I get the following when I submit my form.
Fatal error: Uncaught mysqli_sql_exception: Unknown column
'internal_ref' in 'field list' in
/home/www/ruckcompliance.site/test_insert2.php:9 Stack trace: #0
/home/www/ruckcompliance.site/test_insert2.php(9):
mysqli->prepare('INSERT INTO Cus...') #1 {main} thrown in
/home/www/ruckcompliance.site/test_insert2.php on line 9
It was working fine on my localhost. I've read a few posts and tried different things but can not figure this out.
The column does exist in my database.
<?php
header( "refresh:100;url=customers.php" );
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include_once 'database.php';
// Prepared statement, stage 1:
$stmt1 = $conn->prepare("INSERT INTO Customer(internal_ref) VALUES (?)");
// Prepared statement, stage 2:
$internal_ref = $_REQUEST['internal_ref'];
$stmt1->bind_param("s", $internal_ref);
$stmt1->execute();
echo "<strong>Record saved....</strong>"; echo 'redirecting to dashboard.';
// Close connection
mysqli_close($conn);
?>
database.php
<?php
$servername='localhost';
$username='******';
$password='******';
$dbname = "ruck";
$conn=mysqli_connect($servername,$username,$password,"$dbname");
if(!$conn){
die('Could not Connect My Sql:' .mysql_error());
}
?>
Check if you made mistake in database or php. For example, my name in column name was "pasword" instead of "password".
There was something wrong with my database table. I originally created the table with SQL I have saved in an excel document.
I recreate my table from scratch within phpMyAdmin and it's now working.
Still trying to figure out what was wrong. The table names where correct.
Related
would like to ask about configuration of XAMPP mySQL database.
I have set my xampp document root to drive D, and now i unable to connect to SQL database and always get error.
Fatal error: Uncaught Error: Call to undefined function mysql_connect() in D:\localserver\connection.php:3 Stack trace: #0 D:\localserver\login.php(4): include() #1 {main} thrown in D:\localserver\connection.php on line 3
the file that handle the connection look like this
<?php
$connect = mysql_connect("localhost","root","");
if(!$connect) {
die ('connection fail!!!');
} else {
print ('connection okay!!!');
}
$connectdb = mysql_select_db('admin_login');
if(!$connectdb) {
die ('connection fail!!!');
} else {
print ('connection okay!!!');
}
?>
The mysql_connect() function is from a library that is deprecated since a couple of years and has been removed in PHP 7.
Use mysqli_connect() or PDO.
UPDATE
You can pass the name of the database into mysqli_connect() and get rid of the extra mysqli_select_db(). If you want to user mysqli_select_db() in procedural style instead of object oriented it expects the link that is returned by mysqli_connect() as the first parameter and the database name as the second one like this:
$link = mysqli_connect("localhost", $user, $password);
$db = mysqli_select_db($link, $dbname);
I have received:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5538ac14bb2ca7514f9f4d8826f3c45e'')' at line 1' in C:\xampp\htdocs\register.php:19 Stack trace: #0 C:\xampp\htdocs\register.php(19): PDO->exec('insert into use...') #1 {main} thrown in C:\xampp\htdocs\register.php on line 19.
How can this be solved, like what should be done?
<?php
session_start();
// If the form has been submitted
if (isset($_POST['submitted'])){
// Create a database connection
$db = new PDO("mysql:dbname=johnsoa7_db;host=localhost", "root", "");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Get and sanitise the inputs, we don't need to do
// this with the password as we hash it anyway
$safe_forename = $db->quote($_POST['forename']);
$safe_lastname = $db->quote($_POST['lastname']);
$safe_email = $db->quote($_POST['email']);
$hashed_password = $db->quote(md5($_POST['password']));
// Insert the entry into the database
$query = "insert into users values (default, $safe_forename, $safe_lastname, $safe_email, '$hashed_password')";
$db->exec($query);
// Get the ID
$id = $db->lastInsertId();
// Output success or the errors
echo "Congratulations! You are now registered. Your ID is: $id";
}
?>
You have an error in this line:
$query = "insert into users values (default, $safe_forename, $safe_lastname, $safe_email,'$hashed_password')";
default should be quoted if it is string.
If it is a variable, you missed $.
Please see the comment by #ceejayoz:
As he said you don't need quoted around $hashed_password...
Updated Question:
I have successfully added some html to my MySQL database using this code:
$emailaddress = $_SESSION["email_address"];
..
$html_content = '<div> Hello</div>';
..
$stmt = $db->prepare("INSERT INTO users(htmlcontent) VALUES (:hContent)");
$stmt->execute(array(':hContent' => $html_content));
Except that I need it to only insert into the "htmlcontent" column for the email which matches $emailaddress. So I tried including WHERE in my PDO statement like this:
$stmt = $db->prepare("INSERT INTO users(htmlcontent) VALUES (:hContent) WHERE email = :email");
$stmt->execute(array(':hContent' => $html_content, ':email' => $emailaddress));
but it returns the following error: Perhaps I should use Update instead? I'll try now
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE email = 'my#domain.com'' at line 1'
in /home/fire18/public_html/login/private.php:31 Stack trace: #0 /home/fire18/public_html/login/private.php(31): PDOStatement->execute(Array) #1 {main} thrown in /home/firer18/public_html/login/private.php on line 31
Old question:
I'm trying to insert plain html code into my MySQL database, in order to retrieve it later from a different page. I'm confused as to how I get the html into the database, and then later retrieve it. I've read that I should use TEXT and also mysql_real_escape_string() to prepare the html for the INSERT. But I'm using PDO and so I don't know what to do.
So, let's say I want to get this html into my database:
<li>
City Scene
<input id="keepbox5" type="checkbox" name="keepbox5" />
<label for="keepbox5">Keep</label>
<input id="cbox5" type="checkbox" name="cbox5" class="cboxes"/>
<label for="cbox5">Show</label>
<div class="tinybox">
<img src="http://www.example.com/img/temp.jpg" alt="tinypic" id="tinypic" style="display:none;">
</div>
</li>
I need to INSERT it into my users table, but I'm sure this is wrong:
$htmlCode = mysql_real_escape_string(<li> City Scene <input id="keepbox5" ...[ALL HTML]... </li>);
$query = "
INSERT INTO users (
db_html_code
) VALUES (
$htmlCode
)
";
Since I'm using PDO like so:
$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
Then at the end when I need to retrieve the data, I read that I need to use stripslashes() but again, don't know if this applies.
How do I properly insert plain html into my DB (PDO using PHP?
How do I then request/display the stored html on other pages?
Thanks for your feedback
I solved it by including:
$emailaddress = $_SESSION["email_address"];
..
$html_content = '<div> Hello</div>';
...
$stmt = $db->prepare("UPDATE users SET htmlcontent=:hcontent WHERE email=:email");
$stmt->bindValue(":hcontent", $html_content);
$stmt->bindValue(":email", $emailaddress);
$stmt->execute();
in my PHP document. Thanks to Fred for the link which guided me in the right direction.
I am trying to write to a MySQL Database / Table with the following code - but for some reason it just won't write! I've changed the "INSERT INTO" line quite a few times, trying different things each time - no luck!!!
The DBsettings.php contains variables with the MySQL connection info - which worked for creating the tables and setting the column types and stuff. For your information, it is running the main code (there are no errors with the user info entered), and echoing "Awesome! No errors!", so I'm not too sure what's not working - the MySQL checking line is saying that I'm able to connect properly... Can someone look over my code?
The PasswordHash.php file contains code for hashing and salting passwords - nothing to see here, got it from another site, no errors at all.
I know I'm not 'cleansing' the MySQL code for more security...
if($error == null){
include('DBsettings.php');
$connect = mysqli_connect($dbserver, $dbuser, $dbpass, $dbname);
if (mysqli_connect_errno()) {
echo 'Failed to connect to MySQL Database! Error: '.mysqli_connect_error();
} else {
include('PasswordHash.php');
$passinfo = explode(':', create_hash($password));
$addinfo = "INSERT INTO {$dbprefix}Users (Email, Displayname, Registered, Rank, Status, Password, Salt) VALUES ('{$email}', '{$displayname}', '{date('Y\/m\/d')}', 9999, 1, '{$passinfo[3]}', '{$passinfo[2]}')";
/* format: algorithm:iterations:salt:hash */
mysqli_query($connect, $addinfo);
mysqli_close($connect);
echo 'Salt: '.$passinfo[2];
echo '<br>Hash: '.$passinfo[3];
echo '<br>Awesome! No Errors!';
}
} else {
echo $error;
}
That's the code in question - I've tried adding;
error_reporting(E_ALL);
ini_set('display_errors', '1');
But all that reveals is undefined localhost errors in my DBsettings.php file - and the file worked when I created the MySQL DB tables, so I don't really have that as a priority.
Thanks!
If you echo your query, you will notice this issue. Following is your final query
INSERT INTO Users (Email, Displayname, Registered, Rank,Status, Password, Salt)
VALUES ('', '', '{date('Y\/m\/d')}', 9999, 1, '', '')
Notice that your date was not interpolated like you expected it to, and i'm sure if you have that field in MySQL set as a datetime field, it wont accept that value {date('Y\/m\/d')}, Move the date function call outside the string.
Plus you are not getting any error after the query execution because you are simply not checking for one. One example how to check for that can be
if (!mysqli_query($connect, $addinfo)) {
printf("Error: %s\n", mysqli_error($connect));
}
I saw your INSERT query contains this '{date('Y/m/d')}' ,maybe the single quotes has conflict,You'd better escaping the date('Y/m/d') statement's single quotes.
I am having a little bit of trouble trying to write to a .mdb database from php.
The database has a table called comments and it has 3 columns "id", "comment" and "by". The code I have is this.
<?php
$count =0;
$db_path = "newsBlog.mdb";
$odbc_con = new COM("ADODB.Connection");
$constr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" . $db_path . ";";
$odbc_con -> open($constr);
$sql = "INSERT INTO [comments] VALUES (".$_POST['newsId'].",'".$_POST['comment']."', '".$_POST['by']."')";
echo $sql;
$odbc_con -> execute (sql);
$rs = null;
$conn = null;
echo "done";
?>
It takes 3 values from a form on the previous page and should insert them into the database, except I get this error every time:
<b>Fatal error</b>: Uncaught exception 'com_exception' with message '<b>Source:</b> Microsoft OLE DB Provider for ODBC Drivers<br/><b>Description:</b> [Microsoft][ODBC Microsoft Access Driver] Invalid SQL statement; expected 'DELETE', 'INSERT', 'PROCEDURE', 'SELECT', or 'UPDATE'.' in D:\Hosting\7010757\html\users\kinectfashion\postComment.php:20 Stack trace:
#0 D:\Hosting\7010757\html\users\kinectfashion\postComment.php(20): com->execute('sql')
#1 {main} thrown in <b>D:\Hosting\7010757\html\users\kinectfashion\postComment.php</b> on line <b>20</b><br />
To me, this seams MAD as I am using an insert statement and cannot see what I am doing wrong!
Any help would be much appreciated!
Thanks
$odbc_con -> execute (sql); should be $odbc_con -> execute ($sql);