I'm getting this error:
Invalid query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 'INET_ATON('188.92.x.x')' at line 1
While trying to insert IP Address in database. The column type is:
'LastIP int(10) unsigned NOT NULL,'.
The function to execute the query is:
function onNewUser($ip, $hostname, $con)
{
$query = "INSERT INTO tableMachine (LastIP, LastHostName) VALUES ".
"INET_ATON('".mysql_real_escape_string($ip, $con)."'), ".
"'".mysql_real_escape_string($hostname, $con)."'";
$result= mysql_query($query, $con);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
}
I call this function with the parameters:
$ip = $_SERVER['REMOTE_ADDR'];
$hostname = #gethostbyaddr($ip);
onNewUser($ip, $hostname, $con);
What's wrong with it guys?
your values list should be encapsulated inside of parenthesis if I am not mistaken
You should try this :
$query = "INSERT INTO tableMachine (LastIP, LastHostName) VALUES (".
"INET_ATON('".mysql_real_escape_string($ip, $con)."'), ".
"'".mysql_real_escape_string($hostname, $con)."')";
I just add parenthesis for VALUES(...)
Also, as #Shamil said, the functions mysql_* are depricated. You should use mysqli_*This link should help you with the mysqli_* functions.
Related
so i have this php code :
session_start();
$servername = "localhost";
$username = "root";
$dbname = "3890ask3_db";
$con = mysql_connect($servername, $username, "", $dbname)
or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db($dbname,$con)
or die("Failed to connect to MySQL: " . mysql_error());
$query = mysql_query("SELECT * FROM register where Username = '$_SESSION[Username]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(isset($_GET['selecttoy']))
{
$clname=$row['Name'];
$clsurname=$row['Surname'];
$clemail=$row['Email'];
$stoy=$_GET['selecttoy'];
$query2 = "INSERT INTO order (ClName, ClSurname, ClEmail, ToyCode , OrderID) VALUES ('$clname', '$clsurname', '$clemail' , '$stoy', ' ' )" ;
if (mysql_query($query2)) {
echo "Order created successfully!";
} else {
echo "Error: " . "<br>" . mysql_error($con);
}
}
?>
The php page can actually read the get variable,but as soon as i try to insert something in the database, i get this error message:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (ClName, ClSurname, ClEmail, ToyCode , OrderID) VALUES ('mar', 'kyr', 'dgg' at line 1"
i tried everything but no result...can someone please help me?
thanks in advance....
You can not use order directly because it's reserved word. try to enclose it in (``). Like below:-
$query2 = "INSERT INTO `order` (ClName, ClSurname, ClEmail, ToyCode , OrderID) VALUES ('$clname', '$clsurname', '$clemail' , '$stoy', ' ' )" ;
Note:- Try to add sql error reporting code always.
stop using mysql_*, use mysqli_* or PDO.
your above code is open for SQL Injection. thanks.
My code is throwing this error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-contact-info' at line 1
my code:
<?php
//connect
$connection = mysqli_connect("myh","myu","myp","mydb") or die("Error " . mysqli_error($connection));
//consultation:
$query = "SELECT * FROM web-contact-info";
//execute the query.
$result = mysqli_query($connection, $query);
if (!$result) {
printf("Error: %s\n", mysqli_error($connection));
exit();
}
//display information:
while($row = mysqli_fetch_array($result)) {
echo $row["live_name"] . "<br>";
}
?>
I've tried to put quotes around web-contact-info and get a slightly different error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''web-contact-info'' at line 1
What am I writing wrong?
You can try this:
SELECT * FROM `web-contact-info`
As mysql_* is deprecated consider switching to mysqli or PDO.
Try and use the name of the table within simple quotes like this
$query = "SELECT * FROM `web-contact-info`";
Im facing this problem when inserting a SQL query:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '30000001'', NULL, 'Pending', NULL, NULL)' at line 1
The code is:
<?php
// Connecting to the MySQL server
include "connection.php"; // Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "SELECT * FROM meet ORDER BY meetid DESC LIMIT 1"; $result =
mysqli_query($con,$query) or die(mysqli_error($con)); $last_val =
mysqli_fetch_array($result); // print_r($last_val); $last_val1 =
$last_val[0];
$query = "SELECT * FROM hdr_student WHERE Stud_NO = '$stud_no'";
$result = mysqli_query($con,$query) or die(mysqli_error($con));
$check_over = mysqli_fetch_array($result);
$null = 'sss'; $validateon = '0000-00-00 00:00:00.000000';
$supprephour = '0';
if(!empty($check_over['c_supervisor']))
{
if(!empty($check_over['p_supervisor']))
{
$check_supp = $check_over['p_supervisor'];
$check_supp1 = var_export($check_supp,true);
$query = "INSERT INTO supervisorattendance (meetid, sup_no, supnote, supvalidate, supprephour, validateon) VALUES ('$last_val1', '$check_supp1', NULL, 'Pending', NULL, NULL)";
if (!mysqli_query($con,$query))
{
die('Error: ' . mysqli_error($con));
}
}
$check_supc = $check_over['c_supervisor'];
$check_supc1 = var_export($check_supp,true);
$query = "INSERT INTO supervisorattendance (meetid, sup_no, supnote, supvalidate, supprephour, validateon) VALUES ('$last_val1', '$check_supc1', NULL, 'Pending', NULL, NULL)";
if (!mysqli_query($con,$query))
{
die('Error: ' . mysqli_error($con));
}
}
?>
you problem is about single quotes in your variable used in mysql
so escape them like this before use in mysql
$check_supc = $check_over['c_supervisor'];
$check_supc1 = var_export($check_supp,true);
$last_val1 = mysqli_real_escape_string($con, $last_val1); // use this line
$check_supc1 = mysqli_real_escape_string($con, $check_supc1); // use this line
$query = "INSERT INTO supervisorattendance (meetid, sup_no, supnote, supvalidate, supprephour, validateon) VALUES ('$last_val1', '$check_supc1', NULL, 'Pending', NULL, NULL)";
var_export tries to generate a string that's valid as PHP code. Among other things, this means that if your content is a string, it'll get quotes around it. Since you're also adding quotes while you're cobbling your SQL, you end up with something like ...''$check_supp1'', NULL, 'Pending', NULL, NULL).
Unless you have a good reason for using var_export here (and i'm about 94% certain you don't), get rid of it. Use mysqli_real_escape_string to make stuff safer for a MySQL query.
Or, if there's nothing but that number, you can use intval to make sure it's always a number.
Or, learn to use prepared statements. :P They can handle most of this stuff automatically.
I am working with WordPress and I made a form in the admin section. I am trying to submit it to another database (not the default wp one) so I switch databases successfully and do an insert query but I keep getting an error.
This is my code:
$selected = mysql_select_db( 'petracms', $serverAccess );
if (!$selected) {
die ('Can\'t use foo : ' . mysql_error());
}
$query = "INSERT INTO `petra_customers` (`FirstName`, `LastName`, `Email`, `Phone`) VALUES ($fName, $lName, $email, $phone)";
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
I keep getting this error:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com, 5859475566)' at line 1
This is my input: (Adam, Page, bofumme#gmail.com, 5859475566)
I have no idea what I am doing wrong
Values in INSERT statements need to be enclosed in quotes (except "numbers"):
INSERT INTO `foo` (`a`,`b`,`c`) VALUES("foo","bar",1)
This is how you would (safely) construct a variable for use in query string interpolation (this is frowned upon, though):
$email = sprintf('"%s"', mysql_real_escape_string($_POST['email']));
$query = "INSERT INTO `foo` (`email`) VALUES($email)";
A more elegant way (and far more secure, too), is to use prepared statements (example uses PDO):
# Prepare the statement
$sth = $dbh->prepare('INSERT INTO `foo` (`email`) VALUES(:email)');
# Substitute placeholders in query and execute it
$sth->execute(array(
'email' => $_POST['email']
));
I guess you forgot to add quotes ' to your INSERT query. Check out any tutorial on the web on how to do simple inserts, eg here: http://www.w3schools.com/php/php_mysql_insert.asp
I'm new at this, what are the problems with this statement:
$sql=" SELECT * FROM `calendar` WHERE `DayId` ='".$day."'";
$result = mysql_query($sql, $conn);
if (!$result){
echo "DB Error, could not query the database\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
while ($row = mysql_fetch_array($result)) { //set $dayType
$dayType = $row[DayType];
}
I keep getting the error:
DB Error, could not query the database
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '' at line 1
but when I put an "echo $result;" in after the line that starts with $result=... then I get a value for $result of "Resource id #2"
You need to enclose your "day" variable in quotes (and you should be escaping it if you haven't already!)
$sql = "SELECT * FROM calendar WHERE DayId = '" . mysql_real_escape_string($day) . "'";
Shouldn't it be
$sql="SELECT * FROM `calendar` WHERE `DayId` = '".$day."'";
It seems likely to me that your $day variable is not getting populated ... Try echoing the SQL statement before you run it to make sure everything looks as it should ...
If it's date(z) change it to date('z').