I have function that updates log table.
function wslog($userID, $log, $where) {
safe_query("INSERT INTO ".PREFIX."log ( time, userID, log, where ) values( '".time()."', '".$userID."', '".$log."', '".$where."' ) ");
}
And I have this php code:
wslog($userID, 'server|'.mysql_insert_id().'', 'servers');
But I keep getting syntax error:
Query failed: errorno=1064
error=You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where ) values( '1269208030', '1', 'server|14', 'servers' )' at line 1
query=INSERT INTO ws_DII_log ( time, userID, log, where ) values( '1269208030', '1', 'server|14', 'servers' )
Is it possible that SQL doesn't like your log field name as it is a reserved word?
If so, try putting it is backticks
log ( `time`, `userID`, `log`, `where` )
Related
I am currently working on the following sql code which should insert a new data set only if it doesn't exist so far. The sql code works fine when being executed in phpmyadmin. If I execute the code within php I get the error (see below).
The sql code is the following:
INSERT INTO `historiclist` (`id`, `date`, `name`, `idnumber`, `prop1`, `prop2`, `prop3`, `difflimit1`, `difflimit2`)
SELECT * FROM (SELECT
0 as `id`,
1515529465 as `date`,
'johndoe' as `name`,
'381' as `idnumber`,
105 as `prop1`,
240 as `prop2`,
60 as `prop3`,
'-10' as `difflimit1`,
'-10' as `difflimit2`
) AS tmp
WHERE NOT EXISTS (
SELECT `id` FROM historiclist
WHERE `date` = 1515529465
AND `name` = 'johndoe'
AND `idnumber` = '381'
) LIMIT 1;
The mysql error I receive is:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INSERT INTO historiclist (id, date, name, idnumber, prop1, `prop' at line 21
The mysterious situation is also that prop2 is not fully displayed. So it cuts the 2 in the end of the name as well as e. g. prop3.
What am I missing?
//Edit I was missing something else as well ... here my php code:
$sql1return = sqlQUERY($connection, $sql1);
$message = 'Invalid query: ' . mysql_error() . "\n";
function sqlQUERY($connection, $sqlinput){
$return = #mysql_query($sqlinput, $connection);
return $return;
}
The database connection works just fine in any other place (I know it is a bit outdated however).
I need to insert into two tables at the same time so I'm using BEGIN and COMMIT in the query using $wpdb->query() and $wpdb->prepare() but unfortunately it doesn't work
Testing by [ die( $wpdb->last_error ); ],
Generates [ WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO TABLE_NAME ( name ) VALUES ( 'xxxxxx' ); at line 2] ]
P.S. I copied the printed query and paste it in mySQL Query window and IT WORKS!!!
$wpdb->query( $wpdb->prepare(
"BEGIN;
INSERT INTO {$tbl_accounts} ( name )
VALUES ( %s );
SELECT LAST_INSERT_ID() INTO #last_seller_id;
INSERT INTO {$tbl_apps} ( seller_id, slug, name, token )
VALUES ( #last_seller_id, %s, %s, %s );
COMMIT;",
$seller_name,
$app_name_sanitized,
$app_name,
$token_key )
);
I really do not understand why the query below is giving a error.
$sql = "INSERT INTO telefoonnotitie
(
verzoek_id,
klant_id,
contact_id,
offerte,
order,
factuur,
bestelling,
bericht,
gemaakt_id,
gemaakt,
user_id
)
VALUES
(
'".$verzoek_id."',
'".$klant_id."',
'".$contact_id."',
'".$offerte."',
'".$order."',
'".$factuur."',
'".$bestelling."',
'".$bericht."',
'".$_SESSION['user_id']."',
NOW(),
'".$_SESSION['user_id']."'
)
";
The error is 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, factuur, bestelling, bericht, ' at line 7'
The output of this query is
INSERT INTO terugbellen ( verzoek_id, klant_id, contact_id, offerte,
order, factuur, bestelling, bericht, gemaakt_id, gemaakt, user_id )
VALUES ( '1', '472', '1127', '', '', '6161003', '', 'Dit is een
testbericht', '1', NOW(), '1' )
Any suggestions?
order is a SQL key-word. Wrap that column name in back ticks, like this:
$sql = "INSERT INTO telefoonnotitie
(
verzoek_id,
klant_id,
contact_id,
offerte,
`order`,
factuur,
bestelling,
bericht,
gemaakt_id,
gemaakt,
user_id
)
VALUES
Suggestion, you should really use Prepared Statements instead of concatenating your queries to eliminate the risk of SQL Injection attacks.
I know what a syntax error is but i cant find the problem in my syntax. I did the sql in phpmyadmin first and not ive just copied and put variables in.
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 's new carving chisels. 1 x 13mm 4-point finishing claw Chisel.
Southern St' at line 3
Code:
public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){
mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
VALUES (
'$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
)") or die(mysql_error());
}
Many Thanks.
You need to apply mysql_real_escape_string over each variable before running the insert query
public function insert_row($vendor, $product_link, $product_title, $product_desc, $product_price){
$vendor = mysql_real_escape_string($vendor);
$product_link = mysql_real_escape_string($product_link);
$product_title = mysql_real_escape_string($product_title);
$product_desc = mysql_real_escape_string($product_desc);
$product_price = mysql_real_escape_string($product_price);
mysql_query("INSERT INTO `crawl_products` ( `vendor` , `product_link` , `product_title` , `product_desc` , `product_price` )
VALUES (
'$vendor', '$product_link', '$product_title', '$product_desc', '$product_price'
)") or die(mysql_error());
}
The tables need no Grave accents, e.g. "`vendor`" should just be "vendor", and try to write the variables like this:
VALUES ( '".$vendor."',
it should work then.
And what sythnet wrote about mysql_query($con applies to mysqli_qurey, not to mysql_query
Escape the inputs. Use mysql_real_escape_string.
Also have look at : Why shouldn't I use mysql_* functions in PHP?
I am trying to insert some values in the table the query is below:
Insert into
auditlog (
event,
desc,
userid,
useripaddress,
audittype
)
VALUES (
'User Authenticated',
'Useradminsuccessfully logged in to the system',
'1',
'127.0.0.1','1'
)
It gives me the following error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,userid,useripaddress,audittype)VALUES ('User Authenticated', 'User admin su' at line 1
However when i run the insert using PHPMYAdmin it does insert a value and the query generated is
INSERT INTO
`auditlog`(
`event`,
`desc`,
`userid`,
`useripaddress`,
`audittype`)
VALUES (
'User Authenticated',
'Useradminsuccessfully logged in to the system',
'1',
'127.0.0.1','1'
)
The only difference i see is the quotes which i dont believe are needed. I don't understand where am i going wrong and am breaking my head now :):)
The backticks are needed around desc because it is a reserved word.
INSERT INTO auditlog (event, `desc`, userid, useripaddress, audittype)
VALUES (
'User Authenticated',
'Useradminsuccessfully logged in to the system',
'1',
'127.0.0.1',
'1'
)
There is also no harm in adding backticks around the other column names if you aren't sure whether or not they are reserved words.
Here is a list of words that are reserved and needs to be backticked: http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html