I have this problem
Warning: mysqli::prepare() [mysqli.prepare]: (42000/1064): You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'desc, keyword)
VALUES (?,?,?,?)' at line 1 in
D:\xampp\htdocs\Optimizer\login\submit.php on line 125
I have this problem while making link directory using this code:
if ($stmt = $mysqli->prepare("INSERT url (url, title, desc, keyword) VALUES (?,?,?,?)"))**==>>Line 125**
{
$stmt->bind_param("ssss", $input['url'], $input['title'],$input['desc'],$input['keyword']);
$stmt->execute();
$stmt->close();
At least desc is a reserved keyword, possibly some more of your field names. Put backticks around the field names that are reserved keywords.
Related
When I proceed to run the following query:
$sql3 = mysqli_query($con, 'INSERT INTO berichten (from, naar, file) VALUES ('.$id.', '.$to.', "'.$url.'")') or die(mysqli_error($con));
I'll received this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, naar, file) VALUES (2, 2, "b9173a1b9ade8767280009f9638bd987.caf")' at line 1
id = an id number,
to = an id number and
url = the filename (e.g. sound.caf)
Why do I get this error and what to do to fix it?
Thanks!
from is a special SQL keyword. You have to escape it by putting it into backticks:
$sql3 = mysqli_query($con, 'INSERT INTO berichten (`from`, naar, file) VALUES ('.$id.', '.$to.', "'.$url.'")') or die(mysqli_error($con));
Besides that you might need to quote ID and file as you did for $url.
Btw. You should really consider to use prepared statements in order to prevent SQL injections.
Cant figure out where this query is going wrong...
getting this error:
{"databaseException":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc) \n VALUES (1, array)' at line 1"
from this query
$statement = $db->prepare(
"INSERT INTO `descriptions` (vrm, desc) VALUES (:vrm, :description)"
);
if ($statement->execute(array(
':vrm' => '1',
':description' => $_POST['desc'])));
Thanks!
You should add backticks to the desc column name. It's a reserved word (ORDER BY vrm DESC).
im writing a app that checks user status
im using mysql and i want to have a table name check
this is my code :
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare("INSERT INTO check VALUES (?,?)");
i get error :
Uncaught exception 'mysqli_sql_exception' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check VALUES (?,?)' at line 1'
what am i doing wrong ?
your table name (check)
is a reserved word in MySQL.
Surround it in backticks like this:
$mysqli->prepare("INSERT INTO `check` VALUES (?,?)");
check is a reserved word in MySQL . Enclose it in backticks !
Like this
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare("INSERT INTO `check` VALUES (?,?)");
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
this call fails with error :
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare("INSERT INTO check VALUES (?,?,?,?,?,?)");
error i get :
Uncaught exception 'mysqli_sql_exception' with message 'You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'check VALUES
(?,?,?,?,?,?)' at line 1'
I have a table named "check" with right amount of fields
if i change table name to checkSomething it works ...
any idea ?
check is a reserved keyword. To use it as table name, you have to escape it with backticks like this: `check` :
$stmt = $mysqli->prepare("INSERT INTO `check` VALUES (?,?,?,?,?,?)");
Check is a reserved word in MySQL. You need to either surround it in backticks like this:
$mysqli->prepare("INSERT INTO `check` VALUES (?,?,?,?,?,?)");
Or much better, rename it to something that you don't need to constantly have a special case for.
$mysqli->prepare("INSERT INTO checks VALUES (?,?,?,?,?,?)");
I am encountering one little problem here:
I am entering one MySQL query through PHP. I have checked the connection works fine and looks like the following:
INSERT INTO table (q1,q2,q3) VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
then when I change the query to the following, there is an error:
INSERT INTO table (q1,q2,q3-1) VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
The following error appears:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1) VALUES ('N', 'asdfasdf', '' )' at line 1
Now, I am thinking, is it because:
I name the table column as 'q3-1'
or any other problem?
Would it be okay if I change it to q3_1 instead?
If you put backticks ` around the field names, it should be OK
ie:
INSERT INTO table (`q1`,`q2`,`q3-1`) ...
Use backticks. Look into PDO.
INSERT INTO table (q1,q2,`q3-1`)
VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
You have error in your second query because of q3-1. It should be in quotes :
INSERT INTO table (q1,q2,`q3-1`) VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
escape the columns name with backtick ( ` )
INSERT INTO table (`q1`, `q2`, `q3-1`)
VALUES ('".$_POST['Q1']."', '".$_POST['Q2']."'...)
but this statement is vulnerable with SQL Injection. Try using it with PDO
ex.)
<?php
$stmt = $dbh->prepare("INSERT INTO table (`q1`, `q2`, `q3-1`) VALUES (?, ?, ?)");
$stmt->bindParam(1, $_POST['Q1']);
$stmt->bindParam(2, $_POST['Q2']);
$stmt->bindParam(3, $_POST['Q3']);
$stmt->execute();
?>