I have the following code, which generates DQL queries.
When I echo my $dql and copy paste it into phpmyadmin and execute it, it works perfectly, but when trying to execute it with Doctrine I keep running into "'[Syntax Error] line 0, col 6981: Error: Unexpected 'WHERE'" error. What am I doing wrong?
$dqlStaticPartial = $dql = "UPDATE \VendorName\MyBundle\Entity\Product cp SET cp.guide_number = CASE ";
$uniqueIds = [];
$i = 0;
foreach($result as $row){
$guideNumber = $this->generateGuideNumber($param1, $param2);
$dql .= "WHEN cp.uniqid = '".$row['uniqid']."' THEN '$guideNumber' ";
$uniqueIds[] = "'".$row['uniqid']."'";
$i++;
if($i % 100 === 0){
$dql .= " END WHERE uniqid IN (".implode(',', $uniqueIds).")";
$this->entityManager->createQuery($dql)->execute();
$dql = $dqlStaticPartial;
}
}
(I know, this is not okay, i'm going to put this in a transaction and I will execute the query after every 100th iteration and I'm gonna escape inputs etc...first I want my query to work)
My guess is that you have more then 100 records and if that is the case then one of the problems you're creating is that your query ends up like this:
UPDATE cp SET cp.guide_number = CASE
WHEN cp.uniqid = '1' THEN '1234'
-- more rows ...
WHEN cp.uniqid = '99' THEN '4563'
END
WHERE uniqid IN (1,...,99)
WHEN cp.uniqid = '100' THEN '1234'
-- more rows ...
WHEN cp.uniqid = '199' THEN '4563'
END
WHERE uniqid IN (100,...,199)
etc. etc.
You should clear the allready executed part of your query and then restart building up your query once you reach ($i % 100 === 0)
I want to add record to a table which contain a picture. when i try to add, it shows me this error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' masalah = 'dsd' AND gambar = 'kerusi.JPG'' at line 1
so, here are the code
<?php
session_start();
include("Connections/connection.php");
$date = $_POST['date'];
$masalah = $_POST ['masalah'];
$gambar = $_POST ['gambar'];
$student_id = $_POST['student_id'];
$status = 'pending';
/*session yg di call tok lecturer tu*/
$student_id = "SELECT * FROM student WHERE student_id ='".$_SESSION['student_id']."'" ;
$result=mysql_query($student_id);
$getstudentid = mysql_fetch_assoc($result);
$student_id = $getstudentid['student_id'];
/*take 3 data from rc */
$sql = "SELECT * FROM aduan WHERE date = '$date', masalah = '$masalah' AND gambar = '$gambar' ";
$rr = mysql_query($sql) or die(mysql_error());
$tt = mysql_num_rows($rr);
if($tt > 0) {
header("Location: borang_aduan2.php?error=2");
} else { /*to check tarikh*/
$tarikh_user = strtotime($date);
$tarikh_harini = strtotime(date('Y-m-d'));
if($tarikh_user < $tarikh_harini) {
//error
header("Location: borang_aduan2.php?error=1");
} else {
//$No = $num_rows+1;
/*$sql_const = mysql_query ("Select MAX(user_name)as id from lecturer")or die (mysql_error());
$rows = mysql_fetch_array ($sql_const);
$id = $rows ['id'];*/
/*insert data*/
mysql_query("INSERT INTO aduan (date, masalah, gambar, student_id )
VALUES('$date','$masalah', '$gambar','$student_id')")
or die('Error: ' .mysql_error($conn));
echo "<script type='text/javascript'>
alert('Thanks make a report!')
location.href='borang_aduan2.php'
</script>";
}
//Freeing all memory associated with it
mysql_free_result($result);
//Closes specified connection
mysql_close($conn);
}
?>
Dont use "," in between two field selection criteria. So instead of:
SELECT * FROM aduan WHERE date = '$date',
^^
Use
SELECT * FROM aduan WHERE date = '$date' AND
problem in Mashable Slider Clone plugin when uload it in server
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 3] SELECT * FROM wp_mash_fields WHERE docid IN()
code for this is
$sql = "SELECT *
FROM $this->flds
WHERE docid IN(".implode(',' , array_keys($r)).")";
$r2 = $this->db->get_results($sql, ARRAY_A);
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 0,999' at line 3] SELECT SQL_CALC_FOUND_ROWS DISTINCT wp_mash_documents.* FROM wp_mash_documents WHERE wp_mash_documents.type='image' ORDER BY wp_mash_documents. LIMIT 0,999;
code for this is
function get($type, $page = 0, $limit = 10, $sort = 'modify_time', $ord = 'ASC', $rel = null, $dorder = false, $s = null)
{
$ll = $page * $limit;
$docs = $this->docs;
$flds = $this->flds;
$rels = $this->rels;
$inner = array();
$where = array();
$order = '';
// get ids
$sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT $docs.*".($dorder? ",$rels.dorder" : "")." FROM $docs";
switch ($sort) {
case "title":
$inner[$flds] = array("$docs.id", "$flds.docid");
$where["$flds.name"] = "='title'";
$order = "$flds.value_text $ord";
if (isset($s)) {
$where["MATCH ($flds.value_text)"] = " AGAINST ('$s')";
}
Given your error message:
ORDER BY wp_mash_documents. LIMIT 0,999;
^---missing field name
so my problem is this, I have a 3 part form that is a service ticket, the 1st part of the form is filled out by the dispatcher and submitted to mysql, the technician then see's they have a ticket assigned to them via email and they pull up the search result for tickets assigned to them and they click on a link in the search result that displays the 2nd form for them to enter what they did and what material and labor there is, this 2nd part of the form is my issue it has multiple values that are similar such as item_qty1, item_qty2, item_qty3 and so on. When I use more than 1 value like item_qty1 in my UPDATE tickets SET query I get a syntax error. Also, I am well aware that my code is subject to sql injection and I will deal with that when I have a working form. So here is my code:
<?php
// database connection //
include 'db_connect.php';
include 'data/var/variables.php';
//Writes the information to the database
mysql_query("UPDATE tickets SET work_performed = $work_performed,
item_qty1 = $item_qty1,
item_qty2 = $item_qty2,
item_qty3 = $item_qty3,
item_qty4 = $item_qty4,
item_qty5 = $item_qty5,
manuf_1 = $manuf_1,
manuf_2 = $manuf_2,
manuf_3 = $manuf_3,
manuf_4 = $manuf_4,
manuf_5 = $manuf_5,
part_number1 = $part_number1,
part_number2 = $part_number2,
part_number3 = $part_number3,
part_number4 = $part_number4,
part_number5 = $part_number5,
part_description1 = $part_description1,
part_description2 = $part_description2,
part_description3 = $part_description3,
part_description4 = $part_description4,
part_description5 = $part_description5,
part_price1 = $part_price1,
part_price2 = $part_price2,
part_price3 = $part_price3,
part_price4 = $part_price4,
part_price5 = $part_price5,
price_extension1 = $price_extension1,
price_extension2 = $price_extension2,
price_extension3 = $price_extension3,
price_extension4 = $price_extension4,
price_extension5 = $price_extension5,
material_total = $material_total,
sales_tax = $sales_tax,
shipping_cost = $shipping_cost,
work_date1 = $work_date1,
work_date2 = $work_date2,
work_date3 = $work_date3,
work_date4 = $work_date4,
work_date5 = $work_date5,
tech_name1 = $tech_name1,
tech_name2 = $tech_name2,
tech_name3 = $tech_name3,
tech_name4 = $tech_name4,
tech_name5 = $tech_name5,
cost_code1 = $cost_code1,
cost_code2 = $cost_code2,
cost_code3 = $cost_code3,
cost_code4 = $cost_code4,
cost_code5 = $cost_code5,
pay_rate1 = $pay_rate1,
pay_rate2 = $pay_rate2,
pay_rate3 = $pay_rate3,
pay_rate4 = $pay_rate4,
pay_rate5 = $pay_rate5,
total_hours1 = $total_hours1,
total_hours2 = $total_hours2,
total_hours3 = $total_hours3,
total_hours4 = $total_hours4,
total_hours5 = $total_hours5,
hours_subtotal1 = $hours_subtotal1,
hours_subtotal2 = $hours_subtotal2,
hours_subtotal3 = $hours_subtotal3,
hours_subtotal4 = $hours_subtotal4,
hours_subtotal5 = $hours_subtotal5,
total_hours = $total_hours,
material_total = $material_total,
labor_cost = $labor_cost,
grand_total = $grand_total WHERE `id` = '$id'");
mysql_affected_rows();
echo mysql_error();
?>
The code as it is wont post to the database, it displays the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' item_qty1 = , item_qty2 = , item_qty3 = ' at line 1
I was told I don't need apostrophe's or back ticks on my values so I removed them and still get the error. Now I changed my code a bit to remove any similar values, example I removed any value beyond value 1 so item_qty2, item_qty3 and so on I removed so I now have this code:
mysql_query("UPDATE `tickets` SET `work_performed` = '$work_performed',
`item_qty1` = '$item_qty1',
`manuf_1` = '$manuf_1',
`part_number1` = '$part_number1',
`part_description1` = '$part_description1',
`part_price1` = '$part_price1',
`price_extension1` = '$price_extension1',
`material_total` = '$material_total',
`sales_tax` = '$sales_tax',
`shipping_cost` = '$shipping_cost',
`work_date1` = '$work_date1',
`tech_name1` = '$tech_name1',
`cost_code1` = '$cost_code1',
`pay_rate1` = '$pay_rate1',
`total_hours1` = '$total_hours1',
`hours_subtotal1` = '$hours_subtotal1',
`total_hours` = '$total_hours',
`material_total` = '$material_total',
`labor_cost` = '$labor_cost',
`grand_total` = '$grand_total' WHERE `id` = '$id'");
This modified code works flawlessly everytime with no syntax errors and posts to the selected record every single time, but, this wont work for me, I need the additional values OR I need a way for the user to add additional fields to the form if they need to which would solve my problem of not having to enter a value in every field unless they have to. Also if anybody has any examples on how to compress this to make it more "functional" not so bulky I guess, that would be appreciated very much. Thanks!
to just optimize the code, what can be done is :
// define an array of column names and values got from input.
$column_names = array('column1' => $column1, 'column2' => $column2, .....);
// built an sql select clause
$select_clause = array();
foreach ($column_names as $cn => $cn_val) {
if (!empty($cn_val)) {
$select_clause = "{$cn} = {$cn_val}";
}
}
// built proper query
$sql = "UPDATE table_name SET" . implode(',', $select_clause) . " table_name WHERE .....";
// continue with your stuff.
I am having an issue with inserting an array of information into a mysql database. Basically I built a sortable gallery similar to Facebook's photo albums that can be arranged by moving the div to a new spot with jquery's sortable function.
I am using Ajax to call a php file which will inser the new order of the div's into the DB. The information is being passed correctly, it is just not being inserted correctly.
The error I am receiving is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Array' at line 1
The Php code is:
foreach ($_GET['listItem'] as $position => $item) {
if ($item >= 1) {
$sql[] = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'";
mysql_query($sql) or die(mysql_error());
}
}
If I remove the mysql_query function and just do a print_r, I get:
Array
(
[0] => UPDATE table SET order = '0' WHERE id = '2'
[1] => UPDATE table SET order = '1' WHERE id = '4'
[2] => UPDATE table SET order = '2' WHERE id = '3'
[3] => UPDATE table SET order = '3' WHERE id = '1'
[4] => UPDATE table SET order = '4' WHERE id = '5'
[5] => UPDATE table SET order = '5' WHERE id = '6'
)
This is the first time I have tried to do something like this. Any help would be great.
Thank you in advance for the help!
In mysql_query($sql) $sql is an array, therefore it's value is simply Array. When you assign $sql[] = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'"; simply make this line $sql = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'";. That should solve your problem.
EDIT:
You can leave the [] and simply remove the mysql_query from where it is. After your foreach list item, add this:
foreach($sql as $query) {
mysql_query($query);
}
Sounds like there is some confusion about what the [] operator does. You use [] when you want to append an element to the end of an existing array.
For example:
$sql = array();
$sql[] = 'UPDATE table SET order = "0" WHERE id = "2"';
mysql_query($sql); // this will produce the error you are seeing
Versus:
$sql = 'UPDATE table SET order = "0" WHERE id = "2"';
mysql_query($sql); // this will work
You should rewrite your code as such:
foreach ($_GET['listItem'] as $position => $item) {
if ($item >= 1) {
$sql = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'";
mysql_query($sql) or die(mysql_error());
}
}
That will do what you are intending. However, this is still not a good idea, since you are passing untrusted $_GET data directly to the database. I could, for example, call your script with a string like:
http://yoursite.com/yourscript.php?listItem=1'%3B%20DROP%20TABLE%20yourtable%3B
Since the value of listItem is going directly to the database -- and the $item >= 1 check is insufficient, since PHP will evaluate a string as an integer if it begins with numeric data -- all I have to do is add a single quote to terminate the previous query, and I am then free to inject whatever SQL command I'd like; this is a basic SQL injection attack. Whenever you write database-touching code, you should cleanse any input that might be going to the database. A final version of your code might look like:
foreach ($_GET['listItem'] as $position => $item) {
if ($item >= 1) { // this check may or may not be needed depending on its purpose
$sql = 'UPDATE table SET order = "' . mysql_real_escape_string($position) . '" WHERE id = "' . mysql_real_escape_string($item) . '"';
mysql_query($sql) or die(mysql_error());
}
}
There are other ways to cleanse input data as well, that is just one of them. Hope that helps.