I am getting an unexpected T_CONSTANT_ENCAPSED_STRING error in the following SQL query:
mysql_query (UPDATE 'wp_posts' SET 'post_status' = 'publish' WHERE 'post_id' = '$id');
Can you guys see where the error might be?
Here is the full code in case it helps:
$key = 'feed';
$post_ids = array(2263, 2249);
foreach ($post_ids as $id) {
$feedurl = get_post_custom_values($key, $id);
$feedurlstr = implode($feedurl);
// Ignore - it determines whether feed is live and returns $result
LiveOrNot($feedurlstr);
if ( $result == "live" ) {
mysql_query (UPDATE 'wp_posts' SET 'post_status' = 'publish' WHERE 'post_id' = '$id');
}
elseif ( $result == "notlive" ) {
mysql_query (UPDATE 'wp_posts' SET 'post_status' = 'draft' WHERE 'post_id' = '$id');
}
endif;
}
Wrap your SQL statements in quote-marks - ".
mysql_query ("UPDATE 'wp_posts' SET 'post_status' = 'publish' WHERE 'post_id' = '$id'");
mysql_query() takes a string. PHP is looking for constants interspersed with strings, which is not valid PHP grammer.
You need to delimit your strings, ' and " are popular choices, but there is also Heredoc syntax.
Read more about strings in PHP.
Related
what i need to fetch data from stored procedures
syntax in sql developer
select abc_web_demo.wwv_json_data.dashboards('abc','7','tt',1211) from dual
returns json string
{"data":[{"logs":7,"to_abc":88,"to_cl":12,"to_me":0}]}
code
$tns = "
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST =ABC)(PORT = 1521))
)
(CONNECT_DATA = (SID = AAA))
)
";
try {
$conn = new PDO("oci:dbname=".$tns, '**', '**');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo 'Connected to database';
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
$sql = "CALL abc_web_demo.wwv_json_data.dashboards('ABC','79','Y',121221) ";
$stmt = $conn->prepare($sql);
$te=$stmt->execute();
//$stmt = $connection->query("SELECT #NEW_ID");
//$id = $stmt->fetchColumn();
print_r($te);
Problem
i have google & found i need to pass in string in query
like $stmt = $connection->query("SELECT #NEW_ID");
here in my my case i need to pass 4 parameters in procedure.
i new in stored procedures i need help how to pass 4 arguments in procedure .
how to access json response using fetch statement.
i need json repsonse from fetch data.
any help much appreciated
Solution i tried
$output = $conn->query("select 'abc', '7' ")->fetch(PDO::FETCH_ASSOC);
var_dump($output);
Error
SQLSTATE[HY000]: General error: 923 OCIStmtExecute: ORA-00923: FROM keyword not found where expected
when i tried test query it works
$stmt = $conn->prepare("select * from customers");
$st=$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
print_r($result);
Write your query as follows. The FROM clause is mandatory in Oracle dialect of SQL.
select 'abc', '7' from dual
I can update text strings (varchar) types to my Mysql database with PDO without any problems. but with integer (int(11)) types - my PDOstatement has some big problems and also can not write the integer value to the database.
here you can see the error message I get by putting integer values for UPDATE:
ERRNO:42000 ERROR:SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'age = '800' WHERE id = '1'' at line 1
I am getting the values from $_POST like this:
foreach ($_POST['changed'] as $SubArray) {
foreach ($SubArray as $key => $value) {
if ($key === 'recid') continue;
$sql = "UPDATE clients SET $key = :value WHERE id = :recid";
$STH = $DBH->prepare($sql);
try {
$STH->execute(array(':value' => $value, ':recid' => $SubArray['recid']));
} catch (PDOException $e) {
$code = $e->getCode();
$file = $e->getFile();
$line = $e->getLine();
$msg = $e->getMessage();
echo "$file:$line ERRNO:$code ERROR:$msg";
}
}
}
echo urlencode($sql) => UPDATE+clients+SET+age+%3D+%3Avalue+WHERE+id+%3D+%3Arecid
setting up the query ($sql) like this, does the trick.
$sql = "UPDATE `clients` SET `$key` = :value WHERE id = :recid";
before and after table and column name use backticks
`
i tried to make option update three table with one execution for my CI with sql there, but why its still error?
this is the error warning:
A Database Error Occurred
Error Number: 1062
Duplicate entry '0' for key 1
UPDATE `t_publisher` SET `id_publisher` = NULL, `publisher` = NULL, `artis` = NULL, `id_label` = NULL WHERE `id_publisher` = '113'
this is the code:
function update($id_user=null)
{
if (($this->input->post('submit') == 'Update')){
$user=$this->input->post('username');
$pass=$this->input->post('userpassword');
$ussta=$this->input->post('userstatus');
$usty=$this->input->post('usertype');
$data = array(
'user_name' => $user,
'user_pass' => $pass,
'user_status' => $ussta,
'user_type' => $usty);
$this->db->where('user_id', $this->input->post('id'), $data);
$this->db->update("t_user",$data);
$data1 = array(
'id_publisher' => $id_publis,
'publisher' => $publis,
'artis' => $ar,
'id_label' => $id_lab);
$this->db->where('id_publisher', $this->input->post('id'), $data);
$this->db->update("t_publisher",$data1);
echo $this->db->last_query();
die();
$data2 = array(
'id_label' => $id_lab,
'label' => $label);
$this->db->where('id_label', $this->input->post('id'), $data);
$this->db->update("t_label",$data2);
echo $this->db->last_query();
die();
redirect("registrasi/reg");
}
$var['data'] = $this->db->query("select * from t_user where USER_ID= '$id_user'")->row_array();
$var1['data'] = $this->db->query("select * from t_publisher where id_publisher = '$id_publis'")->row_array();
$var2['data'] = $this->db->query("select * from t_label where id_label = '$id_lab'")->row_array();
$this->load->view('update', $var,$var1,$var2);
}
whats wrong with my code? please help. thanks before.
Your UPDATE clause is setting the id_publisher column to NULL, and, based on the name of the column and the error you're receiving, that column is the table's PRIMARY KEY with a setting of unsigned NOT NULL.
Because of this, when you do id_publisher = NULL, MySQL converts it to id_publisher = 0 due to the unsigned part. This will execute fine the first time, however, when you run it on a second row you will now be attempting to insert a second primary-key value of 0, which is not allowed.
Based on the location of the die() statement in your sample code, I'm assuming the following block is the culprit:
$data1 = array(
'id_publisher' => $id_publis,
'publisher' => $publis,
'artis' => $ar,
'id_label' => $id_lab);
$this->db->where('id_publisher', $this->input->post('id'), $data);
$this->db->update("t_publisher",$data1);
Here, your $id_publis variable is either empty or null.
I would suggest to either remove the id_publisher = NULL portion from the UPDATE clause which is as simple as removing 'id_publisher' => $id_publis, from the $data1 array, or rethink the reason you actually need to set it to null to begin with (in this case, would deleting the row be more beneficial?)
I'm not sure what's missing with this update call, here's my code:
$table = new Application_Model_DbTable_ProductContaminant();
$db = $table->getAdapter();
$db->getProfiler()->setEnabled(true);
$data = array('value' => '999');
$where[] = $db->quoteInto('product_id = ?', $q['product_id']);
$where[] = $db->quoteInto('contaminant_id = ?', $k);
$table->update($data, $where);
print $db->getProfiler()->getLastQueryProfile()->getQuery();
And the profiler output is:
UPDATE `product_contaminants` SET `value` = ? WHERE (product_id = '4802') AND (contaminant_id = 69)
Why isn't 'value' being populated??
Value isn't populated because getQuery will only return a prepared statement with parameter placeholders. If you want the parameters used when it updates try this:
$db->getProfiler()->getLastQueryProfile()->getQueryParams()
More info here.
I am having an issue with inserting an array of information into a mysql database. Basically I built a sortable gallery similar to Facebook's photo albums that can be arranged by moving the div to a new spot with jquery's sortable function.
I am using Ajax to call a php file which will inser the new order of the div's into the DB. The information is being passed correctly, it is just not being inserted correctly.
The error I am receiving is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Array' at line 1
The Php code is:
foreach ($_GET['listItem'] as $position => $item) {
if ($item >= 1) {
$sql[] = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'";
mysql_query($sql) or die(mysql_error());
}
}
If I remove the mysql_query function and just do a print_r, I get:
Array
(
[0] => UPDATE table SET order = '0' WHERE id = '2'
[1] => UPDATE table SET order = '1' WHERE id = '4'
[2] => UPDATE table SET order = '2' WHERE id = '3'
[3] => UPDATE table SET order = '3' WHERE id = '1'
[4] => UPDATE table SET order = '4' WHERE id = '5'
[5] => UPDATE table SET order = '5' WHERE id = '6'
)
This is the first time I have tried to do something like this. Any help would be great.
Thank you in advance for the help!
In mysql_query($sql) $sql is an array, therefore it's value is simply Array. When you assign $sql[] = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'"; simply make this line $sql = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'";. That should solve your problem.
EDIT:
You can leave the [] and simply remove the mysql_query from where it is. After your foreach list item, add this:
foreach($sql as $query) {
mysql_query($query);
}
Sounds like there is some confusion about what the [] operator does. You use [] when you want to append an element to the end of an existing array.
For example:
$sql = array();
$sql[] = 'UPDATE table SET order = "0" WHERE id = "2"';
mysql_query($sql); // this will produce the error you are seeing
Versus:
$sql = 'UPDATE table SET order = "0" WHERE id = "2"';
mysql_query($sql); // this will work
You should rewrite your code as such:
foreach ($_GET['listItem'] as $position => $item) {
if ($item >= 1) {
$sql = "UPDATE table SET order = '{$position}' WHERE id = '{$item}'";
mysql_query($sql) or die(mysql_error());
}
}
That will do what you are intending. However, this is still not a good idea, since you are passing untrusted $_GET data directly to the database. I could, for example, call your script with a string like:
http://yoursite.com/yourscript.php?listItem=1'%3B%20DROP%20TABLE%20yourtable%3B
Since the value of listItem is going directly to the database -- and the $item >= 1 check is insufficient, since PHP will evaluate a string as an integer if it begins with numeric data -- all I have to do is add a single quote to terminate the previous query, and I am then free to inject whatever SQL command I'd like; this is a basic SQL injection attack. Whenever you write database-touching code, you should cleanse any input that might be going to the database. A final version of your code might look like:
foreach ($_GET['listItem'] as $position => $item) {
if ($item >= 1) { // this check may or may not be needed depending on its purpose
$sql = 'UPDATE table SET order = "' . mysql_real_escape_string($position) . '" WHERE id = "' . mysql_real_escape_string($item) . '"';
mysql_query($sql) or die(mysql_error());
}
}
There are other ways to cleanse input data as well, that is just one of them. Hope that helps.