I have tried for hours now to update a MySQL table with PHP.
I used the following code (and several others) but it gives an error message:
$id = $_GET['id'];
if(isset($_POST['descr'])){
$go = $_POST['descr'];
mysql_query("UPDATE Rooms SET Desc='$go' WHERE Room_ID='$id'")
or die(mysql_error());
}
mysql_close($conn);
with the error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Desc='This room is the primary test-room. It is?' WHERE Room_ID='11'' at line 1"
The form is called: "descr", the table "Rooms", the field that needs update is "Desc" and it should be where the corresponding ID is, based on a dynamic URL.
If I write echo = $go it outputs the correct data, so I suppose it's the php.
It DOES connect correctly to the database.
Desc is a special word in mysql
try it by escape
mysql_query("UPDATE Rooms SET `Desc`='$go' WHERE Room_ID='$id'")
Assuming that ID is a number:
$id = $_GET['id'];
if(isset($_POST['descr'])){
$go = $_POST['descr'];
mysql_query("UPDATE Rooms SET `Desc`='".$go."' WHERE Room_ID=".$id.")
or die(mysql_error());
}
mysql_close($conn);
Desc is reserved for ORDER BY! Enclose it with '`' symbols!
mysql_query("UPDATE `Rooms` SET `Desc` = '".$go."' WHERE `Room_ID` = ".$id.")
or die(mysql_error());
Related
I have 2 database that link together. I need to retrieve data from that table and insert those column into a table in different database based on their Unique id number.
<?php
$handle = mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_query("USE shop",$handle);
$query = "SELECT ModelCode,Class FROM shopfloor_pro WHERE CommNo = '0985560712'";
$result = mysql_query($query);
while ($data = mysql_fetch_object($result)){
$variable1 = $data->ModelCode;
$variable2 = $data->Class;
mysql_query("USE vt",$handle);
$sql = "INSERT INTO track SET
t_model_code = '$variable1',
t_class = '$variable2' WHERE t_comm_no = '0985560712'";
if (!mysql_query($sql)) {
echo '<p>Error adding data into database: ' . mysql_error() . '</p>';
}
mysql_query("USE paintshop",$handle);
}
?>
this is the data that i want to retrieve
this is where i want to put the data
When i run the code it shows
"Error adding data into database: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE t_comm_no = '0985560712'' at line 3"
You can most likely do this in a single query - but as pointed out the mysql api has been deprecated a long time ago and totally removed from PHP 7+.
To do the query in a single operation you might try like this:
insert into `vt`.`track` (`t_model_code`,`t_class` )
select `ModelCode`,`Class` from `shop`.`shopfloor_pro` where `CommNo`='0985560712'
I've been trying to make a php form page for the users of my website.
When I open the .php page I got the standard error message :
Could not enter data: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE emp_id = $emp_id' at line 1
Can anybody help me with the syntax of these commands ???
The Code is here :
<?php
include 'dbc.php';
$emp_id = $_POST['emp_id'];
$emp_name = $_POST['emp_name'];
$emp_address = $_POST['emp_address'];
$emp_salary = $_POST['emp_salary'];
$emp_date = $_POST['join_date'];
$sql = 'INSERT INTO employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id';
mysql_select_db($dbname);
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>
The query syntax is wrong. You have to use UPDATE query. As you are enclosing the query in single quote, the PHP variables won't get replaced. So change
$sql = 'UPDATE employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id';
to
$sql = "UPDATE employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id";
or
$sql = 'UPDATE employee SET emp_salary = '.$emp_salary.' WHERE emp_id = '.$emp_id;
Hi again all you good people
I thanks very much for the amount of answers !
The right solution was found and the problem is solved with this statement:
$sql = "UPDATE `employee` SET `emp_salary` = '$emp_salary' WHERE emp_id = '$emp_id'";
Most of you was inded right about the syntax and the choice about UPDATE.
The above statement function very well, but it was a bit hard to find the way.
Thanks again for all your kindness, help and time to answer my help
John Engelsby-Hansen
$sql = 'UPDATE employee SET emp_salary=$emp_salary WHERE emp_id = '.$emp_id;
Insert query should be
$sql = 'INSERT INTO employee SET emp_salary = $emp_salary'; // it is valid without where clause
and there is no meaning for Where clause in Insert Qqery
Actually, if You want to update record then write an update query where we have to set values for column
Like
$sql = 'Update employee SET emp_salary= $emp_salary WHERE emp_id = $emp_id';
Your Update Query is wrong
If its an UPDATE query then it should be
UPDATE employee SET emp_salary = $emp_salary WHERE emp_id = $emp_id
And if you are trying to insert a row then how can you use a WHERE condition?
WHERE condition are used in cases of UPDATE QUERY, NOT INSERT QUery
Whats wrong with my code?
Basically what I'm trying to do is add a number and update a field in the sql with what is connected to the variable. But since steamids look like this STEAM_0:0:123123123 or STEAM_0:1:123123123 I get this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':0:14166834' at line 1
This is just for learning, so I know my code has useless echos, but its just to see it being added and making sure i was doing it correctly anyways
addmoney.php
<?php
include("inc/config.php");
$mysteamid=mysql_real_escape_string($_POST['mysteamid']);
$sql = "SELECT * FROM $tbl_name WHERE steamid='$mysteamid'";
$result=mysql_query($sql);
$cash=mysql_result($result, 0, 'cash'); // outputs 7th
echo $cash;
$newcash= $cash + "10000";
echo "\n";
echo $newcash;
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
?>
index.php contains a working formdata its not really required with the error in my code.
my main problem is this line from addmoney.php which is
$mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
As your steamid field in your DB is a string (it seems to be, as possible values are STEAM_0:0:123123123 and STEAM_0:1:123123123), you must use quotes arround the value :
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = '$mysteamid'");
Using mysql_real_escape_string() is necessary, as it escapes quotes inside the variable you pass it as a parameter -- but you still have to put quotes arround the string, in your SQL queries.
In the first query you surrounded your $mysteamid value with simple quotes, and in the second query you didn't. If the steamid is a string type, you need to surround the value with quotes, like
"UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` =' $mysteamid'"
I am trying to rename a table's name from a specific database. I have tried with both of the query given below, but it shows the same error message. I can't understand my mistakes.
The query
1st one :
<?php
$id = $_POST['id'];
$department = $_POST['department'];
$dept_id = $_POST['dept_id'];
$olddept_id = $_SESSION['olddept_id'];
if(isset($_POST['submit']))
{
$order = "UPDATE department SET department='$_POST[department]', dept_id='$_POST[dept_id]' WHERE id='$_POST[id]'";
mysql_query($order) or die (mysql_error());
mysql_query("RENAME TABLE $olddept_id TO $dept_id;") or die (mysql_error());
}
and
2nd one :
<?php
$id = $_POST['id'];
$department = $_POST['department'];
$dept_id = $_POST['dept_id'];
$olddept_id = $_SESSION['olddept_id'];
if(isset($_POST['submit']))
{
$order = "UPDATE department SET department='$_POST[department]', dept_id='$_POST[dept_id]' WHERE id='$_POST[id]'";
mysql_query($order) or die (mysql_error());
mysql_query("ALTER TABLE $olddept_id RENAME $dept_id;") or die (mysql_error());
}
The error message is :
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TO CSEE' at line 1"
The table names which i want to edit, are also stored in a table, named "department". This is done successfully, but the table doesn't renaming.
-thank you
Show the exact SQL that's generated by those queries. I'm guessing you're using a reserved word for the original table name, which means you'd have to escape it with backticks:
RENAME reservedword TO CSEE
Hey, I wrote some code for extracting some information out of the database and checking to see if it met the $_COOKIE data. But I am getting the error message:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
My code so far is:
$con = mysql_connect("XXXX","XXXXX","XXXXXXX");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("XXXXXX", $con);
$id = $_COOKIE['id'];
$ends = $_COOKIE['ends'];
$userid = strtolower($_SESSION['username']);
$queryString = $_GET['information_from_http_address'];
$query = "SELECT * FROM XXXXX";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($queryString == $row["orderid"]){
$sql="UPDATE members SET orderid = ''WHERE (id = $id)";
$sql="UPDATE members SET level = 'X'WHERE (id = $id)";
$sql="UPDATE members SET payment = 'XXXX'WHERE (id = $id)";
$sql="UPDATE members SET ends = '$ends'WHERE (id = $id)";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
}
}
Any help would be appreciated,
Thanks.
$sql="UPDATE members SET ends = '$ends'WHERE (id = $id)";
should be
$sql="UPDATE members SET ends = '$ends'WHERE (id = '$id')";
(IE add the ' around $id)
I'm not sure if this is the error, but do you realize you're code only runs the last UPDATE? You're assigning $sql 4 time, and only running it after the fourth assignement...
If $_COOKIE['id'] does not have a value, then $id in your SQL statements will be blank, leaving your SQL looking like this:
UPDATE members SET ends = 'something' WHERE (id = )
which, of course, is invalid SQL.
Only one of the SQL statements will execute, and that's the last one. You need to add some whitespace before the WHERE clause, like this:
$sql="UPDATE members SET ends = '$ends' WHERE (id = $id)";
Also be wary of SQL injection attacks in the event that your cookie is altered by the end user. One other thing of note is your orderid column. Is it a VARCHAR or some other unique identifier? If it's an integer, then setting it to empty string will not work. You might want to rethink your schema a bit here.
EDIT: Another thing you need to do is check to make sure the cookies actually have values. If not, your SQL strings will be messed up. Have you though about using parameterized queries through PDO so you don't have to worry about SQL injection at all?
first of all you keep overwriting $sql variable so only the
$sql="UPDATE members SET ends = '$ends'WHERE (id = $id)";
is being executed.
And I would say that $id variable is not what you think it is (maybe empty as query like the one above without id:
$sql="UPDATE members SET ends = '$ends'WHERE (id = )";
would throw such error back.
Try
$id = NULL;
before
$id = $_COOKIE['id'];
if the error is gone that means that $id is not what you think it is