This code is part of a database search autocomplete function. It was coded a while ago but the database has since been upgraded from mysql to MariaDB.
This is the part of the code giving an error.
$sql = 'SELECT tree_id, tree_common_name, tree_botanical_name FROM all_trees';
for($i = 0; $i < $p; $i++) {
$sql .= 'WHERE CONCAT(tree_common_name,tree_botanical_name) LIKE ? ';
}
$stmt = $conn->prepare($sql);
if($stmt === false) {
$user_error = 'Wrong SQL: ' . $sql . '<br>' . 'Error: ' . $conn->errno . ' ' . $conn->error;
trigger_error($user_error, E_USER_ERROR);
}'
The error message
PHP Fatal error: Wrong SQL: SELECT tree_id, tree_common_name, tree_botanical_name FROM all_treesWHERE CONCAT(tree_common_name,tree_botanical_name) LIKE ? <br>Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '(tree_common_name,tree_botanical_name) LIKE ?' at line 1 in /home/wiwi1740/public_html/includes/autocomplete.php on line 73
I've looked at using
$sql .= 'WHERE CONCAT_WS(' ',tree_common_name,tree_botanical_name) LIKE ? ';
but still throws an error.
Any tips would be appreciated. This code originally came from someone else that I adapted for my client.
Related
I'm a beginner programmer and I'm getting a problem that I cannot seem to overcome. I predict it's a small syntax error but I don't know.
The code I'm using is the following:
<?php
$x=$_POST['firstname'];
$y=$_POST['lastname'];
$servername = "localhost";
$username = "root";
$password = "";
$dbname="db1";
//Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
//Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
$sql = "INSERT INTO 'user' ('fname', 'lname') VALUES ('$x','$y')";
if ($conn->query($sql) === TRUE) {
echo "New record created succesfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
?>
Once I press submit to input the data the following error comes up:
Connected successfullyError: INSERT INTO 'user' ('fname', 'lname') VALUES ('rty','rty')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''user' ('fname', 'lname') VALUES ('rty','rty')' at line 1
Any help? Thanks in advance.
update your query replace single quote(') from table name and column name with (`), Like
$sql = "INSERT INTO `user` (`fname`, `lname`) VALUES ('$x','$y')";
Why do I get this error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1?
<?php
include'model.php';
global $db;
try {
$sql ='SELECT accounts.username '
. 'FROM accounts '
. 'WHERE accounts.username = '
.$_POST[username];
$stmt = $db->prepare($sql);
$stmt->execute();
$navList = $stmt->fetchAll();
$stmt->closeCursor();
header('location: ./view_cms.php');
} catch (PDOException $exc) {
echo $exc->getMessage();
// header('location: ./view_error.php');
exit;
}
?>
Because you need to wrap strings in single quotes in the WHERE clause. You also need to access $_POST entries with a quoted string key:
$sql = "SELECT accounts.username ".
"FROM accounts ".
"WHERE accounts.username = '".$_POST["username"]."'";
Plus, this is the reason why PHP based web software has a bad reputation. Sanitize your inputs, for heaven's sake!! Your prepare statement doesn't do anything as you're not using parameters (your statement is not a prepared statement).
I run the php code below within the 'Eval' section of a Fabrik form element. The code is supposed to return/put a number in a form field, but nothing appears in the form field.
When I used another query (refer to '$query-> ' lines) the code does work, so I get the impression that the query contains errors; however, when executing the related webpage with the form fields no sql error appears.
I have no idea what is wrong with the query(?)
Code:
$form_productname = 'testproduct';
$form_username = 'myname';
$db = JFactory::getDbo();
// Create a new query object.
$query = $db->getQuery(true);
//$query->select($db->quoteName(array('a.id', 'b.productid')));
$query->select($db->quoteName('b.productid'));
$query->from($db->quoteName('#__products', 'b'));
$query->join('INNER', $db->quoteName('#__extendedreg_users', 'a') . ' ON (' . $db->quoteName('a.user_id') . ' = ' . $db->quoteName('b.owner') . ')
AND (' . $db->quoteName('a.cf_collectivename') . ' = ' . $db->quote($form_username) . ')
AND (' . $db->quoteName('b.productname') . ' = ' . $db->quote($form_productname)).')'.;
//echo $query;exit;
$db->setQuery($query);
$db->execute();
$results = $db->loadObjectList();
return count($results);
UPDATE: cause was syntax php error in where statement:
. $db->quote($form_productname)).
must be:
. $db->quote($form_productname).
You are not getting any errors because you are not catching any errors. Have a look at How to do SQL exception / error handling.
Do at least a $query->dump() and run your query in a console if you can't figure out what is wrong.
I don't understand why are you quoting the value you are comparing $form_username and $form_productname. But maybe it's late and I am tired.
I'm getting strange error in mysql syntax, non of the posts here helps me.
I'm tring to get next 3 items in table, so I made this function:
$app->get('/items/:id/:nOf', 'getNextItem');
function getNextItem($id,$nOf) {
$sql = "SELECT * FROM `items` WHERE `id` > :id ORDER BY `id` LIMIT :nOf";
try {
$db = getConnection();
$stmt = $db->prepare($sql);
$stmt->bindParam(":id", $id);
$stmt->bindParam(":nOf", $nOf);
$stmt->execute();
$item = $stmt->fetchObject();
$db = null;
echo json_encode($item);
} catch(PDOException $e) {
$result = array("status" => "error", "message" => 'Exception: ' . $e->getMessage(),"fnc"=>"getItems($id,$nOf)");
echo json_encode($result);
}
}
End the output is:
{"status":"error",
"message":"Exception: SQLSTATE[42000]: Syntax error or access violation: 1064
You have an error in your SQL syntax;check the manual that corresponds
to your MariaDB server version for the right syntax to use near ''3''
at line 1","fnc":"getItems(1,3)"}
I don't see anything wrong. Sql command is working fine in phpmyadmin. Original post on slim forum here.
Try to bind $nOf as an integer:
$stmt->bindParam(":nOf", $nOf, PDO::PARAM_INT);
I have this code to create a database based off of a random number.
<?php
$con = mysql_connect("localhost","soociali","[censored]");
$databasename = rand(5, 7);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if (mysql_query("CREATE DATABASE $databasename",$con))
{
echo "Database created, called $databasename";
}
else
{
echo "Error creating database: " . mysql_error();
}
mysql_close($con);
?>
However, I get this error: Error creating database: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '6' at line 1
Wrap your database name in ` marks:
if (mysql_query("CREATE DATABASE `$databasename`",$con))
The query "CREATE DATABASE 6;" is confusing MySQL as it's expecting an alphanumeric database name rather than what looks like a straight integer to it.
The name of your database will be parsed as a number. Just put betwwen backticks like this :
mysql_query("CREATE DATABASE `$databasename`",$con)