I have a problem with the following query. It keeps giving me an error 1064 and I don't know what I'm doing wrong.
/*storing in the database */
$query = 'INSERT INTO #__comprofiler SET(`cb_googlex`, `cb_googley`) WHERE `user_id`= \''. $userComplete->id . '\'
VALUES ( \''.$mapCor['latitude'].'\', \''.$mapCor['longitude'].'\')';
$_CB_database->setQuery($query);
$_CB_database->loadResult();
You are trying to do an update here is the correct syntax:
$query = 'UPDATE __comprofiler
SET `cb_googlex` = \''.$mapCor['latitude'].'\',
`cb_googley` = \''.$mapCor['longitude'].'\'
WHERE `user_id`= \''. $userComplete->id . '\';';
Related
HI guys i am trying to get the result from db where my table column displaytime is equal to today's date.
So i am trying to check that condition by using where. But i don't know hat is the problem it showing query is wrong
Here is my model:
function getDashboardContent() {
$today = date('Y-m-d H-i');
$this->db->select('cd.details,g.displaytime');
$this->db->where('cd.typeofinfo', 2);
$this->db->where("DATE_FORMAT(g.displaytime,'%Y-%m-%d %H-%i')", $today );
$this->db->from('contentdetails cd');
$this->db->join('content c', 'c.id = cd.contentid');
$this->db->join('group_content gc', 'gc.contentid = c.id');
$this->db->join('groups g', 'g.id = gc.groupid');
$this->db->order_by('cd.id',"DESC");
$this->db->limit('1');
$query = $this->db->get();
print_r($query);
exit;
return $query->result();
}
Here is my error:
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''2018-07-27 12-02' ORDER BY `cd`.`id` DESC LIMIT 1' at line 7
SELECT `cd`.`details`, `g`.`displaytime` FROM `contentdetails` `cd` JOIN `content` `c` ON `c`.`id` = `cd`.`contentid` JOIN `group_content` `gc` ON `gc`.`contentid` = `c`.`id` JOIN `groups` `g` ON `g`.`id` = `gc`.`groupid` WHERE `cd`.`typeofinfo` = 2 AND DATE_FORMAT(g.displaytime,'%Y-%m-%d %H-%i') '2018-07-27 12-02' ORDER BY `cd`.`id` DESC LIMIT 1
Can anyone help me what is the exact problem and what mistake i have done
Thanks in advance.
Why don't you change datetime to timestamp and then compare like this
$this->db->where("TO_SECONDS(g.displaytime)", strtotime($today) );
i have solve my problem by changing this line
$this->db->where("DATE_FORMAT(g.displaytime,'%Y-%m-%d %H-%i')!=", "$today" );
TO
$this->db->where("DATE_FORMAT(g.displaytime,'%Y-%m-%d %H-%i') = '" . $today . "'");
my question should be very easy to fix but I can't find the syntax error that my db interface throws at me. The following code is used to update the password of an existing user in a timetrackingtool.
I checked all the tables and field names, they all are right.
The SQL query code:
$query = ('UPDATE tblMitarbeiterUUID SET tblMitarbeiterUUID.dtPassword="' . $pwd . '" '.
'INNER JOIN arbeiter '.
'ON tblMitarbeiterUUID.idMitarbeiterUUID=arbeiter.fidMitarbeiterUUID ' .
'WHERE arbeiter.id=' . $userID)
Echo of this query:
UPDATE tblMitarbeiterUUID SET tblMitarbeiterUUID.dtPassword="7687225fde7aad38f4c005ad4b5cdd5a" INNER JOIN arbeiter ON tblMitarbeiterUUID.idMitarbeiterUUID=arbeiter.fidMitarbeiterUUID WHERE arbeiter.id=1
Error I get when trying to run the query directly on the db:
SQL error (1064): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'FROM tblMitarbeiterUUID INNER JOIN arbeiter ON tblMitarbeiterUUID.ifMitarbeiterUUID=arbeiter.fidMitar...' at line 1
In my research I saw some people using a FROM in a UPDATE statement with an INNER JOIN. I tried it with a FROM but I get the same error as above.
Thanks for your help in advance. Best Regards, Luca.
correct syntax (edited after I got the correct answer):
'UPDATE tblMitarbeiterUUID x '.
'JOIN arbeiter y ON x.idMitarbeiterUUID = y.fidMitarbeiterUUID ' .
'SET x.dtPassword="' . $pwd . '" ' .
'WHERE y.id=' . $userID
This is valid syntax:
UPDATE tblMitarbeiterUUID x
JOIN arbeiter y
ON x.idMitarbeiterUUID = y.fidMitarbeiterUUID
SET x.dtPassword="A"
WHERE y.id=1
I am trying to update my table "user" column "img1_name", where the column "blogger_id" equals to $blogger_id and "hotel_id" column equals to $hotel_id.
$sql = "UPDATE user (img1_name) VALUES ('".$img1_name."')
WHERE (blogger_id) = (".$blogger_id.") AND (hotel_id) = ("$hotel_id")";
But it shows error below
Parse error: syntax error, unexpected T_VARIABLE in
/home3/sunangel/public_html/lib/functions/functions.php on line 1593
Can I know how should I edit the line such that it does its function?
You have gone parenthesis crazy and have wrong syntax for your UPDATE statement...
Try this:
$sql = <<<EOT
UPDATE user
SET img1_name = '{$img1_name}'
WHERE blogger_id = {$blogger_id}
AND hotel_id = {$hotel_id}
EOT;
See MySQL documentation for proper UPDATE syntax - http://dev.mysql.com/doc/refman/5.6/en/update.html
Try this :
$sql = "UPDATE user SET img1_name = '".$img1_name."' WHERE blogger_id = ".$blogger_id." AND hotel_id = " . $hotel_id;
Here is SQL UPDATE syntax :
UPDATE your_table_name
SET column_name1 = "your_value",
column_name2 = "another_value"
WHERE your_filter_column = "your_filter_value"
String sql = ("insert into registration(pic) values(?) where email='"+Email+"' ");
i get error :error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where email='yyy#ymail.com'' at line 1
You have to use UPDATE query to pass it like
String sql = "UPDATE registration SET pic = ? WHERE email = '" + Email + "'";
Syntax for UPDATE query is
UPDATE table_name SET column_name = value;
Insert query format should be,
"insert into tablename (columnname) values(coulmnvalue)"
OR
"update registration set pic='' where email='"+Email+"'";
Yes. that is impossible.
Either you want:
insert into registration(pic) values(?)
Which will give you a new row;
Or you want an UPDATE:
UPDATE registration SET pic = ?
WHERE email = <EMAILYouWant>
Which will update an existing row where email = the record with the email you want to update the pic column.
according to this tutorial:http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
Below codes will demonstrate SQL Injection:
<?php
// a good user's name
$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";
// user input that uses SQL Injection
$name_bad = "' OR 1'";
// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
// display what the new query will look like, with injection
echo "Injection: " . $query_bad;
In front end, it shows:
Injection: SELECT * FROM customers WHERE username = '' OR 1''
So I just did a test, in phpmyadmin->sql, I run below codes:
SELECT * FROM users WHERE fname = '' OR 1''
And it shows:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' LIMIT 0, 30' at line 1
Qustion:
supposed it will show every single entry in the "users" table, but not, why? if I want to demonstrate sql injection, how to do it?
A more typical SQL injection would be: $name_bad = "' OR 1=1 -- ";. This would lead to the following SQL:
SELECT * FROM customers WHERE username = '' OR 1=1 -- '
SELECT * FROM users WHERE fname = '' OR 1 = 1
is likely what they meant
edit just looked
SELECT * FROM users WHERE fname = '' OR 1
1 evaluates to true, so just remove the '' after it
also that link is way out of date, Look at mysqli or pdo instead