My Code looks like below.
$var = 'ID="'. mysql_real_escape_string($data[0]).'" AND SYS="'.mysql_real_escape_string($data[2]). '" AND TITLE="'.mysql_real_escape_string($data[1]).'"';
$sql = 'SELECT * FROM `table_name` WHERE '. $var;
$result = mysql_query($sql);
In the where condition, TITLE when using a single quote(') I am facing the below error even though the mysql_real_escape_string() function is being used.
The error thrown is
Resource id #5You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Created', 'Test', 'Test', '0000-00-00 00:00:00', ' at line 25
after your dumping looks like you have problem with apostroph
you may change your quotes like that
$var = "ID='". mysql_real_escape_string($data[0])."' AND SYS='".mysql_real_escape_string($data[2]). "' AND TITLE='".mysql_real_escape_string($data[1])."' ";
$sql = "SELECT * FROM `table_name` WHERE ". $var;
$result = mysql_query($sql);
$finalvar=stripslashes($var);
$sql = 'SELECT * FROM table_name WHERE '. $finalvar;
Try dumping your SQL query in its compete form right before it is sent.
You'll be able to spot the error that way.
Related
$select = "SELECT name FROM table_name WHERE location ='".$loc."' ";
$findname = mysql_query($select) or die(mysql_error());
I keep getting this error! I have tried everything!!!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE location ='Florida'' at line 1
$loc is determined by the following:
<input type="text" name="loc"> in the HTML
$loc = $_POST['loc']; in the PHP
Try this , use mysql_escape_string or mysql_real_escape_string mysql safe string functions
$select = "SELECT `name` FROM `table_name` WHERE `location` ='".mysql_escape_string($loc)."' ";
$findname = mysql_query($select) or die(mysql_error());
$select = "SELECT name FROM table_name WHERE location ='".mysql_real_escape_string($loc)."' ";
$findname = mysql_query($select) or die(mysql_error());
Just check for any single quotes or double quotes in the location variable. That might be a problem.
Use str_replace(find,replace,string) to replace single and double quotes in the string.
Example, when you can contain a double quote in the $loc variable.
$select = "SELECT name FROM table_name WHERE location ='Flo"rida' ";
The query will end at Flo.
use mysql_real_escape_string after WHERE location =
I fixed it. I was using a variable for the table name and was referencing a null value. Thanks for the help!
I have php script like this
$query = "select * where userid = 'agusza' ";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
echo $result;
}
when I execute, the result like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where userid = 'agusza'' at line 1
But when I run that sql in sqlserver, it running well
Anybody has solution ?
$query = "select * from table_name where userid = 'agusza' ";
See the corrections I have made. You haven't used the right syntax for SELECT query
You didn't select a table using FROM. Without that, it does not know which table you are selecting data from.
You should also stop using mysql as it is deprecated. Use mysqli or PDO as they are safer.
You are also echoing the wrong variable in your while loop, try this:
while ($row = mysql_fetch_array($result) {
echo $row['column_name'];
}
$query = "select * from table where userid = 'agusza'";
Right now, you're not telling which table SQL should look in.
You should format your query like so:
select * from `TableName` where userid='agusza'
In your query below you doesnt state the database table where you should get that data using FROM
$query = "select * where userid = 'agusza' "; // instead of this
$query = "select * FROM declaredtable where userid = 'agusza' "; used this
Came across an error i have never seen before after writing the following code:
$query= "UPDATE `Pharm_Log` SET `text` = ". $bloodtest . " WHERE `id` = " . $patientid;
$result = mysql_query($query) or die(mysql_error());
My error message was this
"You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'Pressure Test: 235/43 WHERE id = 1' at line 1"
Any one have any idea on how to fix this? would be greatly appreciated
the string literal (value of $bloodtest) must be wrap with single quotes,
$query= "UPDATE `Pharm_Log` SET `text` = '". $bloodtest . "' WHERE `id` = " . $patientid;
$result = mysql_query($query) or die(mysql_error());
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
I'm new at this, what are the problems with this statement:
$sql=" SELECT * FROM `calendar` WHERE `DayId` ='".$day."'";
$result = mysql_query($sql, $conn);
if (!$result){
echo "DB Error, could not query the database\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
while ($row = mysql_fetch_array($result)) { //set $dayType
$dayType = $row[DayType];
}
I keep getting the error:
DB Error, could not query the database
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '' at line 1
but when I put an "echo $result;" in after the line that starts with $result=... then I get a value for $result of "Resource id #2"
You need to enclose your "day" variable in quotes (and you should be escaping it if you haven't already!)
$sql = "SELECT * FROM calendar WHERE DayId = '" . mysql_real_escape_string($day) . "'";
Shouldn't it be
$sql="SELECT * FROM `calendar` WHERE `DayId` = '".$day."'";
It seems likely to me that your $day variable is not getting populated ... Try echoing the SQL statement before you run it to make sure everything looks as it should ...
If it's date(z) change it to date('z').
I'm trying to use this query
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id =
{$subject["id"]}", $connection);
but i keep getting this error when loading my page .
Database query failed: You have an
error in your SQL syntax; check the
manual that corresponds to your MySQL
server version for the right syntax to
use near '' at line 1
Try it without the complex syntax:
$query = 'SELECT * FROM pages WHERE subject_id = ' . $subject['id'];
$page_set = mysql_query($query, $connection);
Incidentally, I loathe variable parsing in strings, and prefer concatenation.
you're experiencing a quote mismatch. try replacing the double quotes around your array key with single quotes.
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id =
{$subject['id']}", $connection);
$sql = "SELECT * FROM pages WHERE subject_id = '".$subject["id"]."'";
$page_set = mysql_query($sql, $connection);
Make sure you escape the subject_id also.
use single quote