We Keep Coding

Update query gives Mariadb version error

if (isset($_POST['update'])) {
$column=(isset( $_POST['column']));
$type= (isset($_POST['type']));
$value= (isset($_POST['value']));
mysql_query("UPDATE `combo1` SET column = '$column', type = '$type' ,value ='$value' WHERE id = '$id'");
}
The update query is not working I am not getting what is the solution please help me to overcome this problem
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 'column = '', type = '' ,value ='' WHERE id = '20'' at line 1

isset() method returns boolean value change like this
$column = isset( $_POST['column']) ? $_POST['column']:"";
Same for others

Modify your code as follows:
if (isset($_POST['update'])) {
$column = $_POST['column'];
$type = $_POST['type'];
$value = $_POST['value'];
mysql_query("UPDATE `combo1` SET column = '$column', type = '$type' ,value ='$value' WHERE id = '$id'");
}
If you remove the isset() method (refer to this link if you want more about the isset() method) as I have given above, the texts inside $column, $type and $value are substituted directly into the update string.
Update string does not contain any syntax errors in this case. Refer to this link if you want more information.
I also recommend you read up on SQL injection, as this sort of parameter passing is prone to hacking attempts if you do not sanitize the data being used:
MySQL - SQL Injection Prevention

The error message has virtually nothing to do with the 'version'. It is a syntax error complaining about "column". That word is a reserved word. Since you seem to have called the column column, put backtics around it, just as you did for the tablename.

mysqli_query($link,"UPDATE combo1 SET column='$column',type = '$type',value='$value' WHERE id ='$id'")
or die(mysqli_error($link));

I am using php to insert fields into an MySq table. My newest php script is failing with the following error [duplicate]

This question already has answers here:
Can a table field contain a hyphen?
(2 answers)
Closed 6 years ago.
The error is:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '360-16s (pa_name, hd1, hd1_c, sf2, sf2_c, cc3, cc3_c, l4, l4_c, dsd5, dsd5_c, mt' at line 1
The script is:
<?php
include("../Includes/e360Vars.php");
include("../Includes/dbOpen1.php");
$pa_name = mysql_real_escape_string($_POST['pa_name']);
$hd1 = mysql_real_escape_string($_POST['hd1']);
$hd1_c = mysql_real_escape_string($_POST['hd1_c']);
$sf2 = mysql_real_escape_string($_POST['sf2']);
$sf2_c = mysql_real_escape_string($_POST['sf2_c']);
$cc3 = mysql_real_escape_string($_POST['cc3']);
$cc3_c = mysql_real_escape_string($_POST['cc3_c']);
$l4 = mysql_real_escape_string($_POST['l4']);
$l4_c = mysql_real_escape_string($_POST['l4_c']);
$dsd5 = mysql_real_escape_string($_POST['dsd5']);
$dsd5_c = mysql_real_escape_string($_POST['dsd5_c']);
$mt6 = mysql_real_escape_string($_POST['mt6']);
$mt6_c = mysql_real_escape_string($_POST['mt6_c']);
$p_p7 = mysql_real_escape_string($_POST['p_p7']);
$p_p7_c = mysql_real_escape_string($_POST['p_p7_c']);
$ip8 = mysql_real_escape_string($_POST['ip8']);
$ip8_c = mysql_real_escape_string($_POST['ip8_c']);
$m_i9 = mysql_real_escape_string($_POST['m_i9']);
$m_i9_c = mysql_real_escape_string($_POST['m_i9_c']);
$act10 = mysql_real_escape_string($_POST['act10']);
$act10_c = mysql_real_escape_string($_POST['act10_c']);
$gf11 = mysql_real_escape_string($_POST['gf11']);
$gf11_c = mysql_real_escape_string($_POST['gf11_c']);
$i12 = mysql_real_escape_string($_POST['i12']);
$i12_c = mysql_real_escape_string($_POST['i12_c']);
$isp13 = mysql_real_escape_string($_POST['isp13']);
$isp13_c = mysql_real_escape_string($_POST['isp13_c']);
$se14 = mysql_real_escape_string($_POST['se14']);
$se14_c = mysql_real_escape_string($_POST['se14_c']);
$br15 = mysql_real_escape_string($_POST['br15']);
$br15_c = mysql_real_escape_string($_POST['br15_c']);
$paos16 = mysql_real_escape_string($_POST['paos16']);
$paos16_c = mysql_real_escape_string($_POST['paos16_c']);
$sob17 = mysql_real_escape_string($_POST['sob17']);
$sob17_c = mysql_real_escape_string($_POST['sob17_c']);
$cs18 = mysql_real_escape_string($_POST['cs18']);
$cs18_c = mysql_real_escape_string($_POST['cs18_c']);
$ms19 = mysql_real_escape_string($_POST['ms19']);
$ms19_c = mysql_real_escape_string($_POST['ms19_c']);
$ate20 = mysql_real_escape_string($_POST['ate20']);
$ate20_c = mysql_real_escape_string($_POST['ate20_c']);
$sywtww21 = mysql_real_escape_string($_POST['sywtww21']);
$sywtww21_c = mysql_real_escape_string($_POST['sywtww21_c']);
$name2 = mysql_real_escape_string($_POST['Name2']);
$position = mysql_real_escape_string($_POST['Position']);
$sql = "INSERT INTO 360-16s (pa_name, hd1, hd1_c, sf2, sf2_c, cc3, cc3_c, l4, l4_c, dsd5, dsd5_c, mt6, mt6_c, p_p7, p_p7_c ,ip8, ip8_c, m_i9,
m_i9_c, atc10, atc10_c, gf11, gf11_c, i12, i12_c, isp13, isp13_c, se14, se14_c, br15, br15_c,paos16, paos16_c, sob17, sob17_c, cs18, cs18_c,
ms19, ms19_c, ate20, ate20_c, sywtww21, sywtww21_c, name2, position) VALUES ('$pa_name', '$hd1', '$hd1_c', '$sf2', '$sf2_c', '$cc3', '$cc3_c',
'$l4', '$l4_c', '$dsd5', '$dsd5_c', '$mt6', '$mt6_c', '$p_p7', '$p_p7_c', '$ip8', '$ip8_c', '$m_i9', '$m_i9_c', '$atc10', '$atc10_c', '$gf11',
'$gf11_c', '$i12', '$i12_c','$isp13', '$isp13_c', '$se14', '$se14_c', '$br15', '$br15_c', '$paos16', '$paos16_c', '$sob17', '$cs18', '$cs18_c',
'$ms19', '$ms19_c', '$ate20', '$sywtww21', '$sywtww21_c', '$name2', '$position')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
I have been unable to locate the problem area, so another set of eyes would help. And yes, I have attempted to use mysqli instead of MySQL however, this produces a different set of errors.
Any assistance would be appreciated.

Check your table name convention it must be like 360_16s
Read the naming convention, http://dev.mysql.com/doc/refman/5.7/en/identifiers.html.

Check your table name or try to rename from 360-16s to 360_16s then escape it 360_16s and also escape your mysql field

If you want to use the Table Name "360-16s" then you should escape the attribute name with ` characters
The Character - is an invalid Character for the Table Name, unless you escape it.
I suggest you wrap all columns and table names in these characters.
Example:
$sql = "INSERT INTO `360-16s` (`pa_name`, `hd1`...

Insert a record with an apostrophe mysql php

I want to insert a record with an apostrophe into a MySQL database using PHP. Following is my code:
$importer_name =mysql_escape_string ($objWorksheet->getCellByColumnAndRow(1,3)->getValue());
$exporter_name = $objWorksheet->getCellByColumnAndRow(1, 3)->getValue();
$prod_quantity_unit = $objWorksheet->getCellByColumnAndRow(1,6)->getValue();
$prod_fob_value = $objWorksheet->getCellByColumnAndRow(5,6)->getValue();
$prod_quantity = $objWorksheet->getCellByColumnAndRow(1,8)->getValue();
$prod_fob_unit= $objWorksheet->getCellByColumnAndRow(5,8)->getValue();
$prod_gross_waight= $objWorksheet->getCellByColumnAndRow(1,10)->getValue();
$prod_cif_value= $objWorksheet->getCellByColumnAndRow(5,10)->getValue();
$prod_net_weight= $objWorksheet->getCellByColumnAndRow(1,12)->getValue();
$prod_cif_unit_price= $objWorksheet->getCellByColumnAndRow(5,12)->getValue();
$prod_brand= $objWorksheet->getCellByColumnAndRow(5,14)->getValue();
$hs_code = $objWorksheet->getCellByColumnAndRow(1,17)->getValue();
$shipping_date = $objWorksheet->getCellByColumnAndRow(5,17)->getValue();
$customs = $objWorksheet->getCellByColumnAndRow(1,19)->getValue();
$transport_company = $objWorksheet->getCellByColumnAndRow(5,19)->getValue();
$country_of_origin = $objWorksheet->getCellByColumnAndRow(1,21)->getValue();
$transport_mode = $objWorksheet->getCellByColumnAndRow(5,21)->getValue();
$country_of_trade = $objWorksheet->getCellByColumnAndRow(1,23)->getValue();
$hs_code_description = $objWorksheet->getCellByColumnAndRow(1,26)->getValue();
$product_description = $objWorksheet->getCellByColumnAndRow(1,28)->getValue();
$insertquery="INSERT INTO tb_peru_data
(importer_name,exporter_name,product_quantity_unit,
product_fob_unit,product_quantity,product_fob_value,
product_gross_weight,product_cif_value,
product_net_weight,product_cif_unit_price,
product_brand,shipping_hs_code,shipping_date,
shipping_customs,shipping_transport_company,
shipping_country_of_origin,shipping_transport_mode,
shipping_country_of_trade,hs_code_description,
product_description)
VALUES
('$importer_name','$exporter_name','$prod_quantity_unit',
'$prod_fob_unit','$prod_quantity','$prod_fob_value',
'$prod_gross_waight','$prod_cif_value','$prod_net_weight',
'$prod_cif_unit_price','$prod_brand','$hs_code','$shipping_date',
'$customs','$transport_company','$country_of_origin',
'$transport_mode','$country_of_trade',
'$hs_code_description','$product_description')";
mysql_query($insertquery)or die('ErrorrPERU: '.mysql_error());
/*$del="DELETE * FROM tb_excel_file";
mysql_query($del);*/
?>
This does not work, and gives the following error:
you have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
's','12U','6','9','54',
'34.83','55.5','31.83','6.17','','7323931000','2008/04/1' at line 3

Use mysqli_real_escape_string instead of deprecated mysql_real_escape_string
This function will force you to input mysql table / database.
This way your collation will be considered while escaping

You can use real_escape_string() in PHP. You need to escape the apostrophe (that is, tell SQL that the apostrophe is to be taken literally and not as the beginning or end of a string). To add more, I'd say that you can also use PDO, but consider using addslashes($string) and stripslashes($string).

multiple update using ajax with php

hey guys im trying to update my database using php ang ajax, but assuming that the textbox are dynamic thats why im trying to update the database using multiple updates with one click of a button but my fire bug says that "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '100' WHERE student_id = '33' AND subject_id = '2' AND school_id = '1' AND adv' at line 1 " im not pretty sure with my code because im just experimenting on how to do it in ajax with php.
PHP:
session_start();
$school_id = $_SESSION['school_id'];
$faculty_id = $_SESSION['user_id_fac'];
$subject_id = $_POST['subject_id'];
$year_grade_level = $_POST['year_level'];
$subject_handeler_id = $_POST['subject_handler_id'];
$student_grades_boy = $_POST['student_grades_boy'];
$student_grades_girl = $_POST['student_grades_girl'];
$update_grades_boys = "UPDATE registrar_grade_archive SET";
//SET status = '0' WHERE subject_id = '$subject_id'"
$vaues_girl = array();
$values_boy = array();
foreach ($student_grades_boy as $key=>$data) {
$student_id_B= $data['studnt_B_id'];
$grade_B = $data['studnt_grade_B'];
$values_boy[$key] = 'grade = \''.$grade_B.'\' WHERE student_id = \''.$student_id_B.'\' AND subject_id = \''.$subject_id.'\' AND school_id = \''.$school_id.'\' AND advisor_faculty_id = \''.$faculty_id.'\' AND subject_handler_id = \''.$subject_handeler_id.'\' ' ;
}
$values_boy = implode(', ', $values_boy);
$ready_edit_grades_boy = $update_grades_boys . $values_boy;
$save_grades_boy = mysql_query($ready_edit_grades_boy) or die(mysql_error());
please help guys. thanks in advance

Some problems here:
if $student_grades_boy contains more than 1 item, your sql will have multiple WHERE statements (you can only have 1);
you need a space between SET and the column name;
you have a serious sql injection problem;
you should switch to PDO or mysqli as the mysql_ functions are deprecated.

It appears you have no space between SET and grade.
Adding a space here should do the trick:
$update_grades_boys = "UPDATE registrar_grade_archive SET ";
If this doesn't do it, it would help tremendously if you could post the result of echo $ready_edit_grades_boy; and update your question.

try
$update_grades_boys = "UPDATE registrar_grade_archive SET ";
One space is needed after SET..

You are not escaping vars, so it could be some ' or " in your values.
http://php.net/manual/en/mysqli.real-escape-string.php

Can't update php database with a flash application

I am having some problem here. I am trying to develop a flash database manager for my company, and I already have the insert and "search" functions working okay. The problem comes up when trying to get the UPDATE working. Ill post both codes here:
PHP (UPDATED)
<?php
//connect to the local MySQL
$connect=mysql_connect("localhost", "****", "****");
//select your database
mysql_select_db("****");
//Variables
$ID=$_POST[IDPost];
$Nome=$_POST[Nome];
$Tipo=$_POST[Tipo];
$Empresa=$_POST[Empresa];
$Morada=$_POST[Morada];
$CodPostal=$_POST[CodPostal];
$Email=$_POST[Email];
$Contacto1=$_POST[Contacto1];
$Contacto2=$_POST[Contacto2];
$DataNascimento=$_POST[DataNascimento];
$Profissao=$_POST[Profissao];
$Notas1=$_POST[Notas1];
$Notas2=$_POST[Notas2];
//query the database
$query="
UPDATE
GestaoClientes
SET
Nome = '$Nome',
Tipo = '$Tipo',
Empresa = '$Empresa',
Morada = '$Morada',
CodPostal = '$CodPostal',
Email = '$Email',
Contacto1 = '$Contacto1',
Contacto2 = '$Contacto2',
DataNascimento = '$DataNascimento',
Profissao = '$Profissao',
Notas1 = '$Notas1',
Notas2 = '$Notas2'
WHERE
ID = '$ID'";
$result=mysql_query($query);
if (!mysql_query($query,$connect))
{
die('Error: ' . mysql_error());
echo "Result=NotOk";
}else{
echo "Result=Ok";
}
mysql_close($connect);
?>
Flash
public function editInfo(MouseEvent):void
{
var request:URLRequest = new URLRequest ("link.php");
request.method = URLRequestMethod.POST;
trace("called");
var variables:URLVariables = new URLVariables();
variables.IDPost = NField.text;
variables.Nome = NomeField.text;
variables.Email = NomeField.text;
variables.Morada = MoradaField.text;
variables.CodPostal = CodPostalField.text;
variables.Tipo = TipoField.text;
variables.Empresa = EmpresaField.text;
variables.Profissao = ProfissaoField.text
variables.DataNascimento = DataNascimentoField.text;
variables.Notas1 = Notas1Field.text;
variables.Notas2 = Notas2Field.text;
request.data = variables;
var loader:URLLoader = new URLLoader (request);
loader.addEventListener(Event.COMPLETE, onComplete);
loader.dataFormat = URLLoaderDataFormat.VARIABLES;
loader.load(request);
function onComplete(e:Event):void
{
trace("ok");
}
}
When I try going to the php in the browser if just gives me the error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Nome' = '', 'Tipo' = '', 'Empresa' = '', 'Morada' = '', 'CodPostal' = '', 'Emai' at line 4
This although is probably normal, since Im not passing any "POST" variables through the browser.
The flash doesent return any errors when trying this code, so I assume the connection itself is okay, but it doesent do the update either. Is there something wrong with this code? Thanks.
UPDATE: I now changed my code, and it does not show the syntax error, but still doesent update within the flash. Any ideias why? :/ thanks

You need to use backticks instead of single quotes for column names:
`Nome`
this is the reason for the syntax error. It is also possible to use no quotes at all.
Also, your code is vulnerable to SQL injection. Read up on the issue, it's essential for security.
To fix the vulnerability at hand, do the following on every variable:
$Nome = mysql_real_escape_string($_POST["Nome"]);
and then insert the escaped variable:
SET `Nome` = '$Nome',

I suggest you take a close look at escaping your external input! Inserting variables directly into your query exposes you to injection, which is an enormous security issue. (read this).
the problem you have is that you use single quotes around the field names, this is incorrect.
MySQL uses backticks ( ` ), but I do not recommend using those since they limit portability to other sql applications.

Remove the single quotes around the column names. Backticks (`) are allowed, single quotes (') are not.
I hope you realize that if your code really looks like above you have a massive security hole in your application, as anyone can execute arbitrary sql code.