I have a line of code in PHP as follows...
mysql_query("INSERT INTO `updates` (project_id, date, update) VALUES ('{$project}', '{$date}', '{$update}')") or die(mysql_error());
However I'm getting the following SQL syntax error...
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'update) VALUES ('14', '2012-05-06', 'Test update')' at line 1
If anyone could help me with this that would be great, perhaps it's obvious but I just can't see what's wrong here!
Change the query as below:
mysql_query("INSERT INTO `updates` (`project_id`, `date`, `update`) VALUES ('{$project}', '{$date}', '{$update}')") or die(mysql_error());
This is because date and update are registered keywords in MySQL. We cannot use it directly in the query. We need to escape it.
date and update are reserved words in MySQL.
You can use:
"INSERT INTO `updates` (project_id, `date`, `update`) VALUES ('{$project}', '{$date}', '{$update}')"
Though ideally you should never use a reserved word as an entity name. It offers no advantages, yet has a few minor disadvantages (for example, makes the SQL less portable).
Also, a fairly minor point, if project_id is an integer typed field, pass it an integer, not a string. Like:
INSERT INTO `updates` (project_id, `date`, `update`) VALUES ({$project}, '{$date}', '{$update}')
update is a keyword in SQL, encapsulate your mysql fields in backticks.
First and foremost Thing: you can not user mysql preserver word. When you use it, be ready to waste your hours in finding out error.
Here is the list of reserve words: DO NOT USE ANY AMONG IT
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Second: Even if you want to dare to use preserved keyword. User table prefix or column prefix along with reserved keyword.
Third:
When ever you perform the database operations along php either quote each and every parameter where required or just user simple one.
i.e if you wish to quote db table columns than surround each column by quote
"INSERT INTO `updates` (`project_id`, `date`, `update`) VALUES ('{$project}', '{$date}', '{$update}')"
and if you don't quote then quote none of them
"INSERT INTO updates (project_id, date, update) VALUES ('{$project}', '{$date}', '{$update}')"
Hope this would help you
Related
I am not able to insert id and name in myTable MySQL table by using following PHP syntax. id is integer field and name is varchar field.
$query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", ".$_SESSION["name"].");";
Is there something wrong with above syntax? As per me its right because if insert hardcoded values, those are inserted fine.
Yes, you need to use single quotes for name
$query="INSERT INTO myTable (id, name) VALUES (" . $_SESSION["id"] . ", '" . $_SESSION["name"]."');";
Also, please try not to contstruct the queries by hand using string concatenation/substitution. It can be dangerous if your $_SESSION (somehow) contains content that can manipulate queries completely.
Read about SQL Injection, and what PHP offers.
Put the string value inside quotes:
$query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", '".$_SESSION["name"]."');";
String should be enclosed in quotes
$query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", '".$_SESSION["name"]."');";
name is a reserved word. Put backticks around it. Also, you need quotes around your name variable (and the id, if it is not an integer).
Your query should look like this:
$query="INSERT INTO myTable (id, `name`) VALUES (".$_SESSION["id"].", '".$_SESSION["name"]."')";
use this
$query="INSERT INTO myTable (id, name) VALUES ({$_SESSION["id"]},'{$_SESSION["name"]}');";
Here is my query
INSERT INTO faq (order, heading, content)
VALUES ('$_POST[order]','$_POST[heading]','$_POST[content]')
I have a field before it called ID that I set to auto increment and INT
I get this error "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, heading, content) VALUES ('Order','Title','content')' at line 1"
Is there something I am missing, it works just fine if the ID field doesn't exist?
order is a sql keyword. You need to use backticks to escape the word order
INSERT INTO faq (`order`, `heading`, `content`)
VALUES ('$_POST[order]','$_POST[heading]','$_POST[content]')
Also you should escape those $_POST parameters instead of inserting them directly into your SQL query:
$order = mysql_real_escape_string($_POST['order']);
...
INSERT INTO faq (`order`, `heading`, `content`)
VALUES ('$order','$heading','$content')
I'm trying to run this query:
INSERT INTO table_a (fb_uid, from, to, time) VALUES (12345,'blah','test','2012-12-13 11:30:00')
But I'm getting:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
'from, to, time) VALUES (12345,'blah','test','2012-12-13 11:3' at line 1
The query seems fine to me, what is wrong with it?
Use backticks on your fields to prevent a conflict with MySQL reserved words:
INSERT INTO table_a (`fb_uid`, `from`, `to`, `time`) VALUES (12345,'blah','test','2012-12-13 11:30:00')
In this case, from and to are the reserved words
See here for more information and a complete list of reserved words.
FROM and TO are reserved keyword,
INSERT INTO table_a (fb_uid, `from`, `to`, time)....
MySQL Reserved Keyword List
time is a restricted word, does this help:
INSERT INTO table_a (`fb_uid`, `x`, `y`, `time`) VALUES (12345,'blah','test','2012-12-13 11:30:00')
Escaping everything to be sure.
I have a table called record with the fields id, email, key and time. "key" is the md5 hash of the email. So I have the following query/command
$key = md5($email);
$reg_time = time ();
$query = "INSERT INTO record (id, email, key, time) VALUES (NULL,\"$email\", \"$key\", \"$reg_time\")";
result = mysql_query($query) or die(mysql_error());
When I run the sql query without "key" i.e just using (id,email,time) it works fine but when I run it with key I get :
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use
near 'key, time) VALUES (NULL,"someemail.com", "itsmd5hash"' at line 1
key is being stored as a varchar(5000) ... for now just to be sure it's not about length
What could the problem be?
KEY is a reserved word. You'll need to quote that column name to use it.
So, use
`key`
instead of
key
KEY is a reserved word in MySQL. You need to wrap the column name in backticks (` - usually top left of your keyboard, next to 1):
$query = "INSERT INTO record (id, email, `key`, time) VALUES (NULL,\"$email\", \"$key\", \"$reg_time\")";
Also, you can use single quotes to wrap strings, so you don't need those hard-to-read escape sequences. Here is how I would write the query code:
$query = "INSERT INTO `record`
(`id`, `email`, `key`, `time`)
VALUES
(NULL, '$email', '$key', '$reg_time')";
Key is a reserved word in mysql .
Use key instead of key
I know it has been answered but key is a reserved word in mysql. Please google mysql reserved words. I tend to make acronyms for things like date of birth, most ppl would use date but I use DoB since date is reserved.
They can still be used if encapsulated in backticks but I recommend steering clear of reserved words due to the frustration it could cause should u forget it's reserved.
Also an md5 hash tag is a 32 character hash of something and thus your varchar need not be higher then varchar(32) though I always use (33) just in case lol. I'm pretty sure varchar truncated itself though but I'm not 100% certain. Also use sha1($variable) instead of md5($variable). It is a more advanced hash sequence and is 40characters long. Sha2() exists as well and sha3() will be releases in 2012 extending hashing up to 512-bits.
I cant find where my mistake is.
$result= mysql_query(" INSERT INTO inbox ( messages, from, to, date, control_panel_id, title )
VALUES( '".$message."' , '".$this->sender."' , '".$this->recipient."', NOW() , '".$this->control_panel_id."' , '".$title."' )
") or die(mysql_error());
I get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, to, date, control_panel_id, title ) VALUES( ' ' at line 1
What am I doing which is wrong?
You need to quote reserved words like from when using them as names or aliases. You can do this by surrounding them with backticks, for example:
SELECT messages, `from`, ...
If in doubt, you can safely quote all column names.
INSERT INTO `inbox`
(`messages`, `from`, `to`, `date`, `control_panel_id`, `title`)
VALUES
-- etc...
Also, you may wish to consider avoiding names that are reserved worsd in future to avoid problems like this.
from is a reserved word in SQL. If that's a column name, you always have to enclose it in backticks. (Or double quotes for ANSI mode).
You could also write your mysql_query string less cumbersome by actually utilizing the double quotes:
$result = mysql_query("
INSERT INTO inbox
( messages, `from`, `to`, `date`,
control_panel_id, title )
VALUES
( '$message', '$this->sender', '$this->recipient',
NOW() , '$this->control_panel_id', '$title' )
")
or die(mysql_error());
(And contemporary PHP database interfaces would be even less effort, bla bla..)
Mysql not suppot some keyword as it used in mysql syntax so i think you have change
keywords from, to and date to other name...