I have been converting my sql code to PHP PDO, and so far I have had two issues. both giving the save error
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1', `admin_active` = '0' WHERE `id` = '1' AND `agency_id` = '1' LIMIT 1' at line 1 in ....
This is my code:
$sql = "UPDATE `tblAgencyLocations` ";
$sql .= "SET `location_name` = :LocationName, `address1` = :Address1, `address2` = :Address2, ";
$sql .= "`city` = :City, `state` = :State, `zip_code` = :ZipCode, `phone1` = :Phone1, ";
$sql .= "`phone2` = :Phone2, `fax1` = :Fax1, `email_address` = ':EmailAddress, ";
$sql .= "`admin_active` = :LocationActive ";
$sql .= "WHERE `id` = :AgencyLocationID AND `agency_id` = :agencyID LIMIT 1";
$STH = $this->prepare($sql);
$STH->bindParam(':agencyID', $agencyID);
$STH->bindParam(':LocationName', $LocationName);
$STH->bindParam(':Address1', $Address1);
$STH->bindParam(':Address2', $Address2);
$STH->bindParam(':City', $City);
$STH->bindParam(':State', $State);
$STH->bindParam(':ZipCode', $ZipCode);
$STH->bindParam(':Phone1', $Phone1);
$STH->bindParam(':Phone2', $Phone2);
$STH->bindParam(':Fax1', $Fax1);
$STH->bindParam(':EmailAddress', $EmailAddress);
$STH->bindParam(':LocationActive', $LocationActive);
$STH->bindParam(':AgencyLocationID', $AgencyLocationID);
$STH->execute();
I got this same error, the other one was a select. Is there a limitation on how many times you can "Bind"? or the SQL is very long?
Thank you.
The lone quotation mark is causing a syntax error here:
`email_address` = ':EmailAddress
in my case I was using query instead of prepare, obvious when you see it.
Related
I'm trying to update my database with the following query:
$sth = "UPDATE rpacks SET rpacks_location VALUES (:location) WHERE rpacks_id = (:id)";
$q = $conn->prepare($sth);
$q->execute(array(':location'=>$location, ':id'=>$id));
But I'm getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('test') WHERE rpacks_id = ('2')' at line 1' in
There is a mistake in your update query because you used insert query syntax.
Here is the correct query:
$sql = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
$stmt = $conn->prepare($sql);
$stmt->execute([':location'=>$location, ':id'=>$id]);
Reference:
http://dev.mysql.com/doc/refman/5.0/en/update.html
Change to:
$sth = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
I'm trying to update my database with the following query:
$sth = "UPDATE rpacks SET rpacks_location VALUES (:location) WHERE rpacks_id = (:id)";
$q = $conn->prepare($sth);
$q->execute(array(':location'=>$location, ':id'=>$id));
But I'm getting this error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES ('test') WHERE rpacks_id = ('2')' at line 1' in
There is a mistake in your update query because you used insert query syntax.
Here is the correct query:
$sql = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
$stmt = $conn->prepare($sql);
$stmt->execute([':location'=>$location, ':id'=>$id]);
Reference:
http://dev.mysql.com/doc/refman/5.0/en/update.html
Change to:
$sth = "UPDATE rpacks SET rpacks_location = :location WHERE rpacks_id = :id";
I tried to use TRIM() in a PDO SELECT query and got a syntax error message as "Syntax error or access violation: 1064 You have an error in your SQL syntax;". What should I do to correct this error?
DB:
tblrecord (firstname, lastname, score)
PHP:
$firstname = trim('Mary');
$lastname = trim('Lamb');
$sql = "SELECT * FROM tblrecord WHERE TRIM(firstname) AS firstname = ? AND TRIM(lastname) AS lastname = ?";
$stmt = $connection->prepare($sql);
$stmt->execute( array($firstname, $lastname) );
Dont use alias on the WHERE
$sql = "SELECT * FROM tblrecord WHERE TRIM(firstname) = ? AND TRIM(lastname) = ?";
I have a query below which I did with mysql_query before and it executed properly.. But using PDO it's showing some error
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1'
This is my code with mysql_query :
$sql1 = "SELECT * FROM product WHERE id IN (";
foreach($_SESSION['cart'] as $id => $value){
$sql1 .= $id.',';
}
$sql1 = substr($sql1, 0, -1) .")";
$query = mysql_query($sql1);
Using PDO without prepare statement.. :
$sql1 = "SELECT * FROM product WHERE id IN (";
foreach($_SESSION['cart'] as $id => $value){
$sql1 .= $id.',';
}
$sql1 = substr($sql1, 0, -1) .")";
$query = $db->query($sql1);
You miss to "add" the string here:
$sql1 = substr($sql1, 0, -1);
$sql1 .= ")";
In the PDO tag (info) you will find the correct procedure for PDO Prepared statements and IN.
The following code uses this method to add unnamed placeholders from your SESSION array
$in = str_repeat('?,', count($_SESSION['cart']) - 1) . '?';
$sql1 = "SELECT * FROM product WHERE id IN ($in)";
$params = $_SESSION['cart'] ;
$stmt = $dbh->prepare($sql1);
$stmt->execute($params);
DEMO
I am trying to change to prepared statements but keep getting the following error:
Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':fname AND
Here is the code im using:
$street = 'astreet';
$lname = 'alname';
$fname = 'afname';
$list = '1,2,3,4,5';
$var = 'admin';
$db = new PDO("mysql:dbname=customers;host=localhost",$var,$var);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$sql = "SELECT * FROM `table` WHERE `id` in ($list) AND `first_name` LIKE :fname AND `last_name` LIKE :lname AND `street_name` LIKE :street";
$stmt = $db->prepare($sql);
$stmt->execute(array(':street' => $street));
$stmt->execute(array(':fname' => $fname));
$stmt->execute(array(':lname' => $lname));
$result = $db->query($sql);
foreach ($result as $row) {
echo $row['post_code'];
}
if I run the query as normal - not a prepared staement, it works fine - its only when I start adding the :variables to the query I get the error
Is there any code missing/incorrect?
Thanks
$stmt = $db->prepare($sql);
$stmt->execute(array(':street' => $street));
$stmt->execute(array(':fname' => $fname));
$stmt->execute(array(':lname' => $lname));
You're running the same query three times, with a different parameter each time. You need to run the query as so:
$stmt = $db->prepare($sql);
$stmt->execute(array(':street' => $street, ':fname' => $fname, ':lname' => $lname));
And pass all three parameters in one go.
Edited to add:
You can also try binding the parameters explicitly:
$stmt = $db->prepare($sql);
$stmt->bindParam(':street', $street);
$stmt->bindParam(':fname', $fname);
$stmt->bindParam(':lname', $lname);
$stmt->execute();
Or adding them as an array:
$sql = "SELECT * FROM `table` WHERE `id` in ($list) AND `first_name` LIKE ? AND `last_name` LIKE ? AND `street_name` LIKE ?";
$stmt = $db->prepare($sql);
$stmt->execute(array($fname, $lname, $street));
As far as I know you have to escape strings in SQL.
So I would replace
$sql = "SELECT * FROM `table` WHERE `id` in ($list) AND `first_name` LIKE :fname AND `last_name` LIKE :lname AND `street_name` LIKE :street";
by
$sql = "SELECT * FROM `table` WHERE `id` in ($list) AND `first_name` LIKE ':fname' AND `last_name` LIKE ':lname' AND `street_name` LIKE ':street' ";