Php mysqli->real_escape_string and MYSQL

Php mysqli->real_escape_string and MYSQL - php

I've a little question.
I've written this code to add the values to mysql database but when i run the code and I got an error. Can anybody help me?
the code:
$fel = $mysqli->query("INSERT INTO deleted (uid,buy_type,prop_type,district,street,room_min,room_max,price_min,price_max,condition_type,heat_type,lift_type,parking_type,type_of_del,when)
VALUES ('".$mysqli->real_escape_string($letomb['uid'])."',
'".$mysqli->real_escape_string($letomb['buy_type'])."',
'".$mysqli->real_escape_string($letomb['prop_type'])."',
'".$mysqli->real_escape_string($letomb['district'])."',
'".$mysqli->real_escape_string($letomb['street'])."',
'".$mysqli->real_escape_string($letomb['room_min'])."',
'".$mysqli->real_escape_string($letomb['room_max'])."',
'".$mysqli->real_escape_string($letomb['price_min'])."',
'".$mysqli->real_escape_string($letomb['price_max'])."',
'".$mysqli->real_escape_string($letomb['condition_type'])."',
'".$mysqli->real_escape_string($letomb['heat_type'])."',
'".$mysqli->real_escape_string($letomb['lift_type'])."',
'".$mysqli->real_escape_string($letomb['parking_type']).",
'".$mysqli->real_escape_string($type_of_del)."',
now())") or die($mysqli->error);
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'when) VALUES ('3', 'kiado', 'lakas', '1'' at line 1

WHEN is a reserved word. Enclosing it in backticks should fix your problem, as it will then be treated as an identifier.
`when`

You should use backticks around your column names. when is a MySQL keyword so it's being interpreted incorrectly. At the very least use backticks around when.

Related

MySQLi Syntax Error (PHP) on INSERT using Variables

I am attempting to insert some user-inputted data into my MySQL table using the following command:
$sql = "INSERT INTO Queued ('$role') VALUES ('$sname')";
Interestingly enough, I get the following error:
Error: INSERT INTO Queued ('Tops') VALUES ('Summoner')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Tops') VALUES ('Summoner')' at line 1
To be honest, I am relatively new at using PHP as well as MySQL, but I can't seem to find the error in my syntax; the Queued table does exist, $role and $sname are both strings so I encased them in single quotes. I suspect this is a newbie mistake, could anyone point me in the right direction?

This is due to use of single quotes ' around the column name. The query should be like:
$sql = "INSERT INTO Queued ($role) VALUES ('$sname')";
OR
$sql = "INSERT INTO Queued (`$role`) VALUES ('$sname')";

Try this format
$sql = "INSERT INTO Queued ('".$role."') VALUES ('".$sname."')";

`s role is to differentiate between built in SQL words and the column names, so if a word is used for name of a column that might be also a built in sql expression then `` are needed around it

Error in PHP MySQL

I am trying to do a simple INSERT, but I keep on getting this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM,TO,ID,CURRENCY1,CURRENCY2,AMOUNT,NOTE,RATE) VALUES('test', 'test2', 'dd', '' at line 2
Here is my code:
mysql_query("INSERT INTO WIRET
(FROM,TO,ID,CURRENCY1,CURRENCY2,AMOUNT,NOTE,RATE) VALUES('$from', '$to', '$ID', '$currency1', '$currency2', '$amount','$note', '$rate') ")
or die(mysql_error());
Why am I getting this error? I copied this script from another area of my site where it works, I just changed the values.

FROM is a reserved word in MySQL (and SQL in general). If you really have a column named FROM you should wrap it with ` (backticks) so the parser knows you mean a name:
INSERT INTO WIRET (`FROM`, TO, ID, CURRENCY1, ...

If your column is named from you have to put it into "`" (backticks) because FROM is also a SQL keyword.
By putting a keyword (FROMhere) into backticks you say "this is not a SQL keyword" to the DBMS.
Example:
INSERT INTO WIRET (`FROM`,TO,ID,...

mysqli query error, not sure what's wrong

I have a query here and not sure why the insert is failing... Here is the query and the error
INSERT INTO `tokyoStats` (stockName, open, high, low, close, change, stockFrom, stockParent, timestamp) VALUES ('topix', '1190.55', '1192.35', '1181.56', '1181.64', '-3.64', 'japan','topix','2013-09-18T01:00:05+09:00')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'change, stockFrom, stockParent, timestamp) VALUES ('topix', '1190.55', '1192.35'' at line 1
I'm not sure why this is wrong. I have other queries before this one that work perfectly fine.

change is reserved word for mysql enclose it with backticks (`) and avoid this by changing column names, see this link for reference: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
INSERT INTO `tokyoStats` (`stockName`, `open`, `high`, `low`, `close`, `change`, `stockFrom`, `stockParent`, `timestamp`)
VALUES
('topix', '1190.55', '1192.35', '1181.56', '1181.64', '-3.64', 'japan','topix','2013-09-18T01:00:05+09:00')

Annoying mysql update query problem

I'm trying to update using mysql_query in php and it gives me this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read='1' WHERE id='14'' at line 1
I've been looking at my query for about 10 minutes now and I cant find whats wrong with it. Here it is:
if ($row['read'] == 0) {
mysql_query("UPDATE mail SET read='1' WHERE id='$mailid'") or die(mysql_error());
}
Do anyone see where the error is?

read is a reserved word.
Enclose it into the backticks:
UPDATE mail SET `read`='1' WHERE id='$mailid'

How about...
"UPDATE `mail` SET `read`='1' WHERE `id`='".$mailid."'"

read is a reserved word. You need to use backticks ` around read.

MySQL INSERT error

I got this error :
Database problem occur, please try again later.
- Error in query: INSERT INTO main SET title ='', url='www.jerseymurah.com', kod='jerseymurah', owner='Hasbul Aqill', tag='jersey, football, world cup', since='Feb 2010', desc='ssfsfsfsfs'
- Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='ssfsfsfsfs'' at line 1 (Error #1064)
- File: /home/yosh/domains/yosh.my/public_html/demo/admincp/tambah-save.php
and this is my mysql query code :
$query = "INSERT INTO main SET title ='".$ttile."', url='".$url."',
kod='".$kod."', owner='".$owner."', tag='".$tag."', since='".$since."',
desc='".$desc."'";
$db->rq($query);
Please help and thanks a lot!

DESC is a reserved word in mySQL.
You need to put that field in backticks:
`desc`="..."
maybe consider renaming the field.
mySQL reserved words in the manual

I think DESC is a reserved word, try escaping it with backticks.

mysql_query("INSERT INTO main(title,url,kod,owner,tag,since,description) VALUES('$title','$url','$kod','$owner','$tag','$since','$desc')");

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Php mysqli->real_escape_string and MYSQL - php

WHEN is a reserved word. Enclosing it in backticks should fix your problem, as it will then be treated as an identifier. `when`

You should use backticks around your column names. when is a MySQL keyword so it's being interpreted incorrectly. At the very least use backticks around when.

Related

MySQLi Syntax Error (PHP) on INSERT using Variables

Error in PHP MySQL

mysqli query error, not sure what's wrong

Annoying mysql update query problem

MySQL INSERT error

Categories

Resources