MySQL query error - php

So yesterday, this was working perfectly fine, I changed some other parts of the script, and now it's not. Can anyone tell me what looks wrong here? (The e-mail is just a random test.)
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE email='dskfj#idsfiosjd.asda''
$newemail = $formData["required"]["newemail"];
$email_check = mysql_query("SELECT * FROM $tbl_name WHERE email='$newemail'") or die(mysql_error());
$do_email_check = mysql_num_rows($email_check);


My guess is that you forgot or commented out the part of the code that sets $tbl_name.
The SQL engine is seeing select * from where . . . and getting an error on the where.


I think it has to do something with $tbl_name. Try to echo $tbl_name and see what you get.

Related

I cant understand how I wrote this code please, guide

This is my full page code, but notice the error in writing which line is causing the error.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id']; ?>'' at line 131)
When I write this $getpost = $db->select($query_edit); code, this type of error appears on my admin page, I do not understand what to do, I have tried many things, but error is not resolved!
<?php
$query_edit = "SELECT * FROM tbl_post WHERE id='$editpost' ";
$getpost = $db->select($query_edit);// This is the line that caused this error to be written
My admin panel image:

It appears that you are using quotes improperly.
You can but shouldn't do this....
$query_edit = 'SELECT * FROM tbl_post WHERE id="' . $editpost . '"';
You leave yourself open to SQL injection. Look up PDO prepared statements.

unable to rectify error in database updation using php

I am trying to update my database with php and for that I have written the following query :
$query = " UPDATE users SET username = '$username' , password = '$password' WHERE id = $id ";
and the error is shown as :
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
near '' at line 1
can you please help..

“syntax to use near ‘something’” shows the first few characters after the last part of the query that MySQL could parse. When ‘something’ is a zero-length string like in this case, it means the query ended before it was complete. That points to $id being an empty string.
You didn’t ask for comments on whether your query has other severe problems that will certainly lead to cybercreeps pwning your web site, so I won’t offer any such comments. :-)

check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id=' \r\n

I am new to php and cannot get this! I'm attempting to edit data on an edit page which will be stored through an update page onto mySQL.
<?php
include("secure/connect.php");
$newtitle = mysqli_real_escape_string($conn, ($_POST['title']));
$newinfo = mysqli_real_escape_string($conn,($_POST['info']));
$newprice = mysqli_real_escape_string($conn,($_POST['price']));
$newmenu_img = mysqli_real_escape_string($conn,($_POST['menu_img']));
$id = mysqli_real_escape_string($conn, ($_POST['rowid']));
//setup a SQL query
$query= "UPDATE cocktails SET title='$newtitle', info='$newinfo', price='$newprice', menu_img='$newmenu_img', WHERE id='$id'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
mysqli_close($conn);
?>
I keep getting the error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id='
\r\nNotice: Undefined variable: iddata in /var/www/vh' at line 1

If your parameters are OK, removing comma(,) in this line
UPDATE cocktails SET title='$newtitle', info='$newinfo', price='$newprice', menu_img='$newmenu_img', WHERE id='$id'
before WHERE will do the job. Note that MariaDB will start code in error message from exactly the part that gives error - in your case it tries to parse WHERE part as continuation of list of parameters.
Your code is also vulnerable to SQL code injection, so check out this answer before sending your code into production server.

Mysqli LIKE statement not working

I'm getting these weird errors, and I've been up and down the code, commenting and rewriting, and googling all the things.
Perhaps you guys will see what I'm not seeing:
$mysqli = new mysqli('host','login','passwd','db');
if($mysqli->connect_errno > 0){ die('Cannot connect: '. $mysqli->connect_error); }
// See if there is one term or multiple terms
if (count($search) == 1) {
// If one term, search for that
$like = $search[0];
$stmt = "SELECT
gsa_committees.id,
gsa_committees.committee,
gsa_committees.appointer,
gsa_committees.representatives,
gsa_committees.contact,
gsa_committees.category,
gsa_committees.attachments,
gsa_committees.labels,
gsa_committee_reports.committee,
gsa_committee_reports.title,
gsa_committee_reports.author,
gsa_committee_reports.link,
gsa_funds.id,
gsa_funds.fund,
gsa_funds.attachments,
gsa_funds.labels,
gsa_meeting_minutes.title,
gsa_meeting_minutes.link,
gsa_officers.office,
gsa_officers.dept,
gsa_officers.name,
gsa_representatives.program_dept,
gsa_representatives.representatives,
gsa_representatives.alternate
FROM
gsa_committees,
gsa_committee_reports,
gsa_funds,
gsa_meeting_minutes,
gsa_officers,
gsa_representatives
WHERE
(gsa_committees.committee LIKE $like) AND
gsa_committees.committee IS NOT NULL";
}
if(!$result = $mysqli->query($stmt)){ die('Bad query: '. $mysqli->error); }
This gives me this error message:
Bad query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%ARCHAC%) AND gsa_committees.committee IS NOT NULL' at line 34
Which I know isn't true. If I change that las part to just this:
WHERE gsa_committees.committee LIKE $like";
I get this error message:
Bad query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%ARCHAC%' at line 34
Everywhere I've looked, the string "%".search."%" seems to be the correct method, but my server doesn't seem to like it here.
Interesting side note: I have a different LIKE statement working on another page on the same server, this just won't work for some reason.
Thanks!

Try putting single quotes around your search term ($like variable).
for example: (gsa_committees.committee LIKE '$like')

You need to wrap the variable in quotes for like to work:
WHERE gsa_committees.committee LIKE '$like';
See reference documentation on String Comparison Function.

it looks like missing quotes:
"WHERE gsa_committees.committee LIKE '$like' ";

Ok, I got it. The answer on this post solved my issue:
MYSQLI SQL query over multiple tables fail
As soon as I assigned the tables t1,t2,etc and did INNER JOIN, the results came in as expected, with %$search% or $search.
Thanks all!

Mysterious MySQL error "near '' at line 1"

Full error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
So it hasn't really told me much... Is there a way to find out more?
It has returned this message from two PHP files. Here are the first MySQL queries that I made in each file:
$query = mysql_query("SELECT * FROM `questions` WHERE `id`=".$currentId.";") or die( mysql_error() );
$query = mysql_query("SELECT * FROM `questions` WHERE `id`=".$theNextId.";") or die( mysql_error() );
There is PHP code before this though which opens the database etc.
Here is a similar problem: Link
Perhaps there an error in my concatenation?
Thanks.

$currentId is null or empty.
And don't forget about SQL-injection!

Remove semicolons. The docs say "the query string should not end with a semicolon".

It seems that your final ` (back-tick) character is missing.

Categories