Strange SQL Syntax error [closed] - php

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
With a the code,
mysql_query("INSERT INTO Messages (Message, toUser, From, Date) VALUES ('$mes','$to','$from','$date')")
I'm getting an SQL syntax error. What is the reason for this? I see nothing wrong with the syntax.

DATE is a reserved word in SQL, so I gather that it's triggering a syntax error when you use it as a column name because MySQL tries to parse it as something other than a column name.
Either escape your identifiers with backticks:
mysql_query("INSERT INTO `Messages` (`Message`, `toUser`, `From`, `Date`) VALUES ('$mes','$to','$from','$date')")
Or better, see if you can rename the column to something else that doesn't need escaping.

My guess is someone put a ' in one of the variables, thus making a query like
INSERT INTO Messages (Message, toUser, From, Date) VALUES ('Test','Joe O'Neil','Jack Smith','2011-12-20')
This is a syntax error because of the ' in "O'Neil". You need to escape your variables before using them in SQL.
$mes = mysql_real_escape_string($mes);
$to = mysql_real_escape_string($to);
$from = mysql_real_escape_string($from);
$date = mysql_real_escape_string($date);
mysql_query("INSERT INTO Messages (Message, toUser, From, Date) VALUES ('$mes','$to','$from','$date')");

Make your query, like:
//use mysql_real_escape_string for variables
mysql_query("INSERT INTO Messages (`Message`, `toUser`, `From`, `Date`) VALUES ('$mes','$to','$from','$date')")

There's probably a character in your variables that requires escaping. Use mysql_real_escape_string as described here: http://php.net/manual/en/function.mysql-real-escape-string.php

Related

Sql syntax error using UPDATE database query [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
evening all, i have an issue with a syntax sql error
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'where username = danny (name, url, banner, description, sponsor, date, password)' at line 1
Here is my code
$query = "UPDATE websites where username = $login_session (name, url, banner, description, sponsor, date, password) VALUES ('$n', '$b', '$d', '0', now(), SHA('$p'))";
Your MySQL query is wrong, as the error says, check the manual.
In UPDATE you don't use table(field,field1) values('value','value1') like in INSERT, you use field='value', field1='value1' also, WHERE should be at the end, the right order is query + where + order + limit. MySQL is not that flexible.
That's because your UPDATE statement syntax is wrong. Check MySQL documentation for proper UPDATE syntax. I think you meant to do a INSERT rather
INSERT INTO websites (name, url, banner, description, sponsor, date, password)
VALUES ('$login_session', '$n', '$b', '$d', '0', now(), SHA('$p'))
EDIT:
I think this is what you are after
UPDATE websites SET name = '$n',
url = '$b',
banner = '$d',
description = '0',
sponsor = 'some_value_here',
date = now(),
password = SHA('$p')
where username = '$login_session';

INSERT into sql database [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I've inserted into databases before but never used the 'where' feature. For some reason, it is not inserting, but dieing instead.
<?php
$member=$_SESSION['member'];
$SQL = "INSERT into members where name='$member'(money) VALUES ('100')";
mysql_query($SQL) or die("Could not insert money");
print "Money successfully inserted";
?>
This is not valid SQL:
INSERT into members where name='$member'(money) VALUES ('100')
I would assume something like this:
update `members` set `money`=100 where `name`='$member';
Rationale: (money) is a field and 100 is the value for money (since those 2 make the most sense from a INSERT INTO members (field) VALUES (value) syntax point of view).
Never die() with a fixed error message, especially when you can output the actual reason: ... or die(mysql_error()).
But yes, your problem is a syntax error. INSERT queries do NOT have a WHERE clause - where is used to filter records already in the database table. This makes no sense for a new record, because it's not IN the table to filtered in the first place.
You query should basically be just
INSERT into members (name, money) VALUES ('$member', '100')
And note that you are vulnerable to SQL injection attacks, and are using a deprecated/obsolete database interface.
If you want to change existing data, use the update command instead of insert.
You can't use WHERE clause with INSERT command
http://dev.mysql.com/doc/refman/5.0/en/insert.html
You have to do an update
<?php
$member=$_SESSION['member'];
$SQL = "UPDATE `members` SET `money`='100' WHERE `name`='$member'; ";
mysql_query($SQL) or die("Could not insert money");
print "Money successfully inserted";
?>
For inserting :
$SQL = "INSERT INTO members(money) VALUES ('100')";
MySQL INSERT Syntax does not support the WHERE clause. MySQL.com Insert Info
Are you actually trying to insert a new row, or update an existing 'member'? If update, then try:
UPDATE members SET money = 100, WHERE name='$member';

SQL syntax error, in my user system [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Been sitting here all morning trying to improve safety when users create a new user in my system. And finally when everything is fixed and everything works, and at the end of the code where i send informations to the database, im getting a SQL syntax error sigh!!
Here's the error i get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by) VALUES('tester', 'blabla', 'xx', 'bla#bla.dk', '1387708599', './gfx/profilbi' at line 1
And heres my code..
mysql_query("INSERT INTO brugere (brugernavn, kodeord, salt_encrypt, email, timestamp, img, ip, status, by) VALUES('$_POST[brugernavn]', '$_POST[kode]', 'vissevasse', '$_POST[email]', '$time', '$uploadfile', '$ip_adresse', '0', '$_POST[by]') ") or die(mysql_error());
hope you guys can spot this one, because i can't!
BY is a mysql reserved keyword you need to wrap it with back-ticks
INSERT INTO brugere (`brugernavn`, `kodeord`, `salt_encrypt`, `email`, `timestamp`, `img`, `ip`, `status`, `by`) ....
Reserved Words in MySQL
by
is a reserved mysql keyword
even when you code no longer will throw an error it is HIGHLY advisable that you do NOT use something like
'$_POST[brugernavn]'
directly in a query. Google for sql injection and maybe also consider what xkcd has to say about this
Your code is vulnerable to SQL Injection.
fetch post parameter using
$something = mysqli_real_eacape_string($_POST['<something>']);
and then use that variable in your insert query.
Also since mysql is deprecated use mysqli/PDO
For reserved mysql keyword try to use back tick character (`)
eg:
INSERT INTO users (by) VALUES ('Jibran')

Error in MySQL query - reserved words [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I have problem with query, anybody see something bad?
INSERT INTO messages (subject, from, recipient, text, time)
VALUES
('Welcome in King of the States!','The Game','$username','Hello $username, THIS MESSAGE IS DISPLAYED IN ENGLISH AUTOMATICLY SORRY FOR THAT! this game is in baby stadium so if you will see any bugs, please report them to our help desc system','$time')
Error from sql:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, recipient, text, time) VALUES ('Welcome in King of the States!','The Gam' at line 1
from is a mysql reserved word. try placing from in backtick
Like below:
`from`
try to do:
INSERT INTO messages (`subject`, `from`, `recipient`, `text`, `time`)
VALUES
('Welcome in King of the States!','The Game','$username','Hello $username, THIS MESSAGE IS DISPLAYED IN ENGLISH AUTOMATICLY SORRY FOR THAT! this game is in baby stadium so if you will see any bugs, please report them to our help desc system','$time')
From is the reserve keyword in the mysql so use the below query:
INSERT INTO `messages` (`subject`, `from`, `recipient`, `text`, `time`)
VALUES
('Welcome in King of the States!',
'The Game','$username',
'Hello $username,
THIS MESSAGE IS DISPLAYED IN ENGLISH AUTOMATICLY SORRY FOR THAT! this game is in baby stadium so if you will see any bugs, please report them to our help desc system','$time')
"INSERT INTO messages SET subject='Welcome in King of the States!',from='The Game',recipient='".$username."',text='Hello.$username', time=''";
Instruction:
from is a keyword in mysql. So you can not use directly in query like this.
You need to parse it every time and for that use backtick
use it like from

Why is this insertion query failing? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Improve this question
mysql_query("
INSERT INTO `LMS`.`Presentation`
('Pre_Name' ,'Path' ,'PLec_ID' ,'pdatein' ,'pdesc','PSems_ID')
values
('$fname','$newname','$com',NOW(),'$filedesc','$semes')"
) or die("failed");
Dear All,
I have a table named presentation and I am going to enter value to it, it is mentionable that $com and $sems are comboboxs value, but the query show failed, anyone could help please,
thanks in advance
You're using quotes when you should be using backticks:
mysql_query("INSERT INTO `LMS`.`Presentation` (`Pre_Name`, `Path`, ...
Or simply don't use any special character. The backtick is only necessary if you do something silly like use a reserved word as a column name and I would hope people would choose their column names to be more readable.
In other words, date and in and select are silly names for columns, you should be using expiry_date, isInLocation and selectionStatus.
change or die("failed") into or die(mysql_error()) and you'll know why.
btw, consider changing from mysql functions to mysqli functions. And use parameterized queries. Otherwise you will be open to SQL injection.
mysql_query("
INSERT INTO table
(column1, column2, column3, column4 .... columnX)
VALUES(column1Data,column2Data, column3Data, column4Data ... columnXdata)
") or die(mysql_error());
> rove on this example and if there isnt a alias for a table then could not use a alias.
everything hiddends on details..

Categories