-2

This is where I think it´s the problem...

$sql1 = "SELECT `puntos_globales`, '$juego' 
         FROM `lista_jugadores` WHERE `id_jugador`='$noTop'";

This is the error message:

Error: 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "blackOps2'='1' WHERE `id_jugador` = '10" at line 1

$juego .. is a php variable that holds the column name; in this case blackOps2. I don´t know why in the error says blackOps2'='1'??

echo_Me
  • 37,078
  • 5
  • 58
  • 78
Xavier Odin Soto
  • 1
  • 1
    the error is not same as your query , please provide your true query – echo_Me Aug 23 '13 at 15:45
  • 2
    `'` turns things into a strings and removes any "significance" they might have to the database. `foo` would be a field/table name, `'foo'` is just a string that contains the word `foo`. – Marc B Aug 23 '13 at 15:45
  • 1
    You did use backticks for one column name but apostrophes for another. What was your reason? – Your Common Sense Aug 23 '13 at 15:46
  • **Never use backticks around column names.** They are just one more way for you to make syntax errors. The only reason you need them is if you have a column name that is a reserved word, and using column names that are reserved words is a terrible idea as well, so that's two bad habits you can avoid at once. – Andy Lester Aug 23 '13 at 15:53
  • **You are leaving yourself wide open to SQL injection attacks.** Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started. – Andy Lester Aug 23 '13 at 15:53
  • This question appears to be off-topic because it is about having a syntax error explained. – Andy Lester Aug 23 '13 at 15:54
  • @AndyLester what? Where did you get that idea on not using backticks? – Your Common Sense Aug 23 '13 at 15:56
  • What is unclear about my statement? What value do you see in using backticks around column names? – Andy Lester Aug 23 '13 at 16:00
  • I already try with backticks o without them...I try with apostophes and tithou them in $juego and curly brackets...and keep same error. Why appear that the column name $juego is = 1 (blackOps2=1)? – Xavier Odin Soto Aug 23 '13 at 16:03
  • @AndyLester backticks are part of proper formatting rules for identifiers. While proper formatting is a cornerstone of syntactical correctness and safety, mind you. – Your Common Sense Aug 23 '13 at 16:42
  • @YourCommonSense: Who says that "backticks are part of proper formatting rules for identifiers"? What value is there in unnecessary punctuation? – Andy Lester Aug 23 '13 at 18:17
  • @AndyLester as unreliable source as mysql manual, sir. – Your Common Sense Aug 23 '13 at 18:17
  • @YourCommonSense: Would love to see a citation in the manual that says there is value in putting unnecessary punctuation around table or column names. – Andy Lester Aug 23 '13 at 18:20
  • @AndyLester indeed there is no value in adding backticks alone. But in combination with escaping backticks it become indispensable in the matter of adding dynamical identifiers to the query – Your Common Sense Aug 23 '13 at 18:26

1 Answers1

0

from the error it seems you didnt provide the true query and it looks you have two where clause 

     blackOps2='1' WHERE `id_jugador` = '10"

try do it like that

     WHERE `id_jugador` = '10' AND blackOps2='1'
echo_Me
  • 37,078
  • 5
  • 58
  • 78
  • blackOps2 is a column name that $juego holds...I don´t know why the error says that... – Xavier Odin Soto Aug 23 '13 at 16:05
  • even what you said but its not the same query in the error message. where you have `='1'` ? and before WHERE you have table name not `$juego`. either you providing wrong query or you the query is colled with something else. – echo_Me Aug 23 '13 at 16:07
  • thanks to you I could find the problem. The problem was in the next line: $sql2 = "UPDATE `lista_jugadores` SET `puntos_globales`='$ptsG', '$juego'='$ptsJ' WHERE `id_jugador`='$noTop'; "; The apostrophes around $juego was the problem... Thanks, I am a novice in this... – Xavier Odin Soto Aug 23 '13 at 16:24