Click here to Skip to main content
15,921,716 members
Search within:


Why is this, how come sometimes it gets an error, sometimes not
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
PHP
 
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near


What I have tried:

function edit_post_no_img($id,$title,$contents,$category,$slug,$tags,$description){
		$result = $this->db->query("UPDATE tbl_post SET post_title='$title',post_description='$description',post_contents='$contents',post_last_update=NOW(),post_category_id='$category',post_tags='$tags',post_slug='$slug' WHERE post_id='$id'");
		return $result;
	}
Posted
Updated 29-Dec-20 4:01am
Add a Solution

2 solutions

This kind of errors arise when you have used incorrect syntax.

Debug and you should be able to see the query formed. Correct the query and it should solve it.

One of the values in below query seems empty.
SQL
"UPDATE 
   tbl_post 
SET  
   post_title='$title',
   post_description='$description',
   post_contents='$contents',
   post_last_update=NOW(),
   post_category_id='$category',
   post_tags='$tags',
   post_slug='$slug' 
WHERE 
   post_id='$id'"


Based on the details on their knowledge base: Basic SQL Debugging - MariaDB Knowledge Base[^]

Quote:
ERROR 1064: You have an error in your SQL syntax; check the manual that corresponds to your
MariaDB server version for the right syntax to use near ' ' at line 1

The empty ' ' can be disheartening. Clearly there is an error, but where? A good place to look is at the end of the query. The ' ' suggests that the parser reached the end of the statement while still expecting some syntax token to appear.

Check for missing closers, such as ' and ):
SQL
SELECT * FROM someTable WHERE field = 'value

Look for incomplete clauses, often indicated by an exposed comma:
SQL
SELECT * FROM someTable WHERE field = 1 GROUP BY id,


PS: Generally, you should always make use of Parameterized query to avoid SQL Injection. Read about protecting from SQL Injection here: SQL Injection Mitigation: Using Parameterized Queries[^]
 
Share this answer
 
Posted
Updated 29-Dec-20 4:10am
v2
Why are you getting the error somethines, and not others? Simple: you are doing DB access very wrong - and it's a lot more dangerous than "it fails sometimes". Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 29 Dec 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-06-13:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900