php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #26855 UPDATE query unexplicable behavior
Submitted: 2004-01-09 13:44 UTC Modified: 2004-01-09 14:04 UTC
From: superzouz at hotmail dot com Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.3.4 OS: various
Private report: No CVE-ID: None
View Developer Edit
 [2004-01-09 13:44 UTC] superzouz at hotmail dot com 
Description:
------------
When I run the following query through PHP:
UPDATE config_intranet SET confvalue = '192.168.0.1' WHERE confkey 'vpn_server_ip'  
I get the following error.
1064: You have an error in your SQL syntax near 'query' at line 1

But if I type the same query directly into MySQL, it is executed correctly!

I was able to reproduce this situation on my PC (Windows XP SP1) with PHP 4.3.4 and MySQL "client api version 3.23.49", and on 2 internet hosting providers running PHP 4.x with mySql on *nix systems, so it is not an issue with my configuration.

There is nothing in the official PHP docs stating that a query would be handled differently by PHP and MySQL.

Thanks

Reproduce code:
---------------
$conn = mysql_connect ( "localhost", "rolfen" , "" );
mysql_select_db("dergham", $conn);
$query = mysql_real_escape_string("UPDATE config_intranet SET confvalue = '192.168.0.1'  WHERE confkey = 'vpn_server_ip'");
$res = mysql_query(query, $conn);

		if ($res)
			echo "success";
		else {
			die("Error while updating config table. Error Output: <br/>". mysql_errno() . ": " . mysql_error(). "<br/>"."Query follows:<br/>".$query);
			return False;
			}
?>

Expected result:
----------------
success

Actual result:
--------------
Content-type: text/html

X-Powered-By: PHP/4.3.2



X-Powered-By: PHP/4.3.2

Content-type: text/html



Error while updating config table. Error Output: <br/>1064: You have an error in your SQL syntax near 'query' at line 1<br/>Query follows:<br/>UPDATE config_intranet SET confvalue = \'192.168.0.1\'  WHERE confkey = \'vpn_server_ip\'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-09 14:04 UTC] eru@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

You see the \\\' in the error message? That\'s why.

See http://www.php.net/mysql_real_escape_string
 [2004-05-12 10:05 UTC] bugs dot php dot net at emailfilter dot de 
You can't use mysql_real_escape_string() for the full query. The correct way would be:
$query = "UPDATE config_intranet SET confvalue = '" . mysql_real_escape_string('192.168.0.1' ) . "' WHERE confkey = '" . mysql_real_escape_string('vpn_server_ip') . "'";
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 12:01:31 2024 UTC