EXPRESS and SQL "syntax error at or near "$"" - sql

I'm making PFP route with EXPRESS and PSQL and I have a little problem.
I get an error
Syntax error at or near "$"
Code:
if (!imgbbLink.startsWith("https://ibb.co/")) {
return res.status(400).json("Something went wrong")
}
await pool.query(
"UPDATE users SET user_profile_image = 1$ WHERE user_id = $2",
[imgbbLink, req.user.id]
)
res.json("PFP updated successfully")
I think there shouldn't be any problem?
Thanks.

You just made typo when indicated 1$ instead of $1:
UPDATE users SET user_profile_image = $1 WHERE user_id = $2

Related

Laravel query error

laravel return this error on execute this line:
$select = trim($request->select);
$where = trim($request->where);
$d = trim($request->d);
$order = trim(stripslashes($request->order));
$limit = isSet($request->limit) ? " LIMIT ".trim($request->limit) : '';
$forUser = trim(stripslashes($request->userId));
$campaignId = trim(stripslashes($request->campaignId));
$userRole = trim(stripslashes($request->userRole));
$events = DB::select('SELECT *, DATE_FORMAT(timestamp, ?) selector FROM events WHERE DATE_FORMAT(timestamp, ?) = ? AND campaignId = ? ORDER BY ? ASC ?', [$select, $where, $d, $campaignId, $order, $limit])->get();
Error:
[2018-05-21 19:09:22] local.ERROR: exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?' at line 1' in C:\xampp\htdocs\spotlike_laravel\trunk\vendor\doctrine\dbal\lib\Doctrine\DBAL\Driver\PDOConnection.php:77
Any ideas? :(
Problem solved, the variable "$limit" was empty, then on the concatenate of $limit generate a blank space on the query. Thanks darol and Phil!

Subtracting two datetime values

I'm trying to get the length of time a user was logged in for. My code is grabbing the login and logout time but the loginLength field in my DB table isn't updating with this code. Any ideas what's wrong with it?
$logout = "UPDATE Emp
SET loginStatus = 0,
LogoutTime = NOW()
WHERE username = '$_SESSION[username]'";
if (! mysql_query($logout))
{
echo "Error" . mysql_error();
}
$time = "UPDATE Emp
SET loginLength = DATEDIFF(milliseconds,LoginTime,LogoutTime)
WHERE username = '$_SESSION[username]'";
if (! mysql_query($time))
{
echo "Error" . mysql_error();
}
I suspect you are using MySQL as your database (the obsolete "mysql_" functions are a hint). You are then using SQL Server syntax for the date operations.
The MySQL equivalent is:
UPDATE Emp
SET loginLength = TIMESTAMPDIFF(MICROSECOND, LoginTime, LogoutTime) / 1000
WHERE username = '$_SESSION[username]';
You can try "MILLISECOND", but it is not documented as working.

SQL update not running, reasons unknown

I am trying to run an update and for reasons I cannot figure out why it is not running.
The error:
Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE EventID = '2'' at line 4
I cannot figure out what is wrong with the syntax.
$query = "
UPDATE event
SET AssignedTo = '$AssignedTo',Project = '$Project',Category = '$EventCategory',
Status = '$Status',Services = '$EventServices',Priority = '$EventPriority',
WHERE EventID = '$ID' ";
try {
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex){ die( "Failed to run query: " . $ex->getMessage()); }
die("                      Changes Submitted");
}
This requires formatting the text, so it is too long for a comment.
If you format your queries neatly, then you can avoid or at least minimize such problems:
UPDATE event
SET AssignedTo = '$AssignedTo',
Project = '$Project',
Category = '$EventCategory',
Status = '$Status',
Services = '$EventServices',
Priority = '$EventPriority',
-------------------------------------^
WHERE EventID = '$ID';
The lines for the query don't scroll off the page, making it easier to spot an extra comma.

Sql Select If Statement not working but working as simple function without if statement

Need help, am trying to use Select if statement in Sql
$sql = "Select *,
(select prod_name from #__mobile_products where prod_id=z.z_prod_id)
as cell_name from #__mobile_types AS z
When z.z_status='1' and z.z_id = '".$vid."'
else JError::raiseError(404, "Message");
";
Target Objective is: show list when z_status=1 and display J Error when z_status=0. However it's not working. This function works well
$sql = "Select *,
(select prod_name from #__mobile_products where prod_id=z.z_prod_id)
as cell_name from #__mobile_types AS z
Where z.z_status='1' and z.z_id = '".$vid."'
";
However when trying to modify using else statement it does not work.
Edit - Complete Function Code:-
$database =& JFactory::getDBO();
global $Itemid;
$sql = "Select *,
(select prod_name from #__mobile_products where prod_id=z.z_prod_id)
as cell_name from #__mobile_types AS z
Where z.z_status='1' and z.z_id = '".$vid."'
";
$database->setQuery($sql);
$rows = $database->loadObjectList();
return $rows[0];
You are confusing SQL and PHP and Joomla: The second query you wrote is the one you want to run. But the logic needs to be handled in php. Your sql engine doesn't know "else" (which is php) or JError (which is Joomla). Not to speak about the wrong use of " - as you wrote it's just a syntax error.
$db = JFactory::getDbo();
$sql = "Select *,
(select prod_name from #__mobile_products where prod_id=z.z_prod_id)
as cell_name from #__mobile_types AS z
Where z.z_status='1' and z.z_id = " . $db->quote($vid);
$db->setQuery($sql);
if ($result = $db->loadObject()) {
// the query returned something, you can use the result object
echo $result->prod_name;
} else {
if ($db->getErrorNum()) {
JError::raiseError(500, "Something went horribly wrong, the query returned the error ". $db->getErrorMsg());
} else {
echo "Your query returned no records i.e. no records satisfy the z_status=1 condition";
}
}
Finally, 404 is "not found", but it refers to the request, not the data in your application. You might want to return 500 if the query errors out, and 200 for all other requests. See here for more info on status codes: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Why aren't my SQL placeholders being replaced (using Go pq)?

As per the docs, I'm doing this
var thingname string = "asdf";
var id int
err = database.QueryRow("SELECT id from things where thing = ?", thingname).Scan(&id)
but Postgres is saying
ERROR: syntax error at end of input at character 41
STATEMENT: SELECT id from things where thing = ?
I can't see that I'm doing much different to the demo code. I'm using pq.
The exact syntax is database dependent.
Use
err = database.QueryRow("SELECT id from things where thing = $1", thingname).Scan(&id)
Try this using $1 instead of ?:-
err = database.QueryRow("SELECT id from things where thing = $1", thingname).Scan(&id)