$sql="SELECT * FROM 'image_upload' where uid='$uid' ";
I have written this query and it is showing me error :-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''image_upload' where uid=''' at line 1
Can you please rectify it..
This will work:
$sql = "SELECT * FROM `image_upload` where uid='$uid' ";
Use backticks for table names:
SELECT * FROM `image_upload` ...
You should be using backticks (`) rather than single quotes ('). In fact, you shouldn't be using either in this case since it's not required:
$sql = "SELECT * FROM image_upload where uid='$uid'";
The backticks are only required if your table name has funny characters in it that would otherwise annoy the SQL parser (like a space for example).
And make sure that your uid column is a textual one (like char or varchar) - otherwise you should not be surrounding $uid with the single quotes.
$sql="SELECT * FROM image_upload where uid='$uid' ";
Can you remove the single quotes, and try again?
SELECT * FROM image_upload where uid='$uid'
try this:
$sql="SELECT * FROM image_upload where uid='".$uid."'";
$sql="SELECT * FROM `image_upload` where uid='$uid' ";
You've been rectified ;)
You need to protect against SQL injections. Please see this thread.
Remove single quotes in image_upload
Before Query
echo $uid;
then u ll know the answer
Related
This is bizarre, I'm changing some code from mysql to mysqli functions cause of php 5.5+, in these two basic examples, mysql_query had no ' single quote nor ` backtick and worked fine.
$sql = "SELECT * FROM `".$table."`"; // requires: ` ` or fails
$result = mysqli_query($con,$sql);
$sql = "SHOW TABLES LIKE '".$table."'"; // requires: ' ' or fails
$result = mysqli_query($con,$sql);
Can someone explain why?
EDIT: I guess the essence of my question is that: Both functions worked fine without any kind of quotes with mysql_query, and both failed mysqli_query without some kind of quotes. Meaning I will have to fiddle around with half my query's when changing from mysql_ to mysqli_
In your first select statement you are trying to select a table by it's name, hence it will accept the name either with ` or without them, but now with single or double quotes. These should work :
$sql = "SELECT * FROM `table_name`";
$sql = "SELECT * FROM table_name";
In the second case you need to pass in a string to be compared by the like statement hence you need to surround it either with single ' or double " quotes:
$sql = "SHOW TABLES LIKE 'string'";
$sql = "SHOW TABLES LIKE \"string\"";
Edit:
Check out this previous answer on SO as well:
Using backticks around field names
Edit 2:
Since we (me and in comments) suggested that backticks are somehow optional, keep in mind that as a best practise use them whenever you can since although it will allow you to pass most queries without them, some queries using MySql reserved words would break when containing mysql reserved words
I am getting an error when other same page is working good but another gives an error on same query code.
Here is my code what is wrong with this?
$ttt = mysql_query("SELECT * FROM like WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like WHERE (user_id='' AND sound_id='')' at line 1
like is an SQL reserved word and you should use "like" inside backticks ``
$ttt = mysql_query("SELECT * FROM `like` WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
like
Is a reserved word and cannot be used as a tablename the way you try to. Either try setting it into backticks or rename the table.
like is a reserved keyword use backtick for it
`like`
https://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Usage of LIKE in mysql
select * from table where username like '%aaa';
select * from table where username like '%aaa%';
select * from table where username like 'aaa%';
etc
As a rule you shouldn't use reserved words, but if you must, and for the purpose of this question, put brackets around it.
$ttt = mysql_query
("SELECT *
FROM [like]
WHERE (user_id='$user_id' AND sound_id='$sound_id')",$link) or die(mysql_error());
Like is reserved word. Better to change your table name or surrounded with back tick like this like
Try this.
$ttt = mysql_query("SELECT * FROM like_table WHERE user_id=$user_id AND sound_id=$sound_id",$link) or die(mysql_error());
My query:
$result = mysql_query("SELECT * FROM members WHERE email=$email")
or die(mysql_error());
In this case $email is filled with "info#frankkluytmans.nl". The error I get when this query gets executed is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#frankkluytmans.nl' at line 1
What am I doing wrong?
A couple things..
Don't use mysql_* functions, they're deprecated!
Sanitize the input. In your example, you should quote $email because it's a literal.
$result = mysql_query("SELECT * FROM members WHERE email='$email'")
quote it.
Also, the regular PHP mysql functions will be deprecated as of PHP 5.5.
Take a look at mysqli, pdo.
You need to put single quotes around $email
$result = mysql_query("SELECT * FROM members WHERE email='$email'")
for frankkluytmans.nl conflict with syntax for mysql query i.e tablename.columnname
$result = mysql_query("SELECT * FROM members WHERE email='".$email."'")
You need to put quotes around the email variable.
$result = mysql_query("SELECT * FROM members WHERE email='$email'")
or die(mysql_error());
You should know however, that the "mysql_" range of PHP functions are soon going to be deprecated and should be replaced with the mysqli API. A quick sample showing how to use it can be found at: http://www.php.net/manual/en/mysqli.query.php#refsect1-mysqli.query-examples
Try something like:
$result = mysql_query("SELECT * FROM members WHERE email='".$email."'")
or die(mysql_error());
You need to have quotes around the variable and its good practice to not have variables inside your string.
You might want to check out alternatives to MySQL_ though as its now deprecated. Try mysqli.
Please change your query.
$result = mysqli_query("SELECT * FROM members WHERE email='".$email"'");
I keep getting this error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''food' ORDER BY 'id'' at line 1
How do i fix it?
<?php
require '113-connect-db.php';
$query = "SELECT * FROM 'food' ORDER BY 'id'";
if ($query_run = mysql_query($query)){
echo 'query successful';
} else {
echo mysql_error();
}
?>
If you want to escape table/column names in a query to MySQL, you need to use backticks, not apostrophes. Apostrophes are used to indicate string literals.
Instead of this:
SELECT * FROM 'food' ORDER BY 'id'
You would use this:
SELECT * FROM `food` ORDER BY `id`
But, in fact, that's an escape sequence that's only required for identifiers that are also MySQL keywords, or that will otherwise confuse the parser. The query you've shown could be written without them.
quotes are not used. use backticks. `
no need for backticks for table names and column names as long as they are not keywords.
$query = "SELECT * FROM food ORDER BY id";
Use backticks (`) instead of single quotes around the table name.
Remove the single quotes around the table name and the column name in the order by clause!
Single quotes ('...') mean a literal string in SQL, a sequence of characters of type char.
To name objects with case-sensitive names, special characters inside names keyword-clashing names, etc, double quotes ("...") are generally used. Specifically MySQL accepts backquotes `` in this role.
You cannot select from a string, obviously.
Sorry...could not see your code since now.
Is your connection up? If yes, try to remove ' and please check if the column "id" really exists.
Noticed a small issue in the syntax of a sql query, here's how it goes:
$email = "name_lastname#server.com";
$query = "Select * From Users Where email=".$email;
This does not work, the query has been tested and works fine, however this essentially evolves to :
Select * FROM Users WHERE email=name_lastname#server.com ;
Which yields a null result.
To execute it the right way, I add a twist to the syntax of my $email variable, essentially as:
$email = "\"name_lastname#server.com\"";
Once I specify quotations within the string variable, that is when it executes as expected yielding the desired result.
I am not sure if this is the most aesthetic way to go about approaching my syntax for query execution, and I do think there are alternatives. Grateful to those who shed a light on this
Try this instead:
$query = "Select * From Users Where email='$email'";
Or:
$query = sprintf("Select * From Users Where email='%s'", $email);
Or:
Many many other ways....
String queries need a single quote around the search criteria. Assuming MySQL: http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
$email = "name_lastname#server.com";
$email = "'" . mysql_real_escape_string($email) . "'";
$query = "Select * From Users Where email=".$email;
non quoted variables like that will be read as int. Always quote all strings. you don't need to escape doubles like that when singles will suffice.
$query = "SELECT * From Users WHERE email= '".mysql_real_escape_string($email)."'";
Why not do:
$email = "name_lastname#server.com";
$query = "Select * From Users Where email = '$email'";
Your solution gets at the right principle: SQL needs the email address to be enclosed in quotes because it's a string. My suggestion for making the code more elegant would simply be to put the quotes in the string containing the query, not the one containing the email address.
$email = "name_lastname#server.com";
$query = "Select * From Users Where email=\"".$email."\"";
The quote marks aren't part of the email address, they're part of the query. If you do it this way, you won't have extraneous quotes if you try to use $email for something else, and you won't have to remember to put quotes around every other email address that you pass into the same query.
Also, you might want to check out mysqli, which handles queries in a slightly different way and as a side effect, eliminates all this fooling around with escaping your strings.
PS - I agree with the folks who suggested using single quotes instead of escaped double quotes. But SQL does accept double quotes (at least on my system) so I stuck with the convention you were using.
The best way to avoid quote problems is to prepare the statement in phpMyAdmin and then generate the PHP source query:
$email = "name_lastname#server.com";
$sql = 'SELECT * FROM `Users` WHERE `email` = '.$email;
More info:
http://www.packtpub.com/article/multi-table-query-generator-using-phpmyadmin-mysql