I'm querying against an IP address stored in a table of a database with the following:
"SELECT user_id, is_login FROM users WHERE last_ip_address = '" + this.GetIPAddress() + "'"
I know that the IP is in the table because I see it there. I'm literally staring at it, but this query returns no rows.
When I run it without the single tick quotes ('), I get a syntax error:
"SELECT user_id, is_login FROM users WHERE last_ip_address = " + this.GetIPAddress()
So where is this going wrong? The IP returned by the function is the standard format ###.###.###.### IP address, and the syntax error itself is this:
{"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.##.#' at line 1"}
Edit: Some more info, the field itself is a varchar(30) type, and it says Collation = latin1_swedish_ci, but I don't even know what that is.
Thanks
Try using a LIKE then:
"SELECT user_id, is_login FROM users WHERE last_ip_address LIKE '%" + this.GetIPAddress() + "%'"
Edit: I would try to change that collation to UTF8.
Okay I am sorry for the confusion. I am very new to using MySql with C# and very VERY new (like I mean I just started today) with MySqlConnector.
To make a long answer short, I was trying to treat the table like, well, a table, and just read from it like a two dimensional array, when what I needed to be doing was using the MySqlDataReader. I found a good answer here:
How to read columns and rows with C#?
Thanks all for your help and advice.
Related
Hello I'm trying to display data in vb.net using MySQL syntax here is my Mysql syntax
SELECT COUNT(status) as 'Number of Grade School for the Month of January'
FROM blhtraining.userinfo
Where survey_at='Talisay'
and status='College' and Month(member_since)='1' and
Year(member_since)='2021'
And this code works in Mysql but when i modify it like this in vb.net
Dim count_gradeSchool1 As String = "Select Case COUNT(status) As 'Members'
From training.userinfo
Where survey_at='" & txtmonthlylocation.Text & "'
And status ='College'
And Month(member_since)='" & monthly_reports & "'
And YEAR(member_since)='" & txtmyear.Text & "'
And Day(member_since)='11'"
da = New MySqlDataAdapter(count_gradeSchool1, mycon)
dt = New DataTable()
da.Fill(dt)
lblgs1.Text = dt.Rows(0)("Members")
I recieved this error
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'As 'Members'
From training.u' at line 1
I'm sure the syntax is correct is it the variable declared?
Your problems probably came about because you pasted the SQL into your code without starting a string first, so VB saw "select" and helped you out by adding "case". So, here is code that...
...has fixed SQL syntax
...uses parameters. Always use parameters. You've no idea how many times a day I say this, trying to stem the tide of future SQL injection hacks. Writing code that doesn't use parameters will get you fired, or you'll have to live with the consequences of writing hack prone code on your conscience. Don't ever skip on using parameters in your SQLs, even if it's "only an app to track your grandma's record collection"
...doesn't call functions on columns in the where clause - don't do it; it's a huge waste of resources and kills opportunities to use indexes. Always, always try to leave table data alone, untransformed. In 99% of cases there is another way to write the query
...uses executescalar - you only want one value, pointless using an adapter/table for it
...doesn't use column alises with spaces in - as noted in the comments - don't do it; it's not the database's job to format your column names, it's the front end's job.
Dim count_gradeSchool1 As String = "Select COUNT(*) as c
FROM training.userinfo
Where survey_at = #loc
And status = 'College'
And member_since = #ms"
Using c = New MySqlCommand(count_gradeSchool1, mycon)
c.Parameters.AddWithValue("#loc", txtmonthlylocation.Text)
c.Parameters.AddWithValue("#ms", new Date(CInt(txtmyear.Text), CInt(monthly_reports), 11)
c.Connection.Open() 'if it's not already open
lblgs1.Text = c.ExecuteScalar().ToString()
End Using
I want to create simple app to search some data in specific table.
I've got one database and can connect to it.
Also when I hardcoded table name it works great.
But I want to make url like that:
/demo/{table}/{author}
It should work that i give specific table for eg. 'comedy' and next I set name of author for eg. 'smith'.
My booksRepository:
#Query(value = "SELECT * FROM :table WHERE author = :author",
nativeQuery=true)
public List<Book> findByAuthor(#Param("author") String author, #Param("table") String table);
But it didn't work. I've got error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''comedy' WHERE author = 'Smith'' at line 1
It's adding ' to Query. Is there way to delete that? Is it possible or I need to put everything in one table?
Cheers :)
I haven't looked it up, but it seems that the variables in the query SQL can only be used to insert quoted values, not unquoted identifiers like a table name.
I'm having difficulties in retrieving and displaying records from a table in a database. I'm using a MySql database and VB.NET 2012.
I'm getting the following error message
"End of statement expected"
Remove the space between Form2 and _Load. Your SQL statement is also broken, the AND being in blue shows this. You have your single and double quotes confusing it, the statement is being ended before the AND due to incorrect syntax. In any case, you should, probably, be using
"SELECT * FROM bigregdb WHERE regID = '"1"' OR regID = '"2"'"
I have the below data in my MySQL table "categories":
id Name
-----------------
1 Books & CDs
2 Dress
When I try to get the value from table it works fine with below SQL.
SELECT * FROM `categories` WHERE `name` = 'Books & Cds';
But when using in PHP, it gives me some SQL error.
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '' at line 5
Where can I find the actual reason for this? How to debug this?
If you want to search for rows in your Category table in your PHP code, I recommend that you add a column in your table for a code to use instead of searching on the name that you use for the end users. The potential problem that you're facing is that if you want to change the name of a category, you'd have to find everywhere in your code that you referred to that category by name and change it too. But if your table looked like this:
ID code name
1 BCDS Books & CDs
2 DRS Dress
then your code can do things like "where code = 'BCDS'" and you can call that category "Books & CDs", "CDs and Books", or anything else you like.
Now, as far as fixing your syntax problem, you'll have to post the PHP that you use to generate the query that fails. As another poster said, you're probably escaping something incorrectly and MySQL isn't getting the query you think it's getting.
I have the following issue, I trying to obtain data via linked server in sql server 2008 from BMC Remedy
Everything is fine with connection, but when I added WHERE
"Assigned Group" LIKE '*scri%'*, I get error in sql server because of apostrophes which I have to use because BMC Remedy demands it.
Do you know how to create correct syntax or force sql server to use quotation marks instead of apostrophes, or disable spell checking
SELECT *
FROM OPENQUERY(Remedy,
**'**
SELECT
Incident_Number
FROM
HPD_Help_Desk
WHERE
"Assigned Group" LIKE ' scri% '
**'**
)
When doing SQL queries from within Remedy, I usually create a new field and use workflow to build the SQL query.
Also the syntax of the where clause you specified isn't correct. Try this instead:
SELECT
Incident_Number
FROM
HPD_Help_Desk
WHERE
Assigned_Group LIKE 'scri%'
There maybe a white spaces that cause you a problems.
You can also try this one:
SELECT Incident_Number
FROM HPD_Help_Desk
WHERE Assigned_Group LIKE '%scri%'
Or you can try to run this one if you run sql on DB:
SELECT r.Incident_Number
FROM ARADMIN.HPD_Help_Desk as r
WHERE r.Assigned_Group LIKE '%scri%'
Because you're running OPENQUERY, maybe double apostrophes will be needed or double quotes instead of one quote (" intead of ').
Good Luck