PHP: query function erron executing update query string - php

I have a problem with a query. This query works with phpMyAdmin, but I have an error when this query is execute by PHP. What could be the reason?
My PHP code is:
var_dump($sql);
query($sql);
when I debug:
this is the query string:
UPDATE searchcolumnsets SET name = "Project X",jsonfields = "[{\"name\":\"cm:contentPropertyName\",\"title\":\"Thumbnailed Content Property Name\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:defaultHomeFolderPath\",\"title\":\"Percorso cartella homepage\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"trx:enabled\",\"title\":\"Abilitato\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:identifier\",\"title\":\"Identificativo\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:expiryDate\",\"title\":\"Data di scadenza\",\"description\":\"Data di scadenza\",\"datatype\":\"d:date\"},{\"name\":\"cm:hits\",\"title\":\"Conteggio\",\"description\":\"Conteggio\",\"datatype\":\"d:int\"}]" WHERE id = 50
this is the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name":"cm:contentPropertyName","title":"Thumbnailed Content Property Name","desc' at line 1


you may use single qoute instead.
try this
UPDATE searchcolumnsets SET name = 'Project X',jsonfields = '[{\"name\":\"cm:contentPropertyName\",\"title\":\"Thumbnailed Content Property Name\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:defaultHomeFolderPath\",\"title\":\"Percorso cartella homepage\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"trx:enabled\",\"title\":\"Abilitato\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:identifier\",\"title\":\"Identificativo\",\"description\":\"\",\"datatype\":\"\"},{\"name\":\"cm:expiryDate\",\"title\":\"Data di scadenza\",\"description\":\"Data di scadenza\",\"datatype\":\"d:date\"},{\"name\":\"cm:hits\",\"title\":\"Conteggio\",\"description\":\"Conteggio\",\"datatype\":\"d:int\"}]' WHERE id = 50

Related

MySQL UPDATE Query PHP doesn't work

I'm trying to update a column, I got no modification in the column value can you please help me with that?
Code i am trying:-
global $wpdb;
$param1 = $_GET['projectID'];
$sql1 = "UPDATE wp_projects SET nbrDonation = nbrDonation+1 WHERE projectID = $param1";
$wpdb->query($sql1);
echo $param1;
echo $sql1;
this is what i got as error :
Erreur de la base de données WordPress : [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1] UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=
UPDATE wp_projects SET nbrDonation=nbrDonation+1 WHERE projectID=

It seems like your $param1 value may be empty, or otherwise invalid.
[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1]
The '' implies that the value is empty; so the SQL is doing:
UPDATE wp_projects SET nbrDonation=(nbrDonation+1) WHERE projectID=''
Which is invalid as nothing ('') is not an integer value as expected.
Solution:
You need to force the $param1 value to be interger. You can do this by typecasting in PHP.
so:
$param1 = (int)$_GET['projectID']; // forces it to a numeric value, 1 or 0
This will then mean the SQL will work correctly:
$sql1 = "UPDATE wp_projects SET nbrDonation = nbrDonation+1 WHERE projectID = $param1";
You do not need the brackets around the nbrDonation+1 and you do not need quotes around the ID number, because it's numeric.
Please also note:
How to Prevent SQL Injection compromise in MySQL with PHP

Remove the single quote your projectID
$sql1="UPDATE wp_projects SET nbrDonation=(nbrDonation+1) WHERE projectID=$param1";
Try now.

why query buider codeigniter is not working?

When I click the save button on the input form, it will run the create method,
And trying to get the data in the database, but it does not work.
Error result, like this:
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 'E 0001) AS labels FROM buku WHERE id_judul = '1'' at line 1
SELECT IFNULL(MAX(label_buku), 500 Kin E 0001) AS labels FROM buku
WHERE id_judul = '1'
Filename: models/Buku_model.php
Line Number: 33
Model :
$label = $judul->klasifikasi.' '.substr($judul->penulis,0,3).' '.substr($judul->judul_buku,0,1).' '.'0001';//500 Kin E 0001
$id_judul = $input->id_judul; //1
$label_buku = $this->db->select("IFNULL(MAX(label_buku),$label) AS labels", false)
->where('id_judul',$id_judul)
->get($this->table)->row();//error
Please help me...

500 Kin E 0001 needs to be quoted:
SELECT
IFNULL(MAX(label_buku), "500 Kin E 0001") AS labels
FROM buku
WHERE id_judul = '1'
So in your CodeIgniter query:
$label_buku = $this->db->select("IFNULL(MAX(label_buku),\"$label\") AS labels", false)
->where('id_judul',$id_judul)
->get($this->table)->row();

Delete from table where id in (*php variable*) returns error

I working in a php application where I must delete the selected items from a list where each item haves their own ID from mysql database, everything goes ok until execute the query in php.
This is the error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 5
this is the String that I execute in the query:
$queryDE = "delete from md5_agenda
where id_empresa = $empi
and id_unidade = $unii
and id_usuario = $usrr
and id_item_agenda in ($deletar);"
The variable $deletar receives their value from post method and their value is like: 35,36,47,... and can be one ore many different values
But my problem is if I change $deletar for the exactly values everything goes fine, but if I use the php variable with THE EXACTLY SAME VALUE it doesn't work and returns the previous error message, I have no more ideas about what to do... I wanna keep in this way where I can choose all IDs that I want delete, without repeat the query.
Thanks.
edit:

foreach($deletar as $val)
{
$queryDE = "delete from md5_agenda
where id_empresa = $empi
and id_unidade = $unii
and id_usuario = $usrr
and id_item_agenda = $val;"
}
your code is not working because $deleter is return multiple value.
check code it's working.

Why don't you use a safe parametrized query?
$db =new PDO('... your connection string ... ');
$stmt = $db->prepare("delete from md5_agenda
where id_empresa = :empi
and id_unidade = :unii
and id_usuario = :usrr
and id_item_agenda in (:deletar);");
$stmt->execute(array(
':empi' => $empi,
':unii' => $unii,
':usrr' => $usrr,
':deletar' => $deletar
)
);

Insert a record with an apostrophe mysql php

I want to insert a record with an apostrophe into a MySQL database using PHP. Following is my code:
$importer_name =mysql_escape_string ($objWorksheet->getCellByColumnAndRow(1,3)->getValue());
$exporter_name = $objWorksheet->getCellByColumnAndRow(1, 3)->getValue();
$prod_quantity_unit = $objWorksheet->getCellByColumnAndRow(1,6)->getValue();
$prod_fob_value = $objWorksheet->getCellByColumnAndRow(5,6)->getValue();
$prod_quantity = $objWorksheet->getCellByColumnAndRow(1,8)->getValue();
$prod_fob_unit= $objWorksheet->getCellByColumnAndRow(5,8)->getValue();
$prod_gross_waight= $objWorksheet->getCellByColumnAndRow(1,10)->getValue();
$prod_cif_value= $objWorksheet->getCellByColumnAndRow(5,10)->getValue();
$prod_net_weight= $objWorksheet->getCellByColumnAndRow(1,12)->getValue();
$prod_cif_unit_price= $objWorksheet->getCellByColumnAndRow(5,12)->getValue();
$prod_brand= $objWorksheet->getCellByColumnAndRow(5,14)->getValue();
$hs_code = $objWorksheet->getCellByColumnAndRow(1,17)->getValue();
$shipping_date = $objWorksheet->getCellByColumnAndRow(5,17)->getValue();
$customs = $objWorksheet->getCellByColumnAndRow(1,19)->getValue();
$transport_company = $objWorksheet->getCellByColumnAndRow(5,19)->getValue();
$country_of_origin = $objWorksheet->getCellByColumnAndRow(1,21)->getValue();
$transport_mode = $objWorksheet->getCellByColumnAndRow(5,21)->getValue();
$country_of_trade = $objWorksheet->getCellByColumnAndRow(1,23)->getValue();
$hs_code_description = $objWorksheet->getCellByColumnAndRow(1,26)->getValue();
$product_description = $objWorksheet->getCellByColumnAndRow(1,28)->getValue();
$insertquery="INSERT INTO tb_peru_data
(importer_name,exporter_name,product_quantity_unit,
product_fob_unit,product_quantity,product_fob_value,
product_gross_weight,product_cif_value,
product_net_weight,product_cif_unit_price,
product_brand,shipping_hs_code,shipping_date,
shipping_customs,shipping_transport_company,
shipping_country_of_origin,shipping_transport_mode,
shipping_country_of_trade,hs_code_description,
product_description)
VALUES
('$importer_name','$exporter_name','$prod_quantity_unit',
'$prod_fob_unit','$prod_quantity','$prod_fob_value',
'$prod_gross_waight','$prod_cif_value','$prod_net_weight',
'$prod_cif_unit_price','$prod_brand','$hs_code','$shipping_date',
'$customs','$transport_company','$country_of_origin',
'$transport_mode','$country_of_trade',
'$hs_code_description','$product_description')";
mysql_query($insertquery)or die('ErrorrPERU: '.mysql_error());
/*$del="DELETE * FROM tb_excel_file";
mysql_query($del);*/
?>
This does not work, and gives the following error:
you have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
's','12U','6','9','54',
'34.83','55.5','31.83','6.17','','7323931000','2008/04/1' at line 3

Use mysqli_real_escape_string instead of deprecated mysql_real_escape_string
This function will force you to input mysql table / database.
This way your collation will be considered while escaping

You can use real_escape_string() in PHP. You need to escape the apostrophe (that is, tell SQL that the apostrophe is to be taken literally and not as the beginning or end of a string). To add more, I'd say that you can also use PDO, but consider using addslashes($string) and stripslashes($string).

Add page in Concrete5

I am trying to add page via code in Concrete5(CMS).
$parentPage = Page::getByPath("/hotel");
$ct = CollectionType::getByHandle("products");
$data = array();
$data['cName'] = 'New Page';
$data['cDescription'] = 'Description here';
$newPage = $parentPage->add($ct, $data);
But I get MySql error:
mysql error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1] in EXECUTE("select max(cDisplayOrder) from Pages where cParentID = LIMIT 1")
And also How can I add an Attribute when created page??

The SQL error implies to me that the $parentPage wasn't instantiated properly. C5 is confusing in that the Page::getBy...() and a few others will return an object even if the page doesn't exist -- it's your responsibility to check it for errors.
Are you expecting that /hotel exists? You have to create it first. You should var_dump($parentPage) after you've loaded it.

Categories