php - An error in SQL syntax -


the purpose of code extract data csv file , upload db.

i can extract attributes each line file keeps showing error on sql query.

here php file:

<? $row = 1; $server="xxxxx"; $user="xxxx"; $password="xxxx"; $db="xxxx"; mysql_connect($server,$user,$password) or die('erreur au serveur'); mysql_select_db($db) or die('erreur db'); if (($handle = fopen('xxxx/articles.csv','r+')) !== false) { while (($data = fgetcsv($handle,";")) !== false) {     $num = count($data);     //echo "<p> $num champs à la ligne $row: <br /></p>\n";     $row++;     ($c=0; $c < $num; $c++) {         echo $data[$c] . "<br />\n";         $produit =$data[$c];         $att = explode(";", $produit);  $prod = $att[0]; echo 'id = '.$prod .'<br/>';  $code = $att[1];  echo 'code = '.$code.'<br/>';  $nom = $att[2]; echo 'nom = '.$nom.'<br/>';  $cat = $att[3]; echo 'categorie = '.$cat.'<br/>';  $prix = $att[4]; echo 'prix = '.$prix.'<br/>';  $cond = $att[5]; echo 'cond = '.$cond.'<br/>';  $date = $att[6]; echo 'date = '.$date.'<br/>';  $qtes = $att[7]; echo 'qtes = '.$qtes.'<br/>';  $photo = $att[8]; echo 'photo = '.$photo.'<br/>';  $qte = $att[9];  echo 'qte = '.$qte.'<br/>';  $cam = $att[10]; echo 'camion = '.$cam;  $sql = 'update produit set code_barre ='.$code.',nom_prod ='.$nom.', photo ='.$photo.',categorie='.$cat.',condition ='.$cond.',prix_uniraire ='.$prix.', date_exp='.$date.' ,qte ='.$qte.',qte_stock ='.$qtes.', id_camion= '.$cam.' id_prod ='.$prod.'';  $res = mysql_query($sql) or trigger_error(mysql_error()." in ".$sql);          $row++;     } } fclose($handle); } ?>   

this :

notice: have error in sql syntax; check manual that
corresponds mysql server version right syntax use near 'condition =emballés,prix_uniraire =3450, date_exp=04/02/2016 ,qte =200,qte_stock' @ line 1 in update produit set code_barre =345123,nom_prod =nutella, photo =www.google.com,categorie=chocolat,condition =emballés,prix_uniraire =3450, date_exp=04/02/2016 ,qte =200,qte_stock =2100, id_camion= 2 id_prod =3 in /home/a2258793/public_html/seekarticles.php on line 34

pay attention start of problem, mysql telling problem starts:
(sidenote: , comments section under question, they're important).

 right syntax use near 'condition                                    ^ problem starts here 

"condition" mysql reserved word , requires special attention.

either wrap column name in ticks, or rename word, "conditions" in plural form. isn't mysql reserved word.

`condition` ='.$cond.' 
  • should above fail, because of quoting method. consult suggestion below.

you could/should rewrite line to: (and using different quoting method), since values contains strings. rest, mysql take care of integers.

$sql = "update produit set code_barre ='".$code."',  nom_prod ='".$nom."', photo ='".$photo."',categorie='".$cat."',  `condition` ='".$cond."',prix_uniraire ='".$prix."',  date_exp='".$date."' ,qte ='".$qte."',  qte_stock ='".$qtes."', id_camion= '".$cam."'  id_prod ='".$prod."' "; 

nota: string values need quoted. can modify needed.

i.e.: where id_prod = $prod"; if $prod integer including column(s).


sidenote:

your present code open sql injection. use mysqli prepared statements, or pdo prepared statements, they're safer.


footnotes:

  • if should encounter other errors, need escape values using mysql_real_escape_string().

  • mysql complain apostrophes etc. i.e.: nutella's best! , interpret 'nutella's best!' in values causing syntax error. whereas escaping data interpret 'nutella\'s best!' rendering valid, since escaped.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -