Syntax Error in select

Martsteel · December 13, 2019, 9:42am

Hi, I would be grateful for any help with the following:

I’m trying to query mysql database with a variable from an input box and return the data that matches the query.

The code I have returns the following syntax error:

ERROR: Could not able to execute SELECT Col 3 FROM TABLE 2 WHERE Col 3 = ‘COS1’ . You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘3 FROM TABLE 2 WHERE Col 3 = ‘COS1’’ at line 1

COS1 is the variable from the input box.


<form action="helpp.php" method="post">
            Supplier: <input type="text" name="Animal"/> </br>
           <br> </br>
		   <input type="submit" value="submit"/>
		   
        </form>

$link = mysqli_connect("localhost", "*****", "****", "********");
 
// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}


$Animal=$_POST['Animal'];

$sql = "SELECT Col 3 FROM TABLE 2 WHERE Col 3 = '$Animal' ";
if($result = mysqli_query($link, $sql)){
    if(mysqli_num_rows($result) > 0){
       
        echo "<table border='1'>";
                
                echo "<th>Type</th>";
                echo "<th>Breed</th>";
                echo "<th>NaMe</th>";
                echo "<th>Dog</th>";
                echo "<th>Cat</th>";
                echo "<th>Bird</th>";
            echo "</tr>";
        while($row = mysqli_fetch_array($result)){
            echo "<tr>";
                  echo "<td>" . $row['COL 1'] . "</td>";
                  echo "<td>" . $row['COL 2'] . "</td>";
                  echo "<td>" . $row['COL 4'] . "</td>";
                  echo "<td>" . $row['COL 5'] . "</td>";
                  echo "<td>" . $row['COL 6'] . "</td>";
                  echo "<td>" . $row['COL 7'] . "</td>";
                   echo "</tr>";
        }
        echo "</table>";
        
        mysqli_free_result($result);
    } else{
        echo "No records matching your query were found.";
    }
} else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
 


mysqli_close($link);

Thank you for taking the time to read this and for any advice given.

Update: The code seems to be working now. I’m guessing that the server was very slow to update the files as I made changes. Thank you for the helpful suggestions.

phdr · December 13, 2019, 10:41am

The following is the documentation concerning identifier naming - https://mariadb.com/kb/en/library/identifier-names/

I suggest you name your table and columns using real words that indicate the meaning of the data in the table and columns, so that anyone reading the database portions of your code/query can understand what you are tying to do without needing to know what your database table definition is, i.e. your code will be self-documenting. If using more than a single word for an identifier, use an underscore _ to separate the words.

Also, based on the html table headings, you should take a look at database normalization - https://en.wikipedia.org/wiki/Database_normalization Having columns named/holding different type data like - Dog, Cat, Bird, is a bad design.

astonecipher · December 13, 2019, 1:47pm

Properly design your database first. I won’t help at all when a database is named table or the columns are named col or column. Name the columns, name that tables. If you are worried about someone taking your code, don’t be, we can’t help if you change the names of things thinking that it matters.