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` =' $mysteamid'"
I'm trying to use this query
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id =
{$subject["id"]}", $connection);
but i keep getting this error when loading my page .
Database query failed: You have an
error in your SQL syntax; check the
manual that corresponds to your MySQL
server version for the right syntax to
use near '' at line 1
Try it without the complex syntax:
$query = 'SELECT * FROM pages WHERE subject_id = ' . $subject['id'];
$page_set = mysql_query($query, $connection);
Incidentally, I loathe variable parsing in strings, and prefer concatenation.
you're experiencing a quote mismatch. try replacing the double quotes around your array key with single quotes.
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id =
{$subject['id']}", $connection);
$sql = "SELECT * FROM pages WHERE subject_id = '".$subject["id"]."'";
$page_set = mysql_query($sql, $connection);
Make sure you escape the subject_id also.
use single quote
code :
mysql_connect('localhost','root','root');
mysql_select_db('share_counter');
$sql_insert = "UPDATE wpshare SET '$social_name'='45' where post_title = '$post_title' ";
mysql_query($sql_insert) or die(mysql_error());
error :
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near
''twitter_count'='45' where post_title
= 'test'' at line 1
thanks advance
omit the quotes over $social_name
$sql_insert = "UPDATE wpshare SET $social_name='45' where post_title = '$post_title' ";
quotes around the column names (aka $social_name) should be like this ` not like this '
so $sql_insert = "UPDATE wpshare SET `$social_name`='45' where post_title = '$post_title' ";
and if your column names have no spaces , you can just remove the quotes ...
$sql_insert = "UPDATE `wpshare` SET `$social_name`='45' WHERE `post_title` = '$post_title'";