this is the php code:
$stringquery = "INSERT INTO sikurim(name, title, desc, category, subcategory)
VALUES ('$contact', '$heading','$comments', '$catF', '$catS' ) ";
mysql_query($stringquery) or die(mysql_error());
And i get the error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'desc, category, subcategory) VALUES ('jhjh', ' fffff','fffff',
'2', '4' )' at line 1
I can't find what's wrong with the code, can someone help?
DESC is reserved MySQL keyword. You need to enclose it in backquotes:
$stringquery = "INSERT INTO sikurim(name, title, `desc`, category, subcategory) VALUES ('$contact', '$heading','$comments', '$catF', '$catS' )";
You should escape each value.
Use mysql_escape_string http://www.php.net/manual/en/function.mysql-escape-string.php
Related
I'm creating a page where I have the option for attaching files. When the files have single quotes in their names is attached, I get an error. This is how I tried:
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["id"]));
$upload_directory = "uploads/attachments/";
$result = file_upload("attachment", "../".$upload_directory);
if($result[status] == true) {
$query = "insert into `attachments`
(
`id`,
`file_name`,
`file_extension`,
`file_size`,
`uploaded_file_name`,
`uploaded_file_path`
)
values
(
'$id',
'".$result[file_name]."',
'".$result[file_extension]."',
'".$result[file_size]."',
'".$result[uploaded_file_name]."',
'".$upload_directory.$result[uploaded_file_name]."'
)";
This is the error I got:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '2016.xlsx'
'xlsx',
'7988',
'1466056157029.xlsx',
'upload' at line 15
I know this is the place where the problem is: '".$result[file_name]."'. The problem is because of the single quote I've used. What is the change I should do? What should I add?
Add single quotes. You are using ' in filename so use addslashes() and when fetching use stripslashes(). OR remove ' from filename.
See below code
$query = "insert into `attachments`
(
`id`,
`file_name`,
`file_extension`,
`file_size`,
`uploaded_file_name`,
`uploaded_file_path`
)
values
(
'$id',
'".addslashes($result['file_name'])."',
'".$result['file_extension']."',
'".$result['file_size']."',
'".$result['uploaded_file_name']."',
'".$upload_directory.$result['uploaded_file_name']."'
)";
Number of arguments are mismatched in your insert query.
Use single quote,
ex: '".$result['file_name']."'
I wrote this mySQL query and I keep getting an error. Included are the query and the error:
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, $lastkey, $time())") or die(mysql_error());
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
Any help would be greatly appreciated! Thank you.
If your column in 'umeta_id' is default NULL then you don't need to specify it on the insert. 'CURTIME()' is an SQL function that returns current time. Should work if the column 'meta_value' is set to hold only time. I'm assuming you are using PHP. I've found including the variables in tick marks ' works. Also mysql_query is deprecated. You should use mysqli_query(yourDatabaseConnection, yourQuery)
mysql_query("INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES ('$value', '$lastkey', CURTIME())") or die(mysql_error());
You are passing String thru query to mysql Without putting in Single/Double quotes. Use
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, '".$lastkey."', '".$time()."')") or die(mysql_error());
this query with string concatenation.
Check type of values was matched with database and umeta_id allow be null .
may be on of field has autoincrement or not null check database again .
you should use NOW()
mysql_query("INSERT INTO wp_usermeta(umeta_id, user_id, meta_key, meta_value)
VALUES(NULL, $value, $lastkey, NOW())") or die(mysql_error());
$sql="INSERT INTO $p (q,o1,o2,o3,o4,ta,ma) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma')";
this query is getting executed but shows error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '(q,o1,o2,o3,o4,ta,ma) VALUES
('','','','','','','')' at line 1
any idea??
use this query
$sql=" INSERT INTO '$p' ( `q` , `o1` ,`o2` ,`o3` , `o4` ,`ta` ,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma') "
use single quotes for '$p'
$sql="INSERT INTO '$p' (`q`,`o1`,`o2`,`o3`,`o4`,`ta`,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma')";
Always use single comma on php variable if you are using double comma at the start. Like this
$query = "INSERT INTO 'table' WHERE 'user' = '$user'";
in your case:
" INSERT INTO '$p' ( `q` , `o1` ,`o2` ,`o3` , `o4` ,`ta` ,`ma`) VALUES ('$q','$o1','$o2','$o3','$o4','$ta','$ma') "
im trying to update my table using the following query...
$query = mysql_query("UPDATE `outgoings` (id, user_id, bill, bill_name, bill_description, bill_colour ) VALUES ('$id', '$uid', '$bill', '$billname', '$billdescription', '$billcolour') WHERE id = '$id'") or die(mysql_error());
It returns...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(id, user_id, bill, bill_name, bill_description, bill_colour ) VALUES ('', '8464' at line 1
Ive tried removing ' around my variables and googling for alternative methods but cant seem to figutre out what imdoing wrong?
Use this syntax for update statements:
UPDATE `outgoings` set id = '$id', user_id = '$uid' ... where ...
You got it mixed with insert statement I guess.
It looks like your ID is empty (...VALUES ('',...). Should there be an ID there?
Your $id seems to be empty or not defined yet. Read mysql.error() up to the end.
The update query has different syntax, something like that:
UPDATE `outgoings` SET user_id='$uid', bill='$bill' WHERE id = '$id'
I run this command in SQL Workbench and it returns my desired results, but it return a syntax error in the browser...
$sql = "SELECT
SUBSTRING(`last_name`, 1, 1) AS alpha,
SUBSTRING(`middle_name`, 1, 1) AS subMiddleName,
`idClients`,
`type`,
`first_name`,
`middle_name`,
`last_name`,
`address`,
`primary_number`,
`secondary_number`,
`home_number`,
`office_number`,
`cell_number`,
`fax_number`,
`ext_number`,
`other_number`,
`comments`
FROM `clients`
WHERE `user_id` = 2
AND `is_sub` = 0
AND `prospect` = 1
ORDER BY `last_name`";
Also user_id, is_sub, and prospect are of the INT data type if anyone wants to know. I tried to treat them as strings in the query, but that still didn't help.
this is the error i get
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND prospect = 1 AND type = 'Buyer'' at line 1
You're not showing us the same query, or the relevant PHP code, as nowhere does the above query use the string 'Buyer'.
That said, you may need to escape the column name type with backticks:
AND `prospect` = 1 AND `type` = 'Buyer'