I keep getting the error
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'exit, openclosed, longshort, target_one, target_two,
target_three, notes, entryd' at line 1
For this php script that I'm trying to run from MYSQL.
$sql = mysql_query("INSERT INTO stockpicks (symbol, entry, exit, openclosed, longshort, target_one, target_two, target_three, notes, entrydate)
VALUES('$symbol','$entry','$exit','$openclosed','$longshort','$target_one','$target_two','$target_three','$notes',now())") or die (mysql_error());
The problem is I see no error. I've checked both this particular line and the lines surrounding. For example I re did the '$var' section which has given me trouble in the past, but that doesn't seem to be the issue. My table structure is as follows
id int(11)
symbol varchar(255)
entry varchar(255)
exit varchar(255)
openclosed varchar(255)
entrydate datetime
longshort varchar(255)
target_one varchar(255)
target_two varchar(255)
target_three varchar(255)
exit is a reserved word. If you want to use it as a column name, quote it in backticks:
`exit`
Try this,
$sql = mysql_query("INSERT INTO stockpicks (symbol, entry, `exit`, openclosed, longshort, target_one, target_two, target_three, notes, entrydate)
VALUES('$symbol','$entry','$exit','$openclosed','$longshort','$target_one','$target_two','$target_three','$notes',now())") or die (mysql_error());
$pid = mysql_insert_id();
Note that escaping your identifiers in MySQL way using backticks decreases portability on a plain place.
I would either use double quotes with ANSI SQL mode enabled, or just give my variables names which are unlikely to be become reserved in future.
exit is a reserved word in mysql.
Related
The query I'm using (from php) is
"UPDATE articles SET
title='".$_POST['title']."',
contents='".$_POST['cont']."',
category='".$_POST['cat']."',
desc='".$_POST['desc']."'
WHERE stitle='".$_POST['stitle']."'";
and I get the error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='hello' WHERE stitle='banana'' at line 1.
If I remove desc='".$_POST['desc']."' the query works. The field 'desc' is varchar(150). I can insert text directly from phpMyAdmin, the field is definitely called 'desc', and $_POST['desc'] definitely captures a value (I tried using echo $_POST['desc']; and a value is passed). I tried changing the code to desc='test' and that doesn't work.
Any ideas?
I managed to resolve the issue. I created a new column in the table, copied the information from 'desc' into that column, deleted 'desc'. I ran the query with the new column name, and it works. I don't know what the issue was, but that fixed it.
The problem are your $_POST['desc'] contains an apostrophe. I recommend you to use on all parameters the function mysqli_real_escape_string (doc: http://be2.php.net/manual/en/mysqli.real-escape-string.php).
Also, try to escape all rows and tables with backticks, to avoid reserved words creating errors.
Your query example looks like this with them:
"UPDATE `articles` SET `title` = '".mysqli::real_escape_string($_POST['title'])."', `contents` = '".mysqli::real_escape_string($_POST['cont'])."', `category` = '".mysqli::real_escape_string($_POST['cat'])."', `desc` = '".mysqli::real_escape_string($_POST['desc'])."' WHERE `stitle` = '".mysqli::real_escape_string($_POST['stitle'])."'";
If you are programming with procedural style calls to mysqli functions, use:
"UPDATE `articles` SET `title` = '".mysqli_real_escape_string($link, $_POST['title'])."', `contents` = '".mysqli_real_escape_string($link, $_POST['cont'])."', `category` = '".mysqli_real_escape_string($link, $_POST['cat'])."', `desc` = '".mysqli_real_escape_string($link, $_POST['desc'])."' WHERE `stitle` = '".mysqli_real_escape_string($link, $_POST['stitle'])."'";
(Obviosuly, replace $link with the variable initialized when you do mysqli_connect())
Using these function, you can avoid these errors, and, also, a lot of SQL exploits. There's no required if the variable contains an integer, but, you always need to check the data passed to the SQL engine to avoid problems.
Is a good practice, to have some checks, for example, testing who integer vars contains integers, or doing escape with mysqli::real_escape_string. And, if something are incorrect on the input data, halt the process and don't request the SQL query.
I am confused. I don't know what is the error. On execution I got a message:
" You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'group(creator,type,name,details,icon)values (6,'information
sharing','test','j' at line 1"
my query is :
INSERT INTO group
(creator, type, name, details, icon) VALUES
(6, 'information sharing', 'test', 'just for testing',
'My friend/group_uploads/pic00_6_0d46839f6371fb84f6b6c682f5fc2c77.jpeg')
this my table specification:
type varchar(1000)
name varchar(1000)
details varchar(1000)
creator bigint(20)
icon varchar(1000)
please help me to correct the error .
group is a reserved word in MySQL. You need to surround it in backticks.
Like this..
insert into `group`(creator, type, name, details, icon) values ('6','information sharing','test','just for testing','My friend/group_uploads/pic00_6_0d46839f6371fb84f6b6c682f5fc2c77.jpeg')
^ ^
Try to avoid having such names for your columns and tables.
Grou is Keywords in MySQL. So use backticks for those.
Try:
INSERT INTO `group`
(`creator`, `type`, `name`, `details`, `icon`) VALUES
(6, 'information sharing', 'test', 'just for testing',
'My friend/group_uploads/pic00_6_0d46839f6371fb84f6b6c682f5fc2c77.jpeg')
Even though by using backticks you can use keywords as table name , It is not recommended to use reserved word as table name
DO NOT DO IT.
Official list of reserved keywords: Reserved Keywords (Transact-SQL)
So, I have the following PDO statement, which is one of several similarly constructed statements on the page. The rest are working fine, so I am confused as to why this one is stating invalid syntax.
$test_id = '1';
$option = 'a';
$ab_email = 'test#testing.com';
$stmt = $pdo_db->prepare("INSERT INTO `ab_tests_visitors` (test_id,option,visits,email) VALUES (?,?,?,?) ON DUPLICATE KEY UPDATE email=?");
$stmt->execute(array($test_id,$option,1,$ab_email,$ab_email));
The schema for the database has 5 columns, 2 of which are indexes.
visitor_id is int(10) and auto_increment, and also primary
test_id is int(10)
option is varchar(100)
visits is int(10) and default of 1
email is varchar(255) and unique
The error being given is:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option,visits,email) VALUES (?,?,?,?) ON DUPLICATE KEY UPDATE email=?' at line 1'
option is a MySQL keyword. If you want to use it as an identifier, make sure to always surround it with backticks (as you should do with identifiers anyway):
$stmt = $pdo_db->prepare("INSERT INTO `ab_tests_visitors` (`test_id`,`option`,`visits`,`email`) VALUES (?,?,?,?) ON DUPLICATE KEY UPDATE `email`=?");
For this problem, in name of your column, you must use backticks ` around the column name (alt + 96)
I'm having problems trying to insert a key value (which I generate) into a table (jml_acymailing_subscriber).
$generateKey = md5(substr($email[1],0,strpos($email[1],'#')).rand(0,10000000));
$subid = 3603;
$sql2 = "UPDATE jml_acymailing_subscriber SET key='$generateKey', WHERE subid='$subid'";
$result2 = mysql_query($sql2,$con) or trigger_error(mysql_error(),E_USER_ERROR);
The key type is:
TYPE --> varchar(250)
ORDENATION --> utf8_general_ci
NULL --> yes
DEFAULT --> NULL
And this is the error I get:
Fatal error: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near
'key='15e3e092aa8672a6f7ad3e8a5a1db537', WHERE subid='3603'' at line 1 in
/public_html/bootstrap3/donarAltaCatala.php on line 136
I have no problem inserting values like userid, name, created or any other ones. Any one knows where is the problem? I'm starting in PHP/SQL...
Thank you! I really appreciate it!
key is reserverd word in mysql, so can use backticks key
$sql2 = "UPDATE jml_acymailing_subscriber SET `key`='$generateKey' WHERE subid='$subid'";
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
remove the , after key='$generateKey' so that it looks like:
"UPDATE jml_acymailing_subscriber SET key='$generateKey' WHERE subid='$subid'";
Two things;
KEY is a reserved word in MySQL, so to use it as a field/table name it needs to be quoted with backticks (`)
...and...
"UPDATE jml_acymailing_subscriber SET key='$generateKey', WHERE subid='$subid'"
^ erroneous comma
Corrected, that would result in;
"UPDATE jml_acymailing_subscriber SET `key`='$generateKey' WHERE subid='$subid'"
--Rev19
ALTER TABLE `staff` MODIFY `role` enum('admin', 'employee', 'guest');
ALTER TABLE `staff` ALTER `role` SET DEFAULT 'guest';
It says:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '--Rev19
ALTER TABLE `staff` MODIFY `role` enum('admin', 'employee', 'guest')' at line 1
Whats wrong here?
On a side note, why does SQL error reporting have to be so bad, most languages tell you the specific syntax error where SQL just says, check the manual.
From the manual:
From a “-- ” sequence to the end of the line. In MySQL, the “-- ” (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on).
So just add a whitespace after -- and you will be fine.
You need a whitespace after the dashes when using double dash comments.