This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 5 years ago.
I'm really confused right now, keep getting this MySQL error:
Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'condition='-78' WHERE id='2'' at line 1
While I KNOW that condition is correct, when I remove the condition='".$data['condition']."' from the update record, the update is being processed but when I add that, it fails.
The field in the database is VARCHAR (6), just like all the other fields.
What could be the issue?
condition is a MySQL keyword. You need to enclose it with backticks if you're using it as a column name.
`condition`='-78' WHERE id='2'
Take care: This is the backtick symbol, not the single quote.
condition is a reserved word in MySQL.
You can see the full reserved word list here
You need to wrap condition in backticks;
"UPDATE ..... WHERE `condition`= '".$data['condition']."'";
A note for next time: Please include as much code as is sensible next time. Otherwise it is trickier for people to help you.
I am using prepared statements to process incoming post data, clean the array, and insert into a MySQL database.
Here is the SQL statement just before it is submitted:
INSERT INTO LoggedCarts (Bill-Address1,Bill-Address2,Bill-City,Bill-Company,Bill-Country,Bill-Email,Bill-Firstname,Bill-Lastname,Bill-Name,Bill-Phone,Bill-State,Bill-Zip,Card-Expiry,Card-Name,Card-Number,Comments,Date,ID,IP,Item-Code-1,Item-Count,Item-Description-1,Item-Id-1,Item-Quantity-1,Item-Taxable-1,Item-Thumb-1,Item-Unit-Price-1,Item-Url-1,Numeric-Time,Ship-Address1,Ship-Address2,Ship-City,Ship-Company,Ship-Country,Ship-Email,Ship-Firstname,Ship-Lastname,Ship-Name,Ship-Phone,Ship-State,Ship-Zip,Shipping,Space-Id,Store-Id,Store-Name,Tax-Charge,Total) VALUES ("Pineapple Highway","","Orange","","US United States","casedilla#hotmail.com","Bob","Dole","Bob Dole","9075554509","CA","97056","","Check","NumberTemporarilyUnavailable","","Tue Dec 10 16:55:11 2013 GMT","yhst-130408242826480-485","50.78.241.193","TERRALUX-TT-5","1","Terralux TT-5 LED Tactical Flashlight 650 Lumens Uses 2 x CR123 or 1 x 18650","terralux-tt-5","3","YES","","112.49","http://www.batteryjunction.com/terralux-tt-5.html","1386694511","Pineapple Highway","","Orange","","US United States","casedilla#hotmail.com","Bob","Dole","Bob Dole","9075554509","CA","97056","Air (3-5 days)","","yhst-130408242826480","BatteryJunction.com","0.00","337.47")
Question is, what is wrong with the syntax? The same code is also used for a different table that holds abandoned carts and it writes fine.
Note: As has been pointed out below, the use of hyphens in column names is frowned on, as it requires special preparation prior to submitting the query. In this instance, I am matching the column names to the incoming post data key array. I could have gone through and cleaned the key array, removing the hyphens, which would have been an alternative solution.
All in all, as suggested below, the correct solution to the question of why this SQL statement is failing is the use of special characters(hyphen) in the column name, resulting in the required use of a backtick around the column name(backtick = ` where as apostrophe = ') allowing the column name to be read unbroken.
Observing where the break occurred by testing the original statement in PHPMyAdmin:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-Address1,Bill-Address2,Bill-City,Bill-Company,Bill-Country,Bill-Email,Bill-Firs' at line 1
did give a clue as to why the statement was failing.
Thanks for the help guys!
You need to escape column names with special characters with backticks. - is a special character. Use
INSERT INTO LoggedCarts (`Bill-Address1`, ...
If those field names really include minus signs, then they need to be enclosed in backticks:
`Bill-Address1`
Try inserting string values with single quotes instead.
I am using a readymade script to backup my MySQL database using PHP. I store the resultant query in a variable.
If I echo the variable, and copy paste the output into the MySQL console, it works perfectly.
But when I run the same using 'mysql_query' (I know it is depreciated, kindly ignore that), I get the dreaded Syntax error.
Here's the echo output (first 2 lines) :
INSERT INTO assign
VALUES('75085','rsam','CE0001/CZ0001/CPE183/CSC183','1','1','3.0','13','1','1','13','2','10.00','117.00','0','0');INSERT
INTO assign
VALUES('75086','rsam','CE0001/CZ0001/CPE183/CSC183','1','2','3.0','13','1','1','13','2','10.00','97.50','0','0');
And here's the exact error :
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'INSERT INTO assign
VALUES('75085','rsam','CE0001/CZ0001/CPE183/CSC183','1','1'' at line 1
If anyone can point out what I am obviously missing, I would be grateful!
As the documentation for mysql_query() says:
mysql_query() sends a unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier.
You might be interested in mysql_multi_query():
Executes one or multiple queries which are concatenated by a semicolon.
While mysql_query is limited to a single statement, this situation can be avoided as multiple records can be inserted into the same table with only one statement:
INSERT INTO assign (...)
VALUES(...),
VALUES(...);
This will save on round-trip latency (over multiple mysql_query) which might matter.
See Inserting multiple rows in mysql
Okay, so I'm currently using mysqli_real_escape_string to escape my SQL queries before sending them to MySQL via PHP. Yet, for some reason my queries aren't processing, and when I outputted the MySQL query and pasted it in to PHPMyAdmin, it gave the following error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE ind={A$RTkAIqah0J1N$Fqymnud9s5PwnWw2wC.Y02oDo4H3W8QJPoJ$6$KK8UearuUCDH$FQg' at line 1
Now, the following is my query:
INSERT INTO `db`.table(`colheader`) VALUES ('{\"hey\":[\"Hello world\",\"7\\/9\\/2013\"]}') WHERE ind='$6$RTkAIqah0J1N$Fqymnud9s5PwnWw2wC.Y02oDo4H3W8QJPoJ$6$KK8UearuUCDH$FQgSnLHIlkBOtDTzu9AuZIZTr6GS4Rzr.iW11041994'
Now, I know that the string assigned to 'ind' has some issues, but I tried putting a slash before every period and every dollar sign and it still doesn't work. I tried putting the whole thing in double quotes, even brackets. Nothing. Could anyone point out what I'm clearly missing? I've looked at the documentation and can't seem to find anything. Thank you in advance!!
WHERE serves to filter which records will be affected or retrieved by your query, and INSERT servers to append a whole new record to a table.
An INSERT can never affect existing records, therefore its nonsense to have a WHERE clause. INSERT does not support WHERE.
If you are trying to edit the value of a field on an existing record, use UPDATE instead.
Take a look at the MySQL Reference Manual for details about its usage.
if your trying to make an update to the specified index use
UPDATE `db`.table SET `colheader` = '{\"hey\":[\"Hello world\",\"7\\/9\\/2013\"]}' WHERE ind='$6$RTkAIqah0J1N$Fqymnud9s5PwnWw2wC.Y02oDo4H3W8QJPoJ$6$KK8UearuUCDH$FQgSnLHIlkBOtDTzu9AuZIZTr6GS4Rzr.iW11041994'
Without getting into the lengthy details of why, I have a need to auto-generate mySQL tables that utilize a unique table name that incorporates the string generated by PHP uniqid function. When doing so, I occasionally (not always) get the following query error:
Invalid query: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to
use near ''512e1d9518d44_tbl'' at line 1 Whole query: SELECT
SUM(p_count) AS 'pcnt' FROM 512e1d9518d44_tbl
I know I could use a simple cross reference lookup table, but is there another way to avoid the error, which I believe is the result of a violation of table naming rules, while still maintaining the table naming non-squential uniqueness? I've tried single quoting the table name but get the same result btw.
When your table / column name starts with a number, you have to escape it using backticks:
SELECT SUM(p_count) AS pcnt FROM `512e1d9518d44_tbl`