This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
Hopefully someone can help me out. All I am trying to do is insert a record into a database, but I keep getting the message
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (pid,uid,projecttitle,username,amount,odate) values (,,'','',,'6-2' at line 1` on my page.
Here is the main part of the code. I would be grateful for anyone that can help me out.
<?
extract($_REQUEST);
//print_r($_REQUEST);
//query fetch user & project info
//$queryorder="select * from project p where p.pid='".$id."'";
$queryorder="select * from users u,project p where p.pid='".$id."' and u.uid='".$_SESSION['key']."'";
$resultorder=executequery($queryorder,$link);
$rowo=mysql_fetch_assoc($resultorder);
//print_r($rowo);
//get today date
$createddate=date("n-j-Y");
//order
$order="insert into order (pid,uid,projecttitle,username,amount,odate)
values (".$rowo['pid'].",".$rowo['uid'].",'".$rowo['projectname']."','".$rowo['username']."',".$rowo['price'].",'".$createddate."')";
mysql_query($order) or die(mysql_error());
//end of insert order query
?>
<? //headtag.php conatain all javascript & css files
include('headtag.php');
?>
<body>
ORDER is a mysql keyword. Try this:
INSERT INTO `order` ...
order is a keyword. You need to escape it with backticks.
insert into `order` (pid,uid,projecttitle,username,amount,odate)...
You must supply a value for each column.
(,,'','',,'6-2'
You obviously have no values for pid, uid and amount.
Try this: (you are supplying empty values to that query)
$order="insert into order (pid,uid,projecttitle,username,amount,odate)
values (".(int)$rowo['pid'].",". (int)$rowo['uid'].",'".$rowo['projectname']."','".$rowo['username']."',". (float)$rowo['price'].",'".$createddate."')";
mysql_query($order) or die(mysql_error());
The second thing that will cause mysql syntax error is the table name - order is a reserved keyword in mysql, so you need to quote it. The beginning of the query will then be:
INSERT INTO `order` (...
Related
I'm almost sorry to ask this question but I'm drawing a complete blank. I'm getting the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE number='7'' at line 1"
It seems whenever I try to use just an integer in the following code, I get the syntax error;
$go = mysql_query("UPDATE $db1 SET count='$t1c', WHERE number='$input2'") or die(mysql_error());
As you can see the page gets the value, that's not the issue.. it just doesn't seem to like the WHERE = 7 part. I've tried with and without the quote marks, I've tried changing that column in the table from a int to a varchar. Still get the same thing yet the code BEFORE this piece that runs:
$check1 = mysql_query("SELECT * FROM $db1 WHERE number='$input2'");
Run's absolutely fine. It finds the value where number equals $input2...
Can someone help me PLEASE? I'm drawing a complete blank here :/
Remove the , in the query:
mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'");
Remove comma(,) which is placed before WHERE in UPDATE query
$go = mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'") or die(mysql_error());
Change
"UPDATE $db1 SET count='$t1c', WHERE number='$input2'"
to
"UPDATE $db1 SET count='$t1c' WHERE number='$input2'"
The comma shouldn't be there (before WHERE) and is causing an error.
number is a reserved word in mysql sql
it is better not to name columns with that words or you need to backtick them in query
example:
`number`=3
mysql reserved words
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
<?php
include"include/db.php";
$sql=mysql_query("select * from order where user='".$_SESSION['user']."' and flag=0") or die(mysql_error());
$i=0;
$sum=0;
$sum2=0;
while($rows=mysql_fetch_assoc($sql))
{
$sum2+=$rows['tedad'];
$sum+=getproductPrice($rows['pid']);
echo "<tr style=\"border:#00CCFF thin dotted\"><td><img src='images/bullet_delete.png' ></td>
<td align=center>".$rows['tedad']."</td>
<td align=left>".getproductPrice($rows['pid'])."</td>
<td align=right>".getproductName($rows['pid'])."</td>
<td align=center>".++$i."</td></tr>";
?>
This is my code, how do I correct it wrong
my error is :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order where user='zahra20' and flag=0' at line 1
$sql=mysql_query("select * from `order` where user='".$_SESSION['user']."' and flag=0") or die(mysql_error());
This should work, since you're having a table called 'order', you have to use '`' before and after the name, BECAUSE there's a SQL function called order, and since you can't SELECT * FROM ORDER, because ORDER is a function, then you're getting an error.
You should also consider using PDO or MySQLi for queries, since old mysql is not secure at all.
Looking at your query:
"select * from order where user='".$_SESSION['user']."' and flag=0"
There are a couple of things wrong here.
First, order is a reserved word. In order to use it as an identifier you need to enclose it in back-ticks:
"select * from `order` where user='".$_SESSION['user']."' and flag=0"
Second, your query is wide open to SQL Injection Attacks. That session value could have anything in it. Since you're effectively executing that value as code then you don't control the syntax of the code you're executing. I recommend fixing that.
when i start searching a record from db i got an issue when apostrophes present in word
for that i used addslashes,mysql_real_escape_strin but not worked for that
<?php
include("lib/dbconn.php");
$list_query_main1="select * from table where name like '%".mysql_real_escape_string($_REQUEST['keyword'])."%'";
$list=mysql_query($list_query_main1);
echo mysql_num_rows($list);
?>
Zero results found but name present in DB give me solution.
you are getting mysql error
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table' at line 1
because TABLE is reserved word. If you named your table like TABLE, you must use right mysql syntax
$list_query_main1="select * from `table` where `name` like '%".mysql_real_escape_string($_REQUEST['keyword'])."%'";
Adding if(!$list || mysql_errno() != 0) echo mysql_error(); after line $list=mysql_query($list_query_main1); will give you some info in case of a query failure
Otherwise myqsl_* is deprecated you should start using mysqli_* functions.
And change your last line
echo $mysql_num_rows($list);
and replace it with
echo mysql_num_rows($list);
If you want to call myqsl_num_rows() function
I want to take meta tags from an external webpage and save it into my mysql db, although I keep getting an error. Some help would be appreciated.
$tags = get_meta_tags($_POST['url']);
if (array_key_exists("description", $tags)){
$desc = mysql_real_escape_string($tags['description']);
}
$postQ = mysql_query("INSERT INTO posts (userdesc,desc,title,url,userid) VALUES ('$userdesc','$desc','$title','$url','$userid')");
The error I keep getting is this:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,title,url,userid) VALUES ('Wow this house is small','We've featu' at line 1
desc is a mysql reserved word either enclose that field name in backticks or rename the field name to something else.
eg.
mysql_query("INSERT INTO posts (userdesc,`desc`,title,url,userid)...
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
See something wrong in my code? I can't get the update function to work.. weird thing is the rest works correctly, and the same code works 100% on another page.
<?php
include("config.php");
$id = $_GET['id'];
$number = $_GET['no'];
$result = mysql_query("SELECT * FROM comments WHERE commentid = '$id'")
or die(mysql_error());
$row = mysql_fetch_array( $result );
mysql_query("update `comments` set like = like +1 where commentid = '$id'"); <--- only this here doesnt work
?>
And there is 1 line of html after that, a span tag getting some information out of the comments table.
My 'like' column is set to int(11), so I don't see that being the problem.
Hope this isnt another innatention mistake :/
Thanks alot to anyone who can help me out!
This is the error
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near 'like = like
+1 where commentid = '61'' at line 1
As EboMike posted, LIKE is a reserved keyword in MySQL.
You can either rename your column to something else that is not a keyword (preferred), or you can put a backtick (a backwards single quote) around it to tell MySQL it's a literal name.