Reputation: 139
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= WHERE
Sorry to bother with this kind of question but i am kinda sick of this... Got a problem with rather simple thing...
This piece of code:
$mysql_key = mysql_real_escape_string(str_replace($mysql_remove, '', $key));
$mysql_value = mysql_real_escape_string($value);
$insert = mysqli_query($connection, "UPDATE archi_form SET ".$mysql_key." = ".$mysql_value." WHERE random_string = '".$randstring."'");
is throwing me this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= WHERE random_string='pq9HzavnyQdC1ZrCODsV1HDc0xcV6jXdPT20TNRjTM0pjzgd9jJO3EgXT' at line 1 1064
Could you help please before i will loose me mind? :)
Upvotes: 0
Views: 134
Answers (2)
Reputation: 1876
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= WHERE
You are getting this error means there is nothing in $mysql_value, because error showing = **???** WHERE , Check this value ,and also correct your query as below
"UPDATE archi_form SET ".$mysql_key." = '".$mysql_value."' WHERE random_string = '".$randstring."'"
Upvotes: 0
Reputation: 4330
You're mixing mysql_* with mysqli_*
You can't do that, because it won't work. You must use only the mysqli_* functions.
Rephrased from the PHP doc pages:
/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE archi_form SET $column = ? WHERE random_string = ?")) {
/* bind parameters for markers */
$stmt->bind_param("ss", $value, $randstring);
/* execute query */
$stmt->execute();
/* bind result variables */
$stmt->bind_result($result);
/* fetch value */
$stmt->fetch();
//do something
/* close statement */
$stmt->close();
}
Note that I didn't use mysqli_real_escape_string. Read the PHP doc to discover why.
Special note for $column. As far as I know, you can't bind column or table names. Therefore, you need a form of whitelisting:
$valid_columns = array('col1', 'col2', 'col3');
if (in_array($mysql_key, $valid_columns)){
$column = $mysql_key
} else {
echo "something fishy is going on"; die;
}
Upvotes: 1
Related Questions
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''leave''
- Error: You have an error in your SQL syntax; check your MySQL server version for the right syntax to use near
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '*' at line 5
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version~~
- You have an error in your SQL syntax; check the manual...Line 6
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' )' at line 1
- You have an error in your SQL syntax; check the manual
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
- error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0'' at line 1