I can't get this to work, keep getting an error message.
Error
You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '-mail, password,
birth_date, age, sex, profile_text, zip_code, zip_code_state, c' at line 1
Code
mysql_query("INSERT INTO users (username, e-mail, password, birth_date, age, sex,
profile_text, zip_code, zip_code_state, coins, rank, profile_visits,
profile_likes, profile_image, profile_points, activated, deleted, reg_time,
last_active_time, reg_ip)
VALUES ('$randomName', 'awduhawd#hotmail.com', 'awd', '21/05/1990','0','2',
'0','4306','Sandnes','0','user','0','0','$image','0','0','0','$time',
'$time','0')")
or die(mysql_error());
Surround e-mail with backticks...
`e-mail`,
You can't drop a - there otherwise.
the - sign is a reserved symbol in SQL, need to wrap e-mail in backticks i.e. `e-mail``
Rule of thumb: column names in backticks and concatenate the string variables for readability, the MySQL date format is Y-m-d (1990-05-21)
mysql_query("INSERT INTO users (`username`, `e-mail`, `password`, `birth_date`, `age`,`sex`,
`profile_text`, `zip_code`, `zip_code_state`, `coins`, `rank`, `profile_visits`,
`profile_likes`, `profile_image`, `profile_points`, `activated`, `deleted`, `reg_time`,
`last_active_time`, `reg_ip`)
VALUES ('".$randomName."', 'awduhawd#hotmail.com', 'awd', '1990-05-21','0','2',
'0','4306','Sandnes','0','user','0','0','".$image."','0','0','0','".$time."',
'".$time."','0')")
or die(mysql_error());
If you are using php for this dont use single quotes arround variables, they wont be parsed.
'$randomName' = wrong
either use "$randomName"
or use "'.$randomName.'"
Related
I have an PHP registration script with MySQLi and OOP.
But i get an mysql syntax error when executing an query.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-mail, ip_register, ip_lastlogin, lastlogin) VALUES ('', Aarivex, ******, ****' at line 1
PHP Code:
$register_sql = "INSERT INTO users (id, username, password, pin, e-mail, ip_register, ip_lastlogin, lastlogin) VALUES ('', $username, $password, $pin, $email, $ip, $ip, $lastlogin)";
Wheres the problem?
...for the right syntax to use near '-mail
SQL's telling you where error starts ^ the offending character
You need to wrap/encapsulate the e-mail column in backticks since it contains a hyphen.
SQL figures you want to do math which translates to: e minus mail
Plus, missing quotes in your values
$register_sql = "INSERT INTO users (id, username, password, pin, `e-mail`, ip_register, ip_lastlogin, lastlogin) VALUES ('', '$username', '$password', '$pin', '$email', '$ip', '$ip', '$lastlogin')";
Those are strings and must be inside quotes.
Another option would be to rename your column to e_mail using an underscore as you did for some of the other columns. That way, you would not need to use backticks.
Look into using one of the following also:
Prepared statements
PDO with prepared statements.
Having used or die(mysqli_error($con)) to mysqli_query() would have signaled the error(s).
$con being your DB connection, this could/stand to be different than yours.
Adjust accordingly.
Identifiers (table/columns)
More on this topic: http://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html
Tip:
Try and avoid using hyphens, or spaces or any other character that SQL may complain about, this includes using a space in between words.
I.e.:
INSERT INTO your_table (column 1, column-2) <= will cause/throw an error
you would need to use backticks:
INSERT INTO your_table (`column 1`, `column-2`) <= correct / valid
Although spaces are allowed (yet discouraged), they too need to be encapsulated in backticks.
If you're going to have a dash in a column identifier (which is a bad idea) you must wrap it in ticks. Otherwise you are subtracting the value of the mail column from the e column which not not valid in an INSERT statement.
You're also missing quotes around your string values.
$register_sql = "INSERT INTO users (id, username, password, pin, `e-mail`, ip_register, ip_lastlogin, lastlogin) VALUES ('', '$username', '$password', '$pin', '$email', '$ip', '$ip', '$lastlogin')";
Try changing e-mail fieldname to email OR you need to encompass your that field name with back quotes like this:
`e-mail`
I suppose your id is set to Auto Increment.
If it is just remove the first column from the insert statement and it should work fine.
$register_sql = "INSERT INTO users (username, password, pin, e-mail, ip_register, ip_lastlogin, lastlogin) VALUES ($username, $password, $pin, $email, $ip, $ip, $lastlogin)";
And yes, change the e-mail field to `e-mail`.
Im pretty new to PHP and SQL and I have been following some tutorials. I am trying to insert some simple items into an existing table (and yes the names are exact on the table, login info etc...)
Here is the error I am getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user' ('username', 'email') VALUES ('Testname', '123')' at line 1
Here is my string:
mysql_query("INSERT INTO 'user' ('username', 'email') VALUES ('Testname', '123')") or die(mysql_error());
any ideas?
there is a difference between ' and ` sign, when you need to call columns you need to cover them with
` sign not with single quote sign '
mysql_query("INSERT INTO `user` (`username`, `email`) VALUES ('Testname', '123')") or die(mysql_error());
Replace your code:
mysql_query("INSERT INTO `user` (username, email) VALUES ('Testname', '123')") or die(mysql_error());
Replace your code to
mysql_query("INSERT INTO user VALUES ('Testname', '123')") or die(mysql_error());
Try this..
Use table name correctly (user).
mysql_query("INSERT INTO user('username', 'email') VALUES('Testname', '123')") or die(mysql_error());
There is a difference in mysql queries between the quote (') and the back-quote (`). The back quote is used to quote names of tables, databases and columns. The normal quote is used to undicate that the given value is a string and not a reference.
so your query should look like
mysql_query("INSERT INTO `user` (`username`, `email`) VALUES ('Testname', '123)")
because "user" is a preserved word as "username" so I put those around back-quotes so mysql knows it's an reference and not a function or property.
in PHP MYSQL Single quote is not use for field name and table name unlike Oracle
You can use
INSERT INTO user (username, email) VALUES ('Testname', '123')
OR
INSERT INTO `user` (`username`, `email`) VALUES ('Testname', '123')
instead of ' single quote Tiled can be used.....
if you dont want to use then its okey just use Tiled for reserve words in query like status or order etc
and as per #Andy said use mysqli driver for connection because mysql_query will bedeprecated in next version
I am really pulling my hair out on this one. I got a simple comment section on my self-built php app and I simply want to add a new row if I catch a $_GET parameter. But no matter how I build the MySQL insert request, I get an error.
This is what I have so far:
if(isset($_GET['r'])){
$replyid = mysql_real_escape_string($_GET['r']);
$sentnow = date("Y-m-d H:i:s");
mysql_query("INSERT INTO eis_inbox (messageid, toid, from, contact, seen, message, date) VALUES (NULL, '".$replyid."', 'TESTUSER', 'CONTACTINFO', '0', 'MESSAGE', '".$sentnow."'") or die(mysql_error());
echo '<meta http-equiv="refresh" content="0;/messages">';
}
My MySQL DB fields are called exactly the same: messageid (auto_increment), toid(int11), from(varchar255), contact(varchar255), seen(int3), message(text) and date(timestamp/CURRENT_TIMESTAMP).
Executing the above page with let's say "index.php?r=777" should, as I see it, populate my MySQL with a new row as such:
messageid = (AUTO_INCREMENT)
toid = 777
from = TESTUSER
contact = CONTACTINFO
seen = 0
message = MESSAGE
date = 2013-01-17 11:50:01
Instead, I get the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, contact, seen, message, date) VALUES (NULL, '1', 'TESTUSER', 'CONTACTINFO'' at line 1
Same error shown with "error_reporting(E_ALL)".
I have looked into this for several days now, and I just can't find the error... Perhaps I am blind and miss a comma or closing tag or something. Any ideas?
Its bcause you're using reserved words (from and date) as column names.
Wrap them around with ``
ie:
INSERT INTO eis_inbox (`messageid`, `toid`, `from`, `contact`, `seen`, `message`, `date`)
Date is keyword of mysql you have to enclose it within ` sign. Here is the complete list of reserved words in MySQL from official documentation for future use.
Apart from this the parenthesis for values is not closed.
Use this. I hope this will work fine.
INSERT INTO eis_inbox (`messageid`, `toid`, `from`, `contact`, `seen`, `message`, `date`) VALUES (NULL, '".$replyid."', 'TESTUSER', 'CONTACTINFO', '0', 'MESSAGE', '".$sentnow."')"
Thanks.
There are some syntax errors in here :
There is a missing parenthesis at the end of your generated query.
from and date are reserved keywords, enclose them in `.
seen and toid are not varchar fields, and therefore their values shouldn't be enclosed in '.
Try :
mysql_query("INSERT INTO eis_inbox (messageid, toid, `from`, contact, seen, message, `date`)
VALUES (NULL, ".$replyid.", 'TESTUSER', 'CONTACTINFO', 0, 'MESSAGE', '".$sentnow."')");
Warning : this is vulnerable to SQL injections. Don't use mysql_* commands, try PDO ou mysqli instead. Prepared statements will help avoiding them.
you can't use reserved word in mysql direct
from is reserved word
short example
INSERT INTO eis_inbox (messageid, from) VALUES (1,2);
-- is bad query
INSERT INTO eis_inbox (messageid, `from`) VALUES (1,2);
-- is correct query
but better is avoid such situation. Here is the complete list of reserved words in MySQL from official documentation for future use.
You are missing a bracket
mysql_query("INSERT INTO eis_inbox (messageid, toid, from, contact, seen, message, date) VALUES (NULL, '".$replyid."', 'TESTUSER', 'CONTACTINFO', '0', 'MESSAGE', '".$sentnow."')") or die(mysql_error());
Your missing an closing tag for the values, and from is preserved, so you should escape it... (use quotes around it should do the trick,...:
mysql_query("INSERT INTO eis_inbox (messageid, toid, from, contact, seen, message, date) VALUES (NULL, '".$replyid."', 'TESTUSER', 'CONTACTINFO', '0', 'MESSAGE', '".$sentnow."'") or die(mysql_error());
should be
mysql_query("INSERT INTO eis_inbox (messageid, toid, 'from', contact, seen, message, date) VALUES (NULL, '".$replyid."', 'TESTUSER', 'CONTACTINFO', '0', 'MESSAGE', '".$sentnow."')") or die(mysql_error());
Also as zan mentioned, don use mysql_* functions, but mysqli_* or PDO...
This query works:
$con = mysql_connect("localhost","root","pw");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db", $con);
$sql="INSERT INTO l1_clubmsg (msg, subject, status)
VALUES
(1,1,1)";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
But when i change:
$sql="INSERT INTO l1_clubmsg (msg, subject, status)
VALUES
(1,1,1)";
To:
$sql="INSERT INTO l1_clubmsg (msg, subject, status, to)
VALUES
(1,1,1,1)";
I get this error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'to) VALUES (1,1,1,1)' at line 1
The 'to' column does exist in l1_clubmsg
Any ideas why this gets an error? thanks
TO is a reserved word in mysql, so if you want to use it as a column name, you need to escape it like;
INSERT INTO l1_clubmsg (msg, subject, status, `to`) VALUES (1,1,1,1)
It's usually a good idea to escape all column and table names since newer versions of databases may have new reserved words, but in this case only one is required.
It not because of 4 or more columns that the error is produced.
The error is produced because to is a keyword and can't be used like this.
You can write the query as:
$sql="INSERT INTO l1_clubmsg (msg, subject, status, `to`)
VALUES
(1,1,1,1)";
For the list of keywords you could look here
Note: Normally try to avoid keywords in the query. And if you use make sure that you escape it using backticks(`)
TO is a reserved word in MySQL. You will have to escape it in your query. Try
$sql="INSERT INTO l1_clubmsg (msg, subject, status, `to`)
VALUES
(1,1,1,1)";
The punctuation marks I've added around to are called backticks.
I suspect that to is a reserved work in MySQL - you'll need to make sure that MySQL interprets correctly as a column name. Instead of:
INSERT INTO l1_clubmsg (msg, subject, status, to)
VALUES
(1,1,1,1)
Try:
INSERT INTO l1_clubmsg (`msg`, `subject`, `status`, `to`)
VALUES
(1,1,1,1)
The backticks ensure that it's parsed appropriately.
You have to put quotation marks around TO.
I don't know what's wrong with my syntax, but I'm missing something:
$createrequest = mysql_query("INSERT INTO products_updates_queue (id, kid,
product_version_id, key, ip) VALUES ('$request_id', '$uid', '$version_id',
'$request_key', '$request_ip')");
I receive this error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key, ip) VALUES ('j4ctveyd0x62', '1', 'z451ah3', 'hqbyu7bhg8za', '64.134.163.2' at line 2"
Can anyone see what I am missing?
I think key is a reserved word, and you should avoid using it as a column name. Try using backticks around it:
$createrequest = mysql_query("INSERT INTO products_updates_queue (id, uid, product_version_id, `key`, ip) VALUES ('$request_id', '$uid', '$version_id', '$request_key', '$request_ip')");
key is a reserved word in MySQL. Avoid it, or wrap it in backticks.
Edit: And I hope you escaped the variables you're putting into that query.