Getting an error after using PHP & MySQL code - mysql

I get the usual errors ( already tried to read previous questions ) Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','',now(),'','This is great! ','', 'published')' at line 1
Thank you for helping!!
Here is my code:
My Code
The page in question is here:enter link description here
Thanks you very much for helping

The problem was on the line 20--> $query .= "VALUES({$post_category_id}. It need to be quotes around '{$post_category_id}'.
I don't know exactly why. the category id is a number , so for that shouldn't be around quotes because is a number.That's how our teacher explained to as.Thanks for your help.

The $connection variable isn't defined anywhere...

I just populated your page with some example data and that was the query I got:
INSERT INTO posts(post_category_id, post_title, post_author,post_date,post_image,post_content,post_tags,post_status) VALUES(,'','',now(),'',' Test','', 'Test')
The problem is near the VALUES keyword: VALUES (, is wrong. You should check first if every input value is populated correctly, eg if $post_category_id is defined with a valid value.

Related

spring boot get data from mysql table given by url

I want to create simple app to search some data in specific table.
I've got one database and can connect to it.
Also when I hardcoded table name it works great.
But I want to make url like that:
/demo/{table}/{author}
It should work that i give specific table for eg. 'comedy' and next I set name of author for eg. 'smith'.
My booksRepository:
#Query(value = "SELECT * FROM :table WHERE author = :author",
nativeQuery=true)
public List<Book> findByAuthor(#Param("author") String author, #Param("table") String table);
But it didn't work. I've got error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''comedy' WHERE author = 'Smith'' at line 1
It's adding ' to Query. Is there way to delete that? Is it possible or I need to put everything in one table?
Cheers :)
I haven't looked it up, but it seems that the variables in the query SQL can only be used to insert quoted values, not unquoted identifiers like a table name.

How to search in multiple columns on same table? (fat free framework)

I need to search same query on multiple columns using fatfree.
This works correctly on one column:
$f3->set('list', $users->find(array('name LIKE ?','%'.$queries.'%')));
However, if I try:
$f3->set('list', $users->find(array('name, email LIKE ?','%'.$queries.'%')));
I get error:
PDOStatement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' email LIKE '%invent%'' at line 1
How can I do this?
Regards.
It should be:
$f3->set('list', $users->find(array(
'name LIKE ? OR email LIKE ?',
'%'.$queries.'%',
'%'.$queries.'%'
)));
NB: PDO doesn't allow to use a same placeholder twice so you have to give twice the same argument ('%'.$queries.'%').

Using EXCEPT operator on MySql 5.1 version

I have 5.1 MySQL version on my server. I am trying to perform this query:
SELECT File_Name
FROM Words_DB
WHERE Word_Name=" . $element . "
EXCEPT
SELECT File_Name
FROM Files_DB
WHERE Display=0
I am getting an error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'EXCEPT SELECT File_Name FROM Files_DB WHERE Display=0' at line 4
Can someone tell me how can i perform this query in an alternative form?
Thank you, Max.
As far as I know MySQL does not support theEXCEPToperator. Try this instead:
SELECT File_Name
FROM Words_DB
WHERE Word_Name=" . $element . "
AND File_Name NOT IN (
SELECT File_Name
FROM Files_DB
WHERE Display=0
)
You could also use either a correlatedNOT EXISTSor aLEFT JOIN. As I don't use MySQL much I can't say which performs best.
I think you can find better answers on the following site:
http://www.tutorialspoint.com/sql/sql-except-clause.htm
It says you can use except query. But you can also use answer provided by JPW above that instead of using except you can use NOT IN key word which works in the same way.

issues with mysql, specifically the sql function

i'm trying to insert the following code on SQL, however it won't work.
What's the problem :O
Content
$share_text="<img src='http://dosha.re/i/Uvhg.png'/>";
(it's an IMG tag, except stackoverflow won't show the code.)
$sql.=", '$share_text'";
As you can tell, Sharetext does include an img extension but for some reason i get:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'http://dosha.re/i/Uvhg.png'/>', 1, '', 'Tue Apr 2 2013', '09:51
PM')' at line 1
You need to call addslashes function around this variable value in which this image tag is coming. It the error of single slashes.
You're using single quotes in the src attribute, but then you wrap the whole thing in single quotes too, so that won't work:
$share_text = '<img src="http://dosha.re/i/Uvhg.png" />';
$sql .= ", '$share_text'";
Alternatively, and probably better, use mysql_real_escape_string() or PDO::quote or mysqli::real_escape_string.
$sql .= sprintf(", '%s'", mysql_real_escape_string($share_text));
It's impossible to tell from this what your real query is, but I would suggest using prepared statements so that you don't have to worry about escaping SQL.

MySQL Update disallowed header names?

To save tearing any more of my hair out I thought I'd just pose the question here, as I'm having an infuriating time with PHP Mysql UPDATE: something I use quite a lot and thought I understood!
Basically, are there any table header names that are known to break MySQL update functions? I have an Update mysql_query function that works perfectly, for example:
UPDATE table_name SET
part_number='000 - New Product',
product_code='1',
barcode_ref='1',
type='new type'
WHERE id='999'
However, if I include the table header called 'trigger' in the code it breaks it!
UPDATE table_name SET
part_number='000 - New Product',
trigger='YES',
product_code='1',
barcode_ref='1',
type='new type'
WHERE id='999'
The above sql returns an error of: **You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
'trigger='YES', part_number='000 - New Product', product_code='1', barcod' at line 1**
I have made an identical duplicate of the column called 'trigger' and re-named it 'testing_t' and immediately everything works perfectly as before. I've tried both dumping my mysql_real_escape_string to variables for use in the UPDATE command and doing them inline, and even tried hard-coding the string and it still breaks.
Can anyone shed any light on this? Ideally I'd really like to not have to change my table header name, as I don't want to modify the references to it across the site. Obviously if there is no other option then I will, but I'm hoping I'm just being stupid and that someone can explain why it's happening/how to stop it happening!
Thanks in advance,
Joe
use this query
UPDATE table_name SET
`part_number`='000 - New Product',
`trigger`='YES',
`product_code`='1',
`barcode_ref`='1',
`type`='new type'
WHERE id='999'
your query will fail because you have written trigger without ``
trigger is reserved word in mysql for creating triggers.
To use reserved word as column name you have to write that word inside ``
trigger is a mySQL keyword. If you enclose all column names in `` you will be safe. It's good practice to not use these keywords as column names.
Other keywords are here http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
mySQL has a series of reserved words, of which TRIGGER is one. Consult this list of words as a guide for what NOT to call your columns/tables:
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html