I'm having problems trying to insert a key value (which I generate) into a table (jml_acymailing_subscriber).
$generateKey = md5(substr($email[1],0,strpos($email[1],'#')).rand(0,10000000));
$subid = 3603;
$sql2 = "UPDATE jml_acymailing_subscriber SET key='$generateKey', WHERE subid='$subid'";
$result2 = mysql_query($sql2,$con) or trigger_error(mysql_error(),E_USER_ERROR);
The key type is:
TYPE --> varchar(250)
ORDENATION --> utf8_general_ci
NULL --> yes
DEFAULT --> NULL
And this is the error I get:
Fatal error: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near
'key='15e3e092aa8672a6f7ad3e8a5a1db537', WHERE subid='3603'' at line 1 in
/public_html/bootstrap3/donarAltaCatala.php on line 136
I have no problem inserting values like userid, name, created or any other ones. Any one knows where is the problem? I'm starting in PHP/SQL...
Thank you! I really appreciate it!
key is reserverd word in mysql, so can use backticks key
$sql2 = "UPDATE jml_acymailing_subscriber SET `key`='$generateKey' WHERE subid='$subid'";
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
remove the , after key='$generateKey' so that it looks like:
"UPDATE jml_acymailing_subscriber SET key='$generateKey' WHERE subid='$subid'";
Two things;
KEY is a reserved word in MySQL, so to use it as a field/table name it needs to be quoted with backticks (`)
...and...
"UPDATE jml_acymailing_subscriber SET key='$generateKey', WHERE subid='$subid'"
^ erroneous comma
Corrected, that would result in;
"UPDATE jml_acymailing_subscriber SET `key`='$generateKey' WHERE subid='$subid'"
Related
I'm almost sorry to ask this question but I'm drawing a complete blank. I'm getting the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE number='7'' at line 1"
It seems whenever I try to use just an integer in the following code, I get the syntax error;
$go = mysql_query("UPDATE $db1 SET count='$t1c', WHERE number='$input2'") or die(mysql_error());
As you can see the page gets the value, that's not the issue.. it just doesn't seem to like the WHERE = 7 part. I've tried with and without the quote marks, I've tried changing that column in the table from a int to a varchar. Still get the same thing yet the code BEFORE this piece that runs:
$check1 = mysql_query("SELECT * FROM $db1 WHERE number='$input2'");
Run's absolutely fine. It finds the value where number equals $input2...
Can someone help me PLEASE? I'm drawing a complete blank here :/
Remove the , in the query:
mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'");
Remove comma(,) which is placed before WHERE in UPDATE query
$go = mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'") or die(mysql_error());
Change
"UPDATE $db1 SET count='$t1c', WHERE number='$input2'"
to
"UPDATE $db1 SET count='$t1c' WHERE number='$input2'"
The comma shouldn't be there (before WHERE) and is causing an error.
number is a reserved word in mysql sql
it is better not to name columns with that words or you need to backtick them in query
example:
`number`=3
mysql reserved words
I'm trying to write a MySQL in my PHP script which will update a field in the database however I get the error:
Fatal error: Wrong SQL: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user' SET 'currentsong' = '' WHERE 'userid' = '1893''
While using this code.
$setcurrentsongsql = "UPDATE 'user' SET 'currentsong' = '$currentsong' WHERE 'userid' = '$sql1'";
$setcurrentsong = $db->query($setcurrentsongsql);
I'm sure it's something simple however I'm completely baffled. Even if I replace the variables with just a normal string it doesn't work.
Thank you in advance for any help.
Use back ticks not single quotes for table names and column names. Try the following:
$setcurrentsongsql = "UPDATE `user` SET `currentsong` = '$currentsong' WHERE `userid` = '$sql1'";
In MySQL, identifier quote character is the backtick " ` ". This short page should give you a good understanding of the schema rules, identifiers and so on: http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
mySQL uses the backtick ` for column and table names, and apostrophes ' for string constants. However these aren't needed unless you're using a reserved keyword (such as your table is actually called "table") or your table or column name contains spaces (such as "my table").
You can use:
$setcurrentsongsql = "UPDATE `user` SET `currentsong` = '$currentsong' WHERE `userid` = '$sql1'";
Or:
$setcurrentsongsql = "UPDATE user SET currentsong = '$currentsong' WHERE userid = '$sql1'";
Also, if $currentsong comes from an untrusted source, you might want to worry about SQL injection.
I keep getting the error
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'exit, openclosed, longshort, target_one, target_two,
target_three, notes, entryd' at line 1
For this php script that I'm trying to run from MYSQL.
$sql = mysql_query("INSERT INTO stockpicks (symbol, entry, exit, openclosed, longshort, target_one, target_two, target_three, notes, entrydate)
VALUES('$symbol','$entry','$exit','$openclosed','$longshort','$target_one','$target_two','$target_three','$notes',now())") or die (mysql_error());
The problem is I see no error. I've checked both this particular line and the lines surrounding. For example I re did the '$var' section which has given me trouble in the past, but that doesn't seem to be the issue. My table structure is as follows
id int(11)
symbol varchar(255)
entry varchar(255)
exit varchar(255)
openclosed varchar(255)
entrydate datetime
longshort varchar(255)
target_one varchar(255)
target_two varchar(255)
target_three varchar(255)
exit is a reserved word. If you want to use it as a column name, quote it in backticks:
`exit`
Try this,
$sql = mysql_query("INSERT INTO stockpicks (symbol, entry, `exit`, openclosed, longshort, target_one, target_two, target_three, notes, entrydate)
VALUES('$symbol','$entry','$exit','$openclosed','$longshort','$target_one','$target_two','$target_three','$notes',now())") or die (mysql_error());
$pid = mysql_insert_id();
Note that escaping your identifiers in MySQL way using backticks decreases portability on a plain place.
I would either use double quotes with ANSI SQL mode enabled, or just give my variables names which are unlikely to be become reserved in future.
exit is a reserved word in mysql.
Hello guys and girls im trying to a sql update but think i forgot a ' or a "
im getting this error messege
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Brock'='1'WHERE username = 'admin'' at line 1
The fault lies with in this bit of code if i take the code out the page loads witht he rest of the scripts on it. But need it two do the update.
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Were am i going wrong ?
You miss a space between the '1' and the WHERE if I am not mistaken. And you should use backticks (`) when you want to escape a column name
So your code becomes:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
Note the ` instead of the ' around the column name (right after the SET).
Further possible improvements:
In case the column is of type INT, you can replace the '1' by 1 (without the ')
You should never directly use the $_SESSION,$_POST,$_GET or other values which can be altered by users in your queries. Do a Google search on SQL injection for more information
UPDATE user SET field = '1' WHERE ...
instead of
UPDATE user SET 'field' = '1' WHERE ...
and if your field is of type int, you might use
UPDATE user SET field = 1 WHERE
If you want to escape your fieldname, use
`field`
in backticks `
Besides the fact that this looks like a bad idea to code like this, assuming you have a column named Brock then you should use this types of quotes instead:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Notice I replaced your ' with `
I have a following code:
<?php
include("config.php");
$key = 'blahblah';
$sql = "INSERT INTO softversions SET key='$key'";
$result = mysql_query($sql) or die ($mysql_error());
echo "dude";
?>
This gives me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='svksskjfvns'' at line 1
The thing is that I've used this script about a hundred times on other pages and it worked.
Table and field names are 100% correct.
I don't understand what is going on.
Do you see the syntax error there?
KEY is a reserved word in MySQL and you need to escape it using backticks to use it as a column name and also you should not use SET when inserting.
$sql = "INSERT INTO softversions (`key`) VALUES ('$key')";
key is a reserved word in MySQL. To use it as a column, you need to escape it every time you call it.
$sql = "INSERT INTO softversions SET `key`='$key'";
$sql = "INSERT INTO softversions(keyName) values('{$key}')";