1
<?php
$serverName = "(local)"; //serverName
$connectionInfo = array( "Database"=>"DabaseNew", "UID"=>"sa", "PWD"=>"*****");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn==true ) {
    echo "Connection established.<br />";
}else{
    echo "Connection could not be established.<br />";
    die( print_r( sqlsrv_errors(), true));
}
$sql = "SELECT * FROM Dbo.DATABASE COMPANY SERVICES$Employee";
$stmt = sqlsrv_query( $conn, $sql);
if(!$stmt){
    die( print_r( sqlsrv_errors(), true));
}
$rows = sqlsrv_has_rows($stmt);
while($obj = sqlsrv_fetch_object( $stmt)){
    echo $obj->Description.", ".$obj->lName."<br />";
}
?>

I am trying to connect to php to my sql server using sqlsrv_connect. The above code gives me an error below;

Output: Connection established. Array ( [0] => Array ( [0] => 42000 [SQLSTATE] => 42000 [1] => 102 [code] => 102 [2] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near 'SERVICES'. [message] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near 'SERVICES'. ) )

Matt Way
  • 32,319
  • 10
  • 79
  • 85
user3315848
  • 81
  • 1
  • 3
  • 13

3 Answers3

1

If there are spaces in the tablename you should run the query like this: $sql = "SELECT * FROM dbo.[DATABASE COMPANY SERVICES]"; Not sure what you are trying to do with $employee, because php sees it as a variable and tries to paste fill it in there (I think here $employee being NULL).

Gerdinand
  • 136
  • 10
  • If however $employee is the name of the employee you want to get from the database you should use $sql = "SELECT * FROM dbo.[DATABASE COMPANY SERVICES] WHERE [Last Name] = '$employee'"; – Gerdinand Jul 01 '14 at 14:07
1

Try to switch 

$sql = "SELECT * FROM Dbo.DATABASE COMPANY SERVICES$Employee";

with

$sql = 'SELECT * FROM Dbo.[DATABASE COMPANY SERVICES$Employee]';

Because php thinks $Employee is a variable if you use double quotes. The [] is used to tell the database that the table name is DATABASE COMPANY SERVICES$Employee otherwise the space will indicate the start of another sql command or variable.

Try not to use spaces in table names btw, it avoids confusion.

sridesmet
  • 875
  • 9
  • 19
0

You need to escape the $ character with \$, as php treats it as first character ov a variable. Try this:

$sql = "SELECT * FROM Dbo.[DATABASE COMPANY SERVICES\$Employee]";

EDIT:

To avoid escapingg you could also use single quotes ' instead of double quotes ". Then PHP does not resolve variables within the string. (see this question)

$sql = 'SELECT * FROM Dbo.[DATABASE COMPANY SERVICES$Employee]';

2nd EDIT:

To concatenate two strings use . operator like this:

$foo = "Hello ";
$bar = $foo."world!"; // gives "Hello world!"

As you can read within the answer linked within the first edit " double quotes resolve variables inbetween, while ' single quotes don't. your possible solution could be like this:

$query = 'SELECT [First Name] AS firstName, [Last Name] AS lastName
            FROM  Dbo.[DATABASE COMPANY SERVICES$Employee]
            WHERE [Employee Number] = 15 OR [E-Mail] = \''.mssql_escape($mail).'\'';

But you should NEVER directly send a GET parameter top your sql server. Anybody could infiltrate your database or even delete it. Therefore you should add a escape function like this one or consider using another db-library like PDO and build parameterized queries. It might me sufficient to escape single quotes within the variable with another single quote like this:

function mssql_escape($str) {
    return str_replace("'", "''", $str);
}
Community
  • 1
  • 1
Daniel
  • 3,541
  • 3
  • 33
  • 46
  • I added another possible solution(Edit) – Daniel Jul 01 '14 at 14:12
  • Array ( [0] => Array ( [0] => 42S02 [SQLSTATE] => 42S02 [1] => 208 [code] => 208 [2] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Invalid object name 'dbo.DATABASE COMPANY SERVICES$Employee'. [message] => [Microsoft][SQL Server Native Client 11.0][SQL Server]Invalid object name 'dbo.DATABASE COMPANY SERVICES$Employee'. ) ) – user3315848 Jul 01 '14 at 14:20
  • 1
    I changed the double quotes with the single quotes and its worked. Thanks Daniel – user3315848 Jul 01 '14 at 14:22
  • Both provided solutions should result in exactly the same manner. – Daniel Jul 01 '14 at 14:27
  • My next problem now are the columns which have spaces between them. For example First Name and Last Name as in ($rows = sqlsrv_has_rows($stmt); while( $obj = sqlsrv_fetch_object( $stmt)) { echo $obj->First Name.", ".$obj->Last Name."
    "; })     – user3315848 Jul 01 '14 at 14:29
  • If you need to stick to the column names (otherwise you should eliminate all those spaces) you can rename the columns within your query: `SELECT [First Name] AS firstName, [Last Name] AS lastName FROM Dbo.[DATABASE COMPANY SERVICES$Employee]` – Daniel Jul 01 '14 at 14:32
  • My next problem is with the WHERE clause. Suppose I want to select First Name and Last Name from Dbo.[DATABASE COMPANY SERVICES$Employee] where the E-mail is = a form field ($_GET['email']) or Employee Number = 13 – user3315848 Jul 02 '14 at 11:04
  • You should normaly open a new question for this, to give people the chance to answer you properly. (you should also consider marking a answer as "correct answer" if it helped you to solve your problem) I'll add a solution to you problem to my answer for proper code formating. – Daniel Jul 02 '14 at 13:09
  • @Danial @user3315848 was 'DATABASE COMPANY SERVICES$Employee' your table name, my table name is Staff so my query would be `'SELECT * FROM Dbo.[Staff]';` – Dipen Jan 18 '15 at 05:30