Here is a small sample of code that is giving me a MySQL Syntax Error. Connect.php is connecting to the correct database and can be used with other projects and code. I know as a fact that the code in connect.php is correct. It is giving me a MySQL Syntax Error about. It doesn't give any more detail than this:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'keys WHERE key='xxxxxxxxxxxx'' at line 1
I pulled this small sample of code from the main project and it still throws the error.
<?php
require "connect.php";
$keyCheck = mysql_query("SELECT * FROM keys WHERE `key`='".$_POST['betakey']."'" , $con);
if (!$keyCheck) {
echo mysql_error();
exit;
} else {
$keyRows = mysql_num_rows($keyCheck);
if ($keyRows == 0) {
echo "This key is invalid!";
exit;
}
?>
EDIT: I got the admin to rename the table and you guys helped me fix some potential security hazards.
I'm fairly sure keys is a reserved word. In any case, you should always enclose database, table and column names in backticks. Not just "sometimes" as you have in this example. Always.
Source.
Related
Notice: Undefined variable: table_name in /Applications/MAMP/htdocs/welcometowarwick/scripts/php/insert_imagery.php on line 106
Error: UPDATE SET business_description='', image1='profiles/sadsadas/', image2='profiles/sadsadas/', image3='profiles/sadsadas/', image4='profiles/sadsadas/', image5='profiles/sadsadas/' WHERE id='307' LIMIT 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET business_description='', image1='profiles/sadsadas/', image2='pr' at line 1
Here is the UPDATE code
$updatesql = sprintf("UPDATE $table_name SET
business_description='$business_description',
image1='$insert_upload1',
image2='$insert_upload2',
image3='$insert_upload3',
image4='$insert_upload4',
image5='$insert_upload5'
WHERE id='$user_id' LIMIT 1");
if (mysqli_query($link, $updatesql)) {
header('Location: ../../register/complete.php');
} else {
echo "Error: " . $updatesql . "<br>" . mysqli_error($link);
}
mysqli_close($link);
Can anyone see what the error with the syntax is?
This is too long for a comment, therefore I am submitting the following.
The syntax error is clear:
right syntax to use near 'SET it starts at SET, so this tells me that:
$table_name is either not defined, or it contains a character that MySQL doesn't agree with. Possibly a space, a hyphen; who knows. Only you know that and how $table_name is defined, or whether it's defined at all.
Plus, as I stated in comments; you're using sprintf but there is no syntax to support that. You can just get rid of it, far as I'm concerned.
It is also unclear which MySQL API you are using to connect with, so make sure you are indeed using mysqli_ to connect with and not mysql_ or PDO.
Those different MySQL APIs do not intermix with each other.
If you have any questions, please do not hesitate to place a comment underneath my answer.
You may also want to make use of mysqli_real_escape_string() in order to escape your data. There might be characters in there that MySQL will also want to buck about.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
this query can't get the table name so it happens try to first echo $updatesql and check the query get table name
when i start searching a record from db i got an issue when apostrophes present in word
for that i used addslashes,mysql_real_escape_strin but not worked for that
<?php
include("lib/dbconn.php");
$list_query_main1="select * from table where name like '%".mysql_real_escape_string($_REQUEST['keyword'])."%'";
$list=mysql_query($list_query_main1);
echo mysql_num_rows($list);
?>
Zero results found but name present in DB give me solution.
you are getting mysql error
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table' at line 1
because TABLE is reserved word. If you named your table like TABLE, you must use right mysql syntax
$list_query_main1="select * from `table` where `name` like '%".mysql_real_escape_string($_REQUEST['keyword'])."%'";
Adding if(!$list || mysql_errno() != 0) echo mysql_error(); after line $list=mysql_query($list_query_main1); will give you some info in case of a query failure
Otherwise myqsl_* is deprecated you should start using mysqli_* functions.
And change your last line
echo $mysql_num_rows($list);
and replace it with
echo mysql_num_rows($list);
If you want to call myqsl_num_rows() function
This is the error I receive when I type in code further down:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order(order_date,cust_firstname,cust_lastname,cust_add,cust_city,cust_state,indi' at line 1
The code for this error is:
<?php
include "db.php";
$cust_firstname=$_POST['name'];
$cust_lastname=$_POST['lastname'];
$cust_add=$_POST['add'];
$cust_city=$_POST['city'];
$cust_state=$_POST['state'];
$cust_country=$_POST['country'];
$cust_zip=$_POST['pincode'];
$cust_phone=$_POST['mobile'];
$cust_email=$_POST['email'];
$sql=mysql_query("INSERT INTO order(order_date,cust_firstname,cust_lastname,cust_add,cust_city,cust_state,$cust_country,cust_zip,cust_phone,cust_email)values(now(),'$cust_firstname','$cust_lastname','$cust_add','$cust_city','$cust_state','$cust_country','$cust_zip','$cust_phone','$cust_email')")or die(mysql_error());
header("location:done.php");
?>
What I'm wondering, is what this error really means and what I have to do to fix it?
Order is a reserved keyword. You need to wrap it in ticks:
$sql=mysql_query("INSERT INTO `order` (order_date,
try this
$sql=mysql_query("INSERT INTO `order` (order_date,cu.....
order is reserved key word in mysql
EDIT:
change this
$cust_country
to
cust_country
in insert statment columns
Struggling with a simple insert command, i'm getting the error
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'All In:
The Poker Movie, tells the story of poker focusing on why one of our nat'
at line 2"
Basically passing film information into a table, here is the code -
$query1 = "INSERT INTO Films_Info (Films_ID,FilmName, FilmRelease, Synopsis,Poster,CritScore,AudScore,Director,Studio,IMDB,date_added_db)
VALUES ('',$Film_Name', '$Film_Release','$filmsynopsis','$film_image','$film_critic','$film_audience','$film_director','$film_studio','$film_imdbID','')";
$runquery1 = mysql_query($query1)or die(mysql_error());
Thanks guys
It looks like that you are missing an ' before $Film_Name. Can you add the missing apostrophe?
If you have phpmyadmin enabled on you server, you can paste the code into the SQL-Field to get syntax highlighting on the SQL query.
I cant really figure out whats wrong with this. I used to write the exact same thing and got it working.
$check = mysql_query("SELECT encrypt FROM database WHERE word='$word'") or die(mysql_error());
Error returned is : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'database WHERE word='asdaasdasdd'' at line 1
DATABASE is a mysql reserved word, eclose it with backticks ``
$check = mysql_query("SELECT encrypt FROM `database` WHERE word='$word'")
or die(mysql_error());
Try backquoting database. It's probably a reserved word.
Database or Databases is a keyword. See the following link for Reserve words
The or die() trick is a very poor choice for several reasons:
It's not a very nice way to present the user with an error message.
Using for instance the mysql_error() call with it, as many people do, exposes information that should never get output in a production environment
You cannot catch the error in any way.
You cannot log the error.
You cannot control whether it should be output to the screen or not. It's okay to do that in a development environment, but certainly not in a production environment.
It prevents you from doing any sort of cleanup. It just ends the script abruptly.
An easy way to implement is :
$result = mysql_query('SELECT foo FROM bar', $db) or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);
Encrypt is a function so, even tho' it is not causing the problem, I would avoid using it as a column name.