I have this query:
$query = "INSERT INTO users (users_uuid, type_id) VALUES (UUID_SHORT(), :type_id)";
My question is if in case the UUID_SHORT() generated already exists, is there any way to tell MySQL to generate another UUID_SHORT() within that query? What I have in my mind now is to trap the return error response then execute again the query, which I find inefficient.
Based #eicto comment, I read ON DUPLICATE KEY UPDATE then tried to reconstruct my query, I achieve a new query:
$query = "INSERT INTO users (users_uuid, type_id) VALUES (UUID_SHORT(), :type_id) ON DUPLICATE KEY UPDATE (users_uuid) = VALUES(UUID_SHORT())";
However I received an error in my log that states:
"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(users_uuid) = VALUES(UUID_SHORT())' at line 1"
What does this mean?
Related
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
When I try to insert data where with code:
$query = dbConnect()->prepare("INSERT INTO users(key) WHERE mail='$mail' VALUES ('$key')");
I'm using XAMPP, it gives me an error:
Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'key) WHERE mail='maciej#localhost' VALUES (key)' at line 1 in C:\xampp\htdocs\PHP7_login\restore\index.php:38
You should use backticks for key (because is a reserved word)
and not use where
"INSERT INTO users(`key`) VALUES ('$key')"
or if you need an update
"UPDATE users
set `key` = '$key'
where mail = '$mail'"
The guess is that you want update:
update users
set key = '$key'
where mail = '$mail' ;
You should also learn to use parameters for values in queries. Substituting strings into the query string introduces the possibility of unexpected errors and makes the code vulnerable to SQL injection attacks.
I am trying to enter data into my MySQL database using the following query
UPDATE `Customer Table` SET `ID`=$ID, `First name`='$FirstName',`Last name`='$LastName',`Home phone number`=$HomePhoneNumber,`Mobile phone number`=$MobilePhoneNumber,`House number`=$HouseNumber,`House name`='$HouseName',`Street name`='$StreetName',`Town name`='$TownName',`Post code`='$PostCode' ,`Notes`='$Notes' WHERE ID=$ID
This is working fine when I'm calling it from one PHP file but not working when I'm calling it from an API PHP file.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`House number`=0,`House name`='43',`Street name`='Westbury',`Town name`='We' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`House number`=0,`House name`='3',`Street name`='Close',`Town name`='Thorn' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`House number`=0,`House name`='flat',`Street name`='2 road',`Town ' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`House number`=0,`House name`='39',`Street name`='valley',`Town name`='',`' at line 1
Can anyone see where the error is as I'm struggling to find it. All of the data types are correct from what I can see.
Thanks in advance, Luke.
Try this. It seems that your variable $MobilePhoneNumber contains string part within it something like +
"UPDATE `Customer Table` SET `ID` = '$ID', `First name` = '$FirstName',
`Last name`= '$LastName',`Home phone number`= '$HomePhoneNumber',
`Mobile phone number` = '$MobilePhoneNumber',`House number` = '$HouseNumber',
`House name`='$HouseName',`Street name`='$StreetName',`Town name`='$TownName',
`Post code`='$PostCode',`Notes`='$Notes' WHERE ID=$ID"
Gordon Linoff suggestions was best, $MobilePhoneNumber was not being read from my XML file.+ "<MobilePhoneNumber>" + MobileNumber + "</MobileNumber> was being written instead of + "<MobilePhoneNumber>" + MobileNumber + "</MobilePhoneNumber>
I'm getting MySQL error 42000:1064 that suggests a general syntax error with the following SQL:
UPDATE `events` SET ?=?, ?=?, ?=now() WHERE `event_id`=?;
PHP code to convert to a readable statement & also execute:
<?php
$ar = array_fill(0,count($args),'/\?/');
echo preg_replace($ar,$args,$sql,1);
$this->execute($sql, $args);
?>
This evaluates to:
UPDATE `events` SET event_name=test, form_id=webform, last_updated=now() WHERE `event_id`=124;
Which when pasted into the MySQL workbench completes successfully.
[mysqlErrorMsg] => SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''event_name'='test', 'form_id'='webform', 'last_updated'=now() WHERE `event_id`=' at line 1
It should be noted that my user has full access to the table in question.
You can't use placeholders on column names. Only on values.
Your query does NOT evaluate to (as it should)
UPDATE `events` SET event_name=test, form_id=webform, last_updated=now()
WHERE `event_id`=124;
but is being evaluated as this instead:
UPDATE `events` SET 'event_name'='test', 'form_id'='webform', 'last_updated'=now()
WHERE `event_id`=124;
See the quotes? These are strings, not column names.
So hard code the column names and only use placeholders for values
UPDATE `events` SET event_name=?, form_id=?, last_updated=now() WHERE `event_id`=?;
I'm trying to insert some data into a table using the Yii Framework together with the PDO object and get the following error
I'm building the query using this code
$connection = CActiveRecord::getDbConnection();
$sql="INSERT INTO sms_logs (to, from, message,error_code,date_send) VALUES (:to,:from,:message,:error_code,:date_send)";
$command=$connection->createCommand($sql);
$command->bindParam(":to",$to,PDO::PARAM_STR);
$command->bindParam(":from",$from,PDO::PARAM_STR);
$command->bindParam(":message",$message,PDO::PARAM_STR);
$command->bindParam(":error_code",$code,PDO::PARAM_STR);
$command->bindParam(":date_send",date("Y-m-d H:i:s"),PDO::PARAM_STR);
$command->execute();
And then as soon as I run the code I get
CDbCommand failed to execute the SQL statement: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to, from, message,error_code,date_send) VALUES ('27724963345','27723663542','Hap' at line 1INSERT INTO sms_logs (to, from, message,error_code,date_send) VALUES (:to,:from,:message,:error_code,:date_send)
any suggestions will be welcome! using mySql as the db
You need to escape the word from in your $sql. It is a reserved word.
I'm trying to insert IP addresses into LastIP(An unsigned integer)
INSERT INTO user_entry (UPC, StateID, StoreID,CityID,Price,Count,LastIP) VALUES (885909301378,1,1,1,170,0,INET_ATON(127.0.0.1))
Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.0.1))' at line 1
You need to add quotes:
INSERT INTO user_entry
(UPC, StateID, StoreID,CityID,Price,Count,LastIP) VALUES
(885909301378,1,1,1,170,0,INET_ATON("127.0.0.1"))
Source: Manual