I don't understand why is it saying You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''User_notifications'' on this query:
<?php
include 'constants.php';
$username=$_POST['username'];
$notiftable=$username.'_notifications';
$con=new mysqli('',databaseuser,databasepassword,database);
if($con)
{
$q="SHOW TABLES LIKE '$notiftable'";
Your table name User_notifications is getting double-escaped (i.e. it is being escaped twice). This is most likely happening because the PHP function is escaping it already, and you are doing it a second time. Try not escaping the table name yourself, i.e.:
$q = "SHOW TABLES LIKE $notiftable";
Related
I am usign this code to add new column in my table but can't get success it shows me this error. Column name is $paper_name.
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near
$query1 ="ALTER TABLE User_data ADD '".$paper_name."' VARCHAR( 255 )" or die(mysqli_error($con));
mysqli_query($con,$query1)or die(mysqli_error($con));
You are using ' where you need a back tick
"ALTER TABLE User_data ADD `".$paper_name."` VARCHAR(255)"
Values are in single quotes, field names are in back ticks
You could use...
"ALTER TABLE User_data ADD `$paper_name` VARCHAR(255)"
...to make it a little more readable (my opinion) . Eliminate the ". and ." around $paper_name. Since your statement is already enclosed in " the $paper_name variable will be evaluated properly.
Someone gave me this query to delete community from a database on my server using phpMyAdmin, it worked when he use it so I asked him to send it to me, but I get a error
MySQL said:
Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"SELECT * FROM `connections` WHERE 1" :
delete from connections where communit' at line 1
I did a search on the error but could not figure it out.
"SELECT * FROM `connections` WHERE 1" :
delete from connections where community="XYZ"
You should separate your queries with ; and not :
The error you are receiving as you've shown it is because this line is incorrect:
SELECT * FROM `connections` WHERE 1"
First because it's ending in an unnecessary double quotation mark. MySQL does not use double quotes but single quotes, and even still the other single quote is not there to match it.
The single quotes are also a problem for community="XYZ", this should read: community = 'XYZ'
Secondly, you don't have a condition for your where statement, you must be missing something like:
WHERE columnName = 1;
If you were trying to select everything from connections, you can just remove that where clause all together.
EDIT
In addition, MySQL queries are separated by a semi-colon, not a colon, so MySQL will not realize you are trying two different queries.
Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'color:red'>
and this my code :
$db->query("UPDATE members set id='{$this->test['id']}',
lvl='{$this->userlvl}', ip='{$this->test['IP']}',
time='{$this->test['time']}',
linechat='{$this->test['msg']}'
WHERE user='{$this->test['name']}'");
I'm a beginner so please tell me what is must be ^^
I have tried this
$fixchat = mysql_real_escape_string($this->test['msg']);
$fixname = mysql_real_escape_string($this->test['name']);
$db->query("UPDATE members set id='{$this->test['id']}',
lvl='{$this->userlvl}', ip='{$this->test['IP']}',
time='{$this->test['time']}', linechat='{$fixchat}'
WHERE user='{$fixname}'");
but I got this error :
Warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\wellington\'' at line 1...
One or more of the values in your $this->test array has double quote characters in it. Every dynamic element to a query string must be escaped by passing it through the appropriate escape function (in your case mysql_real_escape_string()). That will escape the quotes so the string is interpreted correctly.
Side note: You should be using the mysqli PHP library instead of mysql, which is deprecated. Also, a better alternative solution is to use parameterized queries.
solved by : addslashes function
$fixchat = addslashes($this->test['msg']);
$fixname = addslashes($this->test['name']);
$db->query("UPDATE members set id='{$this->test['id']}',
lvl='{$this->userlvl}', ip='{$this->test['IP']}',
time='{$this->test['time']}', linechat='{$fixchat}'
WHERE user='{$fixname}'");
I am trying to update a field in my table and I keep getting this syntax error.
global $conn, $strTableName;
db_exec("UPDATE equipment SET EContractNum = " . $_SESSION[$strTableName."_masterkey1"] . " WHERE EContractNum = " . $values['EContractNum'], $conn);
Here is the error:
Error type: 256 Error Description: You have an error in your SQL
syntax; check the manual that corresponds to your MYSQL server version
for the right syntax to use near 'WHERE econtractnum=35867111' at line
1
I have looked at several searchs that are similair to mine but I cannot figure out what I am doing wrong. I am fairly new at this so it is probably something simple. I just cant seem to make it work. Thanks for any help.
$_SESSION[$strTableName."_masterkey1"] is probably empty, or a string that needs to be quoted.
Also, don't put the raw values of variables into queries like that. Use a framework or prepared statements. It's good for security and it would also prevent this kind of error (well, it'd turn it into a different kind of error, at least).
I want to import an SQL file using PHPMyAdmin where I know duplicates exist. I am using the syntax:
LOAD DATA INFILE 'C:\Documents and Settings\...\db_settings_extends.sql' ignore;
I receive the error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
How do I correct this?
From the error message, it looks like duplicates are not the problem. It seems to not like your string value or something next to it.