You have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right syntax to use near at line 2

Question

I am getting an Error in MySQL    You have an error in your SQL syntax  check the manual that corresponds  to your MySQL server version for the right syntax to use near        at line 2     HTML Code    lt form action  read message php  method  post  gt     lt table class  form table  gt       lt tr gt         lt td style  font-weight bold   gt Subject  lt  td gt         lt td gt  lt input style   width 300px  name  form subject   gt  lt  td gt         lt td gt  lt  td gt       lt  tr gt       lt tr gt         lt td style  font-weight bold   gt Message  lt  td gt         lt td id  myWordCount  gt  amp nbsp  300 words left  lt  td gt         lt td gt  lt  td gt       lt  tr gt       lt tr gt         lt td gt  lt input type  hidden  name  sender id  value   lt  php echo  sender id  gt   gt  lt  td gt         lt td gt  lt textarea cols  50  rows  4  name  form message  gt  lt  textarea gt  lt  td gt         lt td valign  bottom  gt  lt input type  submit  name  submit message  value  send  gt  lt  td gt       lt  tr gt     lt  table gt   lt  form gt    Code to insert into a mysql table    lt  php   include once connect to mysql php       submit new message   if   POST  submit message          if   POST  form subject                submit subject   no subject         else         submit subject   POST  form subject                  submit message   POST  form message         sender id     POST  sender id        if  shortMessagesLeft lt 1          form error message  You have left with    shortMessagesLeft   Short Message  Please purchase it from the  lt a href  membership php id    id    gt shop lt  a gt               else if  submit message              form error message    Please fill in the message before sending              else         message left    shortMessagesLeft-1         update short message   mysql query  UPDATE message count SET short message     message left  WHERE user id     id            sql   mysql query  INSERT INTO private messages  to id  from id  time sent  subject  message           VALUES   sender id     id   now     submit subject    submit message     or die  mysql error                  gt    What does the error mean and what am I doing wrong

User · Answer

I had this problem before  and the reason is very simple  Check your variables  if there were strings  so put it in quotes   your string variable here     if it were numerical keep it without any quotes  for example  if I had these data   name   It will be string    phone number   It will be numerical   So  it will be like that    query    INSERT INTO users  name  phone  VALUES    name    phone    Just like that and it will be fixed

User · Answer

Please make sure you have downloaded the sqldump fully  this problem is very common when we try to import half incomplete downloaded sqldump  Please check size of your sqldump file

User · Answer

That s called SQL INJECTION  The   tries to open close a string in your mysql query  You should always escape any string that gets into your queries    for example    instead of this    VALUES    sender id       do this    VALUES      mysql real escape string  sender id             or equivalent  of course   However  it s better to automate this  using PDO  named parameters  prepared statements or many other ways  Research about this and SQL Injection  here you have some techniques    Hope it helps  Cheers

User · Answer

There is a single quote in  submitsubject or  submit message   Why is this a problem   The single quote char terminates the string in MySQL and everything past that is treated as a sql command  You REALLY don t want to write your sql like that  At best  your application will break intermittently  as you re observing  and at worst  you have just introduced a huge security vulnerability   Imagine if someone submitted     DROP TABLE private messages  in submit message   Your SQL Command would be   INSERT INTO private messages  to id  from id  time sent  subject  message           VALUES  sender id    id   now    subjet        DROP TABLE private messages    Instead you need to properly sanitize your values    AT A MINIMUM you must run each value through mysql real escape string   but you should really be using prepared statements    If you were using mysql real escape string   your code would look like this   if   POST  submit message      if   POST  form subject              submit subject   no subject     else       submit subject mysql real escape string   POST  form subject         submit message mysql real escape string   POST  form message      sender id   mysql real escape string   POST  sender id       Here is a great article on prepared statements and PDO

User · Answer

I was getting the same error when I used this code to update the record    mysqli query  dbc  query or die       After removing or die  it started working properly

[php] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')' at line 2

Examples related to php

Examples related to mysql

Examples related to insert