SQLSTATE [42000]: Syntax error or access violation: 1064

Question

SQLSTATE [42000]: Syntax error or access violation: 1064

Navigation

#1 by (1 votes)

0

I get this error when I run the application:

SQLSTATE [42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 'in C: \ wamp64 \ www \ workcollaborative \ appcollaborative \ dao \ DaoSolicitud.php: 78 Stack trace: # 0 C: \ wamp64 \ www \ collaborative work \ applaboratory \ dao \ DaoSolicitud.php (78): PDOStatement-> execute () # 1 C: \ wamp64 \ www \ collaborative work \ applaboratory \ web \ controller.php (193): DaoRequest- > unsubscribe (NULL) # 2 {main}

The case is when you give a fixed value if you execute everything correctly. For example $ordenSql = "DELETE FROM solicitud WHERE tarea_id=2";

public function desapuntarse($tarea_id) {

        $conexion = new Conexion();
        $objPDO = $conexion->getPDO();
        $ordenSql = "DELETE FROM solicitud WHERE tarea_id=$tarea_id";
        $statement = $objPDO->prepare($ordenSql);
        $statement->bindValue(':tarea_id', $tarea_id, PDO::PARAM_STR);
        try {
            $objPDO->beginTransaction();
            $statement->execute();
            $objPDO->commit();
        } catch (PDOException $e) {

            throw ($e);
        } finally {
            $statement = NULL;
            $objPDO = NULL;
        }
    }


            case "desapuntarse":

                $dao = new DaoSolicitud();
                $tarea_id = $_REQUEST['tarea_id'];
                try {
                    $dao->Desapuntarse($tarea_id);
                    $desapuntarse = $dao->desapuntarse();
                    $_SESSION['desapuntarse'] = $desapuntarse;
                    header('Location: desplegartarea.php');
                } catch (PDOException $e) {
                    print ($e);
                }

            break;

php netbeans-8.2

asked by Enrique Salazar 22.05.2018 в 13:20

source

1 answer

Problems retrieving fetch records () In MySQL the general_log registers queries that can not be executed?

score 1 · Answer 1

If you are using prepared queries you can not write the query like this:

DELETE FROM solicitud WHERE tarea_id=$tarea_id

The goal of prepared queries is precisely to avoid code injection by passing the value of a variable as $tarea_id directly to execution.

Therefore, you must write the query using the name marker you use in bindValue :

DELETE FROM solicitud WHERE tarea_id=:tarea_id

The code would then be like this:

    $conexion = new Conexion();
    $objPDO = $conexion->getPDO();
    $ordenSql = "DELETE FROM solicitud WHERE tarea_id=:tarea_id";
    $statement = $objPDO->prepare($ordenSql);
    $statement->bindValue(':tarea_id', $tarea_id, PDO::PARAM_STR);
    try {
        $objPDO->beginTransaction();
        $statement->execute();
        $objPDO->commit();
    } catch (PDOException $e) {

        throw ($e);
    } finally {
        $statement = NULL;
        $objPDO = NULL;
    }

Also, you can pass the parameters directly in the execute , regardless of bindValue :

    $conexion = new Conexion();
    $objPDO = $conexion->getPDO();
    $ordenSql = "DELETE FROM solicitud WHERE tarea_id=:tarea_id";
    $statement = $objPDO->prepare($ordenSql);
    try {
        $objPDO->beginTransaction();
        #Creas un array con los parámetros y lo pasas en el execute
        $arrParams=array(':tarea_id', $tarea_id);
        $statement->execute($arrParams);
        $objPDO->commit();
    } catch (PDOException $e) {

        throw ($e);
    } finally {
        $statement = NULL;
        $objPDO = NULL;
    }