MySQL SELECT Error

Question

I am beginner with PHP. I faced that problem when I start my first SQL queries:

Database query On Pages failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '['id']}' at line 1

There is my SELECT command :

$page_set = mysql_query(
    "SELECT * FROM pages WHERE subject_id  = {[$subject'id']}", $connection
);

I checked all my database tables and everything is correct. This query works :

$page_set = mysql_query("SELECT * FROM pages" ,$connection)

Your variable is completely malformed. The outer brackets { } are correct, but the inner brackets [ ] only go around 'id'. — imkingdavid, Dec 16 '12 at 22:10

cowls · Answer 1 · 2012-12-16T22:10:13.897

2

Try something like this:

$page_set = mysql_query("SELECT * FROM pages WHERE subject_id = '" . $subject['id'] . "'", $connection);

This assumes that id is an item in the $subject array which I am guessing is what you are going for here. I dont think you need those curly braces "{" but you may need single quotes around the value in the where clause.

Also, if this doesnt work, try echoing out the sql command that is being run and you should be able to see the issue (or post the SQL command in your question as well)

edited Dec 16 '12 at 22:10

answered Dec 16 '12 at 22:08

cowls

22,178
6
45
76

1

If $subject['id'] is an integer, do not put it inside ' and '. – imkingdavid Dec 16 '12 at 22:15

score 1 · Answer 2 · edited May 23 '17 at 10:24

1

try this,

$page_set = mysql_query("SELECT * FROM pages WHERE subject_id = '" . $subject['id'] . "'", $connection);

be warned that this code is vulnerable with SQL Injection, please read the article below to learn how to prevent from it,

How can I prevent SQL injection in PHP?

edited May 23 '17 at 10:24

Community

1
1

answered Dec 16 '12 at 22:09

John Woo

238,432
61
456
464

Don't you need to wrap $subject['id'] in { } ? – imkingdavid Dec 16 '12 at 22:09
since its an array he need the `{}`, non? – prodigitalson Dec 16 '12 at 22:09
Oh, you edited it so that it doesn't need them. Never mind, then. – imkingdavid Dec 16 '12 at 22:11

score 0 · Answer 3 · answered Dec 16 '12 at 22:09

0

$page_set = mysql_query("SELECT * FROM pages WHERE subject_id = {$subject['id']}", $connection);

answered Dec 16 '12 at 22:09

v0d1ch

2,696
1
20
27

Gilly · Answer 4 · 2012-12-16T22:18:49.673

All of the above can work, but the cleanest method I prefer myself is either:

$page_set = mysql_query("SELECT * FROM pages WHERE subject_id = '".$subject['id']."'", $connection);

OR my recommendation for you, as a beginner:

$subject_id = $subject['id'];
$page_set = mysql_query("SELECT * FROM pages WHERE subject_id = '$subject_id'", $connection);

I suggest that you use the second method I wrote. It's the best and cleanest practice.

Note: Please beware that the mysql_ extention is officially depreciated. You should either use mysqli or PDO. (http://nl3.php.net/manual/en/function.mysql-query.php)

score 0 · Answer 5 · edited May 23 '17 at 11:55

That is not your SELECT command. That is a PHP mysql_query command. First create the SQL, then query the database with it:

$sql = "SELECT * FROM pages WHERE subject_id  = {[$subject'id']}";
$page_set = mysql_query($sql, $connection);

If you then run into the error, you can just output the $sql and check how it looks like. Compare with the error message and fix your building of the SQL query.

If you're looking for some inspiration how the output of the variable could been done, see an existing answer.

Things will get more easy for you if you use PDO instead of the deprecated (long-time outdated, not supported any longer) mysql_* functions. Especially as parametrized queries will help you building the SQL command, something that the mysql_* functions do not even support!

For a tutorial see: PDO Tutorial for MySQL Developers

score 0 · Accepted Answer · edited Dec 23 '12 at 03:12

0

Going forward, construct your query string in a separate variable like this:

$sql = "SELECT * FROM pages WHERE subject_id  = {[$subject'id']}";

Then run the query like this:

$res = mysql_query($sql);

If you do that you can see the fully resolved query string with something like this:

if (!$res) die("FAIL: $sql BECAUSE: " . mysql_error());

You must test the results value from mysql_query() -- it is not a black box; it can and will fail for reasons outside of your control. When the failure occurs, you want to recognize it and handle the error conditions.

Siedbar note: the mysql extension is now deprecated by PHP, so you might want to choose PDO or MySQLi for your current / future work.

And if you're new to PHP, this is a really great book to help you get started: http://www.sitepoint.com/books/phpmysql5/

edited Dec 23 '12 at 03:12

Jocelyn

10,531
10
40
55

answered Dec 16 '12 at 22:19

Ray Paseur

2,076
2
11
17

1

Notice this: {[$subject'id']} should be {$subject['id']} – Gilly Dec 16 '12 at 22:20
@Ray: Just edited: No greetings necessary (that is discouraged even) – hakre Dec 16 '12 at 22:31
@hakre: Not sure I understand yet; I'm trying to show the author of this question how to detect and visualize the errors. Something about give a fish vs teach how to fish ;-) – Ray Paseur Dec 16 '12 at 22:33
@RayPaseur: Please see *what* I edited: http://stackoverflow.com/posts/13906039/revisions - I was just concerned about the greeting, not the rest. – hakre Dec 16 '12 at 22:36
Yes, I see what you edited. Not sure I understand how removing that adds value to the post? – Ray Paseur Dec 17 '12 at 17:32

MySQL SELECT Error

6 Answers6