This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 9 years ago.
I have a MySQL query I'm running. I want to add 1 to a field called articleswritten.
I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' SET articleswritten = articleswritten + 1 WHERE id = '1'' at line 1
Code:
$sql = "UPDATE 'users' SET articleswritten = articleswritten + 1 WHERE `id` = '$userid'";
$result = mysql_query($sql) or die(mysql_error());
I can't find an issue. Am I blind?
Any help would be appreciated.
This should either be
UPDATE `users`
Or just
UPDATE users
The single quotes make the table name invalid. Everything else in the query is okay.
However, your query is vulnerable to injection. Instead of using ext/mysql, you should use properly parameterized queries with PDO or mysqli
You don't need to single quote the table name here. This should do
$sql = "UPDATE users SET articleswritten = articleswritten + 1 WHERE id = '$userid'";
Related
This question already has answers here:
Are you allowed to use numbers as table names in MySQL?
(5 answers)
Closed 5 years ago.
Am trying to use dynamic column name in php mysql update but am getting error
Here is code
$time=date("H");
$video_view = 234
$update_query = "UPDATE videos SET ". $time . "= {$video_view} WHERE id={$id}";
Here is the error
UPDATE videos SET 14= 200079 WHERE id=1Query failedYou have an error in
your SQL syntax; check the manual that corresponds to your MariaDB
server version for the right syntax to use near '14= 200079 WHERE id=1' at line 1
First of all you should really use prepared statements and bound parameters.
If your column really got the name '14' like in the variable $time then you can try this
$update_query = "UPDATE videos SET `". $time . "` = {$video_view} WHERE id={$id}";
So far as I know column names should stand between `` because of reserved names like numbers or function names.
I would avoid it because it will make those errors und I don't know if the query does make sense
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
I have problem. in my database, I have a column email. When I make SQL query I get following error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '#gmail.com)' at line 1
This is my code:
$sql = "SELECT ID_Dijak from dijak WHERE (Email=".$mejl.")";
If I try to do query in php my admin it works if I put ' ' between my email, but how to do it in php? Thank you.
I'm sorry I made a mistake earlier... I tested this way and it should now work
$sql='SELECT ID_Dijak from dijak WHERE (Email = "' . $mejl . '")';
take datatype varchar() for email
I would suggest using a prepared statement in PHP, also to prevent injection attacks.
$stmt = $dbc->prepare("SELECT ID_Dijak from dijak WHERE Email=?");
$stmt->bind_param("s", $mejl);
$stmt->execute();
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I'm getting a syntax error with this block of code, and I have no idea why. Here is the specific error itself:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'match ORDER BY id DESC' at line 1
Here is the PHP code block:
$sql = "SELECT * FROM match ORDER BY id DESC";
$res = mysqli_query($dbCon, $sql);
MATCH is a reserved keyword in mysql: https://dev.mysql.com/doc/refman/5.0/en/keywords.html
To make your code working change your query to:
$sql = "SELECT * FROM `match` ORDER BY id DESC";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 8 years ago.
I have mySQL tables namely q1 , q2 , q3 and so on....
now the following code is in loop with $n increasing with every step of loop.
$table = "q".$n;
$query="SELECT MAX(QNO) AS max2 FROM '$table'";
$q=mysqli_query($db,$query) or die("Error: ".mysqli_error($db));
$max2 = mysqli_fetch_array($q);
This gives me an error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"q1"' at line 1
How to solve this problem and putting new name of table everytime in the query?
$query="SELECT MAX(QNO) AS max2 FROM $table"; is enough
Please change
'$table'
into
`$table`
in the query:
"SELECT MAX(QNO) AS max2 FROM '$table'";
so it looks like:
"SELECT MAX(QNO) AS max2 FROM `$table`";
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 9 years ago.
I need to know can I use question marks (?) in PDO prepared statements as table name or not.
$table = $_POST['table'];
$id = $_POST['id'];
$sql = "UPDATE ? SET priority = priority + 1 WHERE id = ?";
$q = $db->prepare($sql);
$q->execute(array($table,$id));
I'm getting this error:
Warning: PDO::prepare() [pdo.prepare]: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? SET priority = priority + 1 WHERE id = ?'
Aside from that simple problem, there is another one - your code smells of bad database design. In a properly planned database you would never need to receive a table name via POST request.
Most likely you are using multiple tables where you have to use only one.
You need to bind the parameters like this:
$q->bindParam(1, $table);
$q->bindParam(2, $id);
Source (see Example #2)