MySQL Syntax error in the update statement, NodeJS(MySQL2) module - mysql

I am using Node.JS along with the mysql2 module. It's basically like when I try to update a column with a JSON stingified data, I get the following error:
{ Error: You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near '"1050":1}WHERE
`user` = ?' at line 1
The stingified JSON data:
{"1050":1}
The query:
var sql = 'UPDATE `users` SET `furniture` = ' + 'concat(furniture,' + JSON.stringify(self.furniture) + ')' + 'WHERE `user` = ?';
self.furniture is related to something else, but I can assure you that self.furniture is returning that JSON data thus I get the mysql syntax error.
sqlMessage: 'You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use near \'"1050":

Issue is resolved using backticks along with single quotes.
var sql = 'UPDATE `users` SET `furniture` = ' + `concat(furniture, '${lol}')` + 'WHERE `user` = ?';
var lol = JSON.stringify(self.furniture)

Your query line says in part
...ingify(self.furniture) + ')' + 'WHERE `us...
It should have an extra space after the close parenthesis.
...ingify(self.furniture) + ') ' + 'WHERE `us...
Here's the thing about MySQL syntax errors: the message shows the erroneous query starting with the first character MySQL does not understand. A good way to troubleshoot this kind of thing is to use console.log() to output the entire query string, then look at it carefully. You will usually find something obvious wrong.

Related

PARSE_ERROR MySQL

These lines give me the parse error, ı checked my syntax many times but it seems alright to me. I don't understand why does it give this error
code:
INSERT INTO club_request(RequestID,"Besiktas")
SELECT RequestID
FROM Request
WHERE RequestName = "New goalkeeper";
error:
ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"Besiktas") SELECT RequestID FROM Request WHERE RequestName = "New goalkeeper"' at line 1
INSERT INTO club_request(RequestID, ClubName)
SELECT RequestID, ClubName
FROM Request, Club
WHERE RequestName = "New goalkeeper" AND ClubName = "Besiktas";
lately I have turned it into this and now it works as I wanted, can't we insert partial value from select clause and partial value as a string ?

MySQL 5.6.41 errno 1064: Creating a MySQL query with variables

I have a (currently localhost, but soon to be through AWS) Node.JS server with Express and I'm trying to update an RDS instance through a MySQL query when I'm getting the following error:
{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''history0' = 'http://localhost:3000/' WHERE id = 1' at line 1]
code: 'ER_PARSE_ERROR',
errno: 1064,
sqlMessage: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\'history0\' = \'http://localhost:3000/\' WHERE id = 1\' at line 1',
sqlState: '42000',
index: 0,
sql: 'UPDATE infected SET \'history0\' = \'http://localhost:3000/\' WHERE id = 1;' }
The POST request causing the error:
app.post('/history', function(req, res) {
var hist = 'history' + 0;
var sql = 'UPDATE infected SET ? = ? WHERE id = ?;';
connection.query(sql, [hist, req.body[0].url, 1]);
});
I'm using hist as a variable because I plan to have it in a loop, but I wasn't sure if the way I'm declaring it here is causing the issue so I left it as is. req.body is the output of JSON.stringify() called on call to chrome.history.search(). So I'm trying to get the URL of the entry at index 0.
I've tried a direct call to connection.query with a hard-coded string as follows:
connection.query("UPDATE infected SET history0='google.com' WHERE id='1'");
and it successfully updates the database, so I figure there's an issue with how I'm using the question marks to insert variables hist and req.body[0].url into the query, but I can't figure out what the issue is.
try with double "??" for the keys, this way:
app.post('/history', function(req, res) {
var hist = 'history' + 0;
var sql = 'UPDATE infected SET ?? = ? WHERE id = ?;';
connection.query(sql, [hist, req.body[0].url, 1]);
});

NODEJS MySQL Bindings throws ER_PARSE_ERROR 1064

Given the following:
let sql: any = 'SELECT * FROM test_people ORDER BY :column :direction LIMIT :limit, :offset';
let binds: any = { column: 'name', direction: 'desc', limit: '1', offset: '10' };
let result = await mysql.query(sql, binds);
For whatever reason it throws mysql syntax error, if I replace the bindings and write it hard-coded without the bindings then the query actually works and fetches the result. not sure what is wrong here. help ! :)
BTW, I also tried it with the question marks version, getting same syntax error.
Error output:
...
code: 'ER_PARSE_ERROR',
errno: 1064,
'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near \':column :direction LIMIT :limit, :offset\' at line 1',
...
Appreciate any solution,
Only values can be bound. Column names (in ORDER BY), and the :direction cannot be bound. Also FYI table names, database names and other parts of the SQL syntax cannot be bound.

Unknown SQL syntax error for ScalikeJDBC with SQL interpolation

To avoid DRY, I'm attempting to create an sql INSERT statement with variable column names and the data to fill those columns via ScalikeJDBC's sql interpolation:
case class MySQLInsertMessage(tableName:String, columns:List[String], values:List[String])
def depositMessage(msg: MySQLInsertMessage): Unit = {
NamedDB('MySQLMsgDepositor) localTx { implicit session =>
val sqlStmt = sql"INSERT INTO ${msg.tableName} (${msg.columns}) VALUES (${msg.values})"
println("The sql statement is: " + sqlStmt.statement)
println("The parameters are: " + sqlStmt.parameters)
sqlStmt.update().apply()
}
}
And when I call this with:
depositMessage(MySQLInsertMessage("My_Table", List("key", "email"), List("42", "user#email.com")))
the resulting console printout is:
The sql statement is: INSERT INTO ? (?, ?) VALUES (?, ?)
The
parameters are: List(My_Table, key, email, 42, user#email.com)
You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ''My_Table'
('key', 'email') VALUES ('42', 'user#emai' at line 1
java.sql.SQLSyntaxErrorException: You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''My_Table' ('key', 'email') VALUES
('42', 'user#emai' at line 1
I've tried wrapping the sql"..." as such instead:sql"""...""", but that doesn't seem to make a difference. I can execute the expected statement just fine in my MySQL workbench GUI. Any idea what my syntax error is?
Stemming from the hint from #scaisEdge, it seems ScalikeJDBC, when using its syntax, will always place single quotes around any parameterized values. And judging from here - https://github.com/scalikejdbc/scalikejdbc/issues/320 - this is a known issue.
With a MySQL INSERT statement (or others), your table name or column values may not have single quotes around them, though they are allowed to have backticks.
You can use their SQLSyntax.createUnsafely(str:String) method, or, if I wanted to do this as I was doing above, instead of using sql"...", I could use the old way of SQL(s"INSERT INTO ${msg.tableName} (${msg.columns.mkString(",")})")
Note - I believe both of these leave you open to injection attacks. Since, for me, this is a local API and you'd have to have the DB's username and password regardless to use it, I'm going with the createUnsafely way of doing things, with a little regex "cleaner" for a little inelegant piece of mind:
def depositMessage(msg: MySQLInsertMessage): Unit = {
NamedDB('MySQLMsgDepositor) localTx { implicit session =>
val unsafeSQLRegex = "[`'\"]".r
val table = SQLSyntax.createUnsafely(s"`${unsafeSQLRegex.replaceAllIn(msg.tableName, "")}`")
val columns = SQLSyntax.createUnsafely(msg.columns.map(value => unsafeSQLRegex.replaceAllIn(value, "")).mkString("`", "`, `", "`"))
val sqlStmt = sql"INSERT INTO $table ($columns) VALUES (${msg.values})".update().apply()
}
}
}

How to append string to column

I want to append a string as a prefix to the values of a column. When I try this one:
UPDATE ortsbezug SET Zusatz = CONCAT("Nordseite",Zusatz) WHERE FSOrtID = 2425;
I always get an error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ') FROM ortsbezug WHERE FSOrtID = 2425 AND (Zusatz <> CONCAT("Nordseite" OR Zus' at line 1
Anyone has an idea where exactly the error could be?
screenshot of query and error