I have a following code:
<?php
include("config.php");
$key = 'blahblah';
$sql = "INSERT INTO softversions SET key='$key'";
$result = mysql_query($sql) or die ($mysql_error());
echo "dude";
?>
This gives me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='svksskjfvns'' at line 1
The thing is that I've used this script about a hundred times on other pages and it worked.
Table and field names are 100% correct.
I don't understand what is going on.
Do you see the syntax error there?
KEY is a reserved word in MySQL and you need to escape it using backticks to use it as a column name and also you should not use SET when inserting.
$sql = "INSERT INTO softversions (`key`) VALUES ('$key')";
key is a reserved word in MySQL. To use it as a column, you need to escape it every time you call it.
$sql = "INSERT INTO softversions SET `key`='$key'";
$sql = "INSERT INTO softversions(keyName) values('{$key}')";
Related
I am attempting to insert some user-inputted data into my MySQL table using the following command:
$sql = "INSERT INTO Queued ('$role') VALUES ('$sname')";
Interestingly enough, I get the following error:
Error: INSERT INTO Queued ('Tops') VALUES ('Summoner')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''Tops') VALUES ('Summoner')' at line 1
To be honest, I am relatively new at using PHP as well as MySQL, but I can't seem to find the error in my syntax; the Queued table does exist, $role and $sname are both strings so I encased them in single quotes. I suspect this is a newbie mistake, could anyone point me in the right direction?
This is due to use of single quotes ' around the column name. The query should be like:
$sql = "INSERT INTO Queued ($role) VALUES ('$sname')";
OR
$sql = "INSERT INTO Queued (`$role`) VALUES ('$sname')";
Try this format
$sql = "INSERT INTO Queued ('".$role."') VALUES ('".$sname."')";
`s role is to differentiate between built in SQL words and the column names, so if a word is used for name of a column that might be also a built in sql expression then `` are needed around it
I am learning some PHP/MYSQL over a tutorial and I think that syntax has changed since that tutorial was produced. Please help me out, this are my first steps with PHP/MYSQL. I have been stuck here for some hours now. Connection to DB is successful, but can't query any data.
I run local wamp server and here is the code:
PHP 5.4
MYSQL 5.6
Here is the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table' at line 1
<?php
//error_reporting(E_ALL);
require 'connect.php';
$result = $db->query("SELECT * FROM table") or die($db->error);
print_r($result);
?>
If table is the name of your table then you need to escape it with back ticks:
$result = $db->query("SELECT * FROM `table`") or die($db->error);
This is because table is one of MySQL reserved words and the rule is that if you need to use them then they need to be escaped with backticks.
$result = $db->query("SELECT * FROM `table`") or die($db->error);
$result = $db->fetch_array("SELECT * FROM `table`") or die($db->error);
print_r($result);
You are just selecting it. You need to fetch it as an array.
Also as #vee noticed, you need to use backticks => ` around the word table because table is a MySQL reserved word.
I'm trying to insert some values into the database using information posted on a form through php
following is the code that i'm using for insertion
$query=mysql_query("select * from poll_question where question = '$question'") or die(mysql_error());
$numrows=mysql_num_rows($query);
if($numrows)
{
while($row=mysql_fetch_assoc($query))
{
$dbid=$row['id'];
}
}
$sql1 = "INSERT INTO poll_option(option , poll_id ,click)
VALUES('$_POST[optionone]',
'$dbid' , 0)";
$result1 = mysql_query($sql1);
echo "1 record added";
echo mysql_error();
$sql2 = "INSERT INTO poll_option(option , poll_id , click)
VALUES('$_POST[optiontwo])',
'$dbid', 0)";
$result2 = mysql_query($sql2);
echo mysql_error();
$sql3 = "INSERT INTO poll_option(option , poll_id, click)
VALUES('$_POST[optionthree])',
'$dbid ', 0)";
$result3 = mysql_query($sql3);
echo mysql_error();
now i'm getting the following output
You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near 'option , poll_id ,click) VALUES('sj', '24' , 0)' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option , poll_id , click) VALUES('dsdg', '24', 0)' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option , poll_id, click) VALUES('xzf', '24 ', 0)' at line 1
The part under the "values" syntax is the one that i'm trying to insert. that information is correct.that is VALUES('xzf', '24 ', 0) is Correct and i want to insert this only , but their is some problem with the syntax.Any suggestions?
What echo_me said.
Additionally, in $sql2 and $sql3 you are closing the VALUES (...) parenthesis too soon:
VALUES('$_POST[optiontwo])',
^ remove this
Your $sql1 is correct.
OPTION is reserved keyword for mysql
try use backticks around it in all your queries
like that:
`option`
look reserved keywords here
In addition to what echo_me stated in removing the parentheses incorrectly added to $sql2 and $sql3, you really should migrate over to mysqli (since mysql is deprecated) and at least use the real escape string option on your post variable before automatically inserting whatever is posted to the script into your database. A good example for your code is:
$post_option1 = mysql_real_escape_string($_POST['optionone']);
$post_option2 = mysql_real_escape_string($_POST['optiontwo']);
$sql1 = "INSERT INTO poll_option (`option`, `poll_id`, `click`) VALUES('$post_option1', '$dbid', 0)";
$sql2 = "INSERT INTO poll_option (`option`, `poll_id`, `click`) VALUES('$post_option2', '$dbid', 0)";
My opinion is it would make things simpler for you as well. The info on the real escape string can be found here:
http://php.net/manual/en/function.mysql-real-escape-string.php
It's against best practice to insert a POST or GET directly into your database without any form of mitigation against SQL injection.
Try to avoid using mysql functions, but rather learn to use PDO functions. They have a number of advantages over mysql functions, although im really sorry, i dont remember them right now, and i dont want to say anything that's not true.
Also, i dont think that the mysql functions can prevent SQL injection, which can let any user alter your Database however they want.
Most importantly though, is that they're deprecated in PHP 5.5
Sorry if i didn't solve your question, just thought to let you know. Good luck, maybe you can get it to work with the new functions.
Update: Sorry, didn't see the comments and posts about switching to mysqli and such.
For the life of me I can't get this insert query to work.
mysql_connect("**host**", "**username**", "**password**") or error("Could not connect: ".mysql_error());
mysql_select_db("**db_name**");
$db = mysql_query("INSERT INTO `pass_reset` (id,status,key,email) VALUES ('','0','$key','$email')");
It returns this error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'key,email) VALUES ('','0','','')' at line 1
Could someone help me with this? I'm literally pulling my hair out over this simple query.
Try the following:
$db = mysql_query("INSERT INTO `pass_reset` (id,status,`key`,email) VALUES ('','0','$key','$email')");
Because key is a reserved word by MySQL, you must escape it with the backticks ``
KEY is a reserved word in MySQL, so you'd have to escape it with back ticks.
Maybe try enclosing the column names with the grave accent?
(`id`,`status`,`key`,`email`)
dont put php variable in '', it will surely work man
$db = mysql_query("INSERT INTO `pass_reset` (id,status,key,email) VALUES ('','0',$key,$email)");
Or
$db = mysql_query("INSERT INTO `pass_reset` (id,status,key,email) VALUES ('0',$key,$email)");
I have created a form that inserts the entered data into the database. It works perfectly except when I put SHA1('$password') into the INSERT INTO VALUSE tag. If I put only '$password it works fine.
Putting SHA1 displays - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Can you help me out.
Thanks
$q = "insert into users (fullname,email,website,username,password) values ('$fn','$e','$w','$u', SHA1('$password')";
$r = mysql_query($q) or die(mysql_error()); //Run the query.
Looks like you are missing a parenthesis in your statement. Try:
$q = "insert into users (fullname,email,website,username,password) values ('$fn','$e','$w','$u', SHA1('$password'))";