I am currently constructing prepared statements and I am wondering how to use it in the WHERE part for LIKE and %. So I basically just want to SELECT the name from the database which is like the one that has been posted.
Here is my code:
$order = "SELECT name, name_id FROM requests WHERE name LIKE %?%" ;
$statement = $pdo->prepare($order);
$statement->bindParam(1, $_POST['name']);
$statement->execute();
$data = $statement->fetch(PDO::FETCH_ASSOC);
And here is the wonderful error that says that I use the wrong syntax with %:
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error
in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
to use near '%'kevin'%' at line 1' in
/var/www/xxx/html/partials/requestinsert.php:13 Stack trace: #0
/var/www/xxx/html/partials/requestinsert.php(13): PDOStatement->execute() #1
/var/www/xxx/html/partials/requestcontact.php(231):
include('/var/www/xxx...') #2 /var/www/xxx/html/xxx.php(124):
include('/var/www/xxx...') #3 {main} thrown in
/var/www/xxx/html/partials/requestinsert.php on line 13
You need to supply query parameter when you bind the parameters like below:
$order = "SELECT name, name_id FROM requests WHERE name LIKE ?" ;
$var = "%" . $_POST['name'] . "%";
$statement->bindParam(1, $var);
Related
we want to use placeholders to solve the problem we need to input the table name that we don't know.
But it always shows me syntax error .
we have try any placeholders method.
and ac is a variable
import sqlite3
with sqlite3.connect(f'{ac}.db') as conn:
c = conn.cursor()
c.execute(f"select name from {ac}")
c.execute(f"select name from {ac}")
sqlite3.OperationalError: near " ": syntax error
I expect we can input the placeholders to instead the real table name .
But it seems happens some syntax error.
You have a redundant space between the f and '{ac}.db'
import sqlite3
with sqlite3.connect(f'{ac}.db') as conn:
c = conn.cursor()
c.execute(f"select name from {ac}")
Very often we are unable to use Partitioned reads in Netezza connector.
Example
When partitioned read = Yes and Generated SQL at Runtime = Yes this works:
SELECT "Firma", "KundeNr", "ArtikkelNr"," LagerstedNr"
FROM dwhusr."TI_FT_Salg"
When Generated SQL at Runtime = No and the query is Autogenerated by DataStage (or we write it our selves) the query looks like this:
SELECT "Firma", "KundeNr", "ArtikkelNr"," LagerstedNr"
FROM dwhusr."TI_FT_Salg"
WHERE mod(datasliceid,[[node-count]])=[[node-number]]
It will then throw an error:
DB_TI_FT_Salg: Unexpected ODBC error occurred. Reason: [SQLCODE=42000][Native=27] ERROR: 'SELECT "Firma", "KundeNr", "ArtikkelNr"," LagerstedNr" FROM dwhusr."TI_FT_Salg" where mod(datasliceid,[[node-count]])=[[node-number]] limit 0'
error ^ found "[" (at char 102) expecting an identifier found a keyword (CC_NZMetadataHelper::describeResultSet, file CC_NZMetadataHelper.cpp, line 5 622)
Please help!
I have following code:
<?php
$exists_photos = $wpdb->get_results("SELECT * FROM $dsp_galleries_photos galleries, $dsp_user_albums_table albums WHERE galleries.album_id=albums.album_id AND galleries.status_id=1 AND galleries.album_id IN ($ids1) ORDER BY RAND() LIMIT 6");
$i=0;
foreach ($exists_photos as $user_photos) {
$photo_id=$user_photos->gal_photo_id;
$album_id1=$user_photos->album_id;
$file_name=$user_photos->image_name;
$private=$user_photos->private_album;
$image_path="/wp-content/uploads/dsp_media/user_photos/user_".$member_id."/album_".$album_id1."/".$file_name;
if(($i%3)==0){
?>
It returns following error:
WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 for query SELECT COUNT(*) FROM wp_dsp_galleries_photos WHERE status_id=1 AND album_id IN () made by require('wp-blog-header.php'), require_once('wp-includes/template-loader.php'), include('/themes/ArtSee/page.php'), the_content, apply_filters('the_content'), call_user_func_array, do_shortcode, preg_replace_callback, do_shortcode_tag, call_user_func, wp_include_file, include('/plugins/dsp/profile_header.php'), include('/plugins/dsp/member_dsp_header.php'), include('/plugins/dsp/headers/view_profile_header.php'), include('/plugins/dsp/view_profile_setup.php')
Suggestions will be appreciated. Thanks
You missed a VALUE INSIDE ():
SELECT COUNT(*) FROM wp_dsp_galleries_photos WHERE status_id=1 AND album_id IN ()
The statement: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' indicates the point of failure. I refers to the second ) in :
... album_id IN () ...
In any case your code does not show this part.
SELECT * FROM $dsp_galleries_photos galleries, $dsp_user_albums_table albums
should be
SELECT * FROM dsp_galleries_photos galleries, dsp_user_albums_table albums
with no $ before the table name - you also should consider if you really need to select * but that won't impact the syntax of the query
How do I correctly extract specific info from an sql error message number 547?
Info Required:
Table Name
Constraint Name
Column Name
Code:
Try
....
Catch ex As System.Data.SqlClient.SqlException
If ex.Number = 547 Then
End If
End Try
Sample message:
UPDATE statement conflicted with COLUMN CHECK constraint
'CK_Birthdate'. The conflict occurred in database 'Northwind', table
'Employees', column 'BirthDate'.
There is no straight forward way of getting these pieces of information separately.
It all gets concatenated into the error message.
You can use select * from sys.messages where message_id=547 to see the various different language formats of the message that you would need to deal with in order to extract the constituent parts then perhaps use regular expressions with capturing groups based around this information.
In addition to queries, here's a powershell script which wraps the sys.messages queries.
http://blogs.msdn.com/b/buckwoody/archive/2009/04/30/and-the-winner-is-get-sql-server-error-messages-from-powershell.aspx
its true there is no straight way to fix this but I did this insted
var str = sqlException.Message.ToString();
var strlist = str.Split(',', StringSplitOptions.RemoveEmptyEntries);
var streplace = strlist[1];
streplace = streplace.Replace("table \"dbo.", "");
streplace = streplace.Replace("\"", ""); //this will get the data table name
streplace = string.Concat(streplace.Select(x => Char.IsUpper(x) ? " " + x : x.ToString())).TrimStart(' ');
Using sql server 2008 I am getting and invalid precision value error in the following perl script:
use DBI;
$idx = '12345';
$query = 'if exists (select * from tbl where idx = ?) select top 10 * from tbl';
my $h = $dbh->prepare($query) or die "Couldn't prepare query: " . $dbh->errstr;
$h->execute($idx) or die "Couldn't execute statement: " . $h->errstr;
Note however that if I try this instead
use DBI;
$query = 'if exists (select * from tbl where idx = \'12345\') select top 10 * from tbl';
my $h = $dbh->prepare($query) or die "Couldn't prepare query: " . $dbh->errstr;
$h->execute() or die "Couldn't execute statement: " . $h->errstr;
then it works. I am really confused at how the ? in the query could possibly be causing an invalid precision error.
Thanks for any help anyone can provide.
Based on this article, please try the following:
You need to import the SQL type constants from DBI
and specify that SQL_LONGVARCHAR as the type of the data to be added to the memo field.
To do that you do:
$dbh->bind_param(1, $idx, SQL_LONGVARCHAR);
Binding with a specific type overrides what DBD::ODBC decides. DBD::ODBC will bind the parameter based on what comes back from SQLDescribeParam. Sometimes SQL Server's SQLDescribeParam fails, especially in cases where you are using functions or subselects. The SQL Server ODBC driver takes your SQL and rearranges it to attempt to end up with something like "select idx from tbl" then it looks at the columns to answer SQLDescribeParam calls. I'm betting the SQL Server ODBC driver fails to rearrange your SQL in this case and either SQLDescribeParam failed or returned the wrong information. If you enable tracing in DBD::ODBC we could probably see this happening.