Error: ER_PARSE_ERROR: You have an error in your SQL syntax;

javascript mysql node.js npm

19,985

Solution 1

Why are you using back quote for the column names? We do not need that in column names. You can simply create your dynamic sql query by using + operator on the column values like this:

var sql = "INSERT INTO activationkeys (activationKey, productId) VALUES ( " + values + " ,'3')";

Solution 2

Instead of

var sql = "INSERT INTO `activationkeys`(`activationKey`, `productId`) 
VALUES ( values ,'3')";

Please try this

 var sql = "INSERT INTO `activationkeys`(`activationKey`, `productId`) 
    VALUES ( " +  values + " ,'3')";

provided values is a string

19,985

Author by

Manoj A

I have 3+ years experience in professional web development. I have expert knowledge in CSS and SCSS , HTML. Good knowledge of JavaScript and Jquery. I have experience in working on high traffic websites. I have a common understanding of web & mobile applications and current trends. I am eager to (self) learn new things. I quickly find new solutions based on requirements. More enough Knowledge of ubuntu.

Updated on June 05, 2022

Comments

Manoj A almost 2 years
I'm trying to insert values using mysql in nodejs. I had written the following code and installed MySQL support via npm,But canot to INSERT INTO the table due to this problem.

My code;
```
var mysql = require('mysql');

var values=randomValueHex(8);

var sql = "INSERT INTO `activationkeys`(`activationKey`, `productId`) 
VALUES ( values ,'3')";
con.query(sql, function (err, result) {
if (err) throw err;
console.log("1 record inserted");
});
```
My Error on terminal:

Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''3')'

How can i solve this problem?
- messerbill about 6 years
  
  your SQL query is invalid. dev.mysql.com/doc/refman/5.7/en/insert.html
- Saptarshi Dey about 6 years
  
  Do console.log(this.sql) before the error handling and see in your log what is the query being executed
- axiac about 6 years
  
  values is a MySQL keyword. You probably want sql = "... VALUES(" + values + ", '3')" but you better use prepared statements. In its current status your code is vulnerable to SQL injection.
- messerbill about 6 years
  
  and i always use sequelize for db handling in node: docs.sequelizejs.com - try it :)
axiac about 6 years

"Is it an integer?" -- No! "Is it a string?" -- No! -- It is a keyword! ;-)
GiamPy about 6 years

Why downvote? My answer is basically the same as the other ones, with more details. Enlighten me please. @axiac I meant the values JS variable, not the VALUES before the parenthesis.
axiac about 6 years

I didn't downvote. I just liked your rhetorical questions and turned them into a funny comment (I hope).