This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
See something wrong in my code? I can't get the update function to work.. weird thing is the rest works correctly, and the same code works 100% on another page.
<?php
include("config.php");
$id = $_GET['id'];
$number = $_GET['no'];
$result = mysql_query("SELECT * FROM comments WHERE commentid = '$id'")
or die(mysql_error());
$row = mysql_fetch_array( $result );
mysql_query("update `comments` set like = like +1 where commentid = '$id'"); <--- only this here doesnt work
?>
And there is 1 line of html after that, a span tag getting some information out of the comments table.
My 'like' column is set to int(11), so I don't see that being the problem.
Hope this isnt another innatention mistake :/
Thanks alot to anyone who can help me out!
This is the error
You have an error in your SQL syntax;
check the manual that corresponds to
your MySQL server version for the
right syntax to use near 'like = like
+1 where commentid = '61'' at line 1
As EboMike posted, LIKE is a reserved keyword in MySQL.
You can either rename your column to something else that is not a keyword (preferred), or you can put a backtick (a backwards single quote) around it to tell MySQL it's a literal name.
Related
I'm almost sorry to ask this question but I'm drawing a complete blank. I'm getting the following error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE number='7'' at line 1"
It seems whenever I try to use just an integer in the following code, I get the syntax error;
$go = mysql_query("UPDATE $db1 SET count='$t1c', WHERE number='$input2'") or die(mysql_error());
As you can see the page gets the value, that's not the issue.. it just doesn't seem to like the WHERE = 7 part. I've tried with and without the quote marks, I've tried changing that column in the table from a int to a varchar. Still get the same thing yet the code BEFORE this piece that runs:
$check1 = mysql_query("SELECT * FROM $db1 WHERE number='$input2'");
Run's absolutely fine. It finds the value where number equals $input2...
Can someone help me PLEASE? I'm drawing a complete blank here :/
Remove the , in the query:
mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'");
Remove comma(,) which is placed before WHERE in UPDATE query
$go = mysql_query("UPDATE $db1 SET count='$t1c' WHERE number='$input2'") or die(mysql_error());
Change
"UPDATE $db1 SET count='$t1c', WHERE number='$input2'"
to
"UPDATE $db1 SET count='$t1c' WHERE number='$input2'"
The comma shouldn't be there (before WHERE) and is causing an error.
number is a reserved word in mysql sql
it is better not to name columns with that words or you need to backtick them in query
example:
`number`=3
mysql reserved words
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 7 years ago.
I have an application which takes the information of a mysql database(a music-db) and shows it via echos in a div. Everything works fine.
Now I wanted to add a search bar so you can search the database for a specific song.
The search bar just loads a php file with a mysql query. The word or the letters you want to search for are passed via a varbiable in the link(for example test.php?searchvalue=it).
Now my problem: I get the following Mysql-error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
The quotes in the error are single quotes!
The Query is:
$searchvalue = $_GET["searchvalue"];
$query = mysql_query("select SongID, Songtitel, artwork, duration, SCID from tMusic where Songtitel LIKE '%$searchvalue%'") or die(mysql_error());
Why is this wrong?
Thanks for help.
$searchvalue = $_GET["searchvalue"];
$query = mysql_query("select SongID, Songtitel, artwork, duration, SCID from tMusic where Songtitel LIKE '%".mysql_real_escape_string($searchvalue)."%'") or die(mysql_error());
I am trying to update an SQL table with PHP.
I have a form that is submitted to the database - this is working fine.
I have retrieved the entries from the database and this is also working fine.
The problem I am having is when I try to update the database with additional information into the comment field (a 'cell' that already has information in).
Here is my SQL code. Can you please point me where the problem is?
There error I am getting is:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 36tWHERE id = 0' at line 1
My code is below :
$commy = $_POST['comment'];
$ident = $_POST['id'];
$sql = "UPDATE issuelog".
"SET comment = $commy".
"WHERE id = $ident";
I know there are security issues here but this is only for localhost use at the moment and only by my self as an example.
You don't need to concatenate and you should put quotes around values.
$sql = "UPDATE issuelog
SET comment = '$commy'
WHERE id = '$ident';";
Update: As others pointed out you need spaces, but this is the reason you don't need to concatenate. By closing each line and concatenating, you are removing spaces between them. Be sure you use prepared statements, because as you said, this is subject to injections.
$sql = "UPDATE issuelog".
" SET comment = $commy".
" WHERE id = $ident";
You need spaces - try echoing out your $sql - you will see SET and WHERE are merged with the previous words.
This question already has answers here:
How can I write SQL for a table that shares the same name as a protected keyword in MySql? [duplicate]
(3 answers)
Closed 9 years ago.
I'm getting this error displayed on my screen I have been trying to debug.
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to = 'testname'' at line 1"
my function im using for this is as follows:
function recentMessages() {
$tbl_name="messages";
$username = $_SESSION['username'];
$result = mysql_query("SELECT * FROM $tbl_name WHERE to = '$username' ") or die(mysql_error());
while ($row = mysql_fetch_row($result))
{
return $row['date']." ".$row['time']." ".$row['from']." ".$row['subject']. "<br />";
}
}
Basically what im trying to do is to get all the rows of data from the database messages where who its 'to' is the username of the session and its echo'd out. Any ideas on what im doing wrong? thanks
to is a reserved word. Encase it in tick marks.
... WHERE `to` = '$username'
See the MySQL reserved words.
You should avoid using reserved words if possible.
The to is a reserved word. Try this:
$result = mysql_query("SELECT * FROM $tbl_name WHERE `to` = '$username' ")
or die(mysql_error());
In general try to avoid small words like to, between, from ... e.t.c. just to prevent this kind of issues. A better solution is to have a field name like : "receiver" or "message_to" or something similar
TO is Reserved Words in MySQL. Use backticks to Separates that.
SELECT * FROM $tbl_name WHERE `to` = '$username'
to is a reserved word I believe. Try changing to to [to]
Edit: Wasn't sure entirely. I put it in SQL Server and saw that TO was a reserved word.
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
Hopefully someone can help me out. All I am trying to do is insert a record into a database, but I keep getting the message
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order (pid,uid,projecttitle,username,amount,odate) values (,,'','',,'6-2' at line 1` on my page.
Here is the main part of the code. I would be grateful for anyone that can help me out.
<?
extract($_REQUEST);
//print_r($_REQUEST);
//query fetch user & project info
//$queryorder="select * from project p where p.pid='".$id."'";
$queryorder="select * from users u,project p where p.pid='".$id."' and u.uid='".$_SESSION['key']."'";
$resultorder=executequery($queryorder,$link);
$rowo=mysql_fetch_assoc($resultorder);
//print_r($rowo);
//get today date
$createddate=date("n-j-Y");
//order
$order="insert into order (pid,uid,projecttitle,username,amount,odate)
values (".$rowo['pid'].",".$rowo['uid'].",'".$rowo['projectname']."','".$rowo['username']."',".$rowo['price'].",'".$createddate."')";
mysql_query($order) or die(mysql_error());
//end of insert order query
?>
<? //headtag.php conatain all javascript & css files
include('headtag.php');
?>
<body>
ORDER is a mysql keyword. Try this:
INSERT INTO `order` ...
order is a keyword. You need to escape it with backticks.
insert into `order` (pid,uid,projecttitle,username,amount,odate)...
You must supply a value for each column.
(,,'','',,'6-2'
You obviously have no values for pid, uid and amount.
Try this: (you are supplying empty values to that query)
$order="insert into order (pid,uid,projecttitle,username,amount,odate)
values (".(int)$rowo['pid'].",". (int)$rowo['uid'].",'".$rowo['projectname']."','".$rowo['username']."',". (float)$rowo['price'].",'".$createddate."')";
mysql_query($order) or die(mysql_error());
The second thing that will cause mysql syntax error is the table name - order is a reserved keyword in mysql, so you need to quote it. The beginning of the query will then be:
INSERT INTO `order` (...