Syntax error in sql statement? - mysql

I am getting a syntax error in the following lines. I am not familiar with mysql so any pointers will be helpfull
ps = con.prepareStatement("INSERT INTO order(status,ordered_on,total_price,user_id) "
+ " VALUES(?,?,?,?)");
ps.setString(1,"pending");
ps.setTimestamp(2,date);
ps.setDouble(3,total_price);
ps.setInt(4,ID);
The error was
MySQL server version for the right syntax to use near 'order(status,ordered_on,total_price,user_id) VALUES('pending','2017-03-22 04:08' at line 1

The problemis that order is a reserved keyword for mysql ; so you have two solutions at your disposal
1 : if you are required some raison to use that work in case you case use backtick escapes `order`
2 : you can use plural for the tables name like orders
ps = con.prepareStatement("INSERT INTO `order`(status,ordered_on,total_price,user_id) "
+ " VALUES(?,?,?,?)");
ps.setString(1,"pending");
ps.setTimestamp(2,date);
ps.setDouble(3,total_price);
ps.setInt(4,ID);
This is q link to the mysal reserved keywords

Related

Python MySQL INSERT unicode

I'm trying to insert JSON data into an MySQL database:
def mapClients():
for d in devices:
clientMap = d['dot11.device']['dot11.device.associated_client_map'].keys()
for item in clientMap:
clientList = kr.device_by_mac(item)
times = kr.device_summary_since()
for c in clientList:
sqlMac = c['kismet.device.base.macaddr'],
sqlType = c['kismet.device.base.type'],
sqlManuf = c['kismet.device.base.manuf'],
ktime = c['kismet.device.base.last_time'],
for t in ktime:
sqlTime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(t))
cur.execute("INSERT INTO devices(apID,mac,type,manuf,last_seen) VALUES(1,'" + str(sqlMac) + "','" + str(sqlType) + "','" + str(sqlManuf) + "','" + sqlTime + "');")
conn.commit()
mapClients()
This returns the following error:
pymysql.err.ProgrammingError: (1064, u"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES(1,'(u'58:E2:8F:CF:20:B3',)','(u'Wi-Fi Client',)','(u'Apple',)','20-10-201' at line 1")
I can see from the error that the various values are being suffixed with a 'u'. I understand through a lot of searching and learning that (I think) this means the data is unicode.
What I want to do is find a way of converting/decoding the data so the INSERT statements work. Some of the variables are tuples, some strings. Any help much appreciated.
You are inserting tuples, not strings; remove the trailing commas:
sqlMac = c['kismet.device.base.macaddr']
sqlType = c['kismet.device.base.type']
sqlManuf = c['kismet.device.base.manuf']
ktime = c['kismet.device.base.last_time']
sqlTime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(ktime))
It’s the trailing comma that turns those expressions into tuples, and str() on a tuple gives you the container Unicode string as the u'....' representation that then clashes with the ' quoting you are adding.
Note that removes the need to loop over ktime!
Next, you really want to use SQL parameters, not string concatenation. Use placeholders instead of '" + str(...) + "', and leave handling of quoting to the database adapter:
cur.execute("""
INSERT INTO devices (apID, mac, type, manuf, last_seen)
VALUES (1, %s, %s, %s, %s)
""", (sqlMac, sqlType, sqlManuf, sqlTime))
The %s are the placeholders; depending on your exact MySQL Python library, you may need to use ? questionmarks instead.
Not only would this let you avoid having to think about quoting, it also removes a serious security issue: the JSON you load could contain a SQL injection attack and SQL parameters are the best way to neutralise that attack vector.
For the error message you posted, you have forgotten to place the closing parentheses before the VALUES in your SQL Query. The query should be like:
cur.execute("INSERT INTO devices(apID,mac,type,manuf,last_seen) VALUES(1,'" + str(sqlMac) + "','" + str(sqlType) + "','" + str(sqlManuf) + "','" + str(sqlTime) + "');")

How do I fix this SQL syntax error, I cannot find it

1064 - You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'INSERT INTO ******_sports_teams (******_team_id,
******_content_type_id, ******' at line 2
That is the error I get to this script;
The stars cover the name of the company I work for that I cannot release, but they are all the same word that I know is spelled correctly.
SELECT * FROM `******_sports_teams` WHERE 1
INSERT INTO ******_sports_teams
(******_team_id, ******_content_type_id, ******_content_type_desc,
******_sport_name, ******_sport_confernece, ******_sport_division,
******_sport_city, ******_sport_team)
VALUES
(1,4,'Sports','NBA','Eastern','Atlantic','Boston','Celtics'),
(2,4,'Sports','NBA','Eastern','Atlantic','Brooklyn','Nets'),
(3,4,'Sports','NBA','Eastern','Atlantic','Newy York','Knicks'),
(4,4,'Sports','NBA','Eastern','Atlantic','Philedelphia','76ers'),
(5,4,'Sports','NBA','Eastern','Atlantic','Toronto','Raptors'),
(6,4,'Sports','NBA','Eastern','Central','Chicago','Bulls'),
(7,4,'Sports','NBA','Eastern','Central','Cleveland','Cavaliers'),
(8,4,'Sports','NBA','Eastern','Central','Detriot','Pistons'),
(9,4,'Sports','NBA','Eastern','Central','Indiana','Pacers'),
(10,4,'Sports','NBA','Eastern','Central','Milwaukee','Bucks'),
(11,4,'Sports','NBA','Eastern','Southeast','Atlanta','Hawks'),
(12,4,'Sports','NBA','Eastern','Southeast','Charlotte','Hornets'),
(13,4,'Sports','NBA','Eastern','Southeast','Miami','Heat'),
(14,4,'Sports','NBA','Eastern','Southeast','Orlando','Magic'),
(15,4,'Sports','NBA','Eastern','Southeast','Washington','Wizards'),
(16,4,'Sports','NBA','Western','Southwest','Dallas','Mavericks'),
(17,4,'Sports','NBA','Western','Southwest','Houston','Rockets'),
(18,4,'Sports','NBA','Western','Southwest','Memphis','Grizzlies'),
(19,4,'Sports','NBA','Western','Southwest','New Orleans','Pelicans'),
(20,4,'Sports','NBA','Western','Southwest','San Antonio','Spurs'),
(21,4,'Sports','NBA','Western','Northwest','Denver','Nuggets'),
(22,4,'Sports','NBA','Western','Northwest','Minnesota','Timber Wolves'),
(23,4,'Sports','NBA','Western','Northwest','Oaklohoma City','Thunder'),
(24,4,'Sports','NBA','Western','Northwest','Portland','Trail Blazers'),
(25,4,'Sports','NBA','Western','Northwest','Utah','Jazz'),
(26,4,'Sports','NBA','Western','Pacific','Golden State','Warriors'),
(27,4,'Sports','NBA','Western','Pacific','Los Ageles','Clippers'),
(28,4,'Sports','NBA','Western','Pacific','Los Ageles','Lakers'),
(29,4,'Sports','NBA','Western','Pacific','Pheonix','Suns'),
(30,4,'Sports','NBA','Western','Pacific','Sacremento','Kings'),
(31,4,'Sports','MLB','American','East','Tampa Bay','Rays'),
(32,4,'Sports','MLB','American','East','New York','Yankees'),
(33,4,'Sports','MLB','American','East','Baltimore','Orioles'),
(34,4,'Sports','MLB','American','East','Toronto','Blue Jays'),
(35,4,'Sports','MLB','American','East','Boston','Red Socks'),
(36,4,'Sports','MLB','American','Central','Kansas City','Royals'),
(37,4,'Sports','MLB','American','Central','Minnesota','Twins'),
(38,4,'Sports','MLB','American','Central','Detriot','Tigers'),
(39,4,'Sports','MLB','American','Central','Cleveland','Indians'),
(40,4,'Sports','MLB','American','Central','Chicago','White Sox'),
(41,4,'Sports','MLB','American','West','Houston','Astros'),
(42,4,'Sports','MLB','American','West','Texas','Rangers'),
(43,4,'Sports','MLB','American','West','Los Ageles','Angels'),
(44,4,'Sports','MLB','American','West','Seattle','Mariners'),
(45,4,'Sports','MLB','American','West','Oakland','Athletics'),
(46,4,'Sports','MLB','National','East','New York','Mets'),
(47,4,'Sports','MLB','National','East','Washington','Nationals').
(48,4,'Sports','MLB','National','East','Atlanta','Braves'),
(49,4,'Sports','MLB','National','East','Philedelphia','Phillies'),
(50,4,'Sports','MLB','National','East','Miami','Marlins'),
(51,4,'Sports','MLB','National','Central','St. Louis','Cardinals'),
(52,4,'Sports','MLB','National','Central','Pittsburg','Pirates'),
(53,4,'Sports','MLB','National','Central','Chicago','Cubs'),
(54,4,'Sports','MLB','National','Central','Cincinnati','Reds'),
(55,4,'Sports','MLB','National','Central','Milwaukee','Brewers'),
(56,4,'Sports','MLB','National','West','Los Ageles','Dodgers'),
(57,4,'Sports','MLB','National','West','San Francisco','Giants'),
(58,4,'Sports','MLB','National','West','Arizona','Diamondbacks'),
(59,4,'Sports','MLB','National','West','San Diego','Padres'),
(60,4,'Sports','MLB','National','West','Colorado','Rockies'),
(61,4,'Sports','NFL','NFC','East','Dallas','Cowboys'),
(62,4,'Sports','NFL','NFC','East','New York','Giants'),
(63,4,'Sports','NFL','NFC','East','Philedelphia','Eagles'),
(64,4,'Sports','NFL','NFC','East','Washington','Redskins'),
(65,4,'Sports','NFL','NFC','West','Arizona','Cardinals'),
(66,4,'Sports','NFL','NFC','West','San Francisco','49ers'),
(67,4,'Sports','NFL','NFC','West','Seattle','Seahawks'),
(68,4,'Sports','NFL','NFC','West','St. Louis','Rams'),
(69,4,'Sports','NFL','NFC','North','Chicago','Bears'),
(70,4,'Sports','NFL','NFC','North' ,'Detriot','Lions'),
(71,4,'Sports','NFL','NFC','North' ,'Green Bay','Packers'),
(72,4,'Sports','NFL','NFC','North' ,'Minnesota','Vikings'),
(73,4,'Sports','NFL','NFC','South','Atlanta','Falcons'),
(74,4,'Sports','NFL','NFC','South', 'Carolina','Panthers'),
(75,4,'Sports','NFL','NFC','South','New Orleans','Saints'),
(76,4,'Sports','NFL','NFC','South','Tampa Bay','Buccaneers'),
(77,4,'Sports','NFL','AFC','East','Buffalo','Bills'),
(78,4,'Sports','NFL','AFC','East','Miami','Dolphins'),
(79,4,'Sports','NFL','AFC','East','New England','Patriots'),
(80,4,'Sports','NFL','AFC','East','New York','Jets'),
(81,4,'Sports','NFL','AFC','West','Denver','Broncos'),
(82,4,'Sports','NFL','AFC','West','Kansas City','Chiefs'),
(83,4,'Sports','NFL','AFC','West','Oakland','Raiders'),
(84,4,'Sports','NFL','AFC','West','San Diego','Chargers'),
(85,4,'Sports','NFL','AFC','North' ,'Baltimore','Ravens'),
(86,4,'Sports','NFL','AFC','North' ,'Cleveland','Browns'),
(87,4,'Sports','NFL','AFC','North','Pittsburg','Steelers'),
(88,4,'Sports','NFL','AFC','North' ,'Cincinnati','Bengals'),
(89,4,'Sports','NFL','AFC','South','Houston','Texans'),
(90,4,'Sports','NFL','AFC','South','Indianapolis','Colts'),
(91,4,'Sports','NFL','AFC','South','Jacksonville','Jaguars'),
(92,4,'Sports','NFL','AFC','South','Tennessee','Titans'),
(93,4,'Sports','NHL','NHL','Central','Chicago','Blackhawks'),
(94,4,'Sports','NHL','NHL','Central','Colorado','Avalanche'),
(95,4,'Sports','NHL','NHL','Central','Dallas','Stars'),
(96,4,'Sports','NHL','NHL','Central','Minnesota','Wild'),
(97,4,'Sports','NHL','NHL','Central','St. Louis','Blues'),
(98,4,'Sports','NHL','NHL','Central','Winnipeg','Jets'),
(99,4,'Sports','NHL','NHL','Central','Nashville','Predators'),
(100,4,'Sports','NHL','NHL','Pacific','Anaheim' ,'Ducks'),
(101,4,'Sports','NHL','NHL','Pacific','Arizona','Coyotes'),
(102,4,'Sports','NHL','NHL','Pacific','Clagary','Flames'),
(103,4,'Sports','NHL','NHL','Pacific','Edmonton','Oilers'),
(104,4,'Sports','NHL','NHL','Pacific','Los Ageles','Kings'),
(105,4,'Sports','NHL','NHL','Pacific','San Jose','Sharks'),
(106,4,'Sports','NHL','NHL','Pacific','Vancouver','Canucks'),
(107,4,'Sports','NHL','NHL','Atlantic','Boston','Bruins'),
(108,4,'Sports','NHL','NHL','Atlantic','Buffalo','Sabres'),
(109,4,'Sports','NHL','NHL','Atlantic','Detriot','Red Wings'),
(110,4,'Sports','NHL','NHL','Atlantic','Florida','Panthers'),
(111,4,'Sports','NHL','NHL','Atlantic','Montreal','Canadiens'),
(112,4,'Sports','NHL','NHL','Atlantic','Ottawa','Senators'),
(113,4,'Sports','NHL','NHL','Atlantic','Tampa Bay','Lightning'),
(114,4,'Sports','NHL','NHL','Atlantic','Toronto','Maple Leafs'),
(115,4,'Sports','NHL','NHL','Metropolitan','Corolina','Hurricanes'),
(116,4,'Sports','NHL','NHL','Metropolitan','Columbus','Blue Jackets'),
(117,4,'Sports','NHL','NHL','Metropolitan','New Jersey','Devils'),
(118,4,'Sports','NHL','NHL','Metropolitan','New York','Islanders'),
(119,4,'Sports','NHL','NHL','Metropolitan','New York','Rangers'),
(120,4,'Sports','NHL','NHL','Metropolitan','Philedelphia','Flyers'),
(121,4,'Sports','NHL','NHL','Metropolitan','Pittsburg','Penguins'),
(122,4,'Sports','NHL','NHL','Metropolitan','Washington','Capitals')
you have a dot (.) instead of a comma (,) at the end of the line with ID 47:
(47,4,'Sports','MLB','National','East','Washington','Nationals').
Change it to
(47,4,'Sports','MLB','National','East','Washington','Nationals'),
You have a period at the end of this line:
(47,4,'Sports','MLB','National','East','Washington','Nationals').
It should be a comma
Your error message show us, that two queries does not separated with ;
Just remove Select query, or add ; after it.
Then, double check syntax, or read next error message. You have points instead of comma somewhere.
Your first query retrieve all data from the table. It's:
SELECT * FROM `******_sports_teams` WHERE 1
It should terminated with semicolon before you call next (INSERT) query

Load Data Infile errors

In the syntax of load infile data i saw that the fields and line clauses are optional. So I used only character set clause for utf8
Here my sql:
cmd = new MySqlCommand("LOAD DATA INFILE " + filename + " INTO TABLE " + tblname + " CHARACTER SET 'UTF8'", conn);
filename is the addresse it's format is: "E:\Macdata\20131228\atelier.sql"
table name is directly taken from database is as : "atelier"
But I get the error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'E:\Macdata\20131228\atelier.sql INTO TABLE atelier CHARACTER SET 'UTF8'' at line 1
What is the mistake in my query command ?
MYSQLversion is 5.0.10 with XAMPP
After changing the query I begin to receive fatal error number 0 (enclosed filename with ')
cmd = new MySqlCommand("LOAD DATA LOCAL INFILE '" + filename + "' IGNORE INTO TABLE " + tblname + " CHARACTER SET UTF8", conn);
My data file has this form which works on phpmyadmin
INSERT INTO `atelier` VALUES(1, 'Chateau Carbonnieux -1', '2013-12-26', 23, 10, 0, '4 macarons differents', 'mamie', '2013-12-15 11:09:14', 'sabrina', '2013-12-18 05:29:26');
As the error says, your statements is wrong. Quotes are missing in your first statement (see second statement). Check the syntax here:
http://dev.mysql.com/doc/refman/5.6/en/load-data.html
Some sparse notes:
0 is not a fatal error, it's the code for success.
IGNORE handles duplicate rows, not syntax errors.

Doctrine2 Criteria() generate wrong MySQL query

when I use \Doctrine\Common\Collections\Criteria::create()
use Doctrine\Common\Collections\Criteria;
...
$criteria = Criteria::create();
$criteria->where(Criteria::expr()->eq('isPublished', 1))
->andWhere(Criteria::expr()->eq('isDeleted', 0));
$this->comments->matching($criteria)
and I getting error:
Message:
An exception occurred while executing 'SELECT t0.id AS id1, t0.rating AS rating2, t0.text AS text3, t0.username AS username4, t0.isPublished AS isPublished5, t0.isDeleted AS isDeleted6, t0.dateCreated AS dateCreated7, t0.userIP AS userIP8, t0.user_id AS user_id9, t0.product_id AS product_id10 FROM product_comments t0 WHERE ((t0.isPublished IS ? AND t0.isDeleted IS ?) AND t0.product_id IS ?)' with params {"1":1,"2":0,"3":1123}:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1 AND t0.isDeleted IS 0) AND t0.product_id*IS 1123)' at line 1
The problem is operand 'IS' in where clausule. It is not MySQL operand. (If I paste this query to MySQL terminal, and change "IS" => "=" - is all right)
Why Doctrine genetate such query? Where is the problem?
I solved changing line 91 of Doctrine\ORM\Persisters\BasicEntityPersister
from
Comparison::IS => 'IS %s',
to
Comparison::IS => '= %s',
This is a bug in doctrine fixed by upgrading Doctrine ORM to 2.3.5 or later.
Bug report at http://www.doctrine-project.org/jira/browse/DDC-2471
More discussion on the problem at
https://github.com/doctrine/collections/commit/3db3ab843ff76774bee4679d4cb3a10cffb0a935#diff-757942c669bf6be9910786b2558ad745
Try replacing
expr()->eq('isPublished', 1) and expr()->eq('isPublished', 0) with
expr()->eq('isPublished', '?1')
expr()->eq('isPublished', '?0')

error in update database

error ::
System.Data.SqlClient.SqlException:
Incorrect syntax near '='.
source code :
cn.Open();
Line 27: cmd = new SqlCommand("updat product set status ='" + s + "'", cn);
Line 28: cmd.ExecuteNonQuery();
Line 29: cn.Close();
Line 30: }
You realize you spelled update wrong?
Does s possibly have any apostrophe's in it's value? If so, you need to escape them, i.e., s.Replace("'", "''") (or better yet, use parameterized queries)
You have a possible SQL Injection vulnerability.
Are you sure you intend to update all of the products in the entire table?