You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like = '0 +1' WHERE wall_id = '20'' at line 1
$sql = mysql_query("UPDATE wall SET like = '$nelike' WHERE wall_id = '$id' " );
if($sql)
echo "Success;
else
echo "something wrong<br/>" . mysql_error();
Why I'm getting this error message?
Your column like needs to be encapsulated in backticks because like is also a MySQL keyword.
$sql = mysql_query("UPDATE wall SET `like` = '$nelike' WHERE wall_id = '$id' " );
You'd want to apply backticks to columns with spaces in their names as well.
Also, it wouldn't be a bad idea to escape your data (if you didn't know)
$sql = mysql_query("UPDATE wall
SET `like` = '" . mysql_real_escape_string($nelike) . "'
WHERE wall_id = '" . mysql_real_escape_string($id) . "'" );
LIKE is a SQL keyword. You'll need to put it in backticks if you want to use it as a field name:
UPDATE wall SET `like` = '$nelike' WHERE wall_id = '$id'
The error was that you are using a RESERVED WORD in mysql and you didn't escape it using backtick.
$sql = mysql_query("UPDATE wall SET like = '$nelike' WHERE wall_id = '$id' " );
should be written as
$sql = mysql_query("UPDATE wall SET `like` = '$nelike' WHERE wall_id = '$id' ");
Related
I'm trying to do an update to my database. One of the column values contains apostrophes, etc. I have used $this->db->escape in CodeIgniter around the strings that may contain such characters, but I still get the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'O\'Keeffe, O\'Keefe'' WHERE `survey_id` = 188' at line 1
UPDATE `survey` SET `firstname_confidence_score` = 100, `firstname_rhymes` = '''', `lastname_confidence_score` = 85, `lastname_rhymes` = ''O\'Keeffe, O\'Keefe'' WHERE `survey_id` = 188;
How do I fix this?
UPDATE:
$sql = "UPDATE `$table_name` SET `firstname_confidence_score` = $firstname_confidence_score, `firstname_rhymes` = '" . $this->db->escape($firstname_rhymes) . "', `lastname_confidence_score` = $lastname_confidence_score, `lastname_rhymes` = '" . $this->db->escape($lastname_rhymes) . "' WHERE `$primary_id` = $id;";
$result = $this->db->query($sql);
Since you are using $this->db->escape(), you are automatically adding single quotes around the data.
You query simply needs to be:
$sql = "UPDATE `$table_name`
SET `firstname_confidence_score` = $firstname_confidence_score,
`firstname_rhymes` = " . $this->db->escape($firstname_rhymes) . ",
`lastname_confidence_score` = $lastname_confidence_score,
`lastname_rhymes` = " . $this->db->escape($lastname_rhymes) .
"WHERE `$primary_id` = $id;";
You do not need the single quotes around $this->db->escape($firstname_rhymes) and so on.
UPDATE `survey` SET `firstname_confidence_score` = 100, `firstname_rhymes` = '''', `lastname_confidence_score` = 85, `lastname_rhymes` = 'O\'Keeffe, O\'Keefe' WHERE `survey_id` = 188;
You had double apostraphes around the lastname_rhymes value.
is there something wrong with mysql syntax, I believe the syntax is right though i keep getting an error there is a syntax error when i run my website
$query = "SELECT DISTINCT paycheck.jobId
FROM paycheck,users
WHERE users.email = " . $_SESSION['email'] .
"AND userId = empId";
you forgot single quote here
$query = "SELECT DISTINCT paycheck.jobId
FROM paycheck,users
WHERE users.email = '" . $_SESSION['email'] ."' AND userId = empId";
try this:
$query = "SELECT DISTINCT `paycheck`.`jobId`
FROM `paycheck`,`users`
WHERE `users`.`email` = '" . $_SESSION['email'] ."' AND `userId` = 'empId' ";
you also might want to consider escaping your query to prevent sql injections
Really stuck on something. I'm trying to update a database and the code looks write - and if I echo it out and paste it directly into phpMyAdmin it works perfectly - but the code itself doesn't work... I have spend a day so far trying to figure out why it's not working and I'm completely out of ideas...
function restoreSession()
{
mysql_connect("theHost", "root", "rootPWD") or die(mysql_error());
mysql_select_db("myDatabase") or die(mysql_error());
$restore_cmd = 'UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = "' . $_SERVER['REMOTE_ADDR'] . '")';
$clean_up = "DELETE FROM `wp_dor_cart66_sessions` WHERE `ip_address` = \"" . $_SERVER['REMOTE_ADDR'] . "\" AND id NOT IN (SELECT id FROM ( SELECT id FROM `wp_dor_cart66_sessions` ORDER BY id DESC LIMIT 1 ) user_data )";
mysql_query($clean_up) or die('Query failed: ' . mysql_error());
$result = mysql_query($restore_cmd) or die('Query failed: ' . mysql_error());
echo "<br/>";
echo $restore_cmd;
echo "<br/>";
var_dump($result);
echo "<br/>";
print_r($result);
}
The resulting output looks like:
UPDATE wp_dor_cart66_sessions SET user_data =
(SELECT user_data FROM wp_dor_cart66_stored_sessions
WHERE ip_address = "196.54.110.24");
bool(true)
1
It doesn't appear to have any errors - but I just can't get it to update. If it didn't work in phpMyAdmin - I'd know there was something wrong with the SQL - but it seems right... I'm just really out of ideas - any help would be greatly appreciated!
Here are the statements again with some formatting:
$restore_cmd = '
UPDATE
wp_dor_cart66_sessions
SET
user_data = (
SELECT
user_data
FROM
wp_dor_cart66_stored_sessions
WHERE
ip_address = "' . $_SERVER['REMOTE_ADDR'] . '"
)
';
$clean_up = "
DELETE FROM
`wp_dor_cart66_sessions`
WHERE
`ip_address` = \"" . $_SERVER['REMOTE_ADDR'] . "\"
AND id NOT IN (
SELECT
id
FROM
(
SELECT
id
FROM
`wp_dor_cart66_sessions`
ORDER BY
id DESC
LIMIT
1
) user_data
)
";
$restore_cmd = 'UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = \"' . $_SERVER['REMOTE_ADDR'] . '\")';
need to escape the quotation marks
Looks like quoting error, Try this:
"UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = '" . $_SERVER['REMOTE_ADDR'] . "')";
If could be that you have multiple results in your SELECT.
What if you do ...
$restore_cmd = 'UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = "' . $_SERVER['REMOTE_ADDR'] . '" LIMIT 1)';
... note the LIMIT 1
Are you sure that the first query is not deleting all the matching rows?
I don't understand the "user_data" part at the end of the first query. But I would check the number of affected rows after each query to see if query is doing any affect on data and if it is, is it doing well or there's just some logical mistake.
I am using this code so I can update a record in database:
$query = mysql_query("UPDATE article
SET com_count = ". $comments_count
WHERE article_id = .$art_id ");
My question is: How can I use variables in a MySQL UPDATE statement.
$query = mysql_query("UPDATE article set com_count = $comments_count WHERE article_id = $art_id");
You was messing up the quotes and concats.
You can use inline vars like the previous example or concat them like:
$query = mysql_query("UPDATE article set com_count = " . $comments_count . " WHERE article_id = " . $art_id);
You messed up on your " . pattern.
$query = mysql_query("UPDATE article set com_count = ". $comments_count . " WHERE article_id = " . $art_id . ");
Use apostrophes when using variables in a MySQL UPDATE statement:
$query = mysql_query("UPDATE article
SET com_count = '$comments_count'
WHERE article_id = '$art_id'");
Be careful about space and apostrophes.
I wrote this query:
$query = "UPDATE encodage_answer
SET Answer = geir
WHERE encodage_question_ID = 128
AND encodage_ID = 305
AND Extra = NULL";
$insert = mysql_query($query, $connection) or die(mysql_error());
But if I run this code I always get the same error:
Unknown column 'geir' in 'field list'
It's probably me but I think I am not saying geir is a column/field; what's the issue?
When I run this query directly in my PHPMyAdmin it works great.
Update: Full code:
The answer exists, $Extra variable is Null
$AnswerExists = answer_exists($Question_ID, $encodage_ID, $Extra);
if($AnswerExists <> ""){
if($Answer != NULL){
$correctAnswer = mysql_prep($Answer);
if($Extra != NULL){
$query = "UPDATE `encodage_answer` SET `Answer` = '" . mysql_prep($Answer) . "' WHERE `ID` = '" . $AnswerExists . "'";
$insert = mysql_query($query, $connection) or die(mysql_error());
$query2 = "UPDATE `encodage_answer` SET `Extra` = '" . $Extra . "' WHERE `ID` = '" . $AnswerExists . "'";
$insert = mysql_query($query2, $connection) or die(mysql_error());
}else{
$querytest = "UPDATE `encodage_answer` SET Answer = " . $Answer . " WHERE ID = " . $AnswerExists;
$insert = mysql_query($querytest, $connection) or die(mysql_error());
}
}
}
function answer_exists($Question_ID, $encodage_ID, $Extra){
global $connection;
$trfa = false;
echo $Question_ID . " - " . $encodage_ID . "<br />";
if($Extra <> ""){
$query = "SELECT *
FROM encodage_answer
WHERE encodage_ID = {$encodage_ID} AND encodage_question_ID = {$Question_ID} AND Extra = {$Extra}";
}else{
$query = "SELECT *
FROM encodage_answer
WHERE encodage_ID = {$encodage_ID} AND encodage_question_ID = {$Question_ID}";
}
Try putting single quotes around geir. By not quoting the string you want to set the column to, the SQL backend thinks you want to set the value of the Answer column to the value of the geir column. Since the geir column doesn't exist in your table, it throws an error.
Edit: I suspect that PHPMyAdmin has some kind of SQL statement filtering to catch cases like this, and automatically puts quotes around the string for you.
Thanks for the help to everyone! I'm changing all queries to a safer format! SQL-Injection treats are no longer an issue! Thanks for the tip!
Concerning my question:
I'am a complete idiot! After searching for a solution for 20 hours I found my error! The error was for another query. I'm very sorry for wasting your time but I'm a newbie (ergo, the sql-injection issue), so I hope I am allowed to make a few mistakes.
Thanks
Jens