Cant get this MySQL query working

Cant get this MySQL query working - php

Got this query:
mysql_query("INSERT INTO leaderboard (user_id, lines)
VALUES (". $rowUser['id'] .",". $linesDone .")") or die("ERROR 29: ". mysql_error());
Giving this error:
ERROR 29: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'lines) VALUES (1,50)' at line 1
I've tried all kind of syntaxing, like using ´´ and '' in the query, but all resulting in approx. the same error.
Can anyone see what is wrong?

Lines is a reserved word in MySQL - you have to escape this word with backticks
mysql_query("INSERT INTO leaderboard (user_id, `lines`)
VALUES (". $rowUser['id'] .",". $linesDone .")") or die("ERROR 29: ". mysql_error());
btw.. mysql_* is deprecated as mentioned in the manual. Better use mysqli_* or pdo

Secure your query.
mysql_query(
sprintf("INSERT INTO leaderboard (user_id,`lines`)
VALUES ('%d','%s')",
mysql_real_escape_string($rowUser['id']),
mysql_real_escape_string($linesDone)
) or die("ERROR 29: ". mysql_error());

Related

Database error when inserting values into MySql

I have an error on insert value mysql.
Please see my PHP code
<?php
$ali = $_POST['ali'];
$con = #mysqli_connect('localhost', 'root', '', 'mohammad');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$insertinto_ic_add = "INSERT INTO sq (text) VALUES ('" . $ali . "')";
mysqli_query($con, $insertinto_ic_add) or die("database error:" . mysqli_error($con));
?>
<form action="" method="post">
<input name="ali">
</form>
I input the values " n't " and an error occurs:
database error:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 't')' at line 2

I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";

php add time slot into mysql

I have the following coding and would like to insert a sql into mysql but I got the following error :
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"**
<?php
date_default_timezone_set('Hongkong');
include('fun.php');
$outlet="Da Da";
$officehrStr = "11:00"; // morning
$officehrEnd = "02:00"; // midnight
if (isset($_POST['confirm'])) {
$dt1=new DateTime($officehrStr);
$dt2=new DateTime($officehrEnd);
$values=array();
while ($dt1 <= $dt2) {
$values[]="('". $outlet ."','". $dt1->format('H:i') ."')";
$dt1->modify("+".$_POST['slot']." minute");
}
include('db.php');
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES ". implode(',',$values);
mysql_query($sql) or die(mysql_error());
mysql_close($conn);
?>

If this is SQL syntax error, my guess is a problem with this line
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES ". implode(',',$values);
Try to change it with this
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES (". implode(',',$values).");";

the problem get solved by adding the following coding "$dt2->add(new DateInterval('PT86400S')); " between $dt2=new DateTime($officehrEnd); and while ($dt1 <= $dt2) {" Thank you for all your valuable time

Please have a look in your sql statement.
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES (". implode(',',$values).");";
You can see that you are trying to insert data in two columns (outlet,timeslot) but assigning values to inly 1 column. You must assign 2 values like.
$sql="INSERT INTO tb_timeslot (outlet,timeslot) VALUES (". implode(',',$values).", '$replace_variable_name');";
Please update your statement with my statement but don't forget to edit "replace_variable_name" with your defined value.
Hope this will help you.

Error inserting values to a table in MySql

I am having error inserting values to a database table in mysql.The connection is allright. I have checked it. My code is :
$emails = implode(",", $not_submitted);
$sql_update_query = "INSERT INTO reminders_table(id,group_name,runtimes,emails) VALUES(NULL, '".mysql_real_escape_string($group_name) ."' ,'".mysql_real_escape_string($runtimes) ."' , '".mysql_real_escape_string($emails) ."')";
mysql_query(sql_update_query, $con);
echo $sql_update_query, "<br>";
echo mysql_error(), "<br>";
After seeing the error in my console, it says :
"responseText: "INSERT INTO reminders_table(id,group_name,runtimes,emails) VALUES(NULL, 'BIT' , 'tue,wed-02:45,23:15' , 'c_faw,)<br>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sql_update_query' at line 1<br>"Reminders have been sent....! Please close this page."↵"
Any help is appreciated. So far I have tried debugging a lot. I added "mysql_real_escape_string" also, but still it doesn't work.

It a missing a Single quote after email variable.

Invalid query, syntax to use near 'INET_ATON ('IP')'

I'm getting this error:
Invalid query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 'INET_ATON('188.92.x.x')' at line 1
While trying to insert IP Address in database. The column type is:
'LastIP int(10) unsigned NOT NULL,'.
The function to execute the query is:
function onNewUser($ip, $hostname, $con)
{
$query = "INSERT INTO tableMachine (LastIP, LastHostName) VALUES ".
"INET_ATON('".mysql_real_escape_string($ip, $con)."'), ".
"'".mysql_real_escape_string($hostname, $con)."'";
$result= mysql_query($query, $con);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
}
I call this function with the parameters:
$ip = $_SERVER['REMOTE_ADDR'];
$hostname = #gethostbyaddr($ip);
onNewUser($ip, $hostname, $con);
What's wrong with it guys?

your values list should be encapsulated inside of parenthesis if I am not mistaken

You should try this :
$query = "INSERT INTO tableMachine (LastIP, LastHostName) VALUES (".
"INET_ATON('".mysql_real_escape_string($ip, $con)."'), ".
"'".mysql_real_escape_string($hostname, $con)."')";
I just add parenthesis for VALUES(...)
Also, as #Shamil said, the functions mysql_* are depricated. You should use mysqli_*This link should help you with the mysqli_* functions.

getting error check ur mysql syntax near 'order(`pcode`)

i used `` for column name though im getting error...
my code is
$sql = "INSERT INTO order(`pcode`) VALUES ('$pcode')";
if(!mysql_query($sql,$con))
die('cant connect ' .mysql_error());

Order is a reserved word for the "ORDER BY" clause
try
"INSERT INTO `order`(pcode) VALUES ('$pcode')";
Note: Please ensure $pcode is being run through mysql_real_escape_string, or better yet look into the PDO extension and their prepared queries

if order is your table name and pcode is your column name then you can use this:
$sql = sprintf("INSERT INTO `order` (pcode) VALUES('%s')", $pcode);

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Cant get this MySQL query working - php

Secure your query. mysql_query( sprintf("INSERT INTO leaderboard (user_id,`lines`) VALUES ('%d','%s')", mysql_real_escape_string($rowUser['id']), mysql_real_escape_string($linesDone) ) or die("ERROR 29: ". mysql_error());

Related

Database error when inserting values into MySql

php add time slot into mysql

Error inserting values to a table in MySql

Invalid query, syntax to use near 'INET_ATON ('IP')'

getting error check ur mysql syntax near 'order(`pcode`)

Categories

Resources