I'm trying to insert a new record into a table 'order'. Here is the code:
$orderDB = mysql_query("INSERT INTO order (itemsID, deliveryDestinationID, total, shipped) VALUES ($itemID, $delivery, $totalprice, 'N')") or die(mysql_error());
The variables are $itemID which is a 5 digit number, $delivery which is also a 5 digit number, $totalprice which is the cost of the transaction (e.g. 137.97) and 'N' which is used in a shipped field in my table.
I think the issue is coming from $totalprice, however when I echo all the variables before this line they appear to be correct. Here is an example of the echo's and error when $totalprice is 170:
00036 00022 N 170 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (itemsID, deliveryDestinationID, total, shipped) VALUES (00036, 00022, 170' at line 1
Any ideas?
order is a reserved word in MySQL. Consider changing the table name or wrap it in backticks (eg: `order`)
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
ORDER is a reserved keyword. Escape it with backticks if you use it as table name:
"INSERT INTO `order` (itemsID ...
ORDER is a MySQL reserved keyword. To use it as a table or column name you must enclose it in backticks.
$orderDB = mysql_query("INSERT INTO `order` (itemsID, deliveryDestinationID, total, shipped) VALUES ($itemID, $delivery, $totalprice, 'N')") or die(mysql_error());
order is a reserved keyword. It is the source of error in your query. As others suggested enclose it in back-ticks for the query to work.
Related
I have a page that updates the data of a specific user. The user has position, which is a foreign key. The query update (below) works fine without the position, but with the position I get the following error.
Query :
$queryUpdate = "UPDATE visitorsystem.employee SET idNumber = '$idNumber', name = '$name',
surname = '$surname',
position = 'SELECT positionid FROM visitorsystem.position WHERE positionName LIKE '%$position%'',
email = '$email'
WHERE employeeid = '$empId'";
$resultUpdate = mysqli_query($connection,$queryUpdate)
or die("Error in query: ". mysqli_error($connection));
Error in query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 'SELECT positionid FROM visitorsystem.position WHERE
positionName LIKE '%Informat' at line 3
I have tried to work my way around by using inner join as I have seen some solutions given here on stack but nothing has worked. Any Suggestions ?
Subqueries go within regular parens, not quotes, so in a general sense:
SELECT x FROM y WHERE z IN (SELECT z FROM a)
Single and double quotes (by default) are only for string values.
I get this error
Error: You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'character (name, address, birthplace, age,
birthdate) VALUES ( 'Alex','Villa V' at line 1
here
$sql = "INSERT INTO character (name, address, birthplace, age, birthdate)
VALUES ( '$name','$address','$birthplace', '$age','$birthplace')";
if ($conn -> query($sql) === true){
echo "New record created successfully ";
} else{
echo "Error: ".$sql."<br>".$conn -> error;
}
$conn -> close();
Everything else seems to be working fine i checked the syntax however the
error wont disappear.
character is a reserved word and needs to be escaped with backticks.
INSERT INTO `character` (name, address, birthplace, age, birthdate)
VALUES ( 'Alex','Villa Verde Subd.','July 5 1993', '17','July 5 1993')
BTW you should store the date values in a date column and not as a string. And storing the age is also not a good idea since it needs to be adjusted. It can be calculated from the birthdate.
character is a reserved word in MySQL. you have to escape it with backticks:
$sql = "INSERT INTO `character` (name, address, birthplace, age, birthdate) VALUES ( '$name','$address','$birthplace', '$age','$birthplace')";
You cant use character as table name as its reserve keyword. Use backticks
character is a MySQL reserved word.
In order to do this use backticks, for example:
INSERT INTO `character`
Please see here for further information:
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
I'm using this query (I changed it):
// SQL query
$squl = "INSERT INTO 'messages' ('id','name' ,'email' ,'subject' ,'content','userid') VALUES ( null,'".$name."', '".$mail."', '".$subject."', '".$content."','');";
// mysql query
$query = mysql_query($squl) or die("message query problem: ". mysql_error());
I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''messages' ('id','name' ,'email' ,'subject' ,'content','userid' )VALUES ( null,'' at line 1
What is causing this?
.``) You used a period here instead of a comma so the function is only receiving 5 columns when it needs 6.
Update:
As the commenter below points out, you've replaced the backticks with quotation marks.
$squl="INSERT INTO `messages` (`id`,`name` ,`email` ,`subject` ,`content`,`userid` )VALUES ( null,'$name', '$mail', '$subject', '$content','');";
(id,name ,email ,subject ,content,userid )
( NULL,".$name.", ".$mail.", ".$subject.", ".$content."**.**``);
you are using '.' instead of ,
Well, that's about the clearest message you get from SQL. You try to insert 5 values into 6 columns.
The problem that there's no comma between the last two values. Instead there's a . which makes the parser think it's only one value.
You are trying to insert into 6 columns:
id
name
email
subject
content
userid
But have only specified 5 values:
NULL
$name
$mail
$subject
$content
You've got a dot where you should have a comma:
".$subject."`, `".$content."`.``);";
Change that last dot to a comma and you should be golden
You've got 6 fields in your fields list, but are inserting only 5 values in your values list. Looks like you've got a . instead of a ,:
`, `".$subject."`, `".$content."`.``
^--- here
As well, there is NO reason to use repeated string concatenation as you are. PHP can insert variables into double-quoted strings quiet easily:
$sql = "INSERT INTO .... (...) VALUES (NULL, '$name', '$mail', '$subject', '$content', '')";
Note that the 'null' value is not quoted. Backticks are there to escape reserved words. If you intend to insert a real database null, then use the bare word null. If you want a literal string 'null' to go in, then quote it normally: 'null'.
You have six fields listed the first set of parentheses and only five fields in VALUES. That's what column count means.
So I have this,
<?php
require "database.php";
$to=$_GET['toF'];
$content=$_POST['message_contentl'];
$from=$_GET['fromF'];
$ck_reciever = "SELECT Username FROM accounts WHERE username = '".$to."'";
if( mysql_num_rows( mysql_query( $ck_reciever ) ) == 0 ){
die("The user you are trying to contact don't exist. Please go back and try again.<br>
<form name=\"back\" action=\"Send_FR.php\" method=\"post\">
<input type=\"submit\" value=\"Try Again\">
</form>
");
}else{
$a1 = $_POST['message_contentl'];
$a2 = $_GET['fromF'];
$a3 = $_GET['toF'];
mysql_query("INSERT INTO Friends (fr_message, From, To) VALUES ('$a1', '$a2', '$a3')"); OR die("Could not send the message: <br>".mysql_error());
echo "The Friend Request Was Successfully Sent!";
?>
But it doesn't work.
All it does is give me this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'From, To) VALUES ('', 'Extro', 'Syncro')' at line 1
Help, please?
from and to are reserved words in SQL, in MySQL you can use reserved words as column or table names by wrapping them in backticks, but I'd strongly advise against the use of reserved word as column names, it's horribly confusing. Small example ex absurdo:
select `select`, `from` from `where` where `like` like 'like';
Yeah, the engine eats it, but you'll admit it could be more readable :-)
FROM is a reserved SQL keyword - if you have a column or a table with that name, you will have to back-quote (`) it.
this is the php code:
$stringquery = "INSERT INTO sikurim(name, title, desc, category, subcategory)
VALUES ('$contact', '$heading','$comments', '$catF', '$catS' ) ";
mysql_query($stringquery) or die(mysql_error());
And i get the error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'desc, category, subcategory) VALUES ('jhjh', ' fffff','fffff',
'2', '4' )' at line 1
I can't find what's wrong with the code, can someone help?
DESC is reserved MySQL keyword. You need to enclose it in backquotes:
$stringquery = "INSERT INTO sikurim(name, title, `desc`, category, subcategory) VALUES ('$contact', '$heading','$comments', '$catF', '$catS' )";
You should escape each value.
Use mysql_escape_string http://www.php.net/manual/en/function.mysql-escape-string.php