I am trying to add this query to database and I can't get it to work. Any help will be appreciated. I am trying to learn mysql I saw a website has a reservation system and I just wanted to learn how to create one.. but I get this error.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''reservation'( service_type, passengers, sedans, s' at line 1
$query = "INSERT INTO 'example'(
service_type,
passengers,
sedans,
suv,
limo,
pass_name,
pass_phone,
pass_email,
book_name,
book_phone,
pickup_type,
pickup_point,
pickup_airline,
pickup_flightno,
pick_airportlocation,
pick_address,
reservation_datetime,
drop_type,
drop_airline,
drop_flightno,
drop_address,
stop_1,
stop_2,
stop_3,
stop_4,
stop_5,
stop_6,
stop_7,
stop_8,
stop_9,
stop_10,
additional_info,
payment_type,
pickup_latitude,
pickup_longitude,
drop_latitude,
drop_longitude,
created
) VALUES (
'$service_type',
'$passengers',
'$sedans',
'$suv',
'$limo',
'$pass_name',
'$pass_phone',
'$pass_email',
'$book_name',
'$book_phone',
'$pickup_type',
'$pickup_point',
'$pickup_airline',
'$pickup_flightno',
'$pick_airportlocation',
'$pick_address',
'$reservation_datetime',
'$drop_type',
'$drop_airline',
'$drop_flightno',
'$drop_address',
'$stop_1',
'$stop_2',
'$stop_3',
'$stop_4',
'$stop_5',
'$stop_6',
'$stop_7',
'$stop_8',
'$stop_9',
'$stop_10',
'$additional_info',
'$payment_type',
'$pickup_latitude',
'$pickup_longitude',
'$drop_latitude',
'$drop_longitude',
'$created')";
Your table name needs to be enclosed in backticks `, not single quotes ':
INSERT INTO `example`
If you have variables that are strings you need to quote them in the insert statement. This is a very common mistake that people do.
Related
Error returned is:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near
''id_partenaire','logo_partenaire','logo_tnb','favicon','global_primary_color','g'
at line 1
This is my query:
INSERT
INTO
CONFIGURATIONS_PARTENAIRES
('id_partenaire','logo_partenaire','logo_tnb','favicon','global_primary_color','global_secondary_color','global_infos_color','global_font_color','font_color_dark','font_color_light','moteur_ht','moteur_og','moteur_ht_primary_color','moteur_ht_secondary_color','moteur_og_primary_color','moteur_og_secondary_color')
VALUES
(16,'logo-2020-350x73-1.png','logo_tb.png','icon.gif','#ebebeb','#ffffff','#f50e98','#000000','#ffffff','#f06f05','1','1','#000000','#f06f05','#000000','#f06f05');
With back ticks instead of the quotes on the column names it should run better
INSERT INTO
CONFIGURATIONS_PARTENAIRES
(`id_partenaire`,
`logo_partenaire`,
`logo_tnb`,
`favicon`,
`global_primary_color`,
`global_secondary_color`,
`global_infos_color`,
`global_font_color`,
`font_color_dark`,
`font_color_light`,
`moteur_ht`,
`moteur_og`,
`moteur_ht_primary_color`,
`moteur_ht_secondary_color`,
`moteur_og_primary_color`,
`moteur_og_secondary_color`)
VALUES
( 16
,'logo2020-350x73-1.png'
,'logo_tb.png'
,'icon.gif'
,'#ebebeb'
,'#ffffff'
,'#f50e98'
,'#000000'
,'#ffffff'
,'#f06f05'
,'1'
,'1'
,'#000000'
,'#f06f05'
,'#000000'
,'#f06f05');
These lines give me the parse error, ı checked my syntax many times but it seems alright to me. I don't understand why does it give this error
code:
INSERT INTO club_request(RequestID,"Besiktas")
SELECT RequestID
FROM Request
WHERE RequestName = "New goalkeeper";
error:
ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"Besiktas") SELECT RequestID FROM Request WHERE RequestName = "New goalkeeper"' at line 1
INSERT INTO club_request(RequestID, ClubName)
SELECT RequestID, ClubName
FROM Request, Club
WHERE RequestName = "New goalkeeper" AND ClubName = "Besiktas";
lately I have turned it into this and now it works as I wanted, can't we insert partial value from select clause and partial value as a string ?
I am using Node.JS along with the mysql2 module. It's basically like when I try to update a column with a JSON stingified data, I get the following error:
{ Error: You have an error in your SQL syntax; check the manual that corresponds
to your MariaDB server version for the right syntax to use near '"1050":1}WHERE
`user` = ?' at line 1
The stingified JSON data:
{"1050":1}
The query:
var sql = 'UPDATE `users` SET `furniture` = ' + 'concat(furniture,' + JSON.stringify(self.furniture) + ')' + 'WHERE `user` = ?';
self.furniture is related to something else, but I can assure you that self.furniture is returning that JSON data thus I get the mysql syntax error.
sqlMessage: 'You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use near \'"1050":
Issue is resolved using backticks along with single quotes.
var sql = 'UPDATE `users` SET `furniture` = ' + `concat(furniture, '${lol}')` + 'WHERE `user` = ?';
var lol = JSON.stringify(self.furniture)
Your query line says in part
...ingify(self.furniture) + ')' + 'WHERE `us...
It should have an extra space after the close parenthesis.
...ingify(self.furniture) + ') ' + 'WHERE `us...
Here's the thing about MySQL syntax errors: the message shows the erroneous query starting with the first character MySQL does not understand. A good way to troubleshoot this kind of thing is to use console.log() to output the entire query string, then look at it carefully. You will usually find something obvious wrong.
To avoid DRY, I'm attempting to create an sql INSERT statement with variable column names and the data to fill those columns via ScalikeJDBC's sql interpolation:
case class MySQLInsertMessage(tableName:String, columns:List[String], values:List[String])
def depositMessage(msg: MySQLInsertMessage): Unit = {
NamedDB('MySQLMsgDepositor) localTx { implicit session =>
val sqlStmt = sql"INSERT INTO ${msg.tableName} (${msg.columns}) VALUES (${msg.values})"
println("The sql statement is: " + sqlStmt.statement)
println("The parameters are: " + sqlStmt.parameters)
sqlStmt.update().apply()
}
}
And when I call this with:
depositMessage(MySQLInsertMessage("My_Table", List("key", "email"), List("42", "user#email.com")))
the resulting console printout is:
The sql statement is: INSERT INTO ? (?, ?) VALUES (?, ?)
The
parameters are: List(My_Table, key, email, 42, user#email.com)
You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ''My_Table'
('key', 'email') VALUES ('42', 'user#emai' at line 1
java.sql.SQLSyntaxErrorException: You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''My_Table' ('key', 'email') VALUES
('42', 'user#emai' at line 1
I've tried wrapping the sql"..." as such instead:sql"""...""", but that doesn't seem to make a difference. I can execute the expected statement just fine in my MySQL workbench GUI. Any idea what my syntax error is?
Stemming from the hint from #scaisEdge, it seems ScalikeJDBC, when using its syntax, will always place single quotes around any parameterized values. And judging from here - https://github.com/scalikejdbc/scalikejdbc/issues/320 - this is a known issue.
With a MySQL INSERT statement (or others), your table name or column values may not have single quotes around them, though they are allowed to have backticks.
You can use their SQLSyntax.createUnsafely(str:String) method, or, if I wanted to do this as I was doing above, instead of using sql"...", I could use the old way of SQL(s"INSERT INTO ${msg.tableName} (${msg.columns.mkString(",")})")
Note - I believe both of these leave you open to injection attacks. Since, for me, this is a local API and you'd have to have the DB's username and password regardless to use it, I'm going with the createUnsafely way of doing things, with a little regex "cleaner" for a little inelegant piece of mind:
def depositMessage(msg: MySQLInsertMessage): Unit = {
NamedDB('MySQLMsgDepositor) localTx { implicit session =>
val unsafeSQLRegex = "[`'\"]".r
val table = SQLSyntax.createUnsafely(s"`${unsafeSQLRegex.replaceAllIn(msg.tableName, "")}`")
val columns = SQLSyntax.createUnsafely(msg.columns.map(value => unsafeSQLRegex.replaceAllIn(value, "")).mkString("`", "`, `", "`"))
val sqlStmt = sql"INSERT INTO $table ($columns) VALUES (${msg.values})".update().apply()
}
}
}
Can someone run their eyes over this statement? I keep getting a syntax error and I'm stumped as to what is wrong.
mysql_query("INSERT INTO emails (to, from, subject, content, ip) VALUES('$email_to', '$email_from', '$subject', '$content', '$ip' ) ")
Thanks!
EDIT: Error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''to', 'from', subject, content, ip) VALUES('[MY EMAIL ADDRESS]', 'l', 'hi', ' at line 1
EDIT 2:
I have sanitized.
$email_to = mysql_real_escape_string($_POST['email_to']);
$email_from = mysql_real_escape_string($_POST['email_from']);
$subject = mysql_real_escape_string($_POST['subject']);
$content = mysql_real_escape_string($_POST['content']);
Try this:
mysql_query(
"INSERT INTO emails (`to`, `from`, subject, content, ip)
VALUES('$email_to', '$email_from', '$subject', '$content', '$ip' )")
I think the error raises because from is a reserved word... backticks should solve this problem.
Remember you MUST always sanitize user input to avoid SQL injection!!
Perhaps escape the 'from' field, as from is a keyword;