I'm doing:
$truncateSQL = 'TRUNCATE TABLE :tableName';
$stmtTruncate = $em->getConnection()->prepare($truncateSQL);
$stmtTruncate->bindValue('tableName',$this->tableName);
$stmtTruncate->execute();
But getting the error:
[PDOException]
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near ''image_sizes_t'' at line 1
Are the quotes round the table name the problem here? $this->tableName is just a string
You can't use table or column names in as placeholders in prepared statements as 'table_name' is invalid MySql syntax.
if you need to make your column / table names safe you can wrap them in backticks.
"`".$table_name."`"
Related
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 4 years ago.
I am having problems running a PDO execute and returns an error in MySQL syntax.
The code is as follows:
try {
global $connect;
$arr = array(':ranked' => $db_rank, ':tier' => $db_tier, ':id' => $_SESSION['user_id']);
$query = $connect->prepare('UPDATE users SET :ranked = :tier WHERE id = :id');
$query->execute($arr);
} catch (PDOException $e) {
echo $e->getMessage();
}
where $db_rank returns a string with the column name(conversion from json) and $db_tier returns a joined string(again conversion from json).
It is inside a loop that should update 1-3 columns, but upon execution an exception is thrown:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name1>' = '<value1>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name2>' = '<value2>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name3>' = '<value3>' WHERE id = '3'' at line 1
It should probably be because of the passing of the table column as a variable, in which case how should I proceed to loop it with 3 different pre-set table names without making it spaghetti code ?
Found my answer:
Should prepare the statement with " and not with ' because inside the array the type changes 3 times(once from function, once from passing and once from PREPARE statement). The variables themselve are const and are fetched using a whitelist already(upon decoding from the json request).
I would like to get rows from another database so I created query:
SELECT * FROM database-test.users
MySQL result that error:
Database_Exception [ 42000 ]: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-test.users' at line 1
How to solve this?
Thanks for reply
You need to do it like below (use back-ticks around table name):-
SELECT * FROM `database-test`.users
Or
SELECT * FROM `database-test`.`users`
I would recommend to 'back tick' all database and table names in your query. It will tell the database's SQL parser to ignore any special characters such as "-" and consider them as part of the name.
Example:
SELECT * FROM `database-test`.`users`
Try
SELECT * FROM `database-test`.users
As you can see, I have used the ` character to encapsulate database-test, which makes sure that non alpha-numeric characters, like - will be accepted in the name.
I'm getting this error:
Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AS `Colleges__*` FROM college_admins CollegeAdmins LEFT JOIN colleges Colleges O' at line 1
Here is the SQL query which is giving this error:
SELECT Colleges.* AS `Colleges__*` FROM college_admins CollegeAdmins LEFT JOIN colleges Colleges ON Colleges.id = (CollegeAdmins.college_id) WHERE CollegeAdmins.user_id = :c0 LIMIT 20 OFFSET 0
I enabled quoteIdentifiers config\app, but it leads to this new error:
Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'AS `Colleges__*` FROM `college_admins` `CollegeAdmins` LEFT JOIN `colleges` `Col' at line 1
where the query becomes:
SELECT `Colleges`.* AS `Colleges__*` FROM `college_admins` `CollegeAdmins` LEFT JOIN `colleges` `Colleges` ON `Colleges`.`id` = (`CollegeAdmins`.`college_id`) WHERE `CollegeAdmins`.`user_id` = :c0 LIMIT 20 OFFSET 0
I think it's taking the 'Col from Colleges as the keyword 'COL', but I'm not sure. How to fix this?
This is the CakePHP code which is generating the MySQL query:
return $college_admins->find()
->select(['Colleges.*'])
->leftJoinWith('Colleges')
->where(['CollegeAdmins.user_id' => $userId]);
You cannot use Colleges.* in a CakePHP ORM query (CakePHP 3.x). As you've discovered this creates incorrect SQL aliases like Colleges__*. Instead to select all columns of a table you need to pass a table object.
So you'd probably be wanting to do something like:-
->select($college_admins->Colleges)
Assuming Colleges is associated with your CollegeAdmins table.
You cannot alias colleges.*, since this refers to all columns within colleges table and aliases refer to a single column (or table or subquery). You need to list all fields within the colleges table and provide an alias for each of them, such as
select colleges.ig as colleges_id, colleges.field1 as colleges_field1, ...
There is not syntax in sql to provide alias such way. What you may try to do is to access the metadata returned by mysql in php to retrieve the table name for each field.
key column in table is char(36) utf8_general_ci
//save no problem
$key_Ad= Yii::app()->db->createCommand('select UUID()')->queryScalar();
$modelAd->key=$key_Ad;
$modelAd->save()
//but problem in find
$post=Ad::model()->find( "key = :key",array(':key'=>$key_Ad) );
---------------------->Error
CDbException
CDbCommand failed to execute the SQL statement: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = '3f837af1-8a16-11e4-b111-00241d5e096e' LIMIT 1' at line 1. The SQL statement executed was: SELECT * FROM ad t WHERE key = :key LIMIT 1 (C:\xampp\htdocs\framework\db\CDbCommand.php:543)
0 C:\xampp\htdocs\framework\db\CDbCommand.php(415): CDbCommand->queryInternal('fetch', Array, Array)#1 C:\xampp\htdocs\framework\db\ar\CActiveRecord.php(1351): CDbCommand->queryRow()#2 C:\xampp\htdocs\framework\db\ar\CActiveRecord.php(1456): CActiveRecord->query(Object(CDbCriteria))#3 C:\xampp\htdocs\agahi\protected\controllers\ImageController.php(34): CActiveRecord->find('key = :key', Array)#4 C:\xampp\htdocs\framework\web\actions\CInlineAction.php(49): ImageController->actionUploadImage()#5 C:\xampp\htdocs\framework\web\CController.php(308): CInlineAction->runWithParams(Array)#6 C:\xampp\htdocs\framework\web\CController.php(286): CController->runAction(Object(CInlineAction))#7 C:\xampp\htdocs\framework\web\CController.php(265): CController->runActionWithFilters(Object(CInlineAction), Array)#8 C:\xampp\htdocs\framework\web\CWebApplication.php(282): CController->run('UploadImage')#9 C:\xampp\htdocs\framework\web\CWebApplication.php(141): CWebApplication->runController('image/UploadIma...')#10 C:\xampp\htdocs\framework\base\CApplication.php(180): CWebApplication->processRequest()#11 C:\xampp\htdocs\agahi\index.php(13): CApplication->run()#12 {main}
The problem is that you have used the reserved mySql keyword 'key' as your column name. That's what generates the syntax error. It is best that you rename your column to something different than 'key', e.g. 'key1' or 'key_ad'.
In mySql you can still execute the query with the column named 'key' by escaping it in the select statement using '`', I'm not sure if you can do this in Yii, you should try it.
But the best solution is to just rename the column and not use reserved words as column names in the future.
I'm getting MySQL error 42000:1064 that suggests a general syntax error with the following SQL:
UPDATE `events` SET ?=?, ?=?, ?=now() WHERE `event_id`=?;
PHP code to convert to a readable statement & also execute:
<?php
$ar = array_fill(0,count($args),'/\?/');
echo preg_replace($ar,$args,$sql,1);
$this->execute($sql, $args);
?>
This evaluates to:
UPDATE `events` SET event_name=test, form_id=webform, last_updated=now() WHERE `event_id`=124;
Which when pasted into the MySQL workbench completes successfully.
[mysqlErrorMsg] => SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''event_name'='test', 'form_id'='webform', 'last_updated'=now() WHERE `event_id`=' at line 1
It should be noted that my user has full access to the table in question.
You can't use placeholders on column names. Only on values.
Your query does NOT evaluate to (as it should)
UPDATE `events` SET event_name=test, form_id=webform, last_updated=now()
WHERE `event_id`=124;
but is being evaluated as this instead:
UPDATE `events` SET 'event_name'='test', 'form_id'='webform', 'last_updated'=now()
WHERE `event_id`=124;
See the quotes? These are strings, not column names.
So hard code the column names and only use placeholders for values
UPDATE `events` SET event_name=?, form_id=?, last_updated=now() WHERE `event_id`=?;