I am receiving the error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'long='-96.7812', label='abc' WHERE id='2'' at line 1
Here is my code:
$db=mysqli_connect($server,$username,$password,$dbname);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
session_start();
$sql="UPDATE locations SET name='$_POST[modname]', lat='$_POST[modlat]', long='$_POST[modlong]', label='$_POST[modlab]' WHERE id='$_SESSION[locnid]'";
echo $sql;
if (!mysqli_query($db,$sql)) {
die('Error: ' . mysqli_error($db));
}
echo "1 record modified";
mysqli_close($db);
The $sql string echoed is this:
UPDATE locations SET name='Baylor', lat='32.7923', long='-96.7812', label='abc' WHERE id='2'
I don't see anything wrong with that.
I tried escaping the values (didn't think it would help and it didn't):
$sql="UPDATE locations SET name='".mysqli_real_escape_string($db, $_POST[modname])."', lat='".mysqli_real_escape_string($db, $_POST[modlat])."', long='".mysqli_real_escape_string($db, $_POST[modlong])."', label='$_POST[modlab]' WHERE id='$_SESSION[locnid]'";
I get the same error and the same $sql string echoed out.
Thought maybe it had to do with the decimal points messing up the $sql string assignment, but even with whole numbers I get the same error.
Please help - if you can spot what the syntax error could possible be!
The column name long you have used is a reserved word in MySQL , Enclose it in backticks !
See here [An exerpt from your query]
g($db, $_POST[modlat])."', `long`='".mysqli_real_es
^ ^ ----- Enclose it like this
Try this:
$sql="UPDATE locations SET name='$_POST[modname]', lat='$_POST[modlat]', `long`='$_POST[modlong]', label='$_POST[modlab]' WHERE id='$_SESSION[locnid]'";
The column name long is a reserved word in MySQL. It should be enclosed between backticks.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
I feel nothing is wrong with the query i have. i do not understand why i getting the error.
I already tried to remove the single quote on query but its still the same.
here's m code
ERROR
Couldn't enter data: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Hills, price='393787', sqmw='218', sqml='218', sqm='47524', income='3773773' at line 1
UPDATED thanks
PHP CODE MYSQL
require 'connection.php';
$conn = Connect();
$id= $conn->real_escape_string($_POST['id']);
$descr= $conn->real_escape_string($_POST['descr']);
$price= $conn->real_escape_string($_POST['price']);
$sqmw= $conn->real_escape_string($_POST['sqmw']);
$sqml= $conn->real_escape_string($_POST['sqml']);
$sqm = $sqmw * $sqml;
$income= $conn->real_escape_string($_POST['income']);
$statuss= $conn->real_escape_string($_POST['statuss']);
$query = " UPDATE wentwrong SET descr='$descr',
price='$price',
sqmw='$sqmw',
sqml='$sqml',
sqm='$sqm',
income='$income',
statuss='$statuss'
WHERE id='$id' ";
$success = $conn->query($query);
if (!$success) {
die("Couldn't enter data: ".$conn->error);
}
echo '<script language="javascript">';
echo 'alert("Edit Successfully!")';
echo '</script>';
echo '<script language="javascript">';
echo 'window.location.href = "http://google.com"';
echo '</script>';
$conn->close();
?>
You're missing quotes around a constant. Where you have
$query = " UPDATE wentwrong SET descr=$descr, /*wrong*/
you should have
$query = " UPDATE wentwrong SET descr='$descr',
The tricks to troubleshooting this kind of thing.
read error messages carefully. Then read them again.
believe the error messages. You're working with systems that have been around for a couple of decades. They aren't throwing random bogus errors any more.
In the case of MySQL's syntax error message, it shows you the erroneous query, starting with the first character it could not understand.
My test code is:
<?php
$connessione = mysql_connect("***", "***", "***");
mysql_select_db("***", $connessione);
$risultato = mysql_query("SELECT * FROM servem_vote", $connessione);
if(mysql_query("INSERT INTO servem_vote (uid,lastvote) VALUES ($uid,now()) ON DUPLICATE KEY UPDATE lastvote=now();
")) {
header('location:/home.php'); }
else {
echo "Error: " . mysql_error(); }
mysql_close($con);
?>
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'now()) ON DUPLICATE KEY UPDATE lastvote=now()' at line 1
DB:
http://prntscr.com/ef7544
Where am I doing wrong?
You are missing $uid in the code you shared. You don't set that value anywhere but you attempt to use it as part of your INSERT query.
If it's coming from form data, grab it from $_REQUEST superglobal variable before attempting to use it:
$uid = $_REQUEST['uid']
If it's NOT an integer in the MySQL table, you need to wrap it in single quotes as part of your statement.
INSERT INTO servem_vote (uid,lastvote) VALUES ('$uid',now())
ON DUPLICATE KEY UPDATE lastvote=now();
I don't know what purpose this line serves:
$risultato = mysql_query("SELECT * FROM servem_vote", $connessione);
You don't seem to do anything with the result set from this query.
MOST IMPORTANTLY: As many others have commented you need to be sanitizing your data and you should be relying on PDO or mysqli* functions to safely interact with your database. See answers here
I've tried finding a fix to this, in fact some of this code was ripped out of previous "fixes" I found that didn't work. I'm pretty new to php so I may be missing something obvious. Here's the source.
<?php
$device=$_POST['Device'];
$license=$_POST['License'];
$tbl_name="tablename";
$con = mysql_connect("url", "name", "pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dbname", $con);
$query="INSERT INTO $tbl_name(Id, Device Key,License Key)VALUES('', '$device', '$license')";
if (!(mysql_query($query,$con)))
{
die('Error: ' . mysql_error());
}
echo "1 device added was added.";
mysql_close($con)
?>
This is my error
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Key,License Key)VALUES('', 'Device Key Here', 'License Key Here')' at line 1"
Basic SQL syntax: identifiers (field names, table names, etc...) cannot have spaces in them:
$query="INSERT INTO $tbl_name(Id, Device Key,License Key)VALUES('', '$device', '$license')";
^---wrong ^---wrong
Generally speaking, you should never have spaces in your names. Use an _ instead, if you have to.
If you can't/won't rename the fields, you'll have to properly quote them:
$query="INSERT INTO $tbl_name(Id, `Device Key`,`License Key`)VALUES('', '$device', '$license')";
I am practicing php and sql. at a stage when I'm trying to enter a record into a table with 2 exiting records. but it doesn't add and show an error
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=('Aqeela','Nasreen','Hakeem Chattah')' at line 1"
Why is it not entering a record in data base. Is there any syntax error?
$username="root";
$pass="";
$database="addressbook";
$server="127.0.0.1";
$con=mysql_connect($server,$username,$pass);
$db_found=mysql_select_db($database,$con);
if($db_found)
{
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES=('Aqeela','Nasreen','Hakeem Chattah')";
$result=mysql_query($sql_insert);
if(!$result){
print "sorry cannot proceed your request<br>".mysql_error();
}
else
{
// print "recorded entered successfuly<br>";
// print "now dATABASES AFTER EDITING ARE<BR><br>";
$new_sql="SELECT*FROM table_address_book";
$result_after_editing=mysql_query($new_sql);
while($db_field_edited=mysql_fetch_assoc($result_after_editing))
{
print $db_field_edited['ID']."<br>";
print $db_field_edited['f_name']."<br>";
print $db_field_edited['l_name']."<br>";
print $db_field_edited['address']."<br>";
print "<BR><BR><BR>";
}
mysql_close($con);
}
}
else
{
die("unable to connect database ".mysql_error());
}
The error clearly shows place where error in syntax occur.
Remove that =
INSERT INTO table_address_book(f_name,l_name,address) VALUES('Aqeela','Nasreen','Hakeem Chattah')"
I think there is an error in your INSERT INTO statment, you have written wrong VALUES part.
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES=('Aqeela','Nasreen','Hakeem Chattah')";
you need to remove "=" from your VALUES= part like this.
$sql_insert="INSERT INTO table_address_book(f_name,l_name,address) VALUES('Aqeela','Nasreen','Hakeem Chattah')";
please correct this line of code in your code and check it again.
Remove the = sign from VALUES=(...)
There's no '=' after VALUES, just:
VALUES (val1, val2, .., valN)
while($row=mysql_fetch_array($result2)){
//return $row['ProjectID'];
$sql="INSERT INTO `tycodashboard` (ProjectID,DesignationID,ReqcompID,IntOrgID,FinishedTimeID,ProjectStatusID,PhaseID
) VALUES('{$row['ProjectID']}','$pm,'$req','$initiating,'$initiating','$ftime,'$ProjectStatus,'$Phase)";
$result=mysql_query($sql);
if(!$result){
if(mysql_errno() == ER_DUP_ENTRY){
throw new Exception("INSERT FAILED.\n\nThe database already contains a Project with the Project Name \"$ldesc\", please pick another.");
}else{
throw new Exception("INSERT FAILED.\n\n".mysql_error());
}
}
}//exits
INSERT FAILED.
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the
right syntax to use near '3','2,'2','2,'2,'3)' at line 2
You are missing a whole bunch of quotes as you can see from the error message:
'3','2,'2','2,'2,'3
Try adding the quotes where they are missing and see if that helps:
$sql="INSERT INTO `tycodashboard` (ProjectID,DesignationID,ReqcompID,IntOrgID,FinishedTimeID,ProjectStatusID,PhaseID
) VALUES ('{$row['ProjectID']}','$pm','$req','$initiating','$initiating','$ftime','$ProjectStatus','$Phase')";