I'm using Update videos Set views = views + 1 Where video_id='$id', but MySQL give me back error 1064:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ' 8' at line 1
What can cause it?
Most likely $id is not what you expect it is. I imagine the query that is coming through looks something like
update videos set view = views + 1 where video='' 8'';
Note: Those are two single quotes on either side of the 8.
To confirm this you have a couple options.
Turn on general query logging, as a super user (root) from the mysql command prompt run
set general_log_file='/tmp/mysql.log';
set general_log ='on';
Now every single query that gets sent to mysql will show up in /tmp/mysql.log (Note this can quickly grow very large so don't leave it on after you're done debugging).
App logs
Do you have any kind of logging frame work going on? Before your actual call to execute the query, log the value of ($id). For a poor mans logging you could do something like
file_put_contents('/tmp/debug.txt', date("Y-m-d H:i:s")." id is [$id]\n",FILE_APPEND);
Related
I am sure that I am missing some small but important detail, but need to help to see why I am consistantly getting an error when I add in the SELECT #output in my input like this. I have looked at many aritcles and answers but none of them are quite what I am looking at:
let connection = mysql.createConnection(config,{CLIENT_MULTI_RESULTS: true});
(this line is the issue)
**let sql = 'CALL sp_whatever(?,#usernameOut);select #usernameOut;'**
await connection.query(sql, [param1],
function(err,rows){
console.log("INSIDE MySQL1");
I am doing this in Node JS and most examples are acutally in PHP. I have not found anything that is exactly what I am looking for (why am I getting a formatting error when I set it up like other examples or tutorials?)
I am using MySQL 5.7 on my Azure LInux server and the MySQL stored procedure looks like this: (in case the issue is inside the Stored Procedure itself)
CREATE DEFINER=`someDB`#`%` PROCEDURE `GetUsername`(
IN userIdVal INT,
OUT usernameOut NVARCHAR(45)
)
BEGIN
SELECT username INTO usernameOut
FROM players
WHERE userId = userIdVal AND avatarId = 0 AND Gender IS NULL AND active = 1 ;
END
This is the error I am getting:
err.message: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'select #username' at line 1
It turns out that my real problem was a Node JS one. I was unable to get the output because it was a second command. I had read that I needed to add in multipleStatements: true if I wanted/needed to process multiple commands. What I didn't figure out until tonigt was that it had to be added to the config file to work correctly. Works great now!
I have a very odd error while trying to perform an update on a database. This is on an Ubuntu 16.04 server using MySQL 5.7.19-0ubuntu0.16.04.1. The query is:
UPDATE athlet_teamseason SET offkeyreturners = 'test' WHERE athlet_teamseason.id = 29701;
The MySQL error is:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'offkeyreturners = 'test' WHERE athlet_teamseason.id = 29701' at line 1
I am doing this in phpMyAdmin, and it gives a bit more information:
2 errors were found during analysis.
An alias was previously found. (near " " at position 50)
An alias was previously found. (near "'test'" at position 51)
If I try this update directly in the phpMyAdmin user interface (search for record, edit field value, submit form) it works, and the query shown is:
UPDATE athlet_teamseason SET offkeyreturners = 'test' WHERE athlet_teamseason.id = 29701;
which appears to be identical. HOWEVER, if I do a string comparison between the two I get:
So while they appear to be the same, there is a difference somewhere.
The queries were created from a table in a database, using concatenation and referencing cells in a source table. For example:
="UPDATE athlet_teamseason SET offkeyreturners = '"&data!I2&"' WHERE athlet_teamseason.id = "&data!A2&";"
I have thousands of these and they all produce the same error. I've done this dozens of times in older servers, might be an issue with MySQL 5.7?
Thanks to Uueerdo, I eliminated non-printing characters in my query.
Trying to relocate a Wordpress DB and are running in to this issue all the time.
Been trying all the normal stuff to get it working optimizing, repairing etc and also try to import it with several tools (Sequel pro etc ) and over ssh.
Have the issue occurring over several tables and can see that other's have had the same. Because i can't import any copy i would need some expertise advice how to solve this either in phpmyadmin or ssh.
Error message is
#mysql -u -p db < /tmp/file.sql
> ERROR 1064 (42000) at line 109088: You have an error in your SQL
> syntax; check the manual that corresponds to your MySQL server version
> for the right syntax to use near '<!
> <div class="error"><h1>Error</h1> <p><strong>SQL query:</strong> <a href=' at line 1
Don't really know how to approach it because i find this all over the DB
like
<image:caption><![CDATA
Any advice?
Since "all the normal stuff" isn't working...
I'm going to take a guess, you are a running something to "copy" the contents of a database table, or you're doing some sort of "dump" or "export" that creates SQL statements.
And the SQL statements that are running against the target are throwing an error.
We can't tell (from where we're sitting and what we're seeing) what it is you are actually doing, we're just guessing.
The two most likely possibilities:
Whatever tool you are using isn't expecting that the column values being copied might contain values that need to be "escaped" if that value is incorporated in the text of a SQL statement. For example, suppose I have a column value like this:
I'd like a pony
and If I grab that value and I naively stick that into the text of a SQL statement, without regard for any characters it might contain, e.g.
INSERT INTO foo (bar) VALUES ('I'd like a pony');
If I try to execute that statement, MySQL is going to throw a syntax error. MySQL is going to see a string literal with a value of 'I' (the single quote that is part of the string is now being seen as the end of the string literal. MySQL is going to flag a syntax error on what follows d like a pony.
When we take a value and build a SQL statement from it, we have to properly escape the values. In this example, the insert statement to reproduce that string value could look like this:
INSERT INTO foo (bar) VALUES ('I''d like a pony');
^^
If this is what's happening, you can be thankful that the column values didn't include something more nefarious...
Robert'); DROP TABLE students; --
But without seeing the actual SQL statement that is being executed, this is just a guess at what is causing the issue.
Is there some kind of guide or some instructions that you are following to "relocate a Wordpress DB" which documents "all the normal stuff" that you are doing?
FOLLOWUP
Question was edited to add this information:
mysql -u -p db < /tmp/file.sql
What's important here is the contents of file.sql.
The problem is most likely in the part of "all the normal stuff" is producing that file. That part is effectively broken because it's not expecting that an extracted column value can contain a single quote character, and is not properly escaping the value before it's incorporated into the text of a SQL INSERT statement.
I have a query:
select first_name from users where user_id=1
UNION
SELECT IF(SUBSTRING user(),1,4) = 'root',SLEEP(5),1);
Whenever I run it I get the following error:
ERROR 1064 (42000): You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version
for the right syntax to use near 'user(),1,4) = 'root',SLEEP(5),1)' at line 1
My purpose is to test whether the user is root.
SUBSTRING user(),1,4) means: starting from position 1, get four characters (so basically root) .If the database user is root then pause for 5 seconds.
But SLEEP(5),1) what does it mean apart from instructing to pause for the specified 5 sec?
Thanks a lot
The right sintax is:
IF(SUBSTRING(user(),1,4) = 'root',SLEEP(5),1)
you are just missing a (. Maybe you can also use this:
IF(user() like "root%", SLEEP(5), 1).
Sleep(n) just pauses the execution of the query for n seconds. I don't find it really useful... but it's possible to do.
##SESSION.sql_mode;
##GLOBAL.sql_mode;
both come up blank, the my.cnf shows no "NO_BACKSLASH_ESCAPE" flag and this is a section of a query which runs on my local server but not on my main.
UPDATE `table`
SET `data` = "[{\"_talent\'s\"etc"
Now I know I can use "[{""_talents""etc" but I'd rather not since it is much easier for me to keep to my current escaping security methods which have always worked before.
The charset is UTF-8 of the table I'm updating. The strangest thing is that it works on insert but not update!
This one really has me scratching. Any ideas?
Cheers
edit:
I've found out that the server is trying to interpret the query like so:
Failed to execute SQL : SQL UPDATE `build` SET `data` = "[{\"_talent\'s" WHERE `build_id` = 1 AND `userId` = 1128; failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE `build` SET `data` = "[{\\"_talent\\'s" WHERE `build_id` = 1 AND `userId`' at line 1
Yet surely it should be the same, why is the SQL engine escaping my escapes!? (if I leave out the escapes the query still fails)
You can try this -
UPDATE 'table'
SET 'data' = '[{"_talents"etc'
Is this relevant?
MySQL / PHP problem with " and '
Which implys you may have magic Quotes enabled somewhere to add extra backslashes (which may explain why you get odd behaviout on your server but not your local machine)?
The different behaviour on both platforms implies some configuration issue on the server to me (you sure they are the same version?) I'm reaching a bit here though.
I found out it seems to have been my version of webmin adding it in on the console... d'oh
When I ran the query from PHP it went through perfectly.
Many thanks though.