0

I have this MySQL query, which is failing every time:

update exp_companies set company = 'Some Intermodal Container Company', auth_user = 'Some User', c_code = 'SICC', contact = 'Somes Boss', ph = '012-555-1234' where uid = 3

The error I get is:

mySQL Error 1054: Unknown column 'tr' in 'where clause'

I have never encountered this before. I have expressed this query many ways, omitting parts, etc. But nowhere in the query there is column 'tr', mentioned in error, yet it fails.

if($opi == "exp_commit") {

   $dbi = sql_connect($dbhost, $dbuname, $dbpass, $mydb);

   $query = "select * from wmd_companies where uid = $new_scac";

   $result = sql_query($query, $dbi);

    if(!$result) { mydb_error($dbi, $query); }
      $scac_row = mysql_fetch_row($result);
      $scac_company = $scac_row[1];  
      $scac_code = $scac_row[2];   
      $scac_contact = $scac_row[3];
      $scac_ph = $scac_row[4];
      $scac_email = $scac_row[5];

      $exp_query = "update exp_companies set company = '$scac_company', auth_user = '$dr_name', c_code = '$scac_code', contact = '$scac_contact', ph = '$scac_ph', company_email = '$scac_email' where uid = $exp_id"; 

   $result = sql_query($exp_query, $dbi);


  if (!$result) { mydb_error($dbi, $exp_query); }
     echo "Success! <meta http-equiv=refresh content=\"2;      URL=admin.php?opi=admin&what=list\"> $b";

  }
Sam
  • 2,856
  • 3
  • 18
  • 29
Mortifis
  • 1
  • 2
  • So you hardcode all your queries? or are you hiding the fact that your not using prepared or escaped queries, and its simply a SQL injection problem? – Lawrence Cherone Sep 09 '17 at 15:10
  • Is this the complete sql query or something more is missing in question? What is the error when you try to execute via sql editors/developer tools? – Rizwan Sep 09 '17 at 15:12
  • here is the complete (novice level) code block ... I might add several other similary blocks parse correctly: – Mortifis Sep 09 '17 at 15:17
  • No my queries are not hard code. I just showed the error reported the query is: "update exp_companies set company = '$scac_company', auth_user = '$dr_name', c_code = '$scac_code', contact = '$scac_contact', ph = '$scac_ph', company_email = '$scac_email' where uid = $exp_id"; – Mortifis Sep 09 '17 at 15:28
  • add column one by one in update query with where clause.. so that you sure what the issue is coming from. Is that coming from query or column issue.. – ROHIT CHAUHAN Sep 09 '17 at 15:48
  • I tried stripping the update query down to one update at a time and each result returns the same unknown column 'tr' but as you see from the query the column 'tr' is never referenced. I have even tried closing all mysql_connections and using new connections. I have checked the resource id's of both sql_connect and sql_query. I do not understand where this column 'tr' is coming from – Mortifis Sep 09 '17 at 16:01
  • Still unsure how the query threw an unknown column 'tr' error but when I changed the query to where auth_user = '$old_name' there error disappeared ... must have had something to do with using the uid reference. thanks for the consideration(s) – Mortifis Sep 09 '17 at 16:35
  • Possible duplicate of [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Progman Sep 09 '17 at 23:33

1 Answers1

0

use '$new_scac' use the string to fix it.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Iftekhstudio
  • 17
  • 1
  • 4