I want to insert two fields from another table2 and third field from vairable
SET #id = 10;
INSERT INTO table1 (id,name,email) SELECT name, email FROM table2 ;
How do that
Using PHP PDO you can also use bindParam with a prepared statement:
<?php
$id = 10;
$sth = $dbh->prepare('INSERT INTO table1 (id,name,email) SELECT :id, name, email FROM table2');
$sth->bindParam('id', $id, PDO::PARAM_INT);
$sth->execute();
?>
Related
I am a Newbie. I am trying to get all the users_id from users table in a comma separated value like 1001,1002,1003 etc then insert them as a comma separated value directly in tmpOrder table sq_id column. So far I have written below code but it is not inserting comma separated value. If I take foreach loop then it inserts an individual row for each user_id but I need to insert a single row with all the comma separated id's in sq_id column
$sql="SELECT users.id as user_id,age FROM users";
$stmt = $con->prepare($sql);
$stmt->execute();
$stmt->bind_result($data[0], $data[1]);
while ($stmt->fetch()) {
echo $data[0];
}
$stmt1 = $con->prepare("INSERT INTO tmpOrder(id,sq_id)
VALUES ($id,implode(',',$data[0]");
$stmt1->execute();
I would use a single query, using GROUP_CONCAT to generate a comma separated list from users and INSERT that directly into tmpOrder using an INSERT ... SELECT query:
$sql = "INSERT INTO tmpOrder(id, sq_id)
SELECT ?, GROUP_CONCAT(id)
FROM users";
$stmt = $con->prepare($sql);
$stmt->bind_param('i', $id);
$stmt->execute();
Hope this helpful...
INSERT
INTO tmpOrder(id,sq_id)
VALUES (
$id,
(
SELECT
GROUP_CONCAT(users.id SEPARATOR ',')
FROM
users
)
)
$sql = "INSERT into x (y,z,t)
VALUES ((SELECT userID FROM users WHERE username ='".$usersql."'),"
."'"."(SELECT itemID from items WHERE category ='".$category."'),"
."'".$amountdays."')";
Thank you for your time.
You should use PDO or mysqli with prepared statements. Then you can define variables for your values and set them after the query. That makes it more readable and you prevent sql injections in your code.
https://www.php.net/manual/de/pdo.prepared-statements.php
$stmt = $dbh->prepare("INSERT into x (y,z,t)
VALUES (
SELECT userID FROM users WHERE username = :username,
SELECT itemID FROM items WHERE category = :category,
:amountdays
)";
$stmt->bindParam(':username', $username);
$stmt->bindParam(':category', $category);
$stmt->bindParam(':amountdays', $amountdays);
Something like that.
A little bit of formatting will go a long way:
$sql = "INSERT into x
(
y,
z,
t
) VALUES (
(SELECT userID FROM users WHERE username = ?),
(SELECT itemID from items WHERE category = ?),
?
);
";
I am inserting data to my db using this:
$insertPlayerFix = "INSERT INTO playerfixtures (fixture_id, player_id, goals_scored) VALUE (?,?,?)";
$stmt = $conn->prepare($insertPlayerFix);
$stmt->bind_param('sss', $fixtureFix_ID,$playerFix_ID,$goalsScored);
$stmt->execute();
$stmt->store_result();
This works fine until I have data for each of the fixtureID's. It then seemingly inserts data and gives me the success message but nothing new is stored.
It is like I am telling it to check for fixtureID and if > 0 to not do anything(which I am not, obviously).
could be you have an autoincrement column for fixture_id
in this case you should not use this column in you insert clause
eg:
$insertPlayerFix = "INSERT INTO playerfixtures ( player_id, goals_scored) VALUE (?,?)";
$insertPlayerFix = "INSERT INTO playerfixtures ( player_id, goals_scored) VALUE (?,?)";
$stmt = $conn->prepare($insertPlayerFix);
$stmt->bind_param('ss', $fixtureFix_ID,$playerFix_ID,$goalsScored);
$stmt->execute();
$stmt->store_result();
and id normally are integer so check for the correct data type and eventually modify you binding
I am wondering if I need to do this.
To make it more secure, all the things inserted into database is selected from another table with specific clause that is posted from the user.
I use the id for the identity:
$identity = $_POST['id'];
$stmt = $mysqli->prepare ("INSERT into table_one (col_1, col_2, col_3)
VALUES (?,?,?)");
//This is what I use to do
$stmt >bind_param ("sss", $valua, $valueb, $valuec);
//But now I want to that like this
$stmt >bind_param ("sss", SELECT valuea, valueb, valuec FROM ANOTHERtable WHERE id = $identity);
$list->execute();
$list->close();
Is it possible? And how is the correct way to do this?
You dont need to bind the values from your other table. You just need to prepare those for the values that the user provides. You can safely use the existing values.
$stmt = $mysqli->prepare ("INSERT into table_one (col_1, col_2, col_3)
SELECT valuea, valueb, valuec FROM ANOTHERtable WHERE id = ?");
$stmt >bind_param ("i", $identity);
$stmt->execute();
I'm new to php. I have a dropdown option. I want to put an if statement that if one of the options is selected e.g. 'Completed' then I would like it to get the entire record from the MySQL table and move it to another table with the same table structure.
This is what i have so far:
<?php
if( $_GET['status'] = 'Completed' ):
$stmt = $con->prepare("INSERT INTO second_table select * from first_table where id = id;
status = ?,
day_id = ?,
eta = ?,
c_notes = ?
WHERE booking_id = ?");
$stmt->bind_param('sissi',
$_GET['status'],
$_GET['day_id'],
$_GET['eta'],
$_GET['notes'],
$_GET['id']
);
$stmt->execute();
$stmt->close();
?>
If the two tables have the same structures I think your query should be
$stmt = $con->prepare("INSERT INTO second_table VALUES (SELECT * FROM first_table WHERE id = ?");
$stmt->bind_param('i', $_GET['id'] );
Let me know if this didn't work.