php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26855 UPDATE query unexplicable behavior
Submitted: 2004-01-09 13:44 UTC Modified: 2004-01-09 14:04 UTC
From: superzouz at hotmail dot com Assigned:
Status: Not a bug Package: MySQL related
PHP Version: 4.3.4 OS: various
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: superzouz at hotmail dot com
New email:
PHP Version: OS:

 

 [2004-01-09 13:44 UTC] superzouz at hotmail dot com
Description:
------------
When I run the following query through PHP:
UPDATE config_intranet SET confvalue = '192.168.0.1' WHERE confkey 'vpn_server_ip'  
I get the following error.
1064: You have an error in your SQL syntax near 'query' at line 1

But if I type the same query directly into MySQL, it is executed correctly!

I was able to reproduce this situation on my PC (Windows XP SP1) with PHP 4.3.4 and MySQL "client api version 3.23.49", and on 2 internet hosting providers running PHP 4.x with mySql on *nix systems, so it is not an issue with my configuration.

There is nothing in the official PHP docs stating that a query would be handled differently by PHP and MySQL.

Thanks

Reproduce code:
---------------
$conn = mysql_connect ( "localhost", "rolfen" , "" );
mysql_select_db("dergham", $conn);
$query = mysql_real_escape_string("UPDATE config_intranet SET confvalue = '192.168.0.1'  WHERE confkey = 'vpn_server_ip'");
$res = mysql_query(query, $conn);

		if ($res)
			echo "success";
		else {
			die("Error while updating config table. Error Output: <br/>". mysql_errno() . ": " . mysql_error(). "<br/>"."Query follows:<br/>".$query);
			return False;
			}
?>

Expected result:
----------------
success

Actual result:
--------------
Content-type: text/html

X-Powered-By: PHP/4.3.2



X-Powered-By: PHP/4.3.2

Content-type: text/html



Error while updating config table. Error Output: <br/>1064: You have an error in your SQL syntax near 'query' at line 1<br/>Query follows:<br/>UPDATE config_intranet SET confvalue = \'192.168.0.1\'  WHERE confkey = \'vpn_server_ip\'

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-09 14:04 UTC] eru@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

You see the \\\' in the error message? That\'s why.

See http://www.php.net/mysql_real_escape_string

 [2004-05-12 10:05 UTC] bugs dot php dot net at emailfilter dot de
You can't use mysql_real_escape_string() for the full query. The correct way would be:
$query = "UPDATE config_intranet SET confvalue = '" . mysql_real_escape_string('192.168.0.1' ) . "' WHERE confkey = '" . mysql_real_escape_string('vpn_server_ip') . "'";
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Oct 05 05:05:53 2022 UTC