I don't know why the following mySQL query keeps giving me the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://some.url' at line 2
The SQL query itself is this:
DB_ExecuteQuery("UPDATE driver
SET windowsPhoneID = $uri
WHERE userID = $userID");
$userID is just the primary key of the table and is just a VARCHAR. I don't know why the $uri part isn't valid. WindowsPhoneID should be stored as TEXT, so there aren't any mismatched types or anything like that.
Any pointers?
You should add quotes around the parameters:
DB_ExecuteQuery("UPDATE driver
SET windowsPhoneID = '$uri'
WHERE userID = '$userID'");
Remark:
And like Mike gently suggested, please use PDO or MySQLi to prevent sql-injection.
Related
Hello I try do a Update like this
$sql = "UPDATE info SET YES/NO = '$_POST[value]' WHERE ID = '$_POST[id]'";
I am getting this error:
Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '/NO = 'YES' WHERE ID = '5'
I think this can be error from use SLASH on my database, If it is the problem how can i solve it?, thanks and i cant find any on google working for it.
Usualy, anything different than alphanumeric and underscore is not recommended.
Indeed, it is not a good practice to name a colomn like you did.
I will recommend you to rename the colomn yes_no otherwise, you will get the same error again, again and again.
I am trying to update my database with php and for that I have written the following query :
$query = " UPDATE users SET username = '$username' , password = '$password' WHERE id = $id ";
and the error is shown as :
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
near '' at line 1
can you please help..
“syntax to use near ‘something’” shows the first few characters after the last part of the query that MySQL could parse. When ‘something’ is a zero-length string like in this case, it means the query ended before it was complete. That points to $id being an empty string.
You didn’t ask for comments on whether your query has other severe problems that will certainly lead to cybercreeps pwning your web site, so I won’t offer any such comments. :-)
SQL query:
UPDATE a2418693_GCM.driver SET lat = 78.54555,
LONG = 78.45544252 WHERE username = 'rakesh'
MySQL Message: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use
near 'long=78.45544252 WHERE username='rakesh'' at line 2
Whats the problem here?
I am using the following query..
update a2418693_GCM.driver
SET lat=78.54555,long=78.45544252 WHERE username='rakesh'
It's giving you a syntax error because you are using a reserved MySQL keyword "long". To fix this, you need to either rename your column or escape it the "MySQL" way using backticks
UPDATE `a2418693_GCM`.`driver` SET
`lat` ='78.54555',
`long` ='78.45544252'
WHERE `username` ='rakesh'
UPDATE a2418693_GCM.driver SET lat = 78.54555,
longitude = 78.45544252 WHERE username = 'rakesh'
since long is a data type
so I used longitude in place of long
Error Message:
SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND domain = 'ard.qc' AND snapshot_id = 2010 AND locale = 'en_US'' at line 1
SQL Query:
SELECT
entity_id,
content_id
FROM collateral_cms_mapping
WHERE entity_id IN ({$entity_ids})
AND domain = '{$this->getSite()->getInternalId()}'
AND snapshot_id = {$this->getSnapshotDao()->getCurrentSnapshot()}
AND locale = '{$locale}'
Actual SQL after the value is replaced and string concatenation:
SELECT
entity_id,
content_id
FROM
collateral_cms_mapping
WHERE
entity_id
IN
()
AND
domain = 'ard.qc'
AND
snapshot_id = 2009
AND
locale = 'en_US'
Any suggestions?
What's the value of $entity_ids? Probably it's empty, so your query contains IN () which is invalid.
You do not have to concatenate your strings.
It looks like the prepared query is faulty somewhere in the IN ({$entity_ids}).
Echo the query string to check your IN statement.
Definitely look at the IN statement. While I'm not familiar with MySQL, I don't believe an empty IN () clause is permitted in DB2 or Oracle (although I won't swear to it).
I'm having a problem with a query prepared in PHP with PDO. The code:
$link = new PDO("mysql:dbname=$dbname;host=127.0.0.1",$username,$password);
$link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = $link->prepare("SELECT locality_name FROM :passedday GROUP BY locality_name ORDER BY locality_name DESC");
$query->bindParam(":passedday",$day); //Where day is, well, a day passed to the script elsewhere
$query->execute();
$result = $query->fetchAll();
$link = null;
//Do things with the $result.
The error message I am getting is:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''05_26_09' GROUP BY locality_name ORDER BY locality_name DESC' at line 1
When I execute the query on the server directly, it returns the appropriate result set without any problem. Any ideas what I'm doing wrong?
TIA.
Edit:
$day is passed as a GET argument. So, http://127.0.0.1/day.php?day=05_26_09 leads to $day = $_GET['day'];.
If 05_26_09 is supposed to bet the table's name, then I guess you've an escaping problem. Is your local operating system different from the live server?
I don't think you can use bindValue()/bindParam() for something else than values (eg. table name, field name). So I'm a bit suprised, that it works on your local system.
PDO uses mysql's C-API for prepared statements.
http://dev.mysql.com/doc/refman/5.0/en/mysql-stmt-prepare.html says:The markers are legal only in certain places in SQL statements. [...] However, they are not allowed for identifiers (such as table or column names)As a rule of thumb I use: "if you can't wrap it in single-quotes in an ad-hoc query string you can't parametrize it in a prepared statement"