This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
Well I'm getting this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,fb_title,fb_pic,fb_url,fb_desc) VALUES('', '', '', '', '', '', '', ''' at line 1
For the following code:
$sql="INSERT INTO page(title,css,favicon,charset,keywords,author,desc,fb_title,fb_pic,fb_url,fb_desc)
VALUES('$title', '$css', '$favicon', '$charset', '$keywords', '$author', '$desc', '$fb_title', '$fb_pic', '$fb_url', '$fb_desc')";
Everything looks fine to me.. what's wrong?
DESC is a reserved keyword. you should put it as `DESC` to escape it.
INSERT INTO page(title,css,favicon,charset,keywords,author,`desc`,fb_title,fb_pic,fb_url,fb_desc)
VALUES('$title', '$css', '$favicon', '$charset', '$keywords', '$author', '$desc', '$fb_title', '$fb_pic', '$fb_url', '$fb_desc')
Add Backtic around desc because its a reserve word
INSERT INTO page(title,css,favicon,charset,keywords,author,`desc`,fb_title,fb_pic,fb_url,fb_desc)
VALUES('$title', '$css', '$favicon', '$charset', '$keywords', '$author', '$desc', '$fb_title', '$fb_pic', '$fb_url', '$fb_desc')
DESC is a reserved keyword and you cannot have that as a column else surround it using a backtick operator .
Here..
$sql="INSERT INTO page(title,css,favicon,charset,keywords,author,desc,fb_t
------------^
Disclaimer: Stop using mysql_* functions as they are deprecated. Switch to MySQLi or PDO instead.
desc is reserved keyword of mysql
$sql="INSERT INTO page(`title`, `css`, `favicon`, `charset`, `keywords`, `author`,`desc`,`fb_title`,`fb_pic`,`fb_url`,`fb_desc`)
VALUES('$title', '$css', '$favicon', '$charset', '$keywords', '$author', '$desc', '$fb_title', '$fb_pic', '$fb_url', '$fb_desc')";
Related
$bzSendMail = mysqli_query($Connection, "INSERT INTO messages_inbox (from, towho, subject, text, rcvdat) VALUES ('$MyID', '$SenderID', '$subject', '$text' ,'$sentat')");
I'm trying to make this query works, but it keeps showing me the following error!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, towho, subject, text, rcvdat) VALUES ('1', '2', 'd', 'd' ,'2014-09-07 17:0' at line 1
Anyone can help me?
you are using
FROM
as a column name in your table. You can use '' to specify the column name but it is always better not to use that kind of names as your column names.
$bzSendMail = mysqli_query($Connection, "INSERT INTO messages_inbox (`from`, `towho`, `subject`, `text`, `rcvdat`) VALUES ('$MyID', '$SenderID', '$subject', '$text' ,'$sentat')");
From is a key word in Mysql use backward quotes to skip this as follows
$bzSendMail = mysqli_query($Connection, "INSERT INTO messages_inbox (`from`, `towho`, `subject`, `text`, `rcvdat`) VALUES ('$MyID', '$SenderID', '$subject', '$text' ,'$sentat')");
from is a reserved word in sql. Make backticks around it.
This question already has answers here:
MySQL, safely using reserved word in query [duplicate]
(2 answers)
Closed 9 years ago.
I am building a small Twitter clone for personal use, and I have so trouble with it.
Fist, I want to show you my SQL structure of the table "poke_history":
http://puu.sh/3Sci0.png
This is the command I use to insert the values into a table (in PHP):
$insert = "INSERT INTO poke_history (id, from, time, reason) VALUES ('".$to_id."', '".$from_id."', '".$time."', '".$reason."')";
mysql_query($insert) or die(mysql_error());
This is the annoying error that I am getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, time, reason) VALUES ( '1'' at line 3.
Let me clarify some things.
$to_id is a number.
$from_id is a number.
$time is a number (coming from PHP's time()).
$reason is a text string.
I am using MySQL and PHP5.
Try to quote your column identifiers like
INSERT INTO poke_history (`id`, `from`, `time`, `reason`) ...
Everything inside `` is considered to be a "identifier" not a language keyword. From the SQL-syntax it should be clear that after INSERT INTO tablename cannot come a FROM, but the MySQL sometimes needs this kind of guidance (and other sql parsers, too).
credit to mario as well:
from is a reserved keyword. Use backticks to escape them.
for example
`from`
INSERT INTO table (`from`) ....
So your code would like this:
$insert = "INSERT INTO poke_history (`id`, `from`, `time`, `reason`) VALUES ('".$to_id."', '".$from_id."', '".$time."', '".$reason."')";
mysql_query($insert) or die(mysql_error());
$insert = "INSERT INTO poke_history (`id`, `from`, `time`, `reason`) VALUES (".$to_id.", ".$from_id.", ".$time.", '".$reason."')";
mysql_query($insert) or die(mysql_error());
Numbers don't need to be quoted. Only strings.
Also don't use mysql, it's deprecated. Better use PDO, with prepared statements, to avoid issues like this.
You should try to use prepared statements to prevent SQL injection.
$query = "
INSERT INTO
poke_history (`id`, `from`, `time`, `reason`)
VALUES
(:id, :from, :time, :reason)";
$db = new PDO("mssql:host=sqlserver;dbname=database", "username", "password");
$statement = $db->prepare($query);
$parameters = array(
":id" => $name,
":from" => $from,
":time" => $time,
":reason" => $reason
);
$statement->execute($parameters);
I think that you forgot to add * in between INSERT and INTO, here is the fixed script:
$insert = "INSERT * INTO poke_history (id, from, time, reason) VALUES ('".$to_id."', '".$from_id."', '".$time."', '".$reason."')";
mysql_query($insert) or die(mysql_error());
The reason why you are getting the error is because you are trying to use a built in function name for one of your columns. Say you have the following CREATE TABLE...
CREATE TABLE customers
(
name varchar(80),
streetAddr varchar(160),
"from" varchar(60),
);
Notice that to create the table I had to put the column from in quotes. Now if you wanted to insert a row into this table, your insert statement should look like the following:
INSERT INTO ShoppingFun.dbo.customers
(
name,
streetAddr,
"from"
)
VALUES
(
'MRBubbleGum',
'1061 SW BubbleGumVillage St',
'yourmom'
)
I'm a newbie and I've been trying for over an hour to solve this simple query:
mysql_query("INSERT INTO `tracks` (artistID, albumID, format, trackID, niceTitle, title, trackNumber, description, pictureURL, playCount) VALUES('$artistID', '$albumID[$i]', 'hq','$ID[0]', '$trackName', '$title', '$j', '$description', '$pictureURL', '$playCount'") or die(mysql_error());
I just get this error every time:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
I've done mysql_escape_string() on all variables too. Any ideas?
You are missing the final closing ):
mysql_query("INSERT INTO `tracks` (artistID, albumID, format, trackID, niceTitle, title, trackNumber, description, pictureURL, playCount) VALUES('$artistID', '$albumID[$i]', 'hq','$ID[0]', '$trackName', '$title', '$j', '$description', '$pictureURL', '$playCount')") or die(mysql_error());
You have no ending parenthesis ")" in your query
$to = '555';
$from = '555';
$message = 'stuff';
mysql_query("INSERT INTO `convo` (to, from, content)
VALUES ( '$to', '$from', '$message' )") or die(mysql_error());
I can't figure out what is wrong with my above simple query. What obvious thing am I missing?
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'to, from, content) VALUES ( '555', '555', 'stuff' )' at line 1
It looks like to is a MySQL reserved word.
Try
mysql_query("INSERT INTO `convo` (`to`, `from`, `content`) VALUES ( '$to', '$from', '$message' )") or die(mysql_error());
TO is a MySQL keyword. To fix this, wrap backticks around your to field.
I'm repeatedly getting a syntax error when inserting in to mysql, normally this works fine but I can't seem to get it to work. I can echo out the variables no problem but for some reason I can't insert them.
variables (the session vars are brought over from another page)
session_start();
$name=$_SESSION['bName'];
$email=$_SESSION['email'];
$ship_address = $_SESSION['sAddress'];
$voucher=$_SESSION['voucher'];
$sku=$_SESSION['sku'];
$credit_card=$_POST['credit_card'];
$security_code=$_POST['security_code'];
$payment_type=$_POST['payment_type'];
$cc_number=substr($credit_card, 0, 4) . str_repeat('x', (strlen($credit_card) - 4)) . substr($credit_card, -4, 4);
$phone=$_SESSION['billPhone'];
$status="Redeemed";
$date = date('Y/m/d');
$tracking ="";
insert query
//Insert Queries
$sqlInsert = "INSERT INTO `customers`(`name`, `email`, `address`, `phone`, `sku`, `creditcard`, `securitycode`, `paymenttype`, `voucher`, `purchase_id`, `tracking`, `status`, `date_recieved`)
VALUES( $name, $email, $ship_address, $phone, $sku, $credit_card, $security_code, $payment_type, $voucher, $purchase_id, $tracking, $status, $date)";
mysql_query($sqlInsert) or die ('Error Inserting into database' . mysql_error());
I've also tried
VALUES( '$name', '$email', '$ship_address', '$phone', '$sku', '$credit_card', '$security_code', '$payment_type', '$voucher', '$purchase_id', '$tracking', '$status', '$date')
but it doesn't work. The error I get is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'lastname, fahad#semail.com, 22 toronto ont l6a0l4, 416-123-4567, 1001234, 1234567' at line 1
Any ideas?
Thanks
all string values must be quoted.
VALUES("'.$name.'", "'.$email.'" ...
Do it like this, so the fields are delimited:
VALUES( '$name', '$email', ...
check your error message to see what kind of garbage you are currently generating.
You could use PDO to create prepared statements instead. Then you won't have to worry about escaping your values like drdwilcox's example 'Jerry''s'. It also helps as a counter measure against SQL Injection attacks.
I would almost guarantee that you have a single-quote in your name field. If you want to place a single quote into a string field in SQL, you must double it: 'Jerry''s'
And you need the '$name' version.