MYSQL IN Clause error

MYSQL IN Clause error - php

I have used the below code in mysql query:
$all_PIDs=array();
foreach($pID as $p)
{
$all_PIDs[]=$p->ID;
}
$AIDS=implode(',',$all_PIDs);
$table_tsk = new Timesheets_Table_Tasks();
$select_tsk = $table_tsk->select()
->from($table_tsk, array
(
'Total'=>'SUM(timesheets_tasks.Time)',
'Charged'=>'SUM(timesheets_tasks.Time_Charged)'
))
->where('timesheets_tasks.ProjectID IN ('.$AIDS.')')
;
But using the above code I am getting the following error:
"An error has occured
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '))' at line 1"
I have added a quotation mark(") for IN clause. But the problem is the query only displays for the first $AIDS number. Could someone help me to clear the error?
Thanks!

It should be specified as:
->where('timesheets_tasks.ProjectID IN (?)', $all_PIDs)
so you're passing an array of integers, not the comma-separated list of it

On your codes the quotes are not part of your MySQL query but only your PHP portion. DO this
$AIDS= "'".implode("','",$all_PIDs)."'";
And then
>where('timesheets_tasks.ProjectID IN ('.$AIDS.')'

Related

Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax

I'm trying to upload information to my DB but it keeps giving me a syntax error.
$query = "INSERT INTO `klant` (`naam`,`adres`,`postcode`,`email`,`nieuwsbrief`) VALUES ($naam,$adres,$postcode,$plaats,$email,$nieuwsbrief)";
The query I use should work as it's the same as in PHPMyAdmin.
The error I receive:
PHP Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '4,1234AB,Rotterdam,email#gmai.com,1)'

Two errors:
There are five columns specified in your insert query, but you're trying to put in six values. They should match. (plaats is missing)
String values should have quotes "" around them in insert statements.
Also, rickdenhaan touched on a good point. Using variables like this is dangerous as it allows for SQL injection, especially if the variables are populated by the public.

Syntax error or access violation: 1064 in code [duplicate]

This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 4 years ago.
I am having problems running a PDO execute and returns an error in MySQL syntax.
The code is as follows:
try {
global $connect;
$arr = array(':ranked' => $db_rank, ':tier' => $db_tier, ':id' => $_SESSION['user_id']);
$query = $connect->prepare('UPDATE users SET :ranked = :tier WHERE id = :id');
$query->execute($arr);
} catch (PDOException $e) {
echo $e->getMessage();
}
where $db_rank returns a string with the column name(conversion from json) and $db_tier returns a joined string(again conversion from json).
It is inside a loop that should update 1-3 columns, but upon execution an exception is thrown:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name1>' = '<value1>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name2>' = '<value2>' WHERE id = '3'' at line 1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''<column name3>' = '<value3>' WHERE id = '3'' at line 1
It should probably be because of the passing of the table column as a variable, in which case how should I proceed to loop it with 3 different pre-set table names without making it spaghetti code ?

Found my answer:
Should prepare the statement with " and not with ' because inside the array the type changes 3 times(once from function, once from passing and once from PREPARE statement). The variables themselve are const and are fetched using a whitelist already(upon decoding from the json request).

PHP Yii1 Syntax error or access violation: 1064

this is my code:
TableName::db()->updateAll(array('updated' => 'NOW()'), "WHERE userID
= ". (string)$id);
This is the errormessage i get:
CDbCommand failed to execute the SQL statement: SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near 'WHERE userID = 1043' at line
1. The SQL statement executed was: UPDATE TableName SET updated=:yp0 WHERE WHERE userID = 1043;. Bound with :yp0='NOW()'
The SQL Update Query will succesfully executed, but i want to fix this error.
Somebody have a hint for me how to fix this error?

Solution:
TableName::model()->updateAll(array('updated' => new CDbExpression('NOW()')), "userID= ". (string)$id);
The SQL Update Query will succesfully. Good luck to you

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error onds to your MySQL s se vnom)' at line 1

$sql = 'INSERT INTO employee (cin,nom) VALUES(:cin,:nom)';
try{
$requete=$db->query($sql);
$requete->bindValue(':cin',$emp->GetCin(),PDO::PARAM_STR);
$requete->bindValue(':nom',$emp->GetNom(),PDO::PARAM_STR);
$requete->execute();
}
catch(Exception $e)
{
die("erreur".$e->getMessage());
}
When executing this code, the following error arises:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':cin,:nom)'
How to fix?

$db->query() executes the query as is.
The query you are using requires that you first prepare the statement, bind parameters and then execute the query. Otherwise, the tuple after VALUES is interpreted as data.
In order to fix this, use $db->prepare(). (Docs)
$requete=$db->prepare($sql);
$requete->bindValue(':cin',$emp->GetCin(),PDO::PARAM_STR);
$requete->bindValue(':nom',$emp->GetNom(),PDO::PARAM_STR);
$requete->execute();

$sql="SELECT * FROM billing ORDER BY billing_no limit :go,5";$stmt = $db->prepare($sql);$stmt ->execute(array(':go'=>$go));

Im just trying for pagination in one of my project and I am getting an error like this
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0',5' at line 1
Please Help me..

You get this error because $go parameter is being inserted as string rather than int.
I recommend to bind parameters before execute. You can do it like this:
$stmt->bindParam(':go', $go, PDO::PARAM_INT);

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

MYSQL IN Clause error - php

It should be specified as: ->where('timesheets_tasks.ProjectID IN (?)', $all_PIDs) so you're passing an array of integers, not the comma-separated list of it

On your codes the quotes are not part of your MySQL query but only your PHP portion. DO this $AIDS= "'".implode("','",$all_PIDs)."'"; And then >where('timesheets_tasks.ProjectID IN ('.$AIDS.')'

Related

Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax

Syntax error or access violation: 1064 in code [duplicate]

PHP Yii1 Syntax error or access violation: 1064

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error onds to your MySQL s se vnom)' at line 1

$sql="SELECT * FROM billing ORDER BY billing_no limit :go,5";$stmt = $db->prepare($sql);$stmt ->execute(array(':go'=>$go));

Categories

Resources