Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax

Question

I am working with php. My reservation table structure:

Now I am trying to update an entry with the following code:

<?php 

    include('function.php');

    $BUS_NO = $_POST["BUS_NO"];
    $PNR_NO = $_POST["PNR_NO"];
    $NEW_NO_OF_SEATS = $_POST["NO_OF_SEATS"];
    $NEW_ADDRESS = $_POST["ADDRESS"];
    $NEW_CONTACT_NO = $_POST["CONTACT_NO"];

    $sql = "UPDATE 'reservation' SET 'NO_OF_SEATS'=$NEW_NO_OF_SEATS, 'ADDRESS'=$NEW_ADDRESS, 'CONTACT_NO'=$NEW_CONTACT_NO WHERE `PNR_NO` = $PNR_NO";
    $result = $conn->query($sql);

    if ($conn->query($sql) === TRUE) {
      echo "Record updated successfully";
    }
    else {
      echo "Error updating record: " . $conn->error;
    }

?>

But It says the following error:

Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''reservation' SET 'NO_OF_SEATS'=11190, 'ADDRESS'=221B Baker Street, 'CONTACT_NO'' at line 1

How can I fix this?

By reading the _full_ error message. It actually tells you what is wrong. — arkascha, Mar 28 '21 at 17:55
For certain the quotes around your column names are wrong. Example: `'NO_OF_SEATS'`. Remove them. You see, ` is different from '. You don't need any quotes around column names. So just remove them. — arkascha, Mar 28 '21 at 17:56
Also PLEASE read about the benefits of using the combination or "prepared statements" and "parameter binding". Your current code is insecure. You will find examples in the official documentation of the php database extension. — arkascha, Mar 28 '21 at 17:56
Side note: Do not use string interpolation or concatenation to get values into SQL queries. That's error prone and might make your program vulnerable to SQL injection attacks. Use parameterized queries. See ["How to include a PHP variable inside a MySQL statement"](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) and ["How can I prevent SQL injection in PHP?"](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — sticky bit, Mar 28 '21 at 18:03

Waids · Answer 1 · 2021-03-29T07:05:46.410

0

Make sure CONTACT_NO type = bigint and size = 10 in mysql ** Try this **

<?php 

    include('function.php');

    $BUS_NO = $_POST["BUS_NO"];
    $PNR_NO = $_POST["PNR_NO"];
    $NEW_NO_OF_SEATS = $_POST["NO_OF_SEATS"];
    $NEW_ADDRESS = $_POST["ADDRESS"];
    $NEW_CONTACT_NO = $_POST["CONTACT_NO"];

    $sql = "UPDATE reservation SET ( NO_OF_SEATS = '$NEW_NO_OF_SEATS', ADDRESS='$NEW_ADDRESS' , CONTACT_NO='$NEW_CONTACT_NO' ) WHERE PNR_NO = '$PNR_NO' ";
    $result = $conn->query($sql);

    if ($conn->query($sql) === TRUE) {
      echo "Record updated successfully";
    }
    else {
      echo "Error updating record: " . $conn->error;
    }

?>

edited Mar 29 '21 at 07:05

answered Mar 28 '21 at 18:08

Waids

108
1
5

it still show `Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''reservation' SET NO_OF_SEATS = '1113', ADDRESS='221B Baker Street' , CONTACT_NO' at line 1` – Kanchon Gharami Mar 28 '21 at 18:11
1

Try this UPDATE reservation SET ( NO_OF_SEATS = '$NEW_NO_OF_SEATS', ADDRESS='$NEW_ADDRESS' , CONTACT_NO='$NEW_CONTACT_NO' ) WHERE PNR_NO = '$PNR_NO' "; – Waids Mar 28 '21 at 18:26

Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax

1 Answers1