I started learning php, I'm having some problems with this mysql query
mysql_query( "UPDATE boardinfo SET totalPostCount = '" . $GLOBALS['postCount'] + 1 . "' WHERE boardName = '" . $_POST['board'] )
Error: near '1' WHERE boardName = 'Site' at line 1
All I need to do here is to update the value of totalPostCount if it's boardName matches value from $_POST['board']
Please, go easy on me, I've only started this yesterday...
In your statement, quotes are not closed in last.
mysql_query( "UPDATE boardinfo SET totalPostCount = '" .$GLOBALS['postCount'] + 1 . "' WHERE boardName = '" . $_POST['board']."'" )
If it doesn't solve your issue,try one more thing.
$val = $GLOBALS['postCount'] + 1;
mysql_query( "UPDATE boardinfo SET totalPostCount = '" .$val . "' WHERE boardName = '" . $_POST['board']."'" )
Hope it will solve your problem
Related
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
I have small script that reeds cell from Database and anfter write to it. But it cause Error 1064.
It looks like this:
public function update($cart_id, $quantity) {
$this->db->query("UPDATE " . DB_PREFIX . "cart SET quantity = '" . (int)$quantity . "' WHERE cart_id = '" . (int)$cart_id . "' AND customer_id = '" . (int)$this->customer->getId() . "' AND session_id = '" . $this->db->escape($this->session->getId()) . "'");
//starts here
$cart_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "cart WHERE cart_id = '" . (int)$cart_id. "' AND session_id = '" . $this->db->escape($this->session->getId()) . "'");
$option= ($cart_query->row['option']);//success
$this->db->query("UPDATE " . DB_PREFIX . "cart SET option = '" . (string)$option . "' WHERE cart_id = '" . (int)$cart_id . "' AND customer_id = '" . (int)$this->customer->getId() . "' AND session_id = '" . $this->db->escape($this->session->getId()) . "'");//error
}
Thats What i see in log
2016-09-18 20:43:06 - PHP Notice: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option = '{"options":{"product_id":"176","colors":["000000"],"print":{"colors":{' at line 1<br />Error No: 1064<br />UPDATE oc_cart SET option = '{"options":{"product_id":"176","colors":["000000"],"print":{"colors":{"front":["FF0000"]},"elements":{"front":[{"width":"52.9375","height":"25.0938","type":"text"}]}},"attributes":{"sizememos":"0"},"attribute":[["0","0"]],"print_type":"screen","quantity":"0","design":{"vectors":{"front":[{"type":"text","width":"54.9375px","height":"27.0938px","top":"151px","left":"86px","zIndex":"1","svg":"<svg width="54.9375" height="27.09375" viewBox="0 0 54.9375 27.09375" xmlns="http:\/\/www.w3.org\/2000\/svg" xmlns:xlink="http:\/\/www.w3.org\/1999\/xlink"><g id="0.15760551612925844"><text fill="#FF0000" stroke="none" stroke-width="0" stroke-linecap="round" stroke-linejoin="round" x="" y="" text-anchor="start" font-size="24px" font-family="arial" data-textcurve="1" data-itemzoom="1 1" data-textspacing="0"><textPath xmlns:xlink="http:\/\/www.w3.org\/1999\/xlink" xlink:href="http:\/\/138.68.62.219\/Buy-Hanes-T-shirt-PC61LS#textPath-item-0"><tspan dy="0">Hello<\/tspan><\/textPath><\/text><\/g><defs><path id="textPath-item-0" d="M 0.125 22.117808976867764 A 3093.9720937064453 3093.9720937064453 0 0 1 54.124314613414626 22.117808976867764"><\/path><\/defs><\/svg>","rotate":"0","text":"Hello","color":"#FF0000","fontFamily":"arial","align":"center","outlineC":"none","outlineW":"0"}]},"images":{"front":"cart-designes\/2016\/09\/\/cart-front-1474230421.png","back":"cart-designes\/2016\/09\/\/cart-back-1474230421.png"}},"fonts":""}}' WHERE cart_id = '387' AND customer_id = '0' AND session_id = 'kkfj9svfssdnsph8pf8i5atjn3' in /var/www/html/system/library/db/mysqli.php on line 41
What the reason? i'm just saving data that already in this cell.
option column is UTF-8 , LongText
Error 1064 points to a Syntax error on your MySQL query, It seems there are some quotations not well escaped on your JSON string, to prove that try to fix a value of option to some short value and call your function again.
The best practice is to use parameterized queries, these will save you from all the escaping tasks and most importantly offer some protection from SQL injection
This is just an example of how your query will look like:
$sql="UPDATE table SET opton=:option WHERE cart_id=:id AND customer_id=:customer_id and session_id=:session_id";
$parameters = array(
'option'=>$option,
'cart_id'=>$cart_id,
'customer_id'=>$customer_id,
'session_id'=>$session_id
);
$sql = $this->db->prepare($sql);
$sql->execute($parameters);
You can find more details on the official php documentation
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/pdo.prepared-statements.php
Happy Coding friend:)
It doesn't work becouse of OPTION coz it's part of MySql syntaxis. This is work
$customer_id=(int)$this->customer->getId();
$session_id=$this->db->escape($this->session->getId());
$this->db->query("UPDATE " . DB_PREFIX . "cart SET `option` = '" . (int)$quantity . "' WHERE cart_id = '" . (int)$cart_id . "' AND customer_id = '" . $customer_id . "' AND session_id = '" . $session_id . "'");
I am trying to update a MySQL database field (decrease the value by 1) in a specific row (ID) of the "places" column, as long as the number in the field is greater than 0.
(see the example statement below)
UPDATE table SET places = places - 1 WHERE id = $id AND places > 0
The statement below fails apart from changing the value of the field to zero.
I would be grateful if anyone can help with the syntax error.
if($id){
global $modx;
$table = "`database_name`.`table_name`";
$update_seats = "`places` - 1";
$result = $modx->db->update( '`places` = "' . $update_seats . '"', $table, '`id` = "' . $id . '" AND `places` > 0' );
return $result; // Returns 'true' on success, 'false' on failure.
}
You have enclosed new value of field in double quotes
$result = $modx->db->update( '`places` = "' . $update_seats . '"', $table, '`id` = "' . $id . '" AND `places` > 0' );
what is evaluated as string in MySQL query. Remove double quotes here
'`places` = "' . $update_seats . '"'
so that it looks like this
$result = $modx->db->update( '`places` = ' . $update_seats, $table, '`id` = "' . $id . '" AND `places` > 0' );
The query looks ok, if you need to set minimum value of 1 to places you should simply change the query accordingly:
UPDATE table SET places = places - 1 WHERE id = $id AND places > 1
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating SET NumberOfSeats = " . $removeSeatingNumber . " WHERE DATE = " . $revertToStandardDate);
In the code above I am trying to update the value within the MYSQL table.
When I echo the variables they show the data I am expecting, however the database is not being updated.
There is no error being returned either.
What are other possibilities for the sql not to update properly??
This will work:
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating
SET NumberOfSeats = '" . $removeSeatingNumber . "'
WHERE DATE = '" . $revertToStandardDate . "'");
Long form:
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating SET NumberOfSeats = '" . $removeSeatingNumber . "' WHERE DATE = '" . $revertToStandardDate . "'");
The variables need to be inside double quotes including single quotes
I.e.: '" . $removeSeatingNumber . "' WHERE DATE = '" . $revertToStandardDate . "'
-------^ --------------------------------------------^ -----------------------^ ----------------------------------------------^
Add apostrophes around your column values.
I am a MySQL noob and basically hacking an insert query to become an update query instead. So I am sure it's something simple with the grammar. But what's wrong with this?
// Save data
$mySQLQuery = 'update `'. $fl['mysql_table']. '` SET '. $fl['mysql_query']. "' WHERE speres = '" . mysql_real_escape_string($_POST['speres']);
$rs = #mysql_query($mySQLQuery);
the original INSERT query (working) was
// Save data
$mySQLQuery = 'INSERT INTO `'. $fl['mysql_table']. '` SET '. $fl['mysql_query'];
$rs = #mysql_query($mySQLQuery);
The data is generated here:
$fl['mysql_query'] = "menrecin = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_17'])) . "', menrecvej = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_18'])) . "', menrecser = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_19'])) . "', menrecud = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_20'])) . "', menresmor = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_22'])) . "', menresfro = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_23'])) . "', menresmid = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_24'])) . "', menresres = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_25'])) . "', menrumind = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_28'])) . "', menrumren = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_29'])) . "', menrumved = '" . mysql_real_escape_string(YDFLValue($_SESSION['form']['item_30'])) . "', tekip = '" . $_SERVER['REMOTE_ADDR'] . "', tekbro = '" . $_SERVER['HTTP_USER_AGENT'] . "', tektid = NOW()";
I have an entry with speres = 100525 in the database, so please try:
http://www.konferencer.nu/form/index.php?speres=100525
Good practices of troubleshooting dynamic SQL:
Look at the SQL, not the code that builds the SQL. In other words, echo out $mySQLQuery to see the final SQL, and most of the time you can see the error right away.
Don't suppress errors. Error-checking is helpful and necessary in any code.
It looks to me like your query ends up being:
update `tablename` SET ..., tektid = NOW()' WHERE speres = '...;
So you have a spurious quote after the NOW() and a missing quote at the end.
If you had checked for errors, you'd get something like this:
ERROR 1064 (42000): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for
the right syntax to use near '' WHERE speres = '...' at line 1
The quoting around the start of the WHERE clause looks odd:
UPDATE `...some table...` SET ...some query... 'WHERE speres = ' ... some criterion ...
Note the single quote placement. Maybe you want to remove the single quotes from inside the double quotes?
you query should look like
$mySQLQuery = 'update'. $fl['mysql_table'].'SET'. $fl['mysql_query'].'= <some value>' ' WHERE speres = '.mysql_real_escape_string($_POST['speres']);
$rs = #mysql_query($mySQLQuery);
I'm trying to update two rows in my database using a query (which is going to be run from a PHP script) and there is just one Condition (WHERE). What I've tried is:
$sql = 'UPDATE ' . CANNED_MESSAGES . "
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "'" ;
$db->sql_query($sql);
Can you tell me whats wrong with my query? :)
This may be due to Quotes mismatch. Please use this
$sql = "UPDATE '" . CANNED_MESSAGES ."'
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "' " ;
I highly doubt that two rows can have the same id column. Do they? If not, how could you update 2 rows by specifying a condition on a column with such a constraint?