I got this request:
"START TRANSACTION; DELETE FROM `awaiting_auth` WHERE `code` = '06b8465eed00727a1eac49fae89b88f876ded2eb' LIMIT 1; INSERT IGNORE INTO `prsn` SET `login` = 'new_user', `passwd` = '40bd001563085fc35165329ea1ff5c5ecbdbbeef', `color` = '#cbc5f2'; COMMIT;"
And I receive this error:
"You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'DELETE FROM awaiting_auth WHERE code =
'06b8465eed00727a1eac49fae89b88f876de' at line 1".
However when executing sql via terminal everything goes well and no errors are thrown.
What is wrong with my request? Thanks in advance.
You must split the queries in separate ->query() calls. The SQL console does that automatically. E.g.
->query("START TRANSACTION");
->query("DELETE FROM...");
One operation per query. So you need to split your query into single queries.
Just run these queries one by one, not in single packet.
Try to execute each statement individually:
START TRANSACTION;
DELETE FROM `awaiting_auth` WHERE `code` = '06b8465eed00727a1eac49fae89b88f876ded2eb' LIMIT 1;
INSERT IGNORE INTO `prsn`(`login`, `passwd`, `color`) VALUES('new_user','40bd001563085fc35165329ea1ff5c5ecbdbbeef', '#cbc5f2');
COMMIT;
Related
I am attempting to insert some user-inputted data into my MySQL table using the following command:
$sql = "INSERT INTO Queued ('$role') VALUES ('$sname')";
Interestingly enough, I get the following error:
Error: INSERT INTO Queued ('Tops') VALUES ('Summoner')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Tops') VALUES ('Summoner')' at line 1
To be honest, I am relatively new at using PHP as well as MySQL, but I can't seem to find the error in my syntax; the Queued table does exist, $role and $sname are both strings so I encased them in single quotes. I suspect this is a newbie mistake, could anyone point me in the right direction?
This is due to use of single quotes ' around the column name. The query should be like:
$sql = "INSERT INTO Queued ($role) VALUES ('$sname')";
OR
$sql = "INSERT INTO Queued (`$role`) VALUES ('$sname')";
Try this format
$sql = "INSERT INTO Queued ('".$role."') VALUES ('".$sname."')";
`s role is to differentiate between built in SQL words and the column names, so if a word is used for name of a column that might be also a built in sql expression then `` are needed around it
I'd like to create a trigger from the following PHP code.
$sql = 'delimiter $$';
$pdo->exec($sql);
$sql = 'create trigger avoid_empty_employee_insert before insert on `employee`
for each row begin
if name = "" then set name = null; end if;
end$$';
$pdo->exec($sql);
$sql = 'delimiter ;';
$pdo->exec($sql);
When I run the the code in MySQL it works and the trigger is created.
PHP shows the following error.
SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 'delimiter $$' at line 1
How can I fix it?
Definitely do not try to change the delimiter when you're executing the statement via the API. DELIMITER is a mysql client built-in command, it is not recognized by the MySQL server-side parser.
You don't need it anyway. The purpose of DELIMITER is to remove the ambiguity of semicolons that may appear within the body of a trigger or stored routine. Since the API is for executing one statement at a time, there's no ambiguity. The SQL parser just treats the whole string as one statement anyway.
Likewise, do not end the create trigger statement with $$. You don't need any statement terminator, but the SQL parser accepts ; as an optional statement terminator because so many people put it there even though they don't have to.
The next problem is that you when you use column names in a trigger, you have to prefix them with either NEW. or OLD. -- in an insert trigger, you can only use NEW. If you don't prefix the column, MySQL assumes you meant to set a system variable like tmpdir or slow_query_log.
If you are still getting the 1193 error, I suggest that you didn't change both references to the name column to NEW.name.
I tested the following using PHP 5.4.24 and MySQL 5.6.20, and it worked:
$sql = "create trigger avoid_empty_employee_insert before insert on `employee`
for each row begin
if NEW.name = '' then set NEW.name = null; end if;
end";
$pdo->exec($sql);
You don't need to delimit the column name of name, because it is not a MySQL reserved word. The set of reserved words is documented.
try that :
$sql = 'create trigger avoid_empty_employee_insert before insert on `employee`
for each row begin
if name = "" then set name = null; end if; END;';
$pdo->exec($sql);
Since you are creating the trigger using code, you might not need to set/reset the DELIMITER.
Just ignore those lines in your php code that changes them.
Your code becomes only:
$sql = 'create trigger avoid_empty_employee_insert before insert on `employee`
for each row begin
if NEW.`name` = "" then set NEW.`name` = null; end if;
end$$';
$pdo->exec($sql);
Mayby this helps:
$sql = "delimiter //\n";
$pdo->exec($sql);
$sql = "create trigger avoid_empty_employee_insert before insert on employee\n
for each row\n
begin\n
if new.name = '' then\n
set new.name = null;\n
end if;\n
end//\n";
$pdo->exec($sql);
$sql = 'delimiter ;';
$pdo->exec($sql);
Since you are creating the trigger using code, you might not need to set/reset the DELIMITER. Changing the DELIMITER is important for CLIs.
Just ignore those lines in your php code that changes them.
Your code becomes only:
$sql = 'create trigger `avoid_empty_employee_insert` before insert
on `employee`
for each row
begin
if `name` = "" then set `name` = null; end if;
end';
$pdo->exec($sql);
I'm having an issue with a MySQL query when run in php. It works fine when I run it in PHPMyAdmin or SequelPro, but when copied into the PHP file it is meant to run in, it stops working.
The query is designed to take data from multiple tables that are linked with Primary Keys, and then put that data into corresponding identical tables. I know it's an odd thing to do, but it needs to do it.
Query (as used in a PHP file) is as follows:
for($x = 0; $x < count($REQIDARRAY); $x++){
$sql="BEGIN;
INSERT INTO `Request`
SELECT NULL AS `RequestID`, `ModCode`, `RoomID`, `Students`, `Priority`, `Day`, `StartTime`, `Length`, `Semester`, `DateAdded`, `SpecialRequests`
FROM RequestTEMP
WHERE RequestTEMP.RequestID=\"".$REQIDARRAY[$x]."\";
INSERT INTO `Week`
SELECT `WeekNumber` , LAST_INSERT_ID() AS `RequestID`
FROM `WeekTEMP`
WHERE WeekTEMP.RequestID=\"".$REQIDARRAY[$x]."\"';
INSERT INTO `RequestFacilities`
SELECT LAST_INSERT_ID() AS `RequestID` , `FacilityID`
FROM `RequestFacilitiesTEMP`
WHERE RequestFacilitiesTEMP.RequestID=\"".$REQIDARRAY[$x]."\"';
DELETE FROM `RequestTEMP` WHERE RequestID=\"".$REQIDARRAY[$x]."\";
DELETE FROM `RequestFacilitiesTEMP` WHERE RequestID=\"".$REQIDARRAY[$x]."\";
DELETE FROM `WeekTEMP` WHERE RequestID=\"".$REQIDARRAY[$x]."\";
COMMIT;";
$DB->Query('TransferMe' , $sql);
}
I have confirmed that $REQIDARRAY[$x] is returning correct values.
When running it in SequelPro, all that changes is that I would change
RequestID=\"".$REQIDARRAY[$x]."\"
to
'RequestID='123'
The error message in PHP is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO Request SELECT NULL AS RequestID, ModCode, RoomID, `Student' at line 2.
MySQL Version is 5.1.60.
I have no idea what is causing the problem, I've also tried hard coding values for RequestID into the PHP file and it still returns the same error.
Any help much appreciated!
The library you using is using mysql_query() function, which cannot run multiple queries at once (as a protection against SQL injection).
You need to run each of your queries with separate call to $DB->Query(). Don't worry, it will still be treated as a single transaction.
Example:
$sql="BEGIN";
$DB->Query('TransferMe' , $sql);
$sql = "INSERT INTO `Request`
SELECT NULL AS `RequestID`, `ModCode`, `RoomID`, `Students`, `Priority`, `Day`, `StartTime`, `Length`, `Semester`, `DateAdded`, `SpecialRequests`
FROM RequestTEMP
WHERE RequestTEMP.RequestID=\"".$REQIDARRAY[$x]."\";";
$DB->Query('TransferMe' , $sql);
...
Also: you might want to look at some more modern ways of accessing MySQL from PHP like ext/MySQLI (recommended by developers of MySQL) or PDO (favourited by majority of PHP coders)
The following is throwing a syntax error. The entire query works in a MySQL client with literals, but breaks down when passing from PHP. In PHP, each query works if submitted separately, but not if within START and COMMIT.
The error:
1064: You have an error in your SQL syntax; check the manual ...etc...right
syntax to use near 'INSERT INTO user_degrees (user_id, degree_id, acadcat_id
, inst_id) VALUES (' at line 2
Query:
$query="START TRANSACTION;
INSERT INTO user_degrees (user_id, degree_id, acadcat_id, inst_id)
VALUES ((SELECT id FROM users WHERE users.username = '$user')
, '$degreeid', '$studyfocus', '$institution');
UPDATE users
SET degree".$dnum." = (SELECT LAST_INSERT_ID())
WHERE username = '$user';
COMMIT;";
All the $vars are class properties and pass integers, except for $user, which passes a username session variable. $dnum is used to change column names between instances of the class and I might be concatenating it incorrectly within MySQL.
PHP's mysql driver only allows a single query per mysql_query() call as a security measure. You'll have to issue multiple separate queries:
$result = mysql_query("START TRANSACTION");
$result = mysql_query("INSERT ...");
$result = mysql_query("UPDATE ...");
$result = mysql_query("COMMIT;");
... with appropriate checking at each stage to make sure the query didn't fail (which I've omitted from here).
Note that this security measure only applies to top-level queries. One one top-level query per call. You can have as many subqueries as you want/need.
$query = "INSERT INTO directory_level_one (child_categories)
VALUES
('$category_name')
WHERE
category = '$parent'";
currently, I get the following error when I add the WHERE part in the above sql query.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE category = 'Philosophy'' at line 4
You can't have a where clause for an Insert statement. Are you trying to update existing database records instead? In that case, use the Update statement.
INSERT statements don't have a WHERE clause.
Perhaps you want an UPDATE statement instead?
UPDATE directory_level_one
SET child_categories = 'your_category_name'
WHERE category = 'your_parent'
you can't use a where clause with an insert statement.
where clause can not be used in INSERT statment
please read this before preceding further http://dev.mysql.com/doc/refman/5.5/en/insert.html
What you want to do is this:
$query = "UPDATE directory_level_one SET child_categories='$category_name' WHERE category = '$parent'";
I think you might want to change your INSERT to an UPDATE