This is the error i'm receiving 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':i:s a), rec_type = '', rec_request = '1', rec_by = 'Victoria', batch_id = UC' at line 1
also i'm aware that I need to escape before inserting. I'm just testing right now.
$importwav="INSERT into names SET
com_id = '".$word_id."',
rec_date = date(d-M-y),
rec_time = date(h:i:s a),
rec_type = '".$rec_type."',
rec_request = '1',
rec_by = '".$data[8]."',
batch_id = UCASE('".$batchid."')
";
INSERT into names SET com_id = '87', rec_date = date(d-M-y),
rec_time = date(h:i:s a), rec_type = '', rec_request = '1',
rec_by = 'Victoria', batch_id = UCASE('Batch004AM')
You're confusing your PHP functions and your MySQL functions.
$importwav="INSERT into names SET
com_id = '".$word_id."',
rec_date = '" . date('d-M-y') . "',
rec_time = '" . date('h:i:s a') . "',
...
And your SQL syntax is FUBAR.
Improper SQL syntax.
INSERT INTO table (col1, col2) VALUES (val1, val2)
date() arguments need to be a string. Try surrounding your date format strings with single quotes (').
Related
My Code looks like below.
$var = 'ID="'. mysql_real_escape_string($data[0]).'" AND SYS="'.mysql_real_escape_string($data[2]). '" AND TITLE="'.mysql_real_escape_string($data[1]).'"';
$sql = 'SELECT * FROM `table_name` WHERE '. $var;
$result = mysql_query($sql);
In the where condition, TITLE when using a single quote(') I am facing the below error even though the mysql_real_escape_string() function is being used.
The error thrown is
Resource id #5You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Created', 'Test', 'Test', '0000-00-00 00:00:00', ' at line 25
after your dumping looks like you have problem with apostroph
you may change your quotes like that
$var = "ID='". mysql_real_escape_string($data[0])."' AND SYS='".mysql_real_escape_string($data[2]). "' AND TITLE='".mysql_real_escape_string($data[1])."' ";
$sql = "SELECT * FROM `table_name` WHERE ". $var;
$result = mysql_query($sql);
$finalvar=stripslashes($var);
$sql = 'SELECT * FROM table_name WHERE '. $finalvar;
Try dumping your SQL query in its compete form right before it is sent.
You'll be able to spot the error that way.
I am trying a new way of inserting data into a SQL. I am getting this error
insert into tracking_clients set / agreement_type = 'Purchase' , existing_client = 'Yes' ,
sales_rep = '1'
Array ( [agreement_type] => Purchase [existing_client] => Yes [sales_rep] => 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near '/ agreement_type = 'Purchase' ,
existing_client = 'Yes' , sales_rep = ' at line 2mysql err no : 1064
I use a form with action POST
In my submit page I use the following
//Drawn from Form Information used to Update Database
$sub1 = $_REQUEST['agreement_type'];
$sub2 = $_REQUEST['existing_client'];
$sub3 = $_REQUEST['sales_rep'];
update_lbs($sub1, $sub2, $sub3, $sub4,....); //Not full string posted here
function update_lbs($sub1, $sub2, $sub3, $sub4,.....)
{
global $host;
global $username;
global $password;
global $db_name;
//Insert if dates is required
date_default_timezone_set('Africa/Johannesburg'); //Global Time one for South Africa
$today = date("Y-m-d H:i:s");
$date = date("Y-m-d") ;
$time = date("H:i:s");
$insertSuccessful = false;
$new_msisdn = '0' . substr($msisdn, 2); //Not Sure If this is required in normal SET command
if ($con = mysql_connect($host, $username, $password)) {
if (mysql_select_db($db_name))
//First Database Insert change table name as required
$sql = "insert into tracking_clients set
agreement_type = '".$sub1."' ,
existing_client = '".$sub2."' ,
sales_rep = '".$sub3."',
sub_date = '".$date."'" //Last of the code for SET
;
if (mysql_query($sql, $con)) {
$insertSuccessful = true;
} else {
echo $sql;
print_r($_POST);
echo "\n" . mysql_error($con);
echo "mysql err no : " . mysql_errno($con);
}
I am not sure what would be causing this error at all. I know this question is a common one but reading thru the other awnsers I am not getting the error
you have a tab characters beetween "set" and "agreement_type"
I am assuming you are using mysql here. The insert statement doesn't use set it simply inserts the values.
Something like this:
insert into yourTable (val1, val2, val3)
or
insert into yourTable (col1, col2, col3) values (val1, val2, val3)
not
insert into yourTable set col1=val1 etc...
my code below
$count++;
$yesstring = 'MATCH';
echo $count . '. RESULT ' . $idcheck . ': ' . $phonecheck . ' was matched. <br />';
$matchquery = sprintf("UPDATE `list` SET match = `%s` WHERE homephone = `%s` LIMIT 1",
mysql_real_escape_string($yesstring),
mysql_real_escape_string($phonecheck));
$matchresult = mysql_query($matchquery);
if (!$matchresult) {
die("Invalid query: " . mysql_error());
}
and this is my error
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'match = MATCH WHERE homephone = (999) 999-9999 LIMIT 1' at line 1
any help would be appreciated
match is a reserved word in MySQL. Escape it with backticks:
UPDATE `list` SET `match` = ...
You're using backticks when you should be using regular quotes. Backticks are reserved for escaping table or column names:
INSERT INTO `foo` VALUES ('value')
Although you're properly escaping your SQL, calling mysql_real_escape_string can prove to be a constant nuisance. Switching to mysqli or PDO would make writing correct SQL a lot easier in the long-run.
I have this query:
$FullName = mysql_real_escape_string($_REQUEST['name']);
$EmailAdd = mysql_real_escape_string($_REQUEST['email_address']);
$City = mysql_real_escape_string($_REQUEST['city']);
$State = mysql_real_escape_string($_REQUEST['state']);
$SqlEInsert= "INSERT INTO `td_email` VALUES ((SELECT ownerid FROM 'td_events' where event_id = '$EvID'),'$EmailAdd','$FullName', '$City' ,'$State')";
$RsEmail = mysql_query($SqlEInsert) or die('Error :' . mysql_error());
but I'm getting the following error when I run the application
Error :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''td_events' where event_id = '394'),'email#hotmail.com','Full Name', 'Atl' at line 1
You don't need ' for the table name when you want to use quotes then you have to use `
$SqlEInsert= "INSERT INTO td_email VALUES ((SELECT ownerid FROM td_events WHERE event_id = '$EvID'),'$EmailAdd','$FullName', '$City' ,'$State')";
And please take a look at SQL Injections and Security
$SqlEInsert= "INSERT INTO td_email VALUES ((SELECT ownerid FROM td_events WHERE event_id = '".(int)$EvID."'),'".mysql_real_escape_string($EmailAdd)."','".mysql_real_escape_string($FullName)."', '".mysql_real_escape_string($City)."' ,'".mysql_real_escape_string($State)."')";
The td_event is a field name rather than a value. Escape it with an apostrophe.
$SqlEInsert= "INSERT INTO `td_email` VALUES ((SELECT ownerid FROM `td_events` where event_id = '$EvID'),'$EmailAdd','$FullName', '$City' ,'$State')";
Make sure your values are escaped. You can run them through: mysql_real_escape_string() to do so.
IM GETTING THIS ERROR:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'release (project_id, start_date, end_date, predicted_velocity,
release_title, )' at line 1
MY PHP FILE:
<?php
include("../db_connect/connect.php");
$project_id = $_POST['project_id'];
$release_title = $_POST['release_id'];
$start_date = $_POST['start_date'];
$end_date = $_POST['end_date'];
$predicted_velocity = $_POST['predicted_velocity'];
$query = "INSERT INTO release (project_id, start_date, end_date, predicted_velocity, release_title, ) VALUES ('" . $predicted_velocity . "','" . $release_title . "','" . $start_date . "','" . $end_date . "','" . $project_id . "', NOW())";
mysql_query($query) or die(mysql_error());
header("location: ../view-project.php?project_id=$project_id");
?>
ANY IDEAS WHY? IM NEW TO THIS!
You have a missing column name, resulting in an orphaned comma.
, )
should be
, MyColumn)
I assume MyColumn is meant to be populated by the NOW() function.
Also, your values are not listed in the same order as the columns, which will cause the query to fail.
To summarize the issues here:
Missing column name (column count must match value count)
Hanging comma
Column order does not match variable order
Code is subject to SQL injection attack
No server-side validation is being done on user input
Extra comma:
[..snip..] predicted_velocity, release_title, ) VALUES
^--- here
You have a stray comma after release_title.
#john_allen You said you got the error message "right syntax to use near 'release (project_id," - that is interesting, because MySQL always starts the example where the syntax error occurs.
If the error was just the incorrect comma after release_title, then the error from MySQL would have been "the right syntax to use near ') VALUES...". That is an error, but not the one that the MySQL parser is hitting first.
There's something else wrong here, and I think it is because you don't have a table called 'release', or at least MySQL can't find your table called 'release' using the credentials you've given it. Check your connection string.