This question already has answers here:
How can I write SQL for a table that shares the same name as a protected keyword in MySql? [duplicate]
(3 answers)
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax error" Hibernate 4 [duplicate]
(2 answers)
Closed 9 years ago.
So I have a custom PHP object which I have serialized and I am trying to insert it into a MySQL database with PHP
Code:
$serializedOrder = serialize($objectOrder);
//I have tried both of these, and all combinations of them
$serializedOrder = mysql_real_escape_string($serializedOrder);
$serializedOrder = stripslashes($serializedOrder);
$result = mysql_query("INSERT INTO orders(order) VALUES('".$serializedOrder."')");
if ($result == false) {
echo "mysql_query failed ";
echo mysql_error();
echo " ";
echo mysql_errno();
}
This produces the reponse:
mysql_query failed You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order) VALUES('O:10:"OrderClass":6:{s:9:"foodArray";a:0:{}s:8:"baseTime";i:0;s:1' at line 1 1064
The total serialized string is:
O:10:"OrderClass":6:{s:9:"foodArray";a:0:{}s:8:"baseTime";i:0;s:11:"orderNumber";i:0;s:11:"truckNumber";i:0;s:10:"customerID";i:0;s:11:"orderStatus";s:0:"";}
Any help is appreciated.
right query
$result = mysql_query("INSERT INTO orders(`order`) VALUES('".$serializedOrder."')");
https://dev.mysql.com/doc/refman/4.1/en/reserved-words.html
Related
This question already has answers here:
how to add ` character to sql queries in cakephp 3
(2 answers)
Closed 4 years ago.
Here is my code:
$conn = \Cake\Datasource\ConnectionManager::get('default');
$conn->logQueries(true);
$entities[] = $this->patchEntity($entity, $insertData);
$this->saveMany($entities);
And its generating the following insert header:
INSERT INTO aneel_sdi_razao_sintetico (Ide_RO_Sintetico, Cd_ODI, Cd_SubODI, Txt_Desc_ODI, Nr_TI, Txt_Tipo_Obra, Txt_Class_Obra, Vl_UC/UAR, Vl_COM, Vl_Proj_ST, Vl_Mont_ST, Vl_Frete_ST, Vl_Fis_ST, Vl_Sup_ST, Vl_Ger_ST, Vl_Proj_MOP, Vl_Mont_MOP, Vl_Frete_MOP, Vl_Fis_MOP, Vl_Sup_MOP, Vl_Ger_MOP, Vl_Tot_CA, Vl_JOA, Vl_Outros, Vl_Tot_Proj, Dt_Ini_Proj, Dt_Energ, Dt_Uniti, Pct_OE, txt_PLPT_OE, txt_Doa_OE, txt_Incor_OE, Nr_Fases, SDI_importacoes_id) VALUES ...
And the following error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/UAR, Vl_COM, Vl_Proj_ST, Vl_Mont_ST, Vl_Frete_ST, Vl_Fis_ST, Vl_Sup_ST, Vl_Ger_' at line 1
The problem is the field "Vl_UC/UAR" must have this "/" and i don't know how to place the "`" character to make the MySQL accept it.
Someone know how to make it work?
If a column contains a / it needs to be quoted and the backtick is an subshell in PHP so:
\`Vl_UC/UAR\`
However its probably easier to rename the column.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 8 years ago.
I can not find out why this is not working.....
i keep getting this message
Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''laketaho_benny'.'tblPictures' SET 'caption' = 'uuuuuuuuuupppp' WHERE 'tblPic' at line 1
and this is my code
$sql = "UPDATE `laketaho_benny`.`tblPictures` SET `caption` = `$caption` WHERE `tblPictures`.`pictureID` =$pictureID;";
Single quotes are for strings. You're thinking of backquotes ( ` ).
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 9 years ago.
This is where I think it´s the problem...
$sql1 = "SELECT `puntos_globales`, '$juego'
FROM `lista_jugadores` WHERE `id_jugador`='$noTop'";
This is the error message:
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "blackOps2'='1' WHERE `id_jugador` = '10" at line 1
$juego .. is a php variable that holds the column name; in this case blackOps2. I don´t know why in the error says blackOps2'='1'??
from the error it seems you didnt provide the true query and it looks you have two where clause
blackOps2='1' WHERE `id_jugador` = '10"
try do it like that
WHERE `id_jugador` = '10' AND blackOps2='1'
This question already has answers here:
Can PHP PDO Statements accept the table or column name as parameter?
(8 answers)
Closed 9 years ago.
$tconn = new PDO('mysql:host='.WW_HST.';dbname='.WW_DB, WW_USR, WW_PS);
$res = $tconn->prepare('SELECT * FROM :tbl');
$res->execute(array(':tbl'=>"ugb"));
When I use this code to draw data from the 'ugb' table, I get the following error:
'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''ugb'' at line 1'
So it's correctly substituting :tbl for 'ugb' but whether I do a bind or just execute with an array, I always get an error. It works fine if I just do SELECT * FROM ugb though.
How can I correct this problem?
PDO does not allow you to set variables in FROM.
You only could add table name in query string.
I usually do by this way:
$allowedTables = array('first', 'second', 'third');
if(in_array($tblName, $allowedTables)) {
$$res = $tconn->prepare("SELECT * FROM $tblName");
}
I don't think that PDO will allow you to bind a parameter to the FROM statement. You could try manualy escaping the table name parameter and after that adding it to the query like this:
$table = "ugb";
$tconn = new PDO('mysql:host='.WW_HST.';dbname='.WW_DB, WW_USR, WW_PS);
$res = $tconn->prepare('SELECT * FROM '. $tconn->quote($table));
$res->execute();
Hope this helps.
This question already has an answer here:
How to insert into MySQL using a prepared statement with PHP [duplicate]
(1 answer)
Closed 9 years ago.
I'm getting the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' DStormr', 'ddo.png', 'Online:' at line 1`
The sql is the following:
"UPDATE articulo SET '".$nombre."', '".$imagen."', '".$text."', '".$precio."', '".$popup."', ".$genero_id.
" WHERE id=".$id"";
What am I missing/not seeing?
When you do an UPDATE you need to SET key = 'value'.