I am trying to update a field in my table and I keep getting this syntax error.
global $conn, $strTableName;
db_exec("UPDATE equipment SET EContractNum = " . $_SESSION[$strTableName."_masterkey1"] . " WHERE EContractNum = " . $values['EContractNum'], $conn);
Here is the error:
Error type: 256 Error Description: You have an error in your SQL
syntax; check the manual that corresponds to your MYSQL server version
for the right syntax to use near 'WHERE econtractnum=35867111' at line
1
I have looked at several searchs that are similair to mine but I cannot figure out what I am doing wrong. I am fairly new at this so it is probably something simple. I just cant seem to make it work. Thanks for any help.
$_SESSION[$strTableName."_masterkey1"] is probably empty, or a string that needs to be quoted.
Also, don't put the raw values of variables into queries like that. Use a framework or prepared statements. It's good for security and it would also prevent this kind of error (well, it'd turn it into a different kind of error, at least).
Related
I am getting an error that I dont know how to deal with.
I am running the same code without issue for another column but for this column it refuses to work.
SELECT * FROM Players WHERE Character = 'momo' // This one wont work
SELECT * FROM Players WHERE Class = 'Fighter' // this one works
Character is a VARCHAR and Class is TEXT. I have tried changing Character to TEXT and I still get the same issue. The value 'momo' exists in the table.
ERROR: Couldn't connect to server. SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= ''' at line 1
Edit:
I am editing this incase someone find this and wants to know how it was fixed. User by the name of ueerdo Pointed out that I should use quotations and when I did, it worked. So I started looking into why it happened and I found out the SQL reserves Character for something else so it is something that I can't use unless it is in quotations.
It is best to delimit identifiers to prevent possible collision with reserved words and keywords.
SELECT * FROM `Players` WHERE `Character` = 'momo'
I need to run this query but I get an error:
UPDATE wp_usermeta
SET meta_value = "a:1:{s:16:\"client_special\";b:1;}"
WHERE user_id = "1009";
But I get this error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'UPDATE wp_usermeta
SET meta_value = "a:1:{s:16:\"cliente_especial\";b:1;}" W' at line 1
It is ok for me, I escaped the " with \ character.
As you discovered, and as my comment alluded, non-printing or hidden characters in your SQL statement can lead to unexpected syntax errors.
When confronted with what appears to be ludicrous messages, I find carefully retyping the statement into a different program helps decide whether it is a hidden character issue or a legitimate syntax issue.
It is the act of careful retyping that sanitizes the statement and rules out the non-printing characters. More than once I've done this and I imagine I will continue to do this for the rest of my career!
I'm not to sure why this is happening and i've been trying to figure it out now for a while.
I've got the follow code
SELECT (MAX(replace(replace(replace(`sku`,'PA1-',''),'TES-',''),'BOX-',''))+1) AS maxValue FROM `product` WHERE `sku` LIKE '%PA1-TES-BOX%'
This was working a while back and nothing has changed code wise, I can only assume that a server changes has caused this to return the following error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'maxValue FROM ``product`` WHERE ``sku`` LIKE '%PA1-TES-BOX%'
Basically this SQL was built to find the first 3 section of this SKU code and return the ending + 1 so 002 would then return 003 to ensure unique sku codes.
Maybe the replace function has changed, i'm not entirely sure.
Does anyone have any ideas why this suddenly is throwing the error above?
I don't see an obvious syntax error. But assuming the number is the last hyphenated item in the sku, the code could more easily be written as:
select (substring_index(sku, '-', -1) + 1) as maxvalue
. . .
One possibility for the syntax error is that an unprintable character crept in around the as.
I don't understand why is it saying You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''User_notifications'' on this query:
<?php
include 'constants.php';
$username=$_POST['username'];
$notiftable=$username.'_notifications';
$con=new mysqli('',databaseuser,databasepassword,database);
if($con)
{
$q="SHOW TABLES LIKE '$notiftable'";
Your table name User_notifications is getting double-escaped (i.e. it is being escaped twice). This is most likely happening because the PHP function is escaping it already, and you are doing it a second time. Try not escaping the table name yourself, i.e.:
$q = "SHOW TABLES LIKE $notiftable";
I'm trying to search and replace in MYSQL but get an error. I'm quessing it's because of the "http://"
Anyone got any suggestions when trying replace this type of thing?
Code entered:
update movies_news set select_page = replace(select_page, ‘http://movie’, ‘http://www.movie’);
But it throws the following error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://movie’, ‘http://www.movie’)' at line 1
Posting so it can be accepted:
update movies_news set select_page = replace(select_page, ‘http://movie’, ‘http://www.movie’);
contains smart quotes, which are not interpreted as normal single quotes, thus the syntax error. It should instead be
update movies_news set select_page = replace(select_page, 'http://movie', 'http://www.movie');
In general, be really careful about copying code to and from 'smart' text editors (Microsoft Word, etc)