<?php
$query = "SELECT * ";
$query .= "FROM subjects ";
$query .= "WHERE id='" . $subject_id ."' ";
$query .= "LIMIT 1";
?>
The problem cause is in this line:
The error : "Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1"
So why... despite the syntax is right. Given me that error ?!
The error message is from the execution of a line of code not shown in your question.
One obvious possibility is that the string value produced by this code is not being passed to MySQL. Another possibility is that $subject_id contains a string value that is being interpreted as SQL text, and the $query does not contain what you think it contains. There's a lot of other possibilities.
For debugging issues like this, we really need to identify the line of code that is actually throwing the error. (In your case, it's going to be a call to a mysql_, mysqli or PDO execute or prepare function or method.)
What you can do is add an echo or var_dump of the ACTUAL SQL text that is being passed to MySQL, on a line immediately preceding the line that is throwing the error.
For example, you would get this error message if a line of code after this code, and before the parse or execute call, modifies $query
$query .= " LIMIT 1";
That would add a second LIMIT clause on the query, which is invalid, and would throw the same error you are getting.
To reiterate: the lines of code posted in your question are NOT throwing an error. The lines of code you posted are simply assigning a string value to a variable. (This may be the string value that is being passed to MySQL, but we don't see that anywhere in your code.)
You are using 'subject_id' may be int format have some problem so use subject_id and Limit 1 alternate Limit 0,1.
<?php
$query = "SELECT * ";
$query .= "FROM subjects ";
$query .= "WHERE id=" . $subject_id;
$query .= "LIMIT 0,1";
?>
You don't need to concatenate the variable you can use
<?php
$query = "SELECT * ";
$query .= "FROM subjects ";
$query .= "WHERE id='$subject_id' ";
$query .= "LIMIT 1";
?>
You have two semi-colons after your variable as well, and if your variable is a integer, it doesnt need to be in single quotes either.
Related
I am trying to select data from specific user in MySQL database to PHP using my session. Code I have is:
$sql = "SELECT * FROM users WHERE Username = "$_SESSION['sess_user']" LIMIT 1";
I'm currently getting this error
Parse error: syntax error, unexpected '$_SESSION' (T_VARIABLE)
Since we're more than likely dealing with a string, you would need to add quotes to it and concatenate it with dots/periods.
I.e. '".$_SESSION['sess_user']."'
Just to be 100% certain, make sure you have started the session using session_start(); at the top of every page using sessions.
just use ' instead of "
$sql = "SELECT * FROM users WHERE Username = '{$_SESSION['sess_user']}' LIMIT 1";
You are missing the . (DOT) symbol for adding variables to strings. Try this:
$sql = "SELECT * FROM users WHERE Username = " . $_SESSION['sess_user'] . " LIMIT 1";
That's it.
i had the same issue
i just had to give my variable a name and use that
$sessUser = $_SESSION['sess_user'];
then use $sessUser in your sql statement
I'm trying to turn this:
"SELECT username FROM $table WHERE username='$newName'"
Into this:
"SELECT $column FROM $table WHERE $column='$newName'"
But when I use or die() on it, I get an error saying that there is incorrect syntax near WHERE username='someNameHere'. What is the correct way to substitute the column name, assuming that's what's wrong?
Edit: Code is just this. The values should be correct as I don't see any mispellings in the error.
$sql = "SELECT $column FROM $table WHERE $column='$newName'";
$result = mysql_query($sql) or die( mysql_error());
Make your query like this
$sql = "SELECT ".$column." FROM ".$table." WHERE ".$column."='".$newName."'"
BTW this is SQLinjection vulnerable code. You should check the variables before using them in query. Also you should start using mysqli and prepared statements
"SELECT ".$column." FROM ".$table." WHERE ".$column."=".$newName;
Check to see if that works for you.
Came across an error i have never seen before after writing the following code:
$query= "UPDATE `Pharm_Log` SET `text` = ". $bloodtest . " WHERE `id` = " . $patientid;
$result = mysql_query($query) or die(mysql_error());
My error message was this
"You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'Pressure Test: 235/43 WHERE id = 1' at line 1"
Any one have any idea on how to fix this? would be greatly appreciated
the string literal (value of $bloodtest) must be wrap with single quotes,
$query= "UPDATE `Pharm_Log` SET `text` = '". $bloodtest . "' WHERE `id` = " . $patientid;
$result = mysql_query($query) or die(mysql_error());
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
Whats wrong with my code?
Basically what I'm trying to do is add a number and update a field in the sql with what is connected to the variable. But since steamids look like this STEAM_0:0:123123123 or STEAM_0:1:123123123 I get this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':0:14166834' at line 1
This is just for learning, so I know my code has useless echos, but its just to see it being added and making sure i was doing it correctly anyways
addmoney.php
<?php
include("inc/config.php");
$mysteamid=mysql_real_escape_string($_POST['mysteamid']);
$sql = "SELECT * FROM $tbl_name WHERE steamid='$mysteamid'";
$result=mysql_query($sql);
$cash=mysql_result($result, 0, 'cash'); // outputs 7th
echo $cash;
$newcash= $cash + "10000";
echo "\n";
echo $newcash;
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
?>
index.php contains a working formdata its not really required with the error in my code.
my main problem is this line from addmoney.php which is
$mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
As your steamid field in your DB is a string (it seems to be, as possible values are STEAM_0:0:123123123 and STEAM_0:1:123123123), you must use quotes arround the value :
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = '$mysteamid'");
Using mysql_real_escape_string() is necessary, as it escapes quotes inside the variable you pass it as a parameter -- but you still have to put quotes arround the string, in your SQL queries.
In the first query you surrounded your $mysteamid value with simple quotes, and in the second query you didn't. If the steamid is a string type, you need to surround the value with quotes, like
"UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` =' $mysteamid'"
I trying to query a database to find relevant results between two columns in separate tables, to do this I'm using the following code:
$query = "SELECT * FROM $table WHERE MATCH (TITLE) AGAINST ($description) AND ARTIST=$band ORDER BY relevance DESC";
$result = mysql_query($query);
if (!$result) {
die("Result False on line 47: $result <br>
Query: $query <br>
Error: " . mysql_error());
}
As you might expect the error message appears saying I have an error in my MYSQL syntax but I'm not sure what it is, any pointers?
AGAINST ($description) should be AGAINST ('$description')
ARTIST=$band should be ARTIST='$band'
Any strings that are processed through queries need single quotes ( ' ) around them, and column names with spaces need backticks ( ` ).
If $description or $band contain any quotes or slashes you will need to escape them using mysql_real_escape_string() (I'd recommend doing this anyway)
Also, you can consolidate your die statement into your query line:
$result = mysql_query($query) or die(
"Result False on line 47: $result <br>
Query: $query <br>
Error: " . mysql_error()
);
Sometimes even syntax is correct this error is coming because some SQL version dont support this syntax.
Make sure your MySQL version is supporting this query or not before looking into other way around.