This question already has answers here:
How can I write SQL for a table that shares the same name as a protected keyword in MySql? [duplicate]
(3 answers)
Closed 9 years ago.
I'm getting this error displayed on my screen I have been trying to debug.
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to = 'testname'' at line 1"
my function im using for this is as follows:
function recentMessages() {
$tbl_name="messages";
$username = $_SESSION['username'];
$result = mysql_query("SELECT * FROM $tbl_name WHERE to = '$username' ") or die(mysql_error());
while ($row = mysql_fetch_row($result))
{
return $row['date']." ".$row['time']." ".$row['from']." ".$row['subject']. "<br />";
}
}
Basically what im trying to do is to get all the rows of data from the database messages where who its 'to' is the username of the session and its echo'd out. Any ideas on what im doing wrong? thanks
to is a reserved word. Encase it in tick marks.
... WHERE `to` = '$username'
See the MySQL reserved words.
You should avoid using reserved words if possible.
The to is a reserved word. Try this:
$result = mysql_query("SELECT * FROM $tbl_name WHERE `to` = '$username' ")
or die(mysql_error());
In general try to avoid small words like to, between, from ... e.t.c. just to prevent this kind of issues. A better solution is to have a field name like : "receiver" or "message_to" or something similar
TO is Reserved Words in MySQL. Use backticks to Separates that.
SELECT * FROM $tbl_name WHERE `to` = '$username'
to is a reserved word I believe. Try changing to to [to]
Edit: Wasn't sure entirely. I put it in SQL Server and saw that TO was a reserved word.
Related
I am getting an error when other same page is working good but another gives an error on same query code.
Here is my code what is wrong with this?
$ttt = mysql_query("SELECT * FROM like WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like WHERE (user_id='' AND sound_id='')' at line 1
like is an SQL reserved word and you should use "like" inside backticks ``
$ttt = mysql_query("SELECT * FROM `like` WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
like
Is a reserved word and cannot be used as a tablename the way you try to. Either try setting it into backticks or rename the table.
like is a reserved keyword use backtick for it
`like`
https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Usage of LIKE in mysql
select * from table where username like '%aaa';
select * from table where username like '%aaa%';
select * from table where username like 'aaa%';
etc
As a rule you shouldn't use reserved words, but if you must, and for the purpose of this question, put brackets around it.
$ttt = mysql_query
("SELECT *
FROM [like]
WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
Like is reserved word. Better to change your table name or surrounded with back tick like this like
Try this.
$ttt = mysql_query("SELECT * FROM like_table WHERE user_id=$user_id AND sound_id=$sound_id",$link) or die(mysql_error());
I am learning some PHP/MYSQL over a tutorial and I think that syntax has changed since that tutorial was produced. Please help me out, this are my first steps with PHP/MYSQL. I have been stuck here for some hours now. Connection to DB is successful, but can't query any data.
I run local wamp server and here is the code:
PHP 5.4
MYSQL 5.6
Here is the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table' at line 1
<?php
//error_reporting(E_ALL);
require 'connect.php';
$result = $db->query("SELECT * FROM table") or die($db->error);
print_r($result);
?>
If table is the name of your table then you need to escape it with back ticks:
$result = $db->query("SELECT * FROM `table`") or die($db->error);
This is because table is one of MySQL reserved words and the rule is that if you need to use them then they need to be escaped with backticks.
$result = $db->query("SELECT * FROM `table`") or die($db->error);
$result = $db->fetch_array("SELECT * FROM `table`") or die($db->error);
print_r($result);
You are just selecting it. You need to fetch it as an array.
Also as #vee noticed, you need to use backticks => ` around the word table because table is a MySQL reserved word.
Hello guys and girls im trying to a sql update but think i forgot a ' or a "
im getting this error messege
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Brock'='1'WHERE username = 'admin'' at line 1
The fault lies with in this bit of code if i take the code out the page loads witht he rest of the scripts on it. But need it two do the update.
$blah = mysql_query("UPDATE users SET '".$_SESSION['gymleader']."'='1'WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Were am i going wrong ?
You miss a space between the '1' and the WHERE if I am not mistaken. And you should use backticks (`) when you want to escape a column name
So your code becomes:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
Note the ` instead of the ' around the column name (right after the SET).
Further possible improvements:
In case the column is of type INT, you can replace the '1' by 1 (without the ')
You should never directly use the $_SESSION,$_POST,$_GET or other values which can be altered by users in your queries. Do a Google search on SQL injection for more information
UPDATE user SET field = '1' WHERE ...
instead of
UPDATE user SET 'field' = '1' WHERE ...
and if your field is of type int, you might use
UPDATE user SET field = 1 WHERE
If you want to escape your fieldname, use
`field`
in backticks `
Besides the fact that this looks like a bad idea to code like this, assuming you have a column named Brock then you should use this types of quotes instead:
$blah = mysql_query("UPDATE users SET `".$_SESSION['gymleader']."`='1' WHERE username = '".$_SESSION['username']."'")
or die(mysql_error());
Notice I replaced your ' with `
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am having trouble getting this SQL command to work correctly. (I know this code is insecure, I just need to get it working first.)
When I run this I get the error: "Unknown column 'username' in 'where clause'"
$login_username = $_POST['username'];
$login_password = $_POST['password'];
$lc = "SELECT * FROM user WHERE username = $login_username AND password = $login_password";
$lcr = mysql_query($lc);
$lcgr = mysql_num_rows($lcr)or die(mysql_error());
If you are getting that error it means that your user table has no column called username.
Secondly, your code is open to SQL Injection. You should validate and secure your $_POST values.
Also, you should perform the die check on mysql_query rather than mysql_num_rows.
try using the quotes in the query:
$lc = "SELECT * FROM user WHERE username = '$login_username' AND password = '$login_password'";
It appears that username in your query is not the correct column name. Can you check?
Do you have the column 'username' in your 'user' table? Try DESC user so you're sure of what your field names are in the table and you can amend your query accordingly.
You'll also want to encapsulate your strings (presumably username and password are strings) in quotes.
You've already alluded to knowing your code is insecure so I'll leave any injection commentary out :)
first - do you have a column named "username" in the user table in your database?
Second = put $login_username and $login_password in single quotes as they are strings, right?
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
See something wrong in my code? I can't get the update function to work.. weird thing is the rest works correctly, and the same code works 100% on another page.
<?php
include("config.php");
$id = $_GET['id'];
$number = $_GET['no'];
$result = mysql_query("SELECT * FROM comments WHERE commentid = '$id'")
or die(mysql_error());
$row = mysql_fetch_array( $result );
mysql_query("update `comments` set like = like +1 where commentid = '$id'"); <--- only this here doesnt work
?>
And there is 1 line of html after that, a span tag getting some information out of the comments table.
My 'like' column is set to int(11), so I don't see that being the problem.
Hope this isnt another innatention mistake :/
Thanks alot to anyone who can help me out!
This is the error
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near 'like = like
+1 where commentid = '61'' at line 1
As EboMike posted, LIKE is a reserved keyword in MySQL.
You can either rename your column to something else that is not a keyword (preferred), or you can put a backtick (a backwards single quote) around it to tell MySQL it's a literal name.