This question already has answers here:
Creating a mysql table with a PHP variable
(5 answers)
Use a variable as table name when creating a table in mysql
(2 answers)
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Where do I need to use backticks or quotes in my MYSQL query?
(3 answers)
Can you create a table in mysql with dots in it?
(2 answers)
Closed 4 days ago.
I have array with dynamic data and i need to create mysql table with array row[5] name.
My code:
if(is_array($myarray)){
foreach ($myarray as $row) {
$val6 = mysqli_real_escape_string($db_conn, $row[5]);
$query ="CREATE TABLE $row[5] (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
USERNAME VARCHAR(30) NOT NULL,
EMAIL VARCHAR(40) NOT NULL,
DISCOUNT VARCHAR(5),
PASSW CHAR(128),
ROLE VARCHAR(9))";
mysqli_query($db_conn, $query);
}
}
I try it but return error:
Fatal error: Uncaught mysqli_sql_exception: You have an error in your
SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near ''peter05' ( id INT(6)
UNSIGNED AUTO_INCREMENT PRIM...' at line 1
i need to create a MariaDB table into foreach cycle with the name equal to the value of $row[5].
some idea?
............................................................
You shouldn't use mysqli_real_escape_string() for identifiers. It is used only for string values (and in most cases, using query parameters are better than escaping anyway).
if(is_array($myarray)){
foreach ($myarray as $row) {
$tablename = str_replace("`", "``", $row[5])
$query ="CREATE TABLE `{$tablename}` (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
USERNAME VARCHAR(30) NOT NULL,
EMAIL VARCHAR(40) NOT NULL,
DISCOUNT VARCHAR(5),
PASSW CHAR(128),
ROLE VARCHAR(9))";
mysqli_query($db_conn, $query);
}
}
This shows how to interpolate the tablename into your CREATE TABLE statement. This is necessary, because a tablename is not a string. You can't use string-escaping or parameters for an identifier like a tablename.
Putting backticks around the identifier is a good practice, because it could be an SQL reserved word, or contain special characters.
It is required, however, to be careful that the tablename doesn't contain a literal backtick character. In that case, change one backtick into two backticks.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
How can I fix MySQL error #1064?
(3 answers)
Closed 4 years ago.
I created the following table:
CREATE TABLE contactos (
id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
nombre VARCHAR(60),
email VARCHAR(60),
password VARCHAR(60),
fecha TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
KEY(id)
) ENGINE=INNODB DEFAULT CHARSET=utf8;
But when I try to insert values into the table I get error #1064:
INSERT INTO contactos('ID', 'nombre', 'email', 'password', 'fecha') VALUES (NULL, 'Armando', 'armando_zax#hotmail.com', 'hola', NOW() );
I have researched a lot, but couldnĀ“t get what am I doing wrong.
Becouse you are use a wrong quotes
"INSERT INTO contactos(`ID`, `nombre`, `email`, `password`, `fecha`) VALUES ..."
When you are mean a field name - then you should use ` quote. When a string constant - use ' quote.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
there are a lot of ways to work with variable in this area, but this place of the variable seems to work with the syntax I wrote beneath. Except, it doesn't.
$name = (string)$_GET['name'];
mysqli_select_db($con,"dbtest");
// sql to create table
$sql = "CREATE TABLE '".$name."' (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP
)";
Try this:
(get rid of quotes and double quotes around your variable -> name)
$sql = "CREATE TABLE $name (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP
)";
I am trying to make an SQL query that :
IF the $post_id exists then it updates the records,
IF NOT then then it creates the record
Here is my code
$vote_new_total = $vote_total + $vote;
$vote_count = $vote_count + 1;
$query = " INSERT INTO cute_review_vote (vote_total, vote_count)
VALUES ('$vote_new_total', '$vote_count')
ON DUPLICATE KEY UPDATE vote_total = $vote_new_total, vote_count = $vote_count
WHERE post_id = $post_id";
mysql_query($query) or trigger_error(mysql_error()." in ".$sql);
However, I keep getting the following error:
Notice: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE post_id = 214748364' at line 4 in in C:\xampp\htdocs\xbm-vote\do_vote.php on line 68
Is this an issue with my syntax or am I missing something more obvious than that?
Any help/advice would be greatly appreciated. Thanks.
There is no where with ON DUPLICATE statement. Always check syntax: http://dev.mysql.com/doc/refman/5.6/en/insert-on-duplicate.html
Also, that is not a secure query. Turn that into a prepared statement.
http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
EDIT: Updating answer since OP didn't understand usage of ON DUPLICATE statement:
ON DUPLICATE will consider that you're trying to insert a KEY value.
Consider the example table:
CREATE TABLE `user` (
`email` varchar(50) NOT NULL,
`name` varchar(20) NOT NULL,
`is_active` tinyint(4) NOT NULL,
`datecreated` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`email`)
);
And the query:
INSERT INTO user (email, name, is_active) VALUES ("user#user.com", "User", 1)
ON DUPLICATE KEY UPDATE name = "User Edited", is_active = 0
Since we're setting PRIMARY KEY as email, and the insert statement is inserting a key, then, at the second time you run the query, ON DUPLICATE would run once a email is already on the table, because it is the KEY and you are trying to insert it again, but you defined a ON DUPLICATE KEY ....
If a table runs with a AUTO_INCREMENT column, is most likely you have to SELECT post_id applying some filter with WHERE statement.
Ok, I found my problem.
INSERT INTO cute_review_vote (post_id, vote_total, vote_count)
VALUES ('$post_id', '$vote_new_total', '$vote_count')
ON DUPLICATE KEY UPDATE vote_total = $vote_new_total, vote_count = $vote_count
I realized, thanks to Fabiano, that the WHERE clause is not required.
WHERE post_id = $post_id"
Is simply replaced by defining the database entry within the INSERT INTO command.
i want to create a table in the database using php (mysql_querry)
Table is having 'n' number of attributes.
out of n, n-2 attribute names are available in the array.
I can't explain where i am getting the array but it looks like this-
http://i.stack.imgur.com/tH98f.png
Here is the code for generating String to execute in mysql_querry.
$str="CREATE TABLE $register_name(id int NOT NULL AUTO_INCREMENT, date DATE, ";
$j=0;
while($j<$i)
{
$str=$str.$roll_no[$j]." int(100), ";
$j++;
}
$str=$str."PRIMARY KEY(id))";
require('blogic.php');
$obj = new blogic();
$createtable=$obj->create($str);
When i echo the $str, I get this:
CREATE TABLE $register_name(id int NOT NULL AUTO_INCREMENT, date DATE, 913310128 int(100), 0913310129 int(100), PRIMARY KEY(id))
However, it is giving error like this
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '913310128 int(100), 0913310129 int(100), PRIMARY KEY(id))' at
line 1
I don't understand the problem. when i don't use roll_no array, it works fine..
Please let me know what is the problem in this.
From the docs:
"Identifiers may begin with a digit but unless quoted may not consist solely of digits."
So, you could just quote the name:
$str=$str."`".$roll_no[$j]."` int(100), ";
Or, prefix it with a letter:
$str=$str."c".$roll_no[$j]." int(100), ";
I am passing a query variable in PHP. I would like to make it the table name, but I know there is probably a SQL syntax error. When I print the statement, the variable is passed meaning it works, but the database simply isn't created.
Here is my code for the creation of the database:
$DBName = "database_name";
$sql = "CREATE TABLE '$DBName'.'$login' (
ClientID int NOT NULL AUTO_INCREMENT,
AgentClients varchar(15),
ClientTotal int
)";
mysql_query($sql,$link);
where `$login = $_POST['login'];
Also, I'm not worried about security breaches at the moment, so don't worry about that.
Any insight would be greatly appreciated.
You must use backticks for your tablename, and not quotes:
$sql = "CREATE TABLE `$DBName`.`$login` (
ClientID int NOT NULL AUTO_INCREMENT,
AgentClients varchar(15),
ClientTotal int,
PRIMARY KEY (`ClientID`)
)";