Here's the function I created:
function get_phurl_option($option) {
$db_result = mysql_query("SELECT value FROM ".DB_PREFIX."options WHERE option = '$option'") or db_die(__FILE__, __LINE__, mysql_error());
$db_row = mysql_fetch_row($db_result);
return $db_row[0];
}
However, upon visiting a page that uses the function, I get the following error:
File: /usr/home/<removed>/includes/functions.php
Line: 28
Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option = 'shortcode_type'' at line 1
I'm not sure why this would be, I've tried apostrophes, speech marks, and backticks, neither of which seem to work. I can't figure out the problem here, so any help would be much appreciated.
option is a MySQL reserved word, so you need to enclose it in backticks
$db_result = mysql_query("SELECT value FROM ".DB_PREFIX."options WHERE `option` = '$option'")
The specified error usually means that the field you're attempting to access is invalid or reserved by MySQL. Make sure you escape all variables in backticks:
SELECT `value` FROM `".DB_PREFIX."options` WHERE `option` = '$option'
Related
I'm trying to write a MySQL in my PHP script which will update a field in the database however I get the error:
Fatal error: Wrong SQL: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user' SET 'currentsong' = '' WHERE 'userid' = '1893''
While using this code.
$setcurrentsongsql = "UPDATE 'user' SET 'currentsong' = '$currentsong' WHERE 'userid' = '$sql1'";
$setcurrentsong = $db->query($setcurrentsongsql);
I'm sure it's something simple however I'm completely baffled. Even if I replace the variables with just a normal string it doesn't work.
Thank you in advance for any help.
Use back ticks not single quotes for table names and column names. Try the following:
$setcurrentsongsql = "UPDATE `user` SET `currentsong` = '$currentsong' WHERE `userid` = '$sql1'";
In MySQL, identifier quote character is the backtick " ` ". This short page should give you a good understanding of the schema rules, identifiers and so on: http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
mySQL uses the backtick ` for column and table names, and apostrophes ' for string constants. However these aren't needed unless you're using a reserved keyword (such as your table is actually called "table") or your table or column name contains spaces (such as "my table").
You can use:
$setcurrentsongsql = "UPDATE `user` SET `currentsong` = '$currentsong' WHERE `userid` = '$sql1'";
Or:
$setcurrentsongsql = "UPDATE user SET currentsong = '$currentsong' WHERE userid = '$sql1'";
Also, if $currentsong comes from an untrusted source, you might want to worry about SQL injection.
I have a following code:
<?php
include("config.php");
$key = 'blahblah';
$sql = "INSERT INTO softversions SET key='$key'";
$result = mysql_query($sql) or die ($mysql_error());
echo "dude";
?>
This gives me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='svksskjfvns'' at line 1
The thing is that I've used this script about a hundred times on other pages and it worked.
Table and field names are 100% correct.
I don't understand what is going on.
Do you see the syntax error there?
KEY is a reserved word in MySQL and you need to escape it using backticks to use it as a column name and also you should not use SET when inserting.
$sql = "INSERT INTO softversions (`key`) VALUES ('$key')";
key is a reserved word in MySQL. To use it as a column, you need to escape it every time you call it.
$sql = "INSERT INTO softversions SET `key`='$key'";
$sql = "INSERT INTO softversions(keyName) values('{$key}')";
If I remove the line condition=\''.$this->condition.'\', it works.
If I let it there, the following error message appears:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'condition='unknown', promotional='0', website='0', quantity='1',
' at line 7
mysql_query('UPDATE products SET
name = \''.$this->name.'\',
description = \''.$this->description.'\',
brand = \''.$this->brand.'\',
model = \''.$this->model.'\',
price=\''.$this->price.'\',
condition=\''.$this->condition.'\',
promotional=\''.$this->promotional.'\',
website=\''.$this->website.'\',
quantity=\''.$this->quantity.'\',
service=\''.$this->service.'\'
WHERE id = \''.$this->id.'\' '
CONDITION is a reserved mysql keyword. You must enclose it in backticks:
`condition`=\''.$this->condition.'\',
You have to rename condition column. See Reserved MySQL keywords table
I am working on a social networking site for my company and I am setting up the messaging system.
I have a table in the database called "mail" and for some reason the simplest SELECT query is returning an error.
here's the code:
$sql = "SELECT * FROM mail WHERE to='$username'";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_assoc($result)){
$from = $row['from'];
$content = $row['content'];
echo "<tr><td>$from</td><td>$content</td></tr>";
}
It is returning this error; You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to='cody'' at line 1
I have used this type of query with the same syntax a hundred times before I have no idea whats wrong this time.
A few notes: The database connection works fine, "to", "from" and "content" are columns in my "mail" table.
Thanks in advance for your help
TO is a reserved word. Try the following instead
$sql = "SELECT * FROM mail WHERE `to`='$username'";
Reserved words are permitted as
identifiers if you quote them as
described in Section 8.2,
Reference
"TO" is also a keyword try encapsulating the field name with a backtick `
I think the problem occurs due to this
to='$username'
$username is a Php variable so check out
I'm trying to update using mysql_query in php and it gives me this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read='1' WHERE id='14'' at line 1
I've been looking at my query for about 10 minutes now and I cant find whats wrong with it. Here it is:
if ($row['read'] == 0) {
mysql_query("UPDATE mail SET read='1' WHERE id='$mailid'") or die(mysql_error());
}
Do anyone see where the error is?
read is a reserved word.
Enclose it into the backticks:
UPDATE mail SET `read`='1' WHERE id='$mailid'
How about...
"UPDATE `mail` SET `read`='1' WHERE `id`='".$mailid."'"
read is a reserved word. You need to use backticks ` around read.