This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
I've been staring at this thing for a while now and I can't seem to figure out what the syntax error is. I've been in this situation before and last time it was something so unbelievably simple I felt stupid afterwards. But here's to another attempt:
//update database
$q = "
UPDATE
users
SET
id='$edit_id',
name='$edit_name',
bdm='$edit_bdm',
add='$edit_add',
pc='$edit_pc',
location='$edit_outletL',
style='$edit_outletS',
coName='$edit_coName',
coNum='$edit_coTel',
coEmail='$edit_coEmail',
password='$edit_pass'
WHERE
id='$query_title'
";
$edit_query = mysql_query($q) or die("Database Query Error: ". mysql_error());
Database Query Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'add='Llancadle, Nr Barry', pc='CF62 3AQ', location='rural', style='food', coName' at line 1
You neeed to backquote add since it is a keyword:
`add` = ...
I think add is a reserved word in MySQL.
your problem is that "add" is a MySQL reserved word. See: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html. If you have a column named "add", escape it like this:
//update database
$edit_query = mysql_query("UPDATE users SET id='$edit_id', name='$edit_name', bdm='$edit_bdm', `add`='$edit_add', pc='$edit_pc', location='$edit_outletL', style='$edit_outletS', coName='$edit_coName', coNum='$edit_coTel', coEmail='$edit_coEmail', password='$edit_pass' WHERE id='$query_title'") or die("Database Query Error: ". mysql_error());
as bobby noted in a comment, add is a mysql reserved word
`add`='$edit_add'
will tell mysql you are talking about a column
Related
This question already has an answer here:
CS50: LIKE operator, variable substitution with % expansion
(1 answer)
Closed 2 years ago.
I am trying to run a SQL query in my Flask application to search a database. However, I get an error when I run the query:
db.execute("SELECT * FROM books WHERE author LIKE '%:author%' ", {"author":query})
The resulting error is this (passed 'Tom' in my input):
sqlalchemy.exc.ProgrammingError: (psycopg2.errors.SyntaxError) syntax error at or near "Tom"
LINE 1: SELECT * FROM books WHERE author LIKE '%'Tom'%'
^
[SQL: SELECT * FROM books WHERE author LIKE '%%%(author)s%%' ]
[parameters: {'author': 'Tom'}]
(Background on this error at: http://sqlalche.me/e/f405)
I've tested the query with a hard coded value and it works fine. I would like to know what is causing the error and how to fix it.
You need string concatenation. Many SQL databases support concat() (and other have an equivalent function or operator, such as standard operator ||):
db.execute("SELECT * FROM books WHERE author LIKE CONCAT('%', :author, '%')", {"author":query})
Another option is to concatenate '%'s around your parameter in your application first, and then pass it to the query.
I am trying to insert into my database, and the only problem I can find is the sql not being correct somehow. I tried searching up the errors, but they are confusing at to what they are.
$pdo = new PDO("mysql:host=$dbhost;dbname=$dbvideos;", $dbusername, $dbpassword);
$sql = "INSERT INTO Video ('Channel ID', 'Name', 'VideoDescription', 'VideoLocation') VALUES (:chanID, :vidName, :vDesc, :vLoc)";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(":chanID"=>$_POST['selectedChannel'], ":vidName"=>$_POST['videoName'], ":vDesc"=>$_POST['viddesc'], ":vLoc"=> $VideoLocation));
print_r($stmt->errorInfo());
With error output:
Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ID, Name, VideoDescription,VideoLocation) VALUES ('1', 'Testing Video', 'This is' at line 1 )
I pre-checked the variables (types match database, and they exist and with validation on previous page). The connection works fine. So SQL is the only error I can find.
I understand having no space in names- that one slipped my mind (I am usually on top of that, even when saving files). Some how removing the space and removing ' quotes made it work. (I originally used ' quoted because I saw some people use it so I though it would fix the problem).
Thank You Ryan Vincent.
I am trying to send a SQL prepared statement to MySQL DB. This is what I have:
String sql1 = "SELECT idReimbursed_Funds As idReimFunds FROM reimbursedfunds Where ReimFundsName = ? AND Date = ?";
PreparedStatement pstmt1 = conn.prepareStatement(sql1);
pstmt1.setString(1, reimfund.getReimFundsName());
pstmt1.setDate(2, (Date) reimfund.getDate());
ResultSet rs1 = pstmt1.executeQuery(sql1);
while(rs1.next()){
idReimFunds = rs1.getInt("idReimFunds");
}
After googling this problem, I found solutions to use parenthesis around the question marks or the whole where clause such as:
String sql1 = "SELECT idReimbursed_Funds As idReimFunds FROM reimbursedfunds Where (ReimFundsName = ?) AND (Date = ?)";
This didn't work though. I get the same error message that is generated by my original code:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?) AND (Date = ?)' at line 1.
When I try the SQL statement in MySQL Workbench is works fine. Is there a way to use 2 where clauses with JDBC? I know in other posts people have answered that it has to be sent as two different queries, but I thought I would ask just in case someone else reads this posts and knows of a way. Thank you!
The problem (apart from the Date issue as mentioned by bgp), is the line:
ResultSet rs1 = pstmt1.executeQuery(sql1);
You are trying to execute a query string on a prepared statement, which is not allowed by the JDBC standard (MySQL should actually throw an exception instead of sending it to the server as it currently does, but the end result is the same). The documentation of Statement.executeQuery(String sql) says:
Throws:
SQLException - if a database access error occurs, this method is called on a closed Statement, the given SQL statement produces anything other than a single ResultSet object, the method is called on a PreparedStatement or CallableStatement
(emphasis mine)
The reason is that you want to execute the prepared statement, not any other query. You should call PreparedStatement.executeQuery() (so without a parameter):
ResultSet rs1 = pstmt1.executeQuery();
Pretty sure this is because "Date" is a MySQL keyword (reserved). Call the field something else or escape it with backticks, i.e. `Date`
First, I know that this question has been asked on this forum already, but each previous question differs from my situation and the solutions don't work. My commas are all there and I'm using a very simple query. Moving right along:
I'm using a linked table in Access, which links to a SQL Server database. Everything works except this query. If I run the text directly in SQL Server, it runs fine. Therefore, the syntax of the query must be fine.
Here's what I'm running:
CurrentDb.Execute "Update dbo_TS_Activity Set [Remarks] = ''Updated Remarks'' Where [id] = 1124 AND [Emp_Name] = ''CONFUSED'' AND [Approved] = 0"
I get Run-time error '3075'
Syntax error (missing operator) in query expression ''Updated Remarks''
What I've tried:
Single quotes
Double quotes
Double single (two apostrophes) quotes
No quotes
Opening the linked table and manually editing it (it works)
Crying (just kidding)
This should work fine, AFAICT, from what you've posted along with your comment above.
CurrentDb.Execute "Update dbo_TS_Activity Set [Remarks] = 'Updated Remarks' Where [id] = 1124 AND [Emp_Name] = 'CONFUSED' AND [Approved] = 0"
2 Things finally fixed it... I ran the update in the query designer and it gave me this weird syntax of parenthesis around the WHERE statement so it looked like:
Where (((dbo_vw_TS_Activity.[id]) = 1124))
Finally, it wanted double-double-quotes for variables, like:
SET [Remarks] = ""The updated remarks...""
Suddenly, it's happy. Consequently, I am too.
Here's a very easy question for someone :)
Trying to update an SQL column with the following:
UPDATE [NameOfTable]
SET [HtmlContent] = 'a href="/sell-your-boat/"'
WHERE HtmlID = 123456
But am getting the following error message: Incorrect syntax near '/'.
I know it's because I need to escape the / character but hitting my head against the wall trying to find the answer because I am aware it's probably very simple!
Thank you
You don't need to escape slashes in a string in SQL. The only chracter that you need to escape is apostrophe (').
There is nothing wrong with the query that you are showing, so the only explanation is that the code that you are actually running does not look like that.
It doesn't make sense to have HTML-encoded quotation marks around a href attribute, so my guess is that the HTML code actually looks something like this:
<a href='/sell-your-boat/'>
Any apostrophes in the text would have to be encoded as double apostrophes when you put it in a string literal in the SQL code.
I don't know where the query is executed from, but a parameterised query would be preferrable if possible, as then you don't have to escape the text yourself, you just assign the text to the property value.
Like all the comments above, youd don't need to escape the /
I just did a quick sql test in sql server 2005 and didn't get an error message (see below)
We'll probably need more information than what you provided. Are you running this in Management studio, or is this sql being called in a .NET application, etc...
create table test (htmlid int, htmlcontent varchar(516))
insert into test select 123456 as htmlid, 'test' as htmlcontent
update test
set htmlcontent = 'a href="/sell-your-boat/"'
where htmlid = 123456
select * from test where htmlid = 123456
drop table test
my output
123456 a href="/sell-your-boat/"