I'm getting these weird errors, and I've been up and down the code, commenting and rewriting, and googling all the things.
Perhaps you guys will see what I'm not seeing:
$mysqli = new mysqli('host','login','passwd','db');
if($mysqli->connect_errno > 0){ die('Cannot connect: '. $mysqli->connect_error); }
// See if there is one term or multiple terms
if (count($search) == 1) {
// If one term, search for that
$like = $search[0];
$stmt = "SELECT
gsa_committees.id,
gsa_committees.committee,
gsa_committees.appointer,
gsa_committees.representatives,
gsa_committees.contact,
gsa_committees.category,
gsa_committees.attachments,
gsa_committees.labels,
gsa_committee_reports.committee,
gsa_committee_reports.title,
gsa_committee_reports.author,
gsa_committee_reports.link,
gsa_funds.id,
gsa_funds.fund,
gsa_funds.attachments,
gsa_funds.labels,
gsa_meeting_minutes.title,
gsa_meeting_minutes.link,
gsa_officers.office,
gsa_officers.dept,
gsa_officers.name,
gsa_representatives.program_dept,
gsa_representatives.representatives,
gsa_representatives.alternate
FROM
gsa_committees,
gsa_committee_reports,
gsa_funds,
gsa_meeting_minutes,
gsa_officers,
gsa_representatives
WHERE
(gsa_committees.committee LIKE $like) AND
gsa_committees.committee IS NOT NULL";
}
if(!$result = $mysqli->query($stmt)){ die('Bad query: '. $mysqli->error); }
This gives me this error message:
Bad query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%ARCHAC%) AND gsa_committees.committee IS NOT NULL' at line 34
Which I know isn't true. If I change that las part to just this:
WHERE gsa_committees.committee LIKE $like";
I get this error message:
Bad query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%ARCHAC%' at line 34
Everywhere I've looked, the string "%".search."%" seems to be the correct method, but my server doesn't seem to like it here.
Interesting side note: I have a different LIKE statement working on another page on the same server, this just won't work for some reason.
Thanks!
Try putting single quotes around your search term ($like variable).
for example: (gsa_committees.committee LIKE '$like')
You need to wrap the variable in quotes for like to work:
WHERE gsa_committees.committee LIKE '$like';
See reference documentation on String Comparison Function.
it looks like missing quotes:
"WHERE gsa_committees.committee LIKE '$like' ";
Ok, I got it. The answer on this post solved my issue:
MYSQLI SQL query over multiple tables fail
As soon as I assigned the tables t1,t2,etc and did INNER JOIN, the results came in as expected, with %$search% or $search.
Thanks all!
Related
Notice: Undefined variable: table_name in /Applications/MAMP/htdocs/welcometowarwick/scripts/php/insert_imagery.php on line 106
Error: UPDATE SET business_description='', image1='profiles/sadsadas/', image2='profiles/sadsadas/', image3='profiles/sadsadas/', image4='profiles/sadsadas/', image5='profiles/sadsadas/' WHERE id='307' LIMIT 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET business_description='', image1='profiles/sadsadas/', image2='pr' at line 1
Here is the UPDATE code
$updatesql = sprintf("UPDATE $table_name SET
business_description='$business_description',
image1='$insert_upload1',
image2='$insert_upload2',
image3='$insert_upload3',
image4='$insert_upload4',
image5='$insert_upload5'
WHERE id='$user_id' LIMIT 1");
if (mysqli_query($link, $updatesql)) {
header('Location: ../../register/complete.php');
} else {
echo "Error: " . $updatesql . "<br>" . mysqli_error($link);
}
mysqli_close($link);
Can anyone see what the error with the syntax is?
This is too long for a comment, therefore I am submitting the following.
The syntax error is clear:
right syntax to use near 'SET it starts at SET, so this tells me that:
$table_name is either not defined, or it contains a character that MySQL doesn't agree with. Possibly a space, a hyphen; who knows. Only you know that and how $table_name is defined, or whether it's defined at all.
Plus, as I stated in comments; you're using sprintf but there is no syntax to support that. You can just get rid of it, far as I'm concerned.
It is also unclear which MySQL API you are using to connect with, so make sure you are indeed using mysqli_ to connect with and not mysql_ or PDO.
Those different MySQL APIs do not intermix with each other.
If you have any questions, please do not hesitate to place a comment underneath my answer.
You may also want to make use of mysqli_real_escape_string() in order to escape your data. There might be characters in there that MySQL will also want to buck about.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
this query can't get the table name so it happens try to first echo $updatesql and check the query get table name
I've been using this for loop to insert information into my database:
$values = array();
for($x=1;$x<=3;$x++){
$values[]= $_POST["FCKeditor".$x];
}
echo implode(",",$values);
$sql = "INSERT INTO virus (v1,v2,v3) VALUES(".implode(",",$values).")";
However, when I looked at the result on the webpage, it gave me this message:
a1
,b2
,c3
INSERT INTO virus (v1,v2,v3) VALUES(a1
,b2
,c3
)You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '>,b2
,c3
)' at line 1
Can someone help solve this issue?
Very likely the problem is the missing quotes, and you probably wanted something like the following for your values portion:
"'".implode("','",$values)."'"
Which gives you something like:
'abc','xyx','123'
Of course I am assuming that they are all of string type. If some are not, then you need to make sure strings are quoted and numbers are not etc.
The best is for sure to use place holders, then you do not need to go through this trouble at all.
I have the below PHP for my book keeping application. It uses PDO.
if (isset($_POST['lesson'])AND isset($_POST['page']))
{
try {
$options_pdo[PDO::ATTR_ERRMODE]=PDO::ERRMODE_EXCEPTION ;
$DB= new PDO('mysql:host=localhost;dbname=mydb','jamie','admin',$options_pdo);
$statement=$DB->query("SELECT data FROM teach_books where lesson=".$_POST['lesson']."AND page=".$_POST['page'] );
while($results = $statement->fetch()){
$results['data'];
echo "<br>";
}
} catch(Exception $e) {
die ('ERROR: '.$e->getMessage());
exit;
}
}
However when I run the code it displays the below error:
ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'page=dsas' at line 1
Could anybody help please?
A couple of things:
1) DO NOT INSERT RAW QUERY STRINGS:
This code is extremely suseptable to SQL Injection. PDO has a feature called 'prepared statements'. This is waht you should be using for you SQL queries. Do not just inject some POST parameters into the query string as the result will be a security hole. The quotes you have accidentally inserted into the query may well have come from a malicious user trying a SQL attack.
2) MISSING SPACE:
You have a missing space right before the AND. The parser does not know what to make of the term 2AND and so produces the error. The SQL by iteslf expands to something like.
SELECT data FROM teach_books where lesson=2AND page=24;
3) MISSING QUOTE MARKS:
If you were to use something like the above you will need to add some closing quote marks at the end of the query. You also need quotes around the string params that you give inside the select.
4) ECHO DATA:
You are not actually printing out anything in the loop. Simply having a statement sitting inside PHP will not print it out. You need echo command.
echo $results['data'];
5) ITERATE OVER OBJECT:
You do not need to keep calling fetch(), you could use fetchAll() and then iterate over that result set.
Really you should not call any "fetch" method unless you just need the rows in an array.
The result set object is iterable and can be looped over.
$statement->execute();
foreach ($statement as $row) {
...
}
6) TRY-CATCH:
You could probably remove the 'try-catch' code because what you are doing inside there is what the exception would do anyway.
Additionally I hope 'admin' is not your actual password.
Sorry to have kept adding to my answer. Just wanted to post the 6 points by themselves and then expand on them.
Hope that helps
Your SQL are wrong, try it:
$statement=$DB->query("SELECT data FROM teach_books where lesson='".$_POST['lesson']."'AND page='".$_POST['page']."'" );
You'r comparing string values, so you need to use '' on sql query.
ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'page=dsas' at line 1
The problem is probably becaus you didn't add quotes for the value:
".... page='".$_POST['page']."'"
Strings ALWAYS need quotes around them.
Full error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
So it hasn't really told me much... Is there a way to find out more?
It has returned this message from two PHP files. Here are the first MySQL queries that I made in each file:
$query = mysql_query("SELECT * FROM `questions` WHERE `id`=".$currentId.";") or die( mysql_error() );
$query = mysql_query("SELECT * FROM `questions` WHERE `id`=".$theNextId.";") or die( mysql_error() );
There is PHP code before this though which opens the database etc.
Here is a similar problem: Link
Perhaps there an error in my concatenation?
Thanks.
$currentId is null or empty.
And don't forget about SQL-injection!
Remove semicolons. The docs say "the query string should not end with a semicolon".
It seems that your final ` (back-tick) character is missing.
The exact error message is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where rfflag='0'' at line 1
Hi,
I'm trying to get some php scripts working and it dies with the above error message. There are two locations where rfflag is used in the SQL query:
$_SESSION['lang']=$objTerm->my_get_one("select min(id) from "
.$objTerm->TABLE['languages']." where status='1' and rfflag='0'");
$rs_lang=$objTerm->execute_query("select id,language from "
.$objTerm->TABLE['languages']." where `status`='1' and `rfflag`='0'");
How do I determine which one is causing the problem? Or is the problem something else altogether?
Echo this:
"select id,language from ".$objTerm->TABLE['languages']." where status='1' and rfflag='0'"
and this:
"select min(id) from ".$objTerm->TABLE['languages']." where status='1' and rfflag='0'"
Then run execute each output in your favorite sql developer tool.
Errors will be displayed there.
How do I determine which one is causing the problem?
Remove one of the queries. See if it still happens.
On a secondary thought, I would suggest that you change your MySQL query code so, that it doesn't use die() to print out the error message. Use trigger_error or exceptions instead, this way you will automatically get a trace of which line caused it.
How do I determine which one is causing the problem?
use trigger_error() to output an error message.
I guess (I have to guess because you supply no code) that you are using die() to output an error.
if you change this bad practice function to trigger_error(), you will be able to see the line number, where error occurred.
If you add non only mysql_error() to it's output, but also query itself, you will be able to see the problem code too.
I guess $objTerm->TABLE['languages'] is undefined or does not have the value you’re expecting.
As sheeks06 has already suggested, just echo the query to see if everything is as expected:
$query = "select min(id) from "
.$objTerm->TABLE['languages']." where status='1' and rfflag='0'";
echo $query;
$_SESSION['lang']=$objTerm->my_get_one($query);
$query = "select id,language from "
.$objTerm->TABLE['languages']." where `status`='1' and `rfflag`='0'";
echo $query;
$rs_lang=$objTerm->execute_query($query);