This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 2 years ago.
I want to select the name contained in the column with the same name as my variable $column_id, which I pass to the function displayed below. It's passed correctly but without putting the '' around it the query results in an error. If I put them the result of the select is the value of $column_id itself, which is wrong. (the syntax equals to the one for prepared queries because that's the next step, if I can fix this issue)
$nirk2 = $this->conn->prepare("SELECT '" .$column_id. "' FROM t_values WHERE device_id='".$device_id."'");
$nirk2->execute();
$nirk2->bind_result($Value_Description);
$nirk2->fetch();
All I want to do is basically use my variable $column_id as name of the column to search the value in.
If you want to use a string as a column name you need to ensure that this column actually exists (is whitelisted) and then wrap it using backticks.
// whitelist column name
if(!in_array($column_id, ['my_col 1', 'my_col 2'])){
throw new \Exception('Invalid column name!');
}
// V backticks V
$nirk2 = $conn->prepare("SELECT `" .$column_id. "` FROM t_values WHERE device_id=?");
$nirk2->bind_param('s', $device_id);
$nirk2->execute();
$nirk2->bind_result($Value_Description);
$nirk2->fetch();
Related
This question already has answers here:
Opposite of MySQL FIND_IN_SET
(6 answers)
MySQL, PHP: Select * from table where id is not in array
(3 answers)
Select all field where field value not in array
(3 answers)
Closed 3 years ago.
I am writing an SQL query. I have an array of unknown length and I want to select the data fromMySQL by using that array in the WHERE clause of the query. This is my query right now and it is working fine
$sql = "SELECT DISTINCT messagesutou.SenderID from messagesutou where (messagesutou.SenderID !='$items[1]' AND messagesutou.SenderID !='$items[0]' AND messagesutou.SenderID !='$items[2]') AND messagesutou.RecieverID='$uid'";
But in this I know the length of array ( 3) and I just used the array name with index for testing purpose. Now i want to know if array length is unknown then how would I write this query?
$list = implode(',', $items);
and
SELECT DISTINCT SenderID
FROM messagesutou
WHERE 0 = FIND_IN_SET(SenderID, '$list')
AND RecieverID='$uid'
or (taken from Jens's answer which was deleted by him)
SELECT DISTINCT SenderID
FROM messagesutou
WHERE SenderID NOT IN ($list)
AND RecieverID='$uid'
The difference - both variants are applicable when SenderID and $items values have a numeric type, only the former when they have string type, none when they have string type and contain commas or ticks.
But the latter may be adapted:
$list = '\''.implode('\',\'', $items).'\'';
and
SELECT DISTINCT SenderID
FROM messagesutou
WHERE SenderID NOT IN ($list)
AND RecieverID='$uid'
It now acccepts any datatype and allows commas (but not ticks - they must be quoted before imploding).
This question already has answers here:
The 3 different equals
(5 answers)
Closed 4 years ago.
I'm using a very simple code to extract data from a MySQL DB to a CSV file.
The code didn't provide the result I expected so I made the code including the query in the CSV file.
In a fist part of the code seemes that the variable containing the query result doesn't actually contain any value, but in another part of the code the variable contains the correct value.
In short, the same variable seems to contain two values in different part of the code.
$sql="SELECT destinazione AS dest,ndc AS n FROM npitz";
$query = mysql_query($sql);
$q="ERROR";
while($row = mysql_fetch_array($query)) {
$query="DELETE FROM npitz_reduced_tmp WHERE
destinazione='".$row['dest']."' AND
ndc LIKE CONCAT('".$row['n']."','%') AND
ndc NOT LIKE '".$row['n']."'";
if($row['n']='77') $q=$query." - ".$row['n'];
mysql_query($query);
}
The variable $row['n'] should contain the result of the SQL query.
After the while loop the variable $q is:
DELETE FROM npitz_reduced_tmp WHERE destinazione='UNITED STATES' AND ndc LIKE CONCAT('','%') AND ndc NOT LIKE '' - 77
The question is: if in the IF statement the value of $row['n'] is '77' why it isn't the same in the $query variable assignment?
You probably should use == instead of = in the if statement
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I have the following INSERT Statement but it doesn't insert a record in the table. It works when i add only the CALC_STOCK_NO field but not when i add Description field to the insert statement.
Here sample Description value: DSSY68678/787-15.5 14 328 I3 TL 8-8-6.01 ABC
$itemid = $data2['fields']['CALC STOCK NO'];
$pdesc = $data2['fields']['Item Description'];
mysqli_query($con,
"INSERT INTO 600XXX
(CALC_STOCK_NO, pdesc) VALUES
($itemid, $pdesc)"
);
here is what my table looks like:
You are not writing the correct field name for the description field. You placed pdesc instead of Description_for_Purchases in your sql statement. You also need to have apostrophes before and after your string values, which is the case for your second field. To correct these problems:
change this code:
mysqli_query($con,
"INSERT INTO 600XXX
(CALC_STOCK_NO, pdesc) VALUES
($itemid, $pdesc)"
);
to this code:
mysqli_query($con,
"INSERT INTO 600XXX
(CALC_STOCK_NO, Description_for_Purchases) VALUES
({$itemid}, '{$pdesc}')"
);
I am used to adding {} as well when I insert values into strings directly. You don't need to do it to work in this case, though since there are situations in which it is needed, I like to remain consistent and do it everywhere :). Let me know if that worked for you.
This question already has answers here:
Update the value of a field in database by 1 using codeigniter
(3 answers)
Closed 21 days ago.
I have used this query to increment my column with the selected number like
$this->db->where('my Condition');
$this->db->update('my Table',array('name'=>'gautam','count'=>'2'));
Here I want to add 2 to the actual column value of count. But I can't able to do it with update function.And I cont able to do like
$this->db->update('my Table',array('name'=>'gautam','count'=>'count+2'));
because I'm only getting count of "2" and if I add in my query it is adding ' in my query like
enter code here
Can anyone help me to find out the solution for it.
$this->db->set('name', 'gautam');
$this->db->set('count', 'count+2',FALSE);
$this->db->where('my Condition');
$this->db->update('my Table');
$this->db->set() in Codeigniter
You can use Codeigniter set function to set the value of count with the increment .
From the doc
set() will also accept an optional third parameter ($escape), that
will prevent data from being escaped if set to FALSE. To illustrate
the difference, here is set() used both with and without the escape
parameter.
So you can do something like this :
$this->db->where('my Condition');
$this->db->set('count','count+2',FALSE);//SET COUNT WITH COUNT+2
$this->db->set('name','gautam');
$this->db->update('my Table');
Try this :
$this->db->where('my Condition');
$this->db->set(array('count' => 'count+2', 'name' => 'gautam'), FALSE);
$this->db->update('my Table');
I'm having trouble adding 1 to a column value in MySQL. I've used backticks on the column name and value isn't incrementing. Here is my query:
$update = $connectdb->prepare("UPDATE `strings` SET posted=posted, `response-comment`=`response-comment` + 1 WHERE `id`=?");
$update->execute(array($id));
Why isn't my query working? The value $id is correct, the column response-comment should increase by 1.
Try using this for your SQL statement (presuming strings is the name of your table:
UPDATE `strings` SET `response-comment`=`response-comment` + 1 WHERE `id`=?
Be careful with tick marks
If improperly coded you can end up with quotes which is going to transform you integer value into a string and thus changing the behavior of your request.
Have you tried with out , justresponse-comment = response-comment + 1`