This question already has answers here:
Do different databases use different name quote?
(3 answers)
Closed 9 years ago.
I have a problem, I looked for it on google, couldn't find it.
$result = mysqli_query($link,"SELECT * FROM update ");
Error
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in
When I change the query to:
$result = mysqli_query($link,"SELECT * FROM `update` ");
It works. Why is that?
update is a reserved word in MySQL.
You should always use backticks
`
in `table` and `column` names to avoid errors like that.
List of Reserved Words
Those are not "grave accents" (accents go above letters); they are backticks.
You're supposed to surround field names with backticks, to show that they are field names and not functions, operators, commands, etc.
You can usually get away without doing that (and it would seem that you are quite used to it!), but in the case that your names are in fact MySQL reserved keywords — for example, UPDATE — you can't.
UPDATE is a keyword for MySQL, so it cause an error (mysql is pretty confused because you're starting update inside select). Basically its recommended to put database, table and column names between `` to avoid such situations, also you should check what mysqli_query did return, in this case you're getting false instead of mysqli_result object and you can read an error message (probably not saying much more than 'you have an error near... check your query syntax', but anyway you would know that there is something wrong ;)) :
if (!($result = mysqli_query($link, $query))) {
die('MySQLi error: ' . mysqli_error($link));
}
I'm no SQL expert, but update is a special word which SQL actively looks for. Therefore, the select stuff in a table named update, you need to have update in quotes.
Related
This question already has an answer here:
How to escape value keyword in mysql while using Select statement
(1 answer)
Closed 3 years ago.
I have to access a MySQL database that looks like this:
LOG_ID KEY TARGET CREATOR
1 okaytest 297d09d5-55fe faec09c0-159e
I can do the following query:
SELECT * FROM DATABASE WHERE LOG_ID=1
This would return me the column correctly.
But I can't do the following query.
SELECT * FROM DATABASE WHERE KEY='okaytest'
I believe that there might be a problem with the word KEY being a reserved keyword in MySQL, but I have to access that specific database, I can't change it's name and I must select it from the key
try like below by using the backtick `
SELECT * FROM DATABASE WHERE `KEY`='okaytest'
actually for reserve word you have to use this backtick otherwise it will thorow error here is the reserve word list
another options better not to use reserve word or incase of necessary you have use it by using backtick
I would like to use the replace function inside a match function, to remove \n characters before it searches matching rows. Otherwise, for example, if the text is FULLTEXT\nsearch, and the search is search, it will not match.
Here is my query (simplified) :
SELECT * FROM messages WHERE MATCH(REPLACE(body,'\\n',' ')) AGAINST ('mysearch' IN BOOLEAN MODE)
But it throws an error...
[EDIT]
After #Shadow 's answer, I tried this :
SELECT * FROM (SELECT REPLACE(body,'\\n',' ') AS rb FROM messages) AS rbody WHERE MATCH(rb) AGAINST ('mysearch');
I think the idea is correct, but I get an error ERROR 1210 (HY000): Incorrect arguments to MATCH. I think this is because I didn't index the column rb (FULLTEXT INDEX (rb)), so the MATCH () AGAINST () operation won't work.
So I update my question : How can one index a column of a subquery
The answer is that you cannot dynamically remove \n character sequence within a match() call. As MySQL manual on match() says:
MATCH() takes a comma-separated list that names the columns to be searched.
You either have to store \n differently, not as a character sequence or you need to have a separate field in which these characters are already filtered out and this additional field is used for fulltext searches.
Actually, waiting for a better solution, I will just add a column raw_body to my table, where I will store the exact body (I won't escape it with real_sacpe_string, I will just manually replace " and ' by \" and \'), and I will prepare the query and bind the params. However, I don't know if it is secure enough against sqlinjection.
[UPDATE]
Actually I found out that I didn't even needed to manually escape quotes, since the prepared statement is enough to prevent sqli. So I think I will just keep this solution for the moment
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 8 years ago.
I get this error at this code:
SELECT "LastUpdate" ;
FROM "xx_yy";
Is LastUpdate a reserved word ?
I tried to change " " to `` or delete them, I don't really know the perfect combination to make it work. I'm beginner in this.
Get rid of the quotes around your column identifier and tablename. That makes them strings instead of identifiers. Either use ticks or nothing at all. Also, ditch the semi-colon after the first line as it is terminating your query before it reaches the FROM clause.
SELECT `LastUpdate`
FROM `xx_yy`;
or
SELECT LastUpdate
FROM xx_yy;
A semicolon (;) signifies the end of a statement. So you actually have two separate, distinct statements:
SELECT "LastUpdate"
FROM xx_yy
The second statement is not valid, which is why you are seeing the error.
Solution: Remove the semicolon at the end of the first line:
SELECT "LastUpdate"
FROM "xx_yy";
Also note if the ANSI_QUOTES sqlmode is not enabled, MySQL treats double-quotes as string literals (the same as single quotes). You may need to change these to the MySQL-specific backtick, or remove them entirely:
SELECT `LastUpdate`
FROM `xx_yy`;
Remove the first semicolon.
SELECT FOO FROM BAR
The above is all one statement.
Most likely your query should look like
SELECT "LastUpdate" FROM "xx_yy";
; is marking an end of a query.
This question already has answers here:
character for single quote
(1 answer)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
hey guys was hoping you could help me out,
Not sure if I always had this problem or if its new, in phpmyadmin in the sql tab, the apostrophe it recognizes is different from what i type, for example,
when i type, it is
SELECT * FROM 'table'
this gives me an error, so instead I have to like copy/paste the inverted commas of some prebuilt query so that it looks like
SELECT * FROM `table`
see how the apostrophes are different? any way I can fix this?
also, i have seen many queries on the web, and i think even queries i call from php dont require table names to have apostrophes. But when write it in phpmyadmin, I can do queries without table names having apostrophes?
thanks in advance.
In MYSQL, table is a reserved keyword. If you want to use reserved keywords in mysql in query, you have to enclose them in backtick(`).
As table is reserved keyword you query should be
SELECT * FROM `table`
Regarding single quote ('), in mysql, it represents string value.
SELECT *, 'table' FROM `table`;
Demo
You should only need to quote table names when they conflict with a reserved word.
Also:
` = Grave accent, or (because someone needed to invent a word) backtick
' = Apostrophe, or straight single quote
You dont need apostrophe on table name.
You should use ` in cases that your table/field name is a reserve word eg:
SELECT `distinct`, myfields FROM mytable
note that distinct is an sql command so you need to put the `.
SELECT * FROM `table`
table here should be inside `.
There are two different characters, the backtick and the single quote. Table and column names can be surrounded by the backtick, strings can be surrounded by quotes. There is nothign to fix :D
In a statement like this;
$sql = "SELECT distinct `term`,count(*) as count
FROM {$temp_table_name}
group by `term` order by count DESC";
What does using the back tick character (`) around the field name 'term' buy me?
Is the usage of back ticks for performance reasons? Or is it for some sort of a SQL injection protection?
Note: After I submit the question, I realized that the backtick character does not show around the field name 'term' - right here on stackoverflow.
I don't know of a way of making it appear here in the question body.
If term is mysql key word, you need to quote it by `, otherwise, it is not necessary.
Ps: distinct is not necessary in your case, because you group by it.
The back-tick is the 'official' identifier quote character.
http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
It allows a wider array of characters in an identifier, as described on the linked documentation.
Backticks just allow the use of spaces or other alternate characters in field names.
I think it's already been pretty well explained here.
When We use a keyword as a table name,field-name in MySQL use backticks, or double-quotes when ANSI_QUOTES is enabled.Other wise it is not necessary.It is not releated to SQL injection protection