Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
In my Mysql I have this table. And I want to send data
Id is autoincrement
Id
insertId
invoceTaxApplayId
sumOfDist
if (isset($_POST['basic'])) {
$user_string = $_POST['basic'];
$basic = json_decode($user_string);
foreach ($basic as $key => $value){
$sql2 = "INSERT INTO `insert_tax_applay_map`( `insertId`, `invoceTaxApplayId`, `sumOfDist`) VALUES ('$value','', 5)";
echo $sql2; //printed
echo $key;
}
exit();
}
I can see echos, but data isn't sent to mysql.
You can fix the issue of not executing and your serious SQL injection bug with one simple trick: Prepared statements with placeholder values!
if (isset($_POST['basic'])) {
$user_string = $_POST['basic'];
$basic = json_decode($user_string);
// Prepare your database query with placeholder values
$stmt = $db->prepare("INSERT INTO insert_tax_applay_map (insertId, invoceTaxApplayId, sumOfDist) VALUES (:insertId, :invoiceTaxApplayId, :sumOfDist)");
// For each entry...
foreach ($basic as $key => $value) {
// ...execute the statement with that particular set of values.
$stmt-execute([
'insertId' => $value,
'invoiceTaxApplayId' => '',
'sumOfDist' => 5
]);
}
exit();
}
This example uses PDO but can easily be adapted to mysqli or whatever you're using.
Tip: For general guidance on PHP, see PHP the Right Way for more resources.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have this PHP code:
$uniqueSessionID = 'd41740fd9dc75cb8a3eeee27165d2323';
$returnUrl = 'http://qapache.us.oracle.com:15671/OA_HTML/OA.jsp?OAFunc=ICX_\nCAT_PUNCHOUT_CALLBACK&OAHP=ICX_POR_HOMEPAGE_MENU&OASF=ICX_CAT_PUNCHOUT_\nCALLBACK&transactionid=1577779317'
$timestamp = $conn->real_escape_string('2016-02-10 07:57:21');
$cxmlVersion = $conn->real_escape_string('1.1.007');
$payloadID = $conn->real_escape_string('20040316032452.913060910.144270#ap6172rt.us.oracle.com');
$sql2 = "INSERT INTO return_cart_url (`sessionid`, `timestamp`, `version`, `return_url`, `payloadID`)
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}' '$returnUrl', '{$payloadID}')";
if ($conn->query($sql2) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql2 . "<br>" . $conn->error;
}
And i get this error:
Column count doesn't match value count at row 1
All my columns are varchar. In the beginning i only had the columns uniqueSessionID and returnURL, and with these 2 it worked. It happened when I added the timestamp, cxmlVersion and payloadID.
Anyone who can explain me why this happens?
You forgot 1 comma :
'{$cxmlVersion}','$returnUrl'
you forget one , after cxmlVersion
$sql2 = "INSERT INTO return_cart_url (`sessionid`, `timestamp`, `version`, `return_url`, `payloadID`)
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}', '$returnUrl', '{$payloadID}')";
I am guessing it is because you are missing the brackets in the values definition of the return Url, and there is a missing colon after cxmlVersion.
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}' '$returnUrl', '{$payloadID}')";
Becomes:
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}', '{$returnUrl}', '{$payloadID}')";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have a PDO PHP file making use of just one $_POST value stored on the $data array, and if an statement is true, a second value is added to that array to make a new query with two values:
<?php
session_start();
include("../conexionbbdd.php");
if($_SESSION['estado'] == 'activo' && $_SESSION['rol'] == '1'){
$data = array(
'us_id' => $_POST['us_id'],
);
$selectUsers= "SELECT * FROM ws_users WHERE us_id= :us_id";
$statementSelectUsers = $pdo->prepare($selectUsers);
$statementSelectUsers->execute($data);
$result = $statementSelectUsers->fetch(PDO::FETCH_ASSOC);
$us_fk_ui_id = $result['us_fk_ui_id'];
if($us_fk_ui_id==='1'){
$data['us_credits']=$_POST['us_credits'];
$updateUser = mysqli_query($con,"UPDATE ws_users SET us_credits = :us_credits, us_access = '1' WHERE us_id = :us_id");
$statementUpdateUser = $pdo->prepare($updateUser);
$statementUpdateUser->execute($data);
}
Everything goes fine untill the $statementUpdateUser->execute($data); line (34), where I get the usual error
PDOException: SQLSTATE[42000]: Syntax error or access violation: 1065
Query was empty in C:\wamp\www**********\actions\ad_updateUserInfo.php on
line 34
As far as I've seen, this should be due to the unexistance of one of the placeholders on the array, but if I print the array values after the $data['us_credits']=$_POST['us_credits']; it seems to be correct, having the 2 expected values needed for my query:
Array (
[0] => 2
[1] => 1.5 )
How could I check where the mistake is? There's no possibility of echoing the query as it is an object unable to transform on string.
$updateUser = mysqli_query($con,"UPDATE ws_users SET us_credits = :us_credits, us_access = '1' WHERE us_id = :us_id");
^^^ WTF??
You have to pay more attention to the code you write. Stack Overflow is NOT the service for finding typos for you.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I am getting an error while running this code:
Fatal error: Call to a member function bindParam() on boolean in D:\xampp\htdocs\ipack\insertstatus.php on line 9
<?php
header('Access-Control-Allow-Origin: *');
include 'dbconnection.php';
$jobno = "AFE/0001/2015";
$jobseq = 0;
//to get INTJOBNO
$intjobno = "";
$data = $dbh->query("select INTJOBNO from PRTJOBHD where JOBNO = :jobno and JOBSEQ = :jobseq");
$data->bindParam(':jobno',$jobno,PDO::PARAM_STR);
$data->bindParam(':jobseq',$jobseq,PDO::PARAM_STR);
$data->execute();
foreach($data as $row) {
$intjobno = $row['INTJOBNO'];
echo $intjobno;
}
>
Have a look at this answer: PDO's query vs execute. You cannot bind parameters to PDO query, you need to use prepare instead.
header('Access-Control-Allow-Origin: *');
include 'dbconnection.php';
$jobno = "AFE/0001/2015";
$jobseq = 0;
//to get INTJOBNO
$intjobno = "";
$data = $dbh->prepare("select INTJOBNO from PRTJOBHD where JOBNO = :jobno and JOBSEQ = :jobseq");
$data->bindParam(':jobno',$jobno,PDO::PARAM_STR);
$data->bindParam(':jobseq',$jobseq,PDO::PARAM_STR);
$data->execute();
foreach($data as $row) {
$intjobno = $row['INTJOBNO'];
echo $intjobno;
}
PDO::query() returns a PDOStatement object, or FALSE on failure.
Source
It means your query has failed for some reason.
In this case you are using the wrong function to do what you want to do.
You need to prepare your statement since you want to bind two parameters in your query.
Use $dbh->prepare() instead of $dbh->query().
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Hello guys i need your help with this php code,
and trying to create survey name using text box..but what happens is that $survey_name = $_POST['txtSurveyName']; does not save any input with e.g. Department's but it saves Departments.
I noticed that the problem is with the single quotes, how can write this code to accept the single quotes?
here is the full code:
**$survey_name = $_POST['txtSurveyName'];**
$survey_status = $_POST['status'];
// Save question
$sql = "INSERT INTO survey(survey_name, status) VALUES('{$survey_name}','{$survey_status}')";
$result = mysql_query($sql);
// Redirect to landing page
As much as I hate this answer I will still tell you that you need to escape your strings:
$survey_name = mysql_real_escape_string($_POST['txtSurveyName']);
But I would suggest using PDO or MySQLi prepared statements. Better for your security.
So easy with PDO:
//prepare query
$stmt = $pdoInstance->prepare('INSERT INTO survey(survey_name, status) VALUES(:name, :status)');
//bind params
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':status', $status, PDO::PARAM_STR);
if ($stmt->execute()) {
//success
}
This way your code is more secure and I feel better that I did not suggest something horrible.
From: http://us2.php.net/mysql_real_escape_string
$survey_name = $_POST['txtSurveyName'];
$survey_status = $_POST['status'];
$sql = sprintf("INSERT INTO survey(survey_name, status) VALUES('%s','%s')'",
mysql_real_escape_string($survey_name),
mysql_real_escape_string($survey_status));
$result = mysql_query($sql);
Change your query to escape specials chars :
$sql = "INSERT INTO survey(survey_name, status) VALUES(\"{$survey_name}\",\"{$survey_status}\")";
or
$sql = "INSERT INTO survey(survey_name, status) VALUES('".addslashes($survey_name)."','".addslashes($survey_status)."')";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Im having a strange issue with a select with PDO, so I came here to ask for your help.
I have this code below and Im getting this error:
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number:
parameter was not defined in `$verifyUser->execute();`
Somebody there have an ideia why this can be happening?
My Php Code:
if(!$_SESSION['result'])
{
header('Location: index.php');
}
else
{
$userId = $_SESSION['result']['id'];
$verifyUser = $pdo->prepare("SELECT * FROM aadmins where id = :userId");
$verifyUser->bindValue(":id", $userId);
$verifyUser->execute();
$num_rows = $verifyUser->rowCount();
$result = $verifyUser->fetch(PDO::FETCH_ASSOC);
}
You are using :userId in SQL query, while in bindValue you are using :id.
$verifyUser = $pdo->prepare("SELECT * FROM aadmins where id = :userId");
$verifyUser->bindValue(":id", $userId);
But it should be the same in query and bindvalue.
$verifyUser = $pdo->prepare("SELECT * FROM aadmins where id = :id");
$verifyUser->bindValue(":id", $userId);