php - An error in SQL syntax -
the purpose of code extract data csv file , upload db.
i can extract attributes each line file keeps showing error on sql query.
here php file:
<? $row = 1; $server="xxxxx"; $user="xxxx"; $password="xxxx"; $db="xxxx"; mysql_connect($server,$user,$password) or die('erreur au serveur'); mysql_select_db($db) or die('erreur db'); if (($handle = fopen('xxxx/articles.csv','r+')) !== false) { while (($data = fgetcsv($handle,";")) !== false) { $num = count($data); //echo "<p> $num champs à la ligne $row: <br /></p>\n"; $row++; ($c=0; $c < $num; $c++) { echo $data[$c] . "<br />\n"; $produit =$data[$c]; $att = explode(";", $produit); $prod = $att[0]; echo 'id = '.$prod .'<br/>'; $code = $att[1]; echo 'code = '.$code.'<br/>'; $nom = $att[2]; echo 'nom = '.$nom.'<br/>'; $cat = $att[3]; echo 'categorie = '.$cat.'<br/>'; $prix = $att[4]; echo 'prix = '.$prix.'<br/>'; $cond = $att[5]; echo 'cond = '.$cond.'<br/>'; $date = $att[6]; echo 'date = '.$date.'<br/>'; $qtes = $att[7]; echo 'qtes = '.$qtes.'<br/>'; $photo = $att[8]; echo 'photo = '.$photo.'<br/>'; $qte = $att[9]; echo 'qte = '.$qte.'<br/>'; $cam = $att[10]; echo 'camion = '.$cam; $sql = 'update produit set code_barre ='.$code.',nom_prod ='.$nom.', photo ='.$photo.',categorie='.$cat.',condition ='.$cond.',prix_uniraire ='.$prix.', date_exp='.$date.' ,qte ='.$qte.',qte_stock ='.$qtes.', id_camion= '.$cam.' id_prod ='.$prod.''; $res = mysql_query($sql) or trigger_error(mysql_error()." in ".$sql); $row++; } } fclose($handle); } ?>
this :
notice: have error in sql syntax; check manual that
corresponds mysql server version right syntax use near 'condition =emballés,prix_uniraire =3450, date_exp=04/02/2016 ,qte =200,qte_stock' @ line 1 in update produit set code_barre =345123,nom_prod =nutella, photo =www.google.com,categorie=chocolat,condition =emballés,prix_uniraire =3450, date_exp=04/02/2016 ,qte =200,qte_stock =2100, id_camion= 2 id_prod =3 in /home/a2258793/public_html/seekarticles.php on line 34
pay attention start of problem, mysql telling problem starts:
(sidenote: , comments section under question, they're important).
right syntax use near 'condition ^ problem starts here
"condition" mysql reserved word , requires special attention.
either wrap column name in ticks, or rename word, "conditions" in plural form. isn't mysql reserved word.
`condition` ='.$cond.'
- should above fail, because of quoting method. consult suggestion below.
you could/should rewrite line to: (and using different quoting method), since values contains strings. rest, mysql take care of integers.
$sql = "update produit set code_barre ='".$code."', nom_prod ='".$nom."', photo ='".$photo."',categorie='".$cat."', `condition` ='".$cond."',prix_uniraire ='".$prix."', date_exp='".$date."' ,qte ='".$qte."', qte_stock ='".$qtes."', id_camion= '".$cam."' id_prod ='".$prod."' ";
nota: string values need quoted. can modify needed.
i.e.: where id_prod = $prod";
if $prod
integer including column(s).
sidenote:
your present code open sql injection. use mysqli
prepared statements, or pdo prepared statements, they're safer.
footnotes:
if should encounter other errors, need escape values using
mysql_real_escape_string()
.mysql complain apostrophes etc. i.e.:
nutella's best!
, interpret'nutella's best!'
in values causing syntax error. whereas escaping data interpret'nutella\'s best!'
rendering valid, since escaped.
Comments
Post a Comment