I know what a syntax error is but i cant find the problem in my syntax. I did the sql in phpmyadmin first and not ive just copied and put variables in.
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 's new carving chisels. 1 x 13mm 4-point finishing claw Chisel.
Southern St' at line 3
Code:
public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){
mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
VALUES (
'$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
)") or die(mysql_error());
}
Many Thanks.
You need to apply mysql_real_escape_string over each variable before running the insert query
public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){
$vendor = mysql_real_escape_string($vendor);
$product_link = mysql_real_escape_string($product_link);
$product_title = mysql_real_escape_string($product_title);
$product_desc = mysql_real_escape_string($product_desc);
$product_price = mysql_real_escape_string($product_price);
mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
VALUES (
'$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
)") or die(mysql_error());
}
The tables need no Grave accents, e.g. "`vendor`" should just be "vendor", and try to write the variables like this:
VALUES ( '".$vendor."',
it should work then.
And what sythnet wrote about mysql_query($con applies to mysqli_qurey, not to mysql_query
Escape the inputs. Use mysql_real_escape_string.
Also have look at : Why shouldn't I use mysql_* functions in PHP?
Related
I'm creating a page where I have the option for attaching files. When the files have single quotes in their names is attached, I get an error. This is how I tried:
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["id"]));
$upload_directory = "uploads/attachments/";
$result = file_upload("attachment", "../".$upload_directory);
if($result[status] == true) {
$query = "insert into `attachments`
(
`id`,
`file_name`,
`file_extension`,
`file_size`,
`uploaded_file_name`,
`uploaded_file_path`
)
values
(
'$id',
'".$result[file_name]."',
'".$result[file_extension]."',
'".$result[file_size]."',
'".$result[uploaded_file_name]."',
'".$upload_directory.$result[uploaded_file_name]."'
)";
This is the error I got:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '2016.xlsx'
'xlsx',
'7988',
'1466056157029.xlsx',
'upload' at line 15
I know this is the place where the problem is: '".$result[file_name]."'. The problem is because of the single quote I've used. What is the change I should do? What should I add?
Add single quotes. You are using ' in filename so use addslashes() and when fetching use stripslashes(). OR remove ' from filename.
See below code
$query = "insert into `attachments`
(
`id`,
`file_name`,
`file_extension`,
`file_size`,
`uploaded_file_name`,
`uploaded_file_path`
)
values
(
'$id',
'".addslashes($result['file_name'])."',
'".$result['file_extension']."',
'".$result['file_size']."',
'".$result['uploaded_file_name']."',
'".$upload_directory.$result['uploaded_file_name']."'
)";
Number of arguments are mismatched in your insert query.
Use single quote,
ex: '".$result['file_name']."'
I wrote this mySQL query and I keep getting an error. Included are the query and the error:
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, $lastkey, $time())") or die(mysql_error());
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
Any help would be greatly appreciated! Thank you.
If your column in 'umeta_id' is default NULL then you don't need to specify it on the insert. 'CURTIME()' is an SQL function that returns current time. Should work if the column 'meta_value' is set to hold only time. I'm assuming you are using PHP. I've found including the variables in tick marks ' works. Also mysql_query is deprecated. You should use mysqli_query(yourDatabaseConnection, yourQuery)
mysql_query("INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES ('$value', '$lastkey', CURTIME())") or die(mysql_error());
You are passing String thru query to mysql Without putting in Single/Double quotes. Use
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, '".$lastkey."', '".$time()."')") or die(mysql_error());
this query with string concatenation.
Check type of values was matched with database and umeta_id allow be null .
may be on of field has autoincrement or not null check database again .
you should use NOW()
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, $lastkey, NOW())") or die(mysql_error());
$sql="INSERT INTO $p (q,o1,o2,o3,o4,ta,ma) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma')";
this query is getting executed but shows error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '(q,o1,o2,o3,o4,ta,ma) VALUES
('','','','','','','')' at line 1
any idea??
use this query
$sql=" INSERT INTO '$p' ( `q` , `o1` ,`o2` ,`o3` , `o4` ,`ta` ,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma') "
use single quotes for '$p'
$sql="INSERT INTO '$p' (`q`,`o1`,`o2`,`o3`,`o4`,`ta`,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma')";
Always use single comma on php variable if you are using double comma at the start. Like this
$query = "INSERT INTO 'table' WHERE 'user' = '$user'";
in your case:
" INSERT INTO '$p' ( `q` , `o1` ,`o2` ,`o3` , `o4` ,`ta` ,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma') "
this is the php code:
$stringquery = "INSERT INTO sikurim(name, title, desc, category, subcategory)
VALUES ('$contact', '$heading','$comments', '$catF', '$catS' ) ";
mysql_query($stringquery) or die(mysql_error());
And i get the error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'desc, category, subcategory) VALUES ('jhjh', ' fffff','fffff',
'2', '4' )' at line 1
I can't find what's wrong with the code, can someone help?
DESC is reserved MySQL keyword. You need to enclose it in backquotes:
$stringquery = "INSERT INTO sikurim(name, title, `desc`, category, subcategory) VALUES ('$contact', '$heading','$comments', '$catF', '$catS' )";
You should escape each value.
Use mysql_escape_string http://www.php.net/manual/en/function.mysql-escape-string.php
I have function that updates log table.
function wslog($userID, $log, $where) {
safe_query("INSERT INTO ".PREFIX."log ( time, userID, log, where ) values( '".time()."', '".$userID."', '".$log."', '".$where."' ) ");
}
And I have this php code:
wslog($userID, 'server|'.mysql_insert_id().'', 'servers');
But I keep getting syntax error:
Query failed: errorno=1064
error=You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where ) values( '1269208030', '1', 'server|14', 'servers' )' at line 1
query=INSERT INTO ws_DII_log ( time, userID, log, where ) values( '1269208030', '1', 'server|14', 'servers' )
Is it possible that SQL doesn't like your log field name as it is a reserved word?
If so, try putting it is backticks
log ( `time`, `userID`, `log`, `where` )