php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26855 UPDATE query unexplicable behavior
Submitted: 2004-01-09 13:44 UTC Modified: 2004-01-09 14:04 UTC
From: superzouz at hotmail dot com Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.3.4 OS: various
Private report: No CVE-ID: None
 [2004-01-09 13:44 UTC] superzouz at hotmail dot com
Description:
------------
When I run the following query through PHP:
UPDATE config_intranet SET confvalue = '192.168.0.1' WHERE confkey 'vpn_server_ip'  
I get the following error.
1064: You have an error in your SQL syntax near 'query' at line 1

But if I type the same query directly into MySQL, it is executed correctly!

I was able to reproduce this situation on my PC (Windows XP SP1) with PHP 4.3.4 and MySQL "client api version 3.23.49", and on 2 internet hosting providers running PHP 4.x with mySql on *nix systems, so it is not an issue with my configuration.

There is nothing in the official PHP docs stating that a query would be handled differently by PHP and MySQL.

Thanks

Reproduce code:
---------------
$conn = mysql_connect ( "localhost", "rolfen" , "" );
mysql_select_db("dergham", $conn);
$query = mysql_real_escape_string("UPDATE config_intranet SET confvalue = '192.168.0.1'  WHERE confkey = 'vpn_server_ip'");
$res = mysql_query(query, $conn);

		if ($res)
			echo "success";
		else {
			die("Error while updating config table. Error Output: <br/>". mysql_errno() . ": " . mysql_error(). "<br/>"."Query follows:<br/>".$query);
			return False;
			}
?>

Expected result:
----------------
success

Actual result:
--------------
Content-type: text/html

X-Powered-By: PHP/4.3.2



X-Powered-By: PHP/4.3.2

Content-type: text/html



Error while updating config table. Error Output: <br/>1064: You have an error in your SQL syntax near 'query' at line 1<br/>Query follows:<br/>UPDATE config_intranet SET confvalue = \'192.168.0.1\'  WHERE confkey = \'vpn_server_ip\'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-09 14:04 UTC] eru@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

You see the \\\' in the error message? That\'s why.

See http://www.php.net/mysql_real_escape_string

 [2004-05-12 10:05 UTC] bugs dot php dot net at emailfilter dot de
You can't use mysql_real_escape_string() for the full query. The correct way would be:
$query = "UPDATE config_intranet SET confvalue = '" . mysql_real_escape_string('192.168.0.1' ) . "' WHERE confkey = '" . mysql_real_escape_string('vpn_server_ip') . "'";
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Oct 02 16:05:51 2022 UTC