I have been searching around for about 30 minutes, and I just can't find the issue here...
if($middle == 'garage'){
$result = mysql_query("SELECT * FROM character WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($result);
$return['middle'] = $row['username'];
}
For some reason this is returning
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'character WHERE username = 'Alcapwn'' at line 1
I have tried so many things, other SELECT * FROM query's are working fine, it's just this one. The table and row containing it is there. If I switch
$result = mysql_query("SELECT * FROM character WHERE username = '$username'") or die(mysql_error());
to
$result = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
the second one will work, but not the first.
character is a reserved mysql word, so you have to enclose it in backticks
FROM `character` ...
It seems that character is a MySQL Reserved Keyword, which means you cannot use it as table name.
"Character" is a reserved word in MySQL.
http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
Related
I have a Mysql Database named user. Here is a picture:
I want to change the Username of the user "dodlo.rg" programmatically.
Actually, I have the PHP-Version 7.1. And this is a part of my PHPCode:
EDITED CODE:
$newName= $_POST["changeT"];
$userId = $_POST["userId"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1"
Thanks in advance.
The problem lies in 2 parts.
Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error.
Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error.
Therefore your working code should be:
$newName= $_POST["changeT"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. (eg. where user_id = 35 instead of where username = 'dodlo.rg' ).
Lastly, but quite important this code might be vulnerable to sql injections. You need to use prepared statements.
You have to convert this query into two parts
$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";
Why i have this error and how to fix this, I've double checked everything and all is okay
Warning: mysql_num_rows(): supplied argument is not a valid
MySQL result resource in
/home/sharinga/public_html/ccccc.com/app/like/like.php on
line 15 You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'like WHERE postID='81' AND
userIP='2x2.2x0.x5.xxx'' at line 1
Here is sql
$ip_sql = mysql_query("SELECT userIP FROM like WHERE postID='$id' AND userIP='$ip'");
$count = mysql_num_rows($ip_sql) or die(mysql_error());
if($count==0)
{...
LIKE is a reserved word - escape it
$ip_sql = mysql_query("SELECT userIP FROM `like` WHERE postID='$id' AND userIP='$ip'");
LIKE is a keyword in SQL, use ´
SELECT userIP FROM `like` WHERE postID='$id' AND userIP='$ip
Try connecting first. Are you looking for the null case? If so you have to search a certain row not $count as a whole.
$conn = mysql_connect("localhost", "user", "pass");
$ip_sql = mysql_query("SELECT userIP FROM like WHERE postID='$id' AND userIP='$ip'",$conn);
$count = mysql_num_rows($ip_sql) or die(mysql_error());
if ($count['postID'}==""){
}
Whats wrong with my code?
Basically what I'm trying to do is add a number and update a field in the sql with what is connected to the variable. But since steamids look like this STEAM_0:0:123123123 or STEAM_0:1:123123123 I get this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':0:14166834' at line 1
This is just for learning, so I know my code has useless echos, but its just to see it being added and making sure i was doing it correctly anyways
addmoney.php
<?php
include("inc/config.php");
$mysteamid=mysql_real_escape_string($_POST['mysteamid']);
$sql = "SELECT * FROM $tbl_name WHERE steamid='$mysteamid'";
$result=mysql_query($sql);
$cash=mysql_result($result, 0, 'cash'); // outputs 7th
echo $cash;
$newcash= $cash + "10000";
echo "\n";
echo $newcash;
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
?>
index.php contains a working formdata its not really required with the error in my code.
my main problem is this line from addmoney.php which is
$mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
As your steamid field in your DB is a string (it seems to be, as possible values are STEAM_0:0:123123123 and STEAM_0:1:123123123), you must use quotes arround the value :
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = '$mysteamid'");
Using mysql_real_escape_string() is necessary, as it escapes quotes inside the variable you pass it as a parameter -- but you still have to put quotes arround the string, in your SQL queries.
In the first query you surrounded your $mysteamid value with simple quotes, and in the second query you didn't. If the steamid is a string type, you need to surround the value with quotes, like
"UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` =' $mysteamid'"
Im using:
$query = "SELECT * FROM mydb WHERE condition = New ORDER BY id ASC";
but i get this error:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/mydb.php on line 84
however if i remove the where clause it works perfectly, can anyone point me in the right direction?
Is the Where clause not usable when doing a fetch array?
Thanks for any help.
edit: error message I've got:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition = 'New' ORDER BY id ASC'
always run all your queries this way (at least until you adopt some intelligent lib for this)
$query = "SELECT * FROM mydb WHERE condition = New ORDER BY id ASC";
$result = mysql_query($query) or trigger_error(mysql_error()." in ".$query);
just because not a single soul in the world can tell what's wrong with your query, but database itself. So, you have to ask it if there were any trouble. Not stackoverflow community (they have no idea anyway) but your db server. That's the point.
Note that you have to be able to watch errors occurred, either on-screen or in the error log.
After getting error message about syntax error you have to check syntax of the displayed query. If there are no visible errors, refer to http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html in case there are reserved word unescaped in your query. condition seems is. So
$query = "SELECT * FROM mydb WHERE `condition` = New ORDER BY id ASC";
will be solution
You appear to be missing quotes around the word "New".
$query = "SELECT * FROM mydb WHERE condition = 'New' ORDER BY id ASC";
Also, are you passing $query to mysql_fetch_array, or did you just not mention the mysql_query call in your question?
Since you have tried adding single quotes to the ('New'),
kindly ensure that the condition is a column in the table you are querying and
that mydb is a table in your database (and not your database name)!
You have to quote the string.
$query = "SELECT * FROM mydb WHERE `condition` = 'New' ORDER BY id ASC";
Edit:
condition is a reserved word.
Is New one of your columns or just a value?
Try this:
$query = "SELECT * FROM mydb WHERE condition = 'New' ORDER BY id ASC";
$query = "SELECT * FROM mydb WHERE condition = 'New' ORDER BY id ASC";
$result = mysql_query( $query );
while( $row = mysql_fetch_array( $result ) {
// use $row
}
Never assume that a query will work - expect errors and check for them before processing any results.
$query = 'SELECT * FROM `mydb` WHERE `condition` = "New" ORDER BY `id` ASC';
$result = mysql_query( $query );
if( !$result ){
// Query Failed. You can access the error details with mysql_error()
}elseif( mysql_num_rows( $result )==0 ){
// Query Returned No Results
}else{
while( $r = mysql_fetch_assoc( $result ) ){
// Do whatever you want with the row, which is $r
}
}
I'm trying to use this query
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id =
{$subject["id"]}", $connection);
but i keep getting this error when loading my page .
Database query failed: You have an
error in your SQL syntax; check the
manual that corresponds to your MySQL
server version for the right syntax to
use near '' at line 1
Try it without the complex syntax:
$query = 'SELECT * FROM pages WHERE subject_id = ' . $subject['id'];
$page_set = mysql_query($query, $connection);
Incidentally, I loathe variable parsing in strings, and prefer concatenation.
you're experiencing a quote mismatch. try replacing the double quotes around your array key with single quotes.
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id =
{$subject['id']}", $connection);
$sql = "SELECT * FROM pages WHERE subject_id = '".$subject["id"]."'";
$page_set = mysql_query($sql, $connection);
Make sure you escape the subject_id also.
use single quote