Error Message:
SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND domain = 'ard.qc' AND snapshot_id = 2010 AND locale = 'en_US'' at line 1
SQL Query:
SELECT
entity_id,
content_id
FROM collateral_cms_mapping
WHERE entity_id IN ({$entity_ids})
AND domain = '{$this->getSite()->getInternalId()}'
AND snapshot_id = {$this->getSnapshotDao()->getCurrentSnapshot()}
AND locale = '{$locale}'
Actual SQL after the value is replaced and string concatenation:
SELECT
entity_id,
content_id
FROM
collateral_cms_mapping
WHERE
entity_id
IN
()
AND
domain = 'ard.qc'
AND
snapshot_id = 2009
AND
locale = 'en_US'
Any suggestions?
What's the value of $entity_ids? Probably it's empty, so your query contains IN () which is invalid.
You do not have to concatenate your strings.
It looks like the prepared query is faulty somewhere in the IN ({$entity_ids}).
Echo the query string to check your IN statement.
Definitely look at the IN statement. While I'm not familiar with MySQL, I don't believe an empty IN () clause is permitted in DB2 or Oracle (although I won't swear to it).
Related
I am using MySQL 5.6 , one of my table field contains JSON data. I am getting syntax error when using below query -
SELECT * FROM products WHERE device_id = '1212'and product_id = '54'and option = '"{"229":"20"}"'
field option has value as {"229":"20"} I am getting following error -
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'option = '"{"229":"20"}"'
LIMIT 0, 25' at line 1
Please suggest any solution , thanks much!!!
option is a reserved keyword in MySQL. Use backticks to escape it or choose a different name
... `option` = ...
I have the query for select between dates by customer below but it shows error as
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'brand1' in /path on line 92' at line 2
$query ="
SELECT *
FROM fuelinv
WHERE `billdate` BETWEEN '$from1' AND '$to1'
AND `cusname` = '$brand1'
";
Remove the '' around your variables. When using "" string in php you are free to use the variables without any special symbols.
I don't know why the following mySQL query keeps giving me the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://some.url' at line 2
The SQL query itself is this:
DB_ExecuteQuery("UPDATE driver
SET windowsPhoneID = $uri
WHERE userID = $userID");
$userID is just the primary key of the table and is just a VARCHAR. I don't know why the $uri part isn't valid. WindowsPhoneID should be stored as TEXT, so there aren't any mismatched types or anything like that.
Any pointers?
You should add quotes around the parameters:
DB_ExecuteQuery("UPDATE driver
SET windowsPhoneID = '$uri'
WHERE userID = '$userID'");
Remark:
And like Mike gently suggested, please use PDO or MySQLi to prevent sql-injection.
If I remove the line condition=\''.$this->condition.'\', it works.
If I let it there, the following error message appears:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'condition='unknown', promotional='0', website='0', quantity='1',
' at line 7
mysql_query('UPDATE products SET
name = \''.$this->name.'\',
description = \''.$this->description.'\',
brand = \''.$this->brand.'\',
model = \''.$this->model.'\',
price=\''.$this->price.'\',
condition=\''.$this->condition.'\',
promotional=\''.$this->promotional.'\',
website=\''.$this->website.'\',
quantity=\''.$this->quantity.'\',
service=\''.$this->service.'\'
WHERE id = \''.$this->id.'\' '
CONDITION is a reserved mysql keyword. You must enclose it in backticks:
`condition`=\''.$this->condition.'\',
You have to rename condition column. See Reserved MySQL keywords table
I'm having a problem with a query prepared in PHP with PDO. The code:
$link = new PDO("mysql:dbname=$dbname;host=127.0.0.1",$username,$password);
$link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = $link->prepare("SELECT locality_name FROM :passedday GROUP BY locality_name ORDER BY locality_name DESC");
$query->bindParam(":passedday",$day); //Where day is, well, a day passed to the script elsewhere
$query->execute();
$result = $query->fetchAll();
$link = null;
//Do things with the $result.
The error message I am getting is:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''05_26_09' GROUP BY locality_name ORDER BY locality_name DESC' at line 1
When I execute the query on the server directly, it returns the appropriate result set without any problem. Any ideas what I'm doing wrong?
TIA.
Edit:
$day is passed as a GET argument. So, http://127.0.0.1/day.php?day=05_26_09 leads to $day = $_GET['day'];.
If 05_26_09 is supposed to bet the table's name, then I guess you've an escaping problem. Is your local operating system different from the live server?
I don't think you can use bindValue()/bindParam() for something else than values (eg. table name, field name). So I'm a bit suprised, that it works on your local system.
PDO uses mysql's C-API for prepared statements.
http://dev.mysql.com/doc/refman/5.0/en/mysql-stmt-prepare.html says:The markers are legal only in certain places in SQL statements. [...] However, they are not allowed for identifiers (such as table or column names)As a rule of thumb I use: "if you can't wrap it in single-quotes in an ad-hoc query string you can't parametrize it in a prepared statement"