I have the following mysql query:
REPLACE INTO application (export_date,application_id,title,recommended_age,artist_name,seller_name,company_url,support_url) VALUES (1362564068339,564783832,Eyelashes,4+,Char Room,Char Room,http://,http://ios.charroom.net/,http://itunes.apple.com/app/)
I get the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Char Room,Char Room,http://,http://ios.charroom.net/,http://itunes.apple.com/app' at line 1
I cant seem to see where the error is. Can someone help me out?
You must know that the above is an echo of the actual query. All the parameters in this query went through mysql_real_escape_string before being to the query.
Well, firstly you shouldn't be using mysql_real_escape_string:
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
Secondly, you still need to put the quotes around the strings. mysql_real_escape_string will escape quotes within the string, but it doesn't add the quotes to the start and end.
You have to put quotes around data you are inserting in your database.
Related
I recently switched from windows (movamp) to linux (lamp), and i have an issue (syntax error) with a query and i can't figure out why.
Here is the query and the error msg I get:
"SELECT * FROM products WHERE trash='false'"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'false\'' at line 1SELECT * FROM products WHERE trash='false'
I always wrote my queries with that syntax, and i never had problems.
I used to run my code on windows (php 4.1.22 mysql 5.2.11) and used mysql_query() function, and the code worked just fine.
Now I use(php 7.0.8 - mysql 5.7.16) and use mysqli_query() function to execute queries
Your syntax error shows some bogus backslashes that are not present in the query, as if you are actually running this:
SELECT * FROM products WHERE trash=\'false\'
Not having even a full PHP statement to inspect we can only speculate, and my guess is that —since you are upgrading from a really ancient PHP version— you might be facing some issues with magic quotes. That "feature" no longer exists so nothing in the server can be injecting backslashes automatically so it must be your code the one that's intentionally doing it.
Said that, PHP/4 was superseded by PHP/5 in 2004 (that's like 12 years) and a lot has changed on the way to PHP/7: migration is going to be harder than just dropping the code in the new server.
Try removing the single quotes , or try reversing the single and double quotes . IF nothing works use a variable with false value.
"SELECT * FROM `products` WHERE `trash` ='false'"
try this (though your case should also work)
also try to remove the double quotes if you are trying to run SQL query in PHPMYadmin or likes.
I would like to thank you all for your answers and your comments. You helped me figure out what the problem was : the entire query string was beeing escaped instead of only the data tha needed to ne escaped.
I feel dumb 😁 . This was obvious.
Anyway. Thank you a lot for your contibution.
I'm having a problem when trying to add a URL to a mySQL database.
The string is a URL:
http://pbs.twimg.com/profile_images/1708867059/405000_10150426314376065_707061064_8645107_703731598_n_normal.jpg
The error I get is:
Error description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://pbs.twimg.com/profile_images/1708867059/405000_10150426314376065_707061064_86' at line 1
It seems as though it won't allow me to add a URL, I presume there is something wrong with some of the characters but I don't know what?
My SQL is:
INSERT INTO accounts (name,consumerkey,consumersecret,pic_url) VALUES ($twitterID,$consumerkey,$consumersecret,$picture_url)"
You cannot truly solve this kind of problem by adding a few characters (like ' or ") to your bespoke sql string!
Instead, get to know the real way to write sql in php (it's like a very badly kept secret), which is to use PDO statements. This will allow you to use placehoders like (:twitterID, :consumerKey, :consumerSecret, :pictureUrl) which will accept complex variables such as urls and any of the crap users send in much more gracefully.
In the long run, this will save you a lot of trouble and time.
You need to quote string values and any other character that SQL will complain about, in this case it's the colon; see further down below.
($twitterID,$consumerkey,$consumersecret,'$picture_url')
or
('".$twitterID."','".$consumerkey."','".$consumersecret."','".$picture_url."')
if you wish to quote all the values.
Sidenote: You can remove the quotes around the variables that are integers.
I.e.:
This based on, and without seeing how the rest of your code looks like:
$picture_url = "http://pbs.twimg.com/profile_images/1708867059/405000_10150426314376065_707061064_8645107_703731598_n_normal.jpg";
The error states that it is near : - near being just that, the colon.
...right syntax to use near '://pbs.twimg.com
^ right there
You can also use:
VALUES ($twitterID, $consumerkey, $consumersecret, '" .$dbcon->real_escape_string($picture_url) . "')";
$dbcon is an example of a DB connection variable and based on mysqli_ syntax.
Something you haven't stated as to which MySQL API you are using.
Plus, your present code is open to SQL injection.
Use prepared statements, or PDO with prepared statements.
I have a Query That work in phpmyadmin but not work on php (mysqli)
where is the problem ?
Query:
INSERT INTO `SepidarSoft_Portal`.`Archive_Media` SET `CTime`='1364135670',`UTime`='1364135670',`PID`='',`State`='1',`Sequence`='0',`Subject`='Hojom Marg ( www.Parstafrih.ir )',`Text`='',`Description`='',`Definition`='',`KeyWord`='',`ETag`='',`Access`='',`LinkToPage`='',`Attachment`='[{\"Name\":null,\"Kind\":null,\"Size\":false,\"Address\":\"27\",\"More\":{\"Original\":1}}]',`STime`='0',`ETime`='0';
SET #LAST_ID:=LAST_INSERT_ID();
INSERT INTO `SepidarSoft_Portal`.`Archive_Media_MoreInfo` (`id`,`Key`,`Value`) VALUES (#LAST_ID,'Instrumental','1'),(#LAST_ID,'KindFile','صوتی'),(#LAST_ID,'Genre','نغمه'),(#LAST_ID,'SName','Amir Tajik ( www.Parstafrih.ir )'),(#LAST_ID,'Events','[[\"\"]]'),(#LAST_ID,'Album','( www.Parstafrih.ir )'),(#LAST_ID,'Composer',''),(#LAST_ID,'Adjustment',''),(#LAST_ID,'Subtitle','[object HTMLInputElement]'),(#LAST_ID,'Release','');
Error:
#1064 -You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET #LAST_ID:=LAST_INSERT_ID();
1) I use php mysqli_multi_query for this
Your issue is simple.
Backticks ( ` ) are used to execute commands in php. That's why you're being given a syntax error. Replace them with single or double quotes within your mysqli functions.
Kindly read the following document and you should be sorted :)
Backticks on php.net
hi im using mysqli and i saw some examples using placeholder like :something and ?
when i used ? its working, but when i used :something in query like this
$sql = INSERT INTO food(food_name)
VALUES(:food_name)
then error showed up when i called
$mysqli_object->prepare($sql);
error message sounds like this
User Error! You have an error in your
SQL syntax; check the manual that
corresponds to your MySQL server
version for the right syntax to use
near ':food_name)' at line
but when i used ? as the placeholder, everything working well, i used PHP 5.3.1 and MySQL 5.1.41
am i missed somewhere, any help will be appreciated thanks
mysqli does not support named placeholders.
PDO does, using either bindParam or execute.
(Careful, you can only use a named placeholder once per query. They aren't too incredibly useful.)
I storing articles in database that contains special characters like ", ', etc. but it gives error while saving in MySQL:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's and Moral Science's books in school. I clearly remember the picture of a Hindu' at line 1
mysql_real_escape_string everything you put into a query. Always. No exceptions.
Alternatively, use prepared statements.
use mysql_real_escape_string