Skip to content
Advertisement

I got mysqli error 1064 but i don’t know why

I want to post this data from android client and i tested it with postman and status code was 200. But i have a mysqli error and it’s:

Error:

((1064) You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘WHERE id=’ at line 1)

i don’t know what is my codes problem and SELECT part works correctly

<?php


$id = $_POST['id'];
$isLiked = $_POST['isLiked'];


if (mysqli_connect_errno()) {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}


$connection = mysqli_connect($host, $username, $password, $database);
$query = "SELECT likes FROM posts WHERE id=$id";
$result = mysqli_query($connection, $query);



$array = mysqli_fetch_assoc($result);
$likes = $array['likes'];

if ($isLiked == true) {

    $updateQuery = "UPDATE posts SET likes=" . $likes++ . " WHERE id=$id";

} else {

    $updateQuery = "UPDATE posts SET likes=" . $likes-- . " WHERE id=$id";

}


if (!$connection->query($updateQuery)) {
    echo "query failed: (" . $connection->errno . ") " . $connection->error;
}

mysqli_query($connection, $updateQuery);
if (!$connection->query($updateQuery)) {
    echo "query failed: (" . $connection->errno . ") " . $connection->error; // It returns that 1064 error
}

mysqli_query($connection, $updateQuery);

Advertisement

Answer

I see 3 possible mistakes.

First mistake, the $id can be empty.

And 2nd mistake can be $likes++ need be ++$likes, because you doesn’t sum it with ++ after of the variable, im referring too to –$likes.

The 3rd mistake is your code is vulnerable to MySQL injection, i recommend make a prepared statement.

Link to prepared statement example and explanation: https://www.w3schools.com/php/php_mysql_prepared_statements.asp

User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement