After a long search not able to find the solution
Undefined index: coursename in C:\wamp\www\StudentInformationProject\Student_new\courseinsert.php on line 17
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'>
Here is the code
if(isset($_POST["button"]))
{
$sql="INSERT INTO course(courseid, coursename, comment, coursekey)
VALUES('".$_POST['courseid']."','".$_POST['coursename']."',
'".$_POST['comment']."','".$_POST['coursekey']."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
else
{
echo "1 record Inserted Successfully...";
}
}
One of your substituting variables has a double quote in it. Given the error message, it probably looks like:
foo "1" bar
You should escape such characters by doubling them, so it looks like:
foo ""1"" bar
It is possible that your value in comment contains a single quote, which would invalidate the SQL syntax...
Related
if ($_SERVER["REQUEST_METHOD"]=="POST") {
$updatedate=$_POST['date'];
$updateday=$_POST['day'];
$updateplace=$_POST['place'];
$updatehighlight=$_POST['highlight'];
$updatediscription=$_POST['discription'];
$sqlupdate="UPDATE $tableselect SET entrydate='$updatedate',day='$updateday',place='$updateplace',highlight='$updatehighlight',discription='$updatediscription' WHERE id ='$getid'";
$sqlquery=mysqli_query($db,$sqlupdate);
if (!mysqli_query($db,$sqlquery)) {
echo "error " .$sqlquery. "<br>" . mysqli_error($db);
}
}
it showing this error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
Real simple, you're running the query function twice, that's why you're getting 1.
1 being boolean TRUE.
(MySQL) Boolean Literals
So
$sqlquery=mysqli_query($db,$sqlupdate);
if (!mysqli_query($db,$sqlquery)) {...}
needs to be changed to just
$sqlquery=mysqli_query($db,$sqlupdate);
if(!$sqlquery){...}
The first gets executed, and the (if)! operator will also trigger the query function since it was TRUE, as in "(if)not failing".
http://php.net/manual/en/mysqli.query.php
"For other successful queries mysqli_query() will return TRUE."
Parametrize your query also, you're open to an SQL injection.
https://en.wikipedia.org/wiki/Prepared_statement
Warning : odbc_exec(): SQL error: [Microsoft][ODBC SQL Server
Driver][SQL Server]Incorrect syntax near the keyword 'to'., SQL state
37000 in SQLExecDirect in
C:\xampp\htdocs\lendkarma\dashboard\viewpost.php
<?php
if($userconnection)
{
$sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ($empid,$title,$a,$status,$author)";
echo $sql_result;
$res=odbc_exec($userconnection,$sql_result);
// $res = odbc_prepare($userdatabase,"INSERT INTO t_blogs (empid,blog_title,blog_content,status,blog_author) VALUES ($empid,$title,$a,$status,$author)");
}
else
{
echo "connection error";
}
?>
I think you should add some apostrophe around your string type of value in your sql query string.
Something like this.
$sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ('".$empid."','".$title."','".$a."','".$status."','".$author."')";
Your values need quotes around them:
$sql_result="INSERT into blogs_new(empid,blog_title,status,blog_author) VALUES ('$empid','$title','$a','$status','$author')";
I am trying to insert a url to mysql(through php) column but unable to do it.
I am getting the following error
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%2F%2Flocalhost%2Fclient%2Fsave_file.php%3Ffilename%3D9 WHERE queryid='29'' at line 1
The code snippet :
$_POST['url1']="//localhost/client/save_file.php?filename=9";
$_POST['query_id']=29;
$var=$_POST['url1'];
$query_id=$_POST['query_id'];
// echo "$var";
$var=rawurlencode($var);
//echo "$var";
$sql1 = "UPDATE query_audio SET query_content=$var WHERE queryid='".$query_id."' ";
if (!mysql_query($sql1)) {
die('Error: ' . mysql_error($connection));
}
You have a fundamental misunderstanding of how to defend against SQL injection attacks You need to use mysql_real_escape_string(), not urlencode().
Plus, you forgot to quote your $var variable, so your query is litterally:
... SET query_content=http:%2F%2Fetc...
Without quotes around that url, mysql is free to interpret the http: portion as an (invalid) field name.
Try
$var = mysql_real_escape_string($_POST['url1']);
$query_id = mysql_real_escape_string($_POSt['query_id']);
$sql = "UDPATE ... SET query_content='$var' WHERE queryid='$query_id';";
^----^-- note these quotes.
$pocasie = mysqli_connect("localhost","root","","pocasie");
mysqli_query($pocasie, "UPDATE `pocasie` SET `aktualnateplota`=$aktualna_teplota, `relativnavlhkost`=$relativna_vlhkost, `smervetra`=$smer_vetra, `rychlostvetra`=$rychlost_vetra, `barometrickytlak`=$barometricky_tlak, `rosnybod`=$rosny_bod, `pocitovateplota`=$pocitova_teplota, `ikonka`=$ikonka, `ikonkaurl`=$ikonka_url WHERE id=1") or die (mysqli_error($pocasie));
Can anyone help me? I get error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' smervetra=160, rychlostvetra=7, barometrickytlak=1024, rosnybod=5, `poc' at line 1
db and table name is pocasie
enclose values in ('')....change
`aktualnateplota`=$aktualna_teplota
to
`aktualnateplota`= '$aktualna_teplota' .../* notice single quoted value here */
In
mysqli_query($pocasie, "UPDATE `pocasie` SET `aktualnateplota`='$aktualna_teplota', `relativnavlhkost`=$relativna_vlhkost, `smervetra`='$smer_vetra', `rychlostvetra`='$rychlost_vetra', `barometrickytlak`='$barometricky_tlak', `rosnybod`='$rosny_bod', `pocitovateplota`='$pocitova_teplota', `ikonka`='$ikonka', `ikonkaurl`='$ikonka_url' WHERE id=1") or die (mysqli_error($pocasie));
Use this single quote (') to your variables. Your query should look like this:
mysqli_query($pocasie, "UPDATE `pocasie` SET `aktualnateplota`='$aktualna_teplota', `relativnavlhkost`='$relativna_vlhkost', `smervetra`='$smer_vetra', `rychlostvetra`='$rychlost_vetra', `barometrickytlak`='$barometricky_tlak', `rosnybod`='$rosny_bod', `pocitovateplota`='$pocitova_teplota', `ikonka`='$ikonka', `ikonkaurl`='$ikonka_url' WHERE `id`='1'");
I have a series of check boxes that are coming out of one MySQL table:
<?php
$result = mysql_query("SELECT * FROM strategies");
if (!$result) {
die("Database query failed: " . mysql_error());
}
while($row = mysql_fetch_array($result)) {
$strategylist = $row['name'];
$strategyname = htmlspecialchars($row['name']);
echo '<input type="checkbox" name="strategy[]" value="' . $strategylist . '" />' . $strategyname;
}
?>
I want to be able to store multiple "strategies" to each row on a "studies" table, so I am employing another table (sslink) to store the id of the study and the name of the strategy. This is partly because there will be an ever growing number of "strategies", so they need to be stored in the database. This is the code I'm currently using:
<?php
if(isset($_POST['update1']))
{
$strategy=serialize($_POST['strategy']); //line 66, where the warning is happening
if(!get_magic_quotes_gpc())
{
$strategy = addslashes($strategy);
}
// update the article in the database
$query ="INSERT INTO sslink('study_id', 'strategyname') VALUES ('".$_GET['id']. "', '" .$strategy. "')";
mysql_query($query) or die('Error : ' . mysql_error());
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
#unlink($cacheFile);
#unlink($cacheDir . 'index.html');
echo "<b>Article '$title' updated</b>";
$strategy = stripslashes($strategy);
}
?>
And this is the error that gets returned:
Notice: Undefined index: strategy in /casestudyform.php on line 66
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''study_id', 'strategyname') VALUES ('1', 'N;')' at line 1
Does anyone know how to fix this? or a better way to do it?
Thanks in advance!
Try this:
$query ="INSERT INTO sslink (study_id, strategyname) VALUES ('".$_GET['id']. "', '" .$strategy. "')";
Undefined index suggests that $_POST['strategy'] wasn't set. Could you do a sanity check that your form has it? Also, an echo of the actual query would be nice.
You have two errors that are unrelated to one another:
Notice: Undefined index: strategy in /casestudyform.php on line 66
As #montooner points out, this notice is from PHP, because the $_POST array contains no value for the 'strategy' key. That is, the form was submitted with no strategy checkbox checked. You should test that the key exists before trying to reference it.
if (array_key_exists('strategy', $_POST)) ...
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''study_id', 'strategyname') VALUES ('1', 'N;')' at line 1
This is an SQL parsing error. You have put single-quotes around the columns in your INSERT statement. In SQL, single-quotes delimit string constants, not column names.
If you need to delimit column names (because they contain SQL keywords, whitespace, special characters, etc.), you should use back-quote in MySQL or double-quotes in ANSI SQL.
Also be careful of SQL injection. Don't assume that the HTTP request parameters contain only integers or friendly strings. Filter the values or escape them before you use them in SQL. The addslashes() function is not a good solution to protect against SQL injection.
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$strategy_esc = mysql_real_escape_string($strategy);
$query ="INSERT INTO sslink(`study_id`, `strategyname`)
VALUES ($id, '$strategy_esc')";