I have a table called record with the fields id, email, key and time. "key" is the md5 hash of the email. So I have the following query/command
$key = md5($email);
$reg_time = time ();
$query = "INSERT INTO record (id, email, key, time) VALUES (NULL,\"$email\", \"$key\", \"$reg_time\")";
result = mysql_query($query) or die(mysql_error());
When I run the sql query without "key" i.e just using (id,email,time) it works fine but when I run it with key I get :
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use
near 'key, time) VALUES (NULL,"someemail.com", "itsmd5hash"' at line 1
key is being stored as a varchar(5000) ... for now just to be sure it's not about length
What could the problem be?
KEY is a reserved word. You'll need to quote that column name to use it.
So, use
`key`
instead of
key
KEY is a reserved word in MySQL. You need to wrap the column name in backticks (` - usually top left of your keyboard, next to 1):
$query = "INSERT INTO record (id, email, `key`, time) VALUES (NULL,\"$email\", \"$key\", \"$reg_time\")";
Also, you can use single quotes to wrap strings, so you don't need those hard-to-read escape sequences. Here is how I would write the query code:
$query = "INSERT INTO `record`
(`id`, `email`, `key`, `time`)
VALUES
(NULL, '$email', '$key', '$reg_time')";
Key is a reserved word in mysql .
Use key instead of key
I know it has been answered but key is a reserved word in mysql. Please google mysql reserved words. I tend to make acronyms for things like date of birth, most ppl would use date but I use DoB since date is reserved.
They can still be used if encapsulated in backticks but I recommend steering clear of reserved words due to the frustration it could cause should u forget it's reserved.
Also an md5 hash tag is a 32 character hash of something and thus your varchar need not be higher then varchar(32) though I always use (33) just in case lol. I'm pretty sure varchar truncated itself though but I'm not 100% certain. Also use sha1($variable) instead of md5($variable). It is a more advanced hash sequence and is 40characters long. Sha2() exists as well and sha3() will be releases in 2012 extending hashing up to 512-bits.
Related
Hello I need to have the transaction id in the comment field of my transaction
mysql_query("INSERT INTO `transactiontb` (`tid`, `amount`, `comment`) VALUES (NULL,'$amount', CONCAT('Transaction # ',`tid`)')");
How can i do this?
Get off of mysql_* functions. Look at MySQLi or PDO.
Don't store the tid twice. Why not concat when you select it instead of storing it that way? This is not the best way.
For reference though, try LAST_INSERT_ID()+1):
INSERT INTO `transactiontb` (`tid`, `amount`, `comment`)
VALUES (NULL, '$amount', CONCAT_WS('Transaction # ', LAST_INSERT_ID()+1))
LAST_INSERT_ID() will give the ID of the previous INSERT not the one from the current INSERT so you must add 1.
http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_last-insert-id
The ID that was generated is maintained in the server on a
per-connection basis. This means that the value returned by the
function to a given client is the first AUTO_INCREMENT value generated
for most recent statement affecting an AUTO_INCREMENT column by that
client. This value cannot be affected by other clients, even if they
generate AUTO_INCREMENT values of their own. This behavior ensures
that each client can retrieve its own ID without concern for the
activity of other clients, and without the need for locks or
transactions.
Use the LAST_INSERT_ID() function.
LAST_INSERT_ID() (with no argument) returns a BIGINT (64-bit) value
representing the first automatically generated value that was set for
an AUTO_INCREMENT column by the most recently executed INSERT
statement to affect such a column.
Source: MySQL Documentation
Example:
"INSERT INTO transactiontb(tid, amount, comment) VALUES (NULL,'" . $amount . "', CONCAT_WS('#','Transaction',LAST_INSERT_ID(id+1)))"
Just saw you were also forgetting to put the separator for you CONCAT_WS function, so i fixed it in the example query.
This question already has answers here:
How do I escape reserved words used as column names? MySQL/Create Table
(4 answers)
Closed 9 years ago.
I'm running this on my website:
$PlaceOrder = " Insert INTO Order VALUES ( '$CustomerID' , '$ItemID' , '$Quantity' , '$Date' ) ";
$result = mysql_query ($PlaceOrder);
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
But when I ever I do I keep getting the following error message:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Order VALUES ( '3' , '1' , '12' , '11/05/2013' )' at line 1
I really have no idea what to do now, I tried specifying the columns but that didn't work either. I am very new to this whole thing and I'm executing this based on whats in the manual.
Let's look at your error message again:
[...] the right syntax to use near'OrderVALUES
The first thing it complains about is Order. That's what you substitute the Table from your question for. So let's assume that's your actual table name.
It's also a reserved word. Enclose reserved words in backticks when used as column or table name identifiers.
Order is Key word Just use another word instead of Order
Are you sure there are only 4 columns and are they in the same order as you have specified in your query?
As you suggested try to add the column names, for example:
$PlaceOrder = "INSERT INTO Table (customer, item, quantity, date) VALUES ('$CustomerID', '$ItemID', '$Quantity', '$Date')";
Does this help you?
First of all, you should always specify the columns since you never know when you will have to add new columns to the table and old queries will start doing messy things if you haven't done that.
Having said that, are you sure those are the correct column data types that match the table's?
Also, make sure the date format is valid, you shoud use Y-m-d. You will find more info here.
I'm trying to run this query:
INSERT INTO table_a (fb_uid, from, to, time) VALUES (12345,'blah','test','2012-12-13 11:30:00')
But I'm getting:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
'from, to, time) VALUES (12345,'blah','test','2012-12-13 11:3' at line 1
The query seems fine to me, what is wrong with it?
Use backticks on your fields to prevent a conflict with MySQL reserved words:
INSERT INTO table_a (`fb_uid`, `from`, `to`, `time`) VALUES (12345,'blah','test','2012-12-13 11:30:00')
In this case, from and to are the reserved words
See here for more information and a complete list of reserved words.
FROM and TO are reserved keyword,
INSERT INTO table_a (fb_uid, `from`, `to`, time)....
MySQL Reserved Keyword List
time is a restricted word, does this help:
INSERT INTO table_a (`fb_uid`, `x`, `y`, `time`) VALUES (12345,'blah','test','2012-12-13 11:30:00')
Escaping everything to be sure.
I have a line of code in PHP as follows...
mysql_query("INSERT INTO `updates` (project_id, date, update) VALUES ('{$project}', '{$date}', '{$update}')") or die(mysql_error());
However I'm getting the following SQL syntax error...
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'update) VALUES ('14', '2012-05-06', 'Test update')' at line 1
If anyone could help me with this that would be great, perhaps it's obvious but I just can't see what's wrong here!
Change the query as below:
mysql_query("INSERT INTO `updates` (`project_id`, `date`, `update`) VALUES ('{$project}', '{$date}', '{$update}')") or die(mysql_error());
This is because date and update are registered keywords in MySQL. We cannot use it directly in the query. We need to escape it.
date and update are reserved words in MySQL.
You can use:
"INSERT INTO `updates` (project_id, `date`, `update`) VALUES ('{$project}', '{$date}', '{$update}')"
Though ideally you should never use a reserved word as an entity name. It offers no advantages, yet has a few minor disadvantages (for example, makes the SQL less portable).
Also, a fairly minor point, if project_id is an integer typed field, pass it an integer, not a string. Like:
INSERT INTO `updates` (project_id, `date`, `update`) VALUES ({$project}, '{$date}', '{$update}')
update is a keyword in SQL, encapsulate your mysql fields in backticks.
First and foremost Thing: you can not user mysql preserver word. When you use it, be ready to waste your hours in finding out error.
Here is the list of reserve words: DO NOT USE ANY AMONG IT
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Second: Even if you want to dare to use preserved keyword. User table prefix or column prefix along with reserved keyword.
Third:
When ever you perform the database operations along php either quote each and every parameter where required or just user simple one.
i.e if you wish to quote db table columns than surround each column by quote
"INSERT INTO `updates` (`project_id`, `date`, `update`) VALUES ('{$project}', '{$date}', '{$update}')"
and if you don't quote then quote none of them
"INSERT INTO updates (project_id, date, update) VALUES ('{$project}', '{$date}', '{$update}')"
Hope this would help you
I cant find where my mistake is.
$result= mysql_query(" INSERT INTO inbox ( messages, from, to, date, control_panel_id, title )
VALUES( '".$message."' , '".$this->sender."' , '".$this->recipient."', NOW() , '".$this->control_panel_id."' , '".$title."' )
") or die(mysql_error());
I get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, to, date, control_panel_id, title ) VALUES( ' ' at line 1
What am I doing which is wrong?
You need to quote reserved words like from when using them as names or aliases. You can do this by surrounding them with backticks, for example:
SELECT messages, `from`, ...
If in doubt, you can safely quote all column names.
INSERT INTO `inbox`
(`messages`, `from`, `to`, `date`, `control_panel_id`, `title`)
VALUES
-- etc...
Also, you may wish to consider avoiding names that are reserved worsd in future to avoid problems like this.
from is a reserved word in SQL. If that's a column name, you always have to enclose it in backticks. (Or double quotes for ANSI mode).
You could also write your mysql_query string less cumbersome by actually utilizing the double quotes:
$result = mysql_query("
INSERT INTO inbox
( messages, `from`, `to`, `date`,
control_panel_id, title )
VALUES
( '$message', '$this->sender', '$this->recipient',
NOW() , '$this->control_panel_id', '$title' )
")
or die(mysql_error());
(And contemporary PHP database interfaces would be even less effort, bla bla..)
Mysql not suppot some keyword as it used in mysql syntax so i think you have change
keywords from, to and date to other name...