I'm trying to store in MySQL the last date and hour that a user accessed his account. When I log in I get the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '16:06:21 WHERE email = 'something#host.com'' at line 1
$query="UPDATE users SET last_visit=$last_visit WHERE email = '$email'";
mysql_query($query) or die (mysql_error());
last_visit is of datetime type.
$last_visit = date("Y-m-d H:i:s");
$email = mysql_real_escape_string($_POST['email']);
I know that MySQL is depreciated. I'll use MySQLi.
Let me know if I need to edit my question before downrating. Thanks!
You forgot the quotes ' since last_visit column is a DATETIME :
$query="UPDATE users SET last_visit='$last_visit' WHERE email = '$email'";
Related
I am currently trying to setup a game.
I have tried a lot of things but nothing seems to have worked so far
$sql = "
select username
, safe_username
from users
where id = $userid;
UPDATE users
SET username = '$newusername'
where id = $userid
";
Error: select username, safe_username from users where id = 10; UPDATE users SET username = 'Deaga' where id = 10
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE users SET username = 'Deaga' where id = 10' at line 1
I expected it to work.
i am trying to setup a game. if you could help me thank you very much i am new to coding and i don't really know what to look for when i get these kind of errors.
Only one query at a time is allowed. You'll need to run each query separately in your php program.
I have a little problem. I tried to update information in HTML form, and when I write "I'm example" I receive this error
A little help?
Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'da', gender='2', locationUser='Here', userBirthday='26/05/1993' WHERE PlayerID='' at line 1
Code:
$sql = "UPDATE users SET descriptionProfile='$prezentare', gender='$gender', locationUser='$localisation', userBirthday='$anniversaire' WHERE PlayerID='$pr'";
A single or double quote break your query. Use this query
$sql = "UPDATE users SET descriptionProfile='".$prezentare."', gender='".$gender."', locationUser='".$localisation."', userBirthday='".$anniversaire."' WHERE PlayerID='".$pr."'";
Extend #Ariful answer,
For lower version of Mysql, you have to use below Query
$sql = "UPDATE `users` SET `descriptionProfile`='".$prezentare."', `gender`='".$gender."', `locationUser`='".$localisation."', `userBirthday`='".$anniversaire."' WHERE `PlayerID` ='".$pr."'";
Hope this will help.
I'm working with a PHP site right now that connects to a database and selects off 1 of our tables to compare information. Currently we are running into an issue with the # sign when comparing our email with a record in the table.
Here is exactly what is happening:
We are using a SELECT statement to compare the variable $Email to find out what is the associated ID for the account. The problem is when comparing with $Email and we have turned error reporting on we can see that the #hotmail.com is causing an error by SQL syntax standards.
$id = "SELECT idaccount FROM `animator`.`account` WHERE email = $Email";
$result = mysqli_query($dbc, $id) or die("Error: ".mysqli_error($dbc));
The outcome is the following:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#hotmail.com' at line 1
Anyone got any ideas?
You should enclose the $Email value in single quotes, so the generated statement looks like this:
SELECT idaccount FROM `animator`.`account` WHERE email = 'something#hotmail.com'
Even better, you should prepare the statement and bind the value of $Email. Take a look here: http://php.net/manual/en/mysqli-stmt.bind-param.php
I have a following code:
<?php
include("config.php");
$key = 'blahblah';
$sql = "INSERT INTO softversions SET key='$key'";
$result = mysql_query($sql) or die ($mysql_error());
echo "dude";
?>
This gives me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='svksskjfvns'' at line 1
The thing is that I've used this script about a hundred times on other pages and it worked.
Table and field names are 100% correct.
I don't understand what is going on.
Do you see the syntax error there?
KEY is a reserved word in MySQL and you need to escape it using backticks to use it as a column name and also you should not use SET when inserting.
$sql = "INSERT INTO softversions (`key`) VALUES ('$key')";
key is a reserved word in MySQL. To use it as a column, you need to escape it every time you call it.
$sql = "INSERT INTO softversions SET `key`='$key'";
$sql = "INSERT INTO softversions(keyName) values('{$key}')";
I've been trying to query an email address using the following statement, however after hours of trying to escape the string successfully I've accepted defeat.
The query I am using is: SELECT id, email FROM user WHERE email = '$email'
That gives me an error:
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com' at line 1
I'm sure it's simple.. I just can't seem to find an answer anywhere that works.
UPDATE #1
The code that I have been using is:
$email = "abc#gmail.com";
$sql = "SELECT id, email FROM user WHERE email = '$email'";
$result = mysql_query($sql) or die('Unable to connect: '.mysql_error());
UPDATE #2
The email comes from the Facebook connect API.
This is probably because you the E-Mail address that you get from Facebook connect contains quotes, e.g. something like
"Harry"#gmail.com
"Harry#gmail.com"
when pulling data from a web service (or from anywhere else), you need to escape the data to prevent SQL injection, and garbled queries like in your situation.
In your case:
$email = mysql_real_escape_string($email);