So I have this,
<?php
require "database.php";
$to=$_GET['toF'];
$content=$_POST['message_contentl'];
$from=$_GET['fromF'];
$ck_reciever = "SELECT Username FROM accounts WHERE username = '".$to."'";
if( mysql_num_rows( mysql_query( $ck_reciever ) ) == 0 ){
die("The user you are trying to contact don't exist. Please go back and try again.<br>
<form name=\"back\" action=\"Send_FR.php\" method=\"post\">
<input type=\"submit\" value=\"Try Again\">
</form>
");
}else{
$a1 = $_POST['message_contentl'];
$a2 = $_GET['fromF'];
$a3 = $_GET['toF'];
mysql_query("INSERT INTO Friends (fr_message, From, To) VALUES ('$a1', '$a2', '$a3')"); OR die("Could not send the message: <br>".mysql_error());
echo "The Friend Request Was Successfully Sent!";
?>
But it doesn't work.
All it does is give me this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'From, To) VALUES ('', 'Extro', 'Syncro')' at line 1
Help, please?
from and to are reserved words in SQL, in MySQL you can use reserved words as column or table names by wrapping them in backticks, but I'd strongly advise against the use of reserved word as column names, it's horribly confusing. Small example ex absurdo:
select `select`, `from` from `where` where `like` like 'like';
Yeah, the engine eats it, but you'll admit it could be more readable :-)
FROM is a reserved SQL keyword - if you have a column or a table with that name, you will have to back-quote (`) it.
Related
I have a page that updates the data of a specific user. The user has position, which is a foreign key. The query update (below) works fine without the position, but with the position I get the following error.
Query :
$queryUpdate = "UPDATE visitorsystem.employee SET idNumber = '$idNumber', name = '$name',
surname = '$surname',
position = 'SELECT positionid FROM visitorsystem.position WHERE positionName LIKE '%$position%'',
email = '$email'
WHERE employeeid = '$empId'";
$resultUpdate = mysqli_query($connection,$queryUpdate)
or die("Error in query: ". mysqli_error($connection));
Error in query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near 'SELECT positionid FROM visitorsystem.position WHERE
positionName LIKE '%Informat' at line 3
I have tried to work my way around by using inner join as I have seen some solutions given here on stack but nothing has worked. Any Suggestions ?
Subqueries go within regular parens, not quotes, so in a general sense:
SELECT x FROM y WHERE z IN (SELECT z FROM a)
Single and double quotes (by default) are only for string values.
<?php
require 'database.inc.php';
$query="SELECT 'food','calorie' FROM 'users' ORDER BY 'id' " ;
if($query_run=mysql_query($query))
{echo '<br> working';}
else {echo '<br>nothing error';
echo mysql_error();} ?>
ERROR:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''users'
Replace all your ' with `(this is the sign below ~ in keyboard) as:
$query="SELECT `food`,`calorie` FROM `users` ORDER BY `id`";
Delete all single quotes ' in your query :
$query="SELECT food,calorie FROM users ORDER BY id";
No need to use the quotes for table name or field name. instead use back quotes if needed (`).
For normal field names it is not mandatory. if table contain any field name, that is a mysql key name, it is mandatory.
for eg:- if column name "group" exists. with out back quotes it will throw error.
$query="SELECT `food`,`calorie` FROM `users` ORDER BY `id` " ;
I'm not a newbie to PHP but I have encountered a [seemingly] simple problem which I cannot figure out how to resolve.
MySQL throws error that the syntax is wrong.
My Statement is this:
if($value){
$query = "UPDATE ".$preuploads." SET words = '$words_amount' WHERE id= $sn_id";
$db->sql_query( $query ) or die( mysql_error() );
}
And then $words_amount is an integer, $sn_id is also an integer. They are double checked.
The statement when printed before execution is as follows:
UPDATE SET uploads words = '250' WHERE id= 8081
// edited, with the name of table added since the problem primarily was
// with the encapsulation and the name of table just was dropped in this question
// and not in the app
however words value ('250') is tested with integer data-type as well, but no change occurs and the error lingers on.
And the error thrown is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET words = '250' WHERE id= 8081' at line 1
If I understand your question (and preuploads is a table), then
$query = "UPDATE ".$preuploads." SET words = '$words_amount' WHERE id= $sn_id";
should be
$query = "UPDATE ".$preuploads." SET words = '".$words_amount."' WHERE id=".$sn_id;
Or, even better prepare and use bind_param,
$stmt = $mysqli->prepare("UPDATE ? SET words=? WHERE id=?");
$stmt->bind_param($preuploads, $words_amount, $snd_id);
$stmt->execute();
check your string ($words_amount) has any single quotes ' if it is then remove it by using this option on php $words_amount=string_replace("'","/'",$your_string_variable);
I have found two errors:
First, not encapsulation of the data should occur, thus:
$words_count should be left as is, not to be encapsulated with '
And the table and fields name should be encapsulated with backtick
I think your having problem with name of table. The syntax for update query is
UPDATE table_name SET words = '250' WHERE id= 8081
I am trying to insert data into Mysql table, but it is giving me an error as-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Scoretab VALUES ('UX 345','22','0.8562675')' at line 1
This is the php-mysql snippet that im using :
if($value >= 0.70){
$mu_id = $ros['c_id'];
$moc_id = $ram['t_id'];
$query="INSERT INTO Scoretab VALUES ('$mu_id','$moc_id','$value')";
$op1 = mysql_query($query) or die(mysql_error());
}
This is my table structure:
CREATE TABLE IF NOT EXISTS `Scoretab` (
`mu_id` varchar(10) NOT NULL,
`moc_id` int(5) NOT NULL,
`score` decimal(5,4) NOT NULL,
UNIQUE KEY `mu_id` (`mu_id`)
)
There could potentially be a few problems with this query
$query="INSERT INTO Scoretab VALUES ('$mu_id','$moc_id','$value')";
Does the number of columns match the fields your trying to insert? Have you tried using using specific column identifier Scoretab (col,col,col) values (val, val, val)
Does any of your values contain an unescaped apostrophe? You might want to consider using mysql_real_escape_string for $mu_id and intval for $moc_id maybe!
$value is a float you don't need to ad apostrophes while inserting
Are you sure you are connected to the same database you have this table in?
this could be a possible working solution (edit)
if ($value >= 0.70)
{
$mu_id = mysql_real_escape_string($ros['c_id']);
$moc_id = intval($ram['t_id']);
$query = "INSERT INTO `Scoretab` VALUES ('$mu_id', $moc_id, $value)";
$op1 = mysql_query($query) or die(mysql_error());
}
try this
$query="INSERT INTO Scoretab (mu_id,moc_id,score) VALUES ('$mu_id','$moc_id','$value')";
The error seems to be before the table name Scoretab. Did you check your syntax carefully?
Sometimes we don't see what's right in front of our eyes! :D
Just replicated the example and everything worked for me.
I am trying to insert emails into a MYSQL table, and I am getting an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 19, 'blah#gmail.com')' at line 1
I've looked over the internet, and tried different combinations of collations and codes, but nothing will work. Is the '#' the problem here? I am getting this email address from decoding Facebook's JSON user object. Here are snippets from my code:
$user = json_decode(file_get_contents($jsonurl));
$userid = $user->id;
if($user->gender == "male") $usergender = TRUE;
else $usergender = FALSE;
$useremail = $user->email;
mysql_select_db("kirkstat", $con);
$result = mysql_query("INSERT INTO table (id, access, gender, age, email) VALUES ($userid, '$access_token', $usergender, 19, '$useremail')");
if (!$result){
echo("error.\n");
die('Invalid query: ' . mysql_error());
}
id is a bigint, access is a varchar, gender is a binary, age is an int, and email is a varchar.
Thanks for your help!
false casts as a string to an empty string. An empty string is not valid in SQL for an integer column (or a column value of any kind since it won't have a '' either).
Instead of false/true use 0/1.
# signs are fine in text. I believe it's your "gender" value that's probably causing the error -- you should echo out the full query.