This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
I have tried so many different soloutions but cannot get this to work
Here is my code:
$to = $_POST['to'];
$query = "SELECT to FROM to WHERE to='$to' "
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)){
I get a whole load of different errors every time i modify it. At the moment I'm getting
You have an error in your SQL syntax near to='Name'
When I modify it to fix this I get
mysql_fetch_array() not valid
It seems when using variables it messes up
can anyone help?
Thanks!
to is a reserved word in mySQL.
You would have to wrap each mention of the table or column name into backticks
SELECT `to` from `to`
but it would be vastly better to use a different name.
To is a Reserved keyword try escaping it by using "``" symbol
Check this Link
Reserved Keywords MYSQL
Consider changing the names of your field and table (Edit: Definitely change the names or at least escape them.) Also, all you are doing is selecting the variable you already have.
Related
This question already has answers here:
How to deal with SQL column names that look like SQL keywords?
(17 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
update cometchat set read='1' where id='18'
SQL Error 156:Incorrect syntax near the keyword 'read'.
Can you guys help me how do I do that?
Read is a reserved word. You need to escape it.
Also, if the values are integers, you should not use the single quotes around them.
If It's Sql Server (and it is, based on the error message), you need to use square brackets:
update cometchat set [read]=1 where id=18
In MySql, your query should look like this:
update cometchat set `read`=1 where id=18
You shouldn't put quotes around int values in your query as it converts them to type string.
Should I quote numbers in SQL?
UPDATE cometchat SET `read`=1 WHERE id=18
**Edit:
You're also using a reserved keyword, and need to escape it, see:
https://dev.mysql.com/doc/refman/5.5/en/keywords.html
Seriously...
UPDATE cometchat SET `read`=1...
"read" is a restricted keyword. It needs to be quoted.
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
I am sorry if I sound noob but I need some help here. I cant figure out with this query:
$query = "SELECT * FROM msgs WHERE read = 1 AND userid='{$uId}' AND
orderid='{$oId}'; ";
When I do a var_dump on the query result i get bool(false) but when I do the same without the read = 1 part it returns results correctly so I guess the problem is with the read = 1 part. Please help, the read field type is tinyint(1).
You need to use back-ticks in your query because you used reserved keyword read:-
$query = "SELECT * FROM `msgs` WHERE `read` = 1 AND `userid`='{$uId}' AND `orderid`='{$oId}'";
Note:- read is reserved keyword here, i added around others because its not easy to remember all reserved keywords so using back-ticks around column name is better approach.
Link for depth knowledge given by #chris85 :- https://dev.mysql.com/doc/refman/5.5/en/keywords.html
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
This is the error message and my code. I just don't see the error.
Description:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key='cbd1f3bb822e8617b624301774287490d3fcd97e' LIMIT 1' at line 1
Query:
SELECT *
FROM wp_wpsc_api_keys
WHERE name='MichelleAllen17'
AND key='cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
Any ideas of what can be the issue in my sql are welcome
KEY is a reserved keyword, it must be escaped with backtick.
SELECT *
FROM wp_wpsc_api_keys
WHERE name = 'MichelleAllen17' AND
`key` = 'cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
MySQL Reserved Keywords
put backtiks around the field names
...where `name`=... `key`
As an alternative to backticks, another "best practice" pattern is to QUALIFY all column names with the table_name, or a convenient table alias, e.g.
SELECT t.*
FROM wp_wpsc_api_keys t
WHERE t.name='MichelleAllen17'
AND t.key='cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
This prevents MySQL from seeing the column name "key" as a reserved word.
Let's be clear: the problem in your query isn't a lack of backticks... the problem is that MySQL is seeing a token in your query text (in this case "key") as a reserved word, rather than as the name of the column. The solution is to prevent MySQL from seeing that token as a keyword. Using backticks is one way to accomplish that, but they aren't required.
Using backticks is entirely valid, and can be done along with qualifying the column names. The backicks are required when the column name contains spaces or special characters. Here is the same query, with the table and column names enclosed in backticks:
SELECT t.*
FROM `wp_wpsc_api_keys` t
WHERE t.`name`='MichelleAllen17'
AND t.`key`='cbd1f3bb822e8617b624301774287490d3fcd97e'
LIMIT 1
I just happen to find it annoying to have to look at, or type, backticks that are unnecessary. It is MUCH MORE useful use of keystrokes (for me) to have the column names qualified ("t."), even if that isn't required, just because I am SO used to seeing column names qualified whenever there is more than one table in a query (which happens a LOT for a lot of really useful queries.)
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Can a number used to name a sql column
I am trying to figure out what is wrong with this code
$query = "UPDATE $table SET '$_GET[qty]'=$_GET[newprice] WHERE 'id'='1'";
this is what $query looks like - UPDATE retail_12x18 SET '25'=100 WHERE 'id'='1'
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''25'=100 WHERE 'id'='1'' at line 1
I have put backticks ' every which way and cant get it to go through, always the same error message.
use backtick around your field name:
UPDATE table SET `25` = '{thevalue}', `100` = '{thevalue}', `200` = '{thevalue}' WHERE wherefield = '{wherevalue}'
See here (look for backtick word): http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
It's a bit hard to know for sure, without seeing the table definition, but:
[1] It might be the column types. For instance this bit:
type=" .$_GET['type'];
is trying to set the value of the "type" column without using quotes. It will fail if the "type" column is type like varchar, for example.
[2] You need to use backtics if you're going to have numeric column names
[3] It really must be said that the main thing that's wrong with your code is that you are putting un-escaped $_GET values into your SQL query. Anyone could mount an SQL injection attack by putting SQL into the URL of the page. Very bad practice.
http://en.wikipedia.org/wiki/SQL_injection
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
Ok I have been using PHP + MySQL for a while so I consider myself proficient. I have made my fair share of syntactical mistakes in the past but this is honestly pissing me off:
http://img251.imageshack.us/img251/3760/fubar.png
If anyone can tell me why this simple statement isn't working I would be greatly appreciative.
Actually I do see 1 error..."Option" is a reserved word. wrap it in backtics : `Option` or better yet, change the column name to something that's not a reserved word.
Use backticks for 'option'.
INSERT INTO poll (`Option`) VALUES ('Stuff')
Looking at the code you're trying to insert what comes from $_POST['survey'], so your insert should look like this:
$vote = $_POST['survey'];
// connect to db
mysql_query(sprintf(
"INSERT INTO poll (`Option`) VALUES ('%s')",
mysql_real_escape_string($vote)
);
Also note that "option" is a reserved keyword and needs to be inside backticks.