failed to insert into table (php mysql) - php

im writing a app that checks user status
im using mysql and i want to have a table name check
this is my code :
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare("INSERT INTO check VALUES (?,?)");
i get error :
Uncaught exception 'mysqli_sql_exception' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check VALUES (?,?)' at line 1'
what am i doing wrong ?

your table name (check)
is a reserved word in MySQL.
Surround it in backticks like this:
$mysqli->prepare("INSERT INTO `check` VALUES (?,?)");

check is a reserved word in MySQL . Enclose it in backticks !
Like this
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare("INSERT INTO `check` VALUES (?,?)");

Related

MySQLi query error while running

When I proceed to run the following query:
$sql3 = mysqli_query($con, 'INSERT INTO berichten (from, naar, file) VALUES ('.$id.', '.$to.', "'.$url.'")') or die(mysqli_error($con));
I'll received this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, naar, file) VALUES (2, 2, "b9173a1b9ade8767280009f9638bd987.caf")' at line 1
id = an id number,
to = an id number and
url = the filename (e.g. sound.caf)
Why do I get this error and what to do to fix it?
Thanks!
from is a special SQL keyword. You have to escape it by putting it into backticks:
$sql3 = mysqli_query($con, 'INSERT INTO berichten (`from`, naar, file) VALUES ('.$id.', '.$to.', "'.$url.'")') or die(mysqli_error($con));
Besides that you might need to quote ID and file as you did for $url.
Btw. You should really consider to use prepared statements in order to prevent SQL injections.

PHP $mysqli->prepare error with strange syntax when table name is "check" [duplicate]

This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
this call fails with error :
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare("INSERT INTO check VALUES (?,?,?,?,?,?)");
error i get :
Uncaught exception 'mysqli_sql_exception' with message 'You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'check VALUES
(?,?,?,?,?,?)' at line 1'
I have a table named "check" with right amount of fields
if i change table name to checkSomething it works ...
any idea ?
check is a reserved keyword. To use it as table name, you have to escape it with backticks like this: `check` :
$stmt = $mysqli->prepare("INSERT INTO `check` VALUES (?,?,?,?,?,?)");
Check is a reserved word in MySQL. You need to either surround it in backticks like this:
$mysqli->prepare("INSERT INTO `check` VALUES (?,?,?,?,?,?)");
Or much better, rename it to something that you don't need to constantly have a special case for.
$mysqli->prepare("INSERT INTO checks VALUES (?,?,?,?,?,?)");

Naming MySQL table column

I am encountering one little problem here:
I am entering one MySQL query through PHP. I have checked the connection works fine and looks like the following:
INSERT INTO table (q1,q2,q3) VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
then when I change the query to the following, there is an error:
INSERT INTO table (q1,q2,q3-1) VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
The following error appears:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1) VALUES ('N', 'asdfasdf', '' )' at line 1
Now, I am thinking, is it because:
I name the table column as 'q3-1'
or any other problem?
Would it be okay if I change it to q3_1 instead?
If you put backticks ` around the field names, it should be OK
ie:
INSERT INTO table (`q1`,`q2`,`q3-1`) ...
Use backticks. Look into PDO.
INSERT INTO table (q1,q2,`q3-1`)
VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
You have error in your second query because of q3-1. It should be in quotes :
INSERT INTO table (q1,q2,`q3-1`) VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
escape the columns name with backtick ( ` )
INSERT INTO table (`q1`, `q2`, `q3-1`)
VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
but this statement is vulnerable with SQL Injection. Try using it with PDO
ex.)
<?php
$stmt = $dbh->prepare("INSERT INTO table (`q1`, `q2`, `q3-1`) VALUES (?, ?, ?)");
$stmt->bindParam(1, $_POST['Q1']);
$stmt->bindParam(2, $_POST['Q2']);
$stmt->bindParam(3, $_POST['Q3']);
$stmt->execute();
?>

Warning: mysqli::prepare() [mysqli.prepare]:

I have this problem
Warning: mysqli::prepare() [mysqli.prepare]: (42000/1064): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'desc, keyword)
VALUES (?,?,?,?)' at line 1 in
D:\xampp\htdocs\Optimizer\login\submit.php on line 125
I have this problem while making link directory using this code:
if ($stmt = $mysqli->prepare("INSERT url (url, title, desc, keyword) VALUES (?,?,?,?)"))**==>>Line 125**
{
$stmt->bind_param("ssss", $input['url'], $input['title'],$input['desc'],$input['keyword']);
$stmt->execute();
$stmt->close();
At least desc is a reserved keyword, possibly some more of your field names. Put backticks around the field names that are reserved keywords.

CodeIgniter not correctly performing a sql query

In Ci I'm getting the following error:
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', '1f37540fc54292b018a9e993da38cb5647dc5587', NOW(), '0')' at line 1
INSERT INTO users (userpid, Email, Password, dateTimeRegistered, isLeader) VALUES ('147344f0e33367f9e6', erf', '1f37540fc54292b018a9e993da38cb5647dc5587', NOW(), '0')
Filename: C:\Workspace\htdocs\Misc-2\DruvlaCi-1\system\database\DB_driver.php
Line Number: 330
But everything seems to be right in the SQL query. Below is my query, any thoughts?
$query = $this->db->query("INSERT IGNORE INTO users (userpid, Email, Password, dateTimeRegistered, isLeader) VALUES ('{$idgen}', {$postedEmail}', '{$hashedPass}', NOW(), '0')");
You're forgetting the opening single quote for the email column
Try this instead
$query = $this->db->query("INSERT IGNORE INTO users (userpid, Email, Password, dateTimeRegistered, isLeader) VALUES ('{$idgen}', '{$postedEmail}', '{$hashedPass}', NOW(), '0')");
Uhm, and please, use this syntax for inserting instead:
http://codeigniter.com/user_guide/database/active_record.html#insert
works so much safer.

Categories