MySQL Query works fine using MySQL workbench but produces an error when I am executing it through PHP.
$sql = "INSERT INTO authors (submission_id, first_name, last_name, email, affiliation, country)
VALUES ('83', 'Chris', 'Hobbit', 'asfasf#gmail.com','Maryland', 'PK');
UPDATE articles
SET title='83',
abstract = 'Comp'
where article_id = '83';
";
$result = Model::getConnection()->query($sql) or die(mysqli_error(Model::getConnection()));
This is the error I get from PHP.
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'UPDATE articles SET title='83', abstract = 'Comp' where
article_id = '8' at line 1
Yet this same SQL script works fine on MySQL workbench. Whats the problem?
You cannot execute multiple queries with mysql_query. Split your query into two (and get rid of the semicolons I think) and call mysql_query twice
Put your sql statement on two variables
$query = "INSERT INTO authors (submission_id, first_name, last_name, email, affiliation, country)
VALUES ('83', 'Chris', 'Hobbit', 'asfasf#gmail.com','Maryland', 'PK')";
$query1 = "UPDATE articles SET title='83', abstract = 'Comp' where article_id = '83'";
Then execute your queries:
$result = Model::getConnection()->query($query) or die(mysqli_error(Model::getConnection()));
$result = Model::getConnection()->query($query1) or die(mysqli_error(Model::getConnection()));
Related
So, I have this code that returns into a syntax error. Can you please help me figure out what the problem is?
$query = mysql_query("INSERT INTO tablename (column)
VALUES('".$php_var."') WHERE cat = $php_var2") or die(mysql_error());
You cant use WHERE clause with INSERT. If you want to insert then the query will be -
"INSERT INTO tablename (column) VALUES('".$php_var."')"
Or if it is update then -
"UPDATE tablename SET column = '".$php_var."' WHERE cat = '" . $php_var2 . "'"
Try to avoid mysql. Use mysqli or PDO
You can't do INSERT with WHERE clause unless it's WHERE NOT EXISTS, so just do:
$query = mysql_query("INSERT INTO tablename (column) VALUES('$php_var')");
Maybe you needed to do UPDATE
$query = mysql_query("UPDATE tablename SET column='$php_var' WHERE cat = '$php_var2' ");
INSERT INTO syntax can't accept a WHERE.
The good syntax is:
INSERT INTO table_name
VALUES(...);
Or, if you prefer not to insert in all the table columns:
INSERT INTO table_name(column_name1, column_name2, ...)
VALUES(column1_value, column2_value, ...);
As a side note, in your request you don't insert your PHP variable, but some text.
I've been trying to get this INSERT to work correctly, so I worked through the undefined variable and index problems and now I think I am nearly there.
Below is the code:
<?php
session_start();
require "../dbconn.php";
$username = $_SESSION['username'];
$query1 = "SELECT user_table.user_id FROM user_table WHERE user_table.username ='".$username."'";
$query2 = "SELECT department.department_id FROM department, user_table, inventory
WHERE user_table.user_id = department.user_id
AND department.department_id = inventory.department_id";
//Copy the variables that the form placed in the URL
//into these three variables
$item_id = NULL;
$category = $_GET['category'];
$item_name = $_GET['item_name'];
$item_description = $_GET['item_description'];
$item_quantity = $_GET['quantity'];
$item_quality = $_GET['quality'];
$item_status = NULL;
$order_date = $_GET['order_date'];
$invoice_attachment = NULL;
$edit_url = 'Edit';
$ordered_by = $username;
$user_id = mysql_query($query1) or die(mysql_error());
$department_id = mysql_query($query2) or die(mysql_error());
$price = $_GET['price'];
$vat = $_GET['vat%'];
$vat_amount = $_GET['vat_amount'];
$create_date = date("D M d, Y G:i");
$change_date = NULL;
//set up the query using the values that were passed via the URL from the form
$query2 = mysql_query("INSERT INTO inventory (item_id, category, item_name, item_description, item_quantity, item_quality, item_status, order_date,
invoice_attachment, edit_url, ordered_by, user_id, department_id, price, vat, vat_amount, create_date, change_date VALUES(
'".$item_id."',
'".$category."',
'".$item_name."',
'".$item_description."',
'".$item_quantity."',
'".$item_quality."',
'".$item_status."',
'".$order_date."',
'".$invoice_attachment."',
'".$edit_url."',
'".$ordered_by."',
'".$user_id."',
'".$department_id."',
'".$price."',
'".$vat."',
'".$vat_amount."',
'".$create_date."',
'".$change_date."')")
or die("Error: ".mysql_error());
header( 'Location:../myorders.php');
?>
Error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES( '', 'adasd', 'dsadsa', 'dsad', 'sadsad', '' at line 2
Could anyone please let me know where I am going wrong? :(
Been staring at this for 3-5 hours already :(
You are not actually trying to insert any data into your table. You only craft and assign the query in string form to a variable. You need to use the function mysql_query to actually run the code.
As pointed out you will also have to specify the columns you are inserting data into in the MySQL query if you don't supply data for every column (in the correct order). Here you can look at the MySQL insert syntax.
I would also urge you to look into using the MySQLi or the MySQL PDO extensions for communicating with your MySQL database since the MySQL extension is deprecated. Look here for additional information and comparisons.
Here, you only assign the values to the $query var:
$query = "INSERT INTO inventory VALUES (
'".$item_id."',
'".$category."',
'".$item_name."',
'".$item_description."',
'".$quantity."',
'".$quality."',
'".$item_status."',
'".$order_date."',
'".$invoice_attachment."',
'".$edit_url."',
'".$ordered_by."',
'".$price."',
'".$vat."',
'".$vat_amount."',
'".$create_date."',
'".$change_date."')"
or die("Error: ".mysql_error());
You do not actually run the query.
try:
$query = mysql_query("INSERT INTO inventory (column_name1, column_name 2, column_name3 ... the column name for each field you insert) VALUES (
'".$item_id."',
'".$category."',
'".$item_name."',
'".$item_description."',
'".$quantity."',
'".$quality."',
'".$item_status."',
'".$order_date."',
'".$invoice_attachment."',
'".$edit_url."',
'".$ordered_by."',
'".$price."',
'".$vat."',
'".$vat_amount."',
'".$create_date."',
'".$change_date."')")
or die("Error: ".mysql_error());
Also, you should use mysqli_* or any other PDO as the mysql_* functions are deprecated
If you are not inserting in all columns you need to specify the columns you are going to insert. Like this:
INSERT INTO Table(Column1, Column6) VALUES (Value1, Value6)
You are missing the column names in your INSERT
I am new to mysql and I would really appreciate any help. What I want to do is to upload an image to a specific row in a database and then display the image in the user's page. The error I get is:
Error in Query:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = 1' at line 4.
This is the piece of code referenced:
$sql = "INSERT INTO users5 (image, imageName)
VALUES ('{$imgData}', '{$_FILES['userfile']['name']}')WHERE id = $id;";
What I want to do is to upload an image to a specific row in a database
You have to use an UPDATE command if a row is already existing.
$sql = "UPDATE users5 SET image = ?, imageName = ? WHERE id = ?";
$stmt = $mysqli->prepare( $sql );
$stmt->bind_param( 'ssi', $imgData, $_FILES['userfile']['name'], $id );
As suggested, you better use prepared statement to bind parameter values for placeholders safely, avoiding SQL injection.
Hi I have a table full of company names, the problem I am having is that it is full of duplicates.
To resolve this I am using the following piece of code to remove the data from one table and then insert it in to another using DISTINCT.
When i run the code, i keep getting the following error,
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Group Holdings Ltd')' at line 4
If i remove the company name variable it inserts all of the ip address fine, but as soon as i try to insert a company name i get the above error.
$query = "SELECT DISTINCT ip_address, company_name, FROM companydetail1";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$ip_address = $row['ip_address'];
$company_name = $row['company_name'] ;
mysql_real_escape_string($company_name);
mysql_real_escape_string($ip_address);
mysql_query("INSERT INTO companydetail30 (ip_address, company_name) VALUES ('$ip_address', '$company_name') ") or die(mysql_error());
}
Any suggestions would be appreciated.
Thanks
Not only does your code not work in its current state, it is also vulnerable to SQL injection because you are using mysql_real_escape_string incorrectly.
The mysql_real_escape_string function gives back the escaped string as its return value, so you need to assign it back to the variable to save the escaped string:
$company_name = mysql_real_escape_string($company_name);
$ip_address = mysql_real_escape_string($ip_address);
in your query with distinct there ia an error
$query = "SELECT DISTINCT ip_address, company_name, FROM companydetail1";
there is a "," after company_name it should not be
query should be like this
$query = "SELECT DISTINCT ip_address, company_name FROM companydetail1";
Secondly you should do like this.
$company_name = mysql_real_escape_string($company_name);
$ip_address = mysql_real_escape_string($ip_address);
So I have a database setup in MySQL with three columns. The first column is 'idnum' that auto increments the users id numbers. The second and third are first and last names respectfully. My problem is when I go to send the the names to the DB via a query string in my PHP file, I get a couple different errors back...
When I send the query:
$sql = "insert into namesdb values('NULL', 'firstname', 'lastname')";
$result = $db->query($sql);
I get back this error: "Incorrect integer value: 'NULL' for column 'idnum' at row 1." Because column 1 is an INT type.
But then when I send this query:
$sql = "insert into namesdb values(".NULL.", 'firstname', 'lastname')";
$result = $db->query($sql);
I get back a syntax error...
Any idea on what the heck I'm doing wrong here??
Thank you for any help!
It should be:
$sql = "insert into namesdb values(NULL, 'firstname', 'lastname')";
$result = $db->query($sql);
'NULL' is a string of "NULL".
Though another option (the one I would go with) is to list the columns explicitly:
INSERT INTO namesdb (firstname, lastname) VALUES ('firstname', 'lastname')
I prefer listing the columns because it is more future proof, and it's easier to see what's going on. Imagine if columns are rearranged, added, or removed in the future. Suddenly fixing your queries is going to be a massive pain if you have to remove the 6th unnamed parameter everywhere (for example).
Its better specify field names which you want to insert and dont specify id field
like
insert into namesdb(firstname,lastname) values('firstname', 'lastname')
It will auto increment your id field
You can write query this way to avoid that problem..
$sql = "INSERT INTO table_name SET column_name_1 = 'value_1', column_name_2 = 'value_2'";
$sql = "insert into namesdb values('NULL', 'firstname', 'lastname')";
In the above query 'NULL' is a string object and your column is an Integer so the error.
$sql = "insert into namesdb values(".NULL.", 'firstname', 'lastname')";
In this query you are sending php NULL value so the final query looks like the following
"insert into namesdb values(, 'firstname', 'lastname')";
So it is invalid.
The correct way to insert should be like this
$sql = "insert into namesdb values(NULL, 'firstname', 'lastname')";
or like this
$sql = "insert into namesdb values('firstname', 'lastname')";
The reason above query works is because of the auto increment.