Related
Table user:
- user_id
- user_name
- (other info fields that doesn't matter for
Table item:
- item_id
- item_name
- (other info fields that doesn't matter for now)
All fields on the attached picture are from ITEM table but the last one that says "Colaborador"
Update:
Sorry,
The point is this:
I have 2 tables, Items and Users
And I want to register Electronic equipment on Items table (for example if I buy a cellphone I want to register it on that table) and then, that item (cellphone on this case) will be attributed to an user, and to do that register of the item attributed to the user I need to match the 2 tables with a foreign key that I already have, but the point is, I don't want to input the user_id (that is the foreign key), but I want to input the user NAME
Hope I make myself clear this time
PHP Code
if ($valid) {
$pdo = Database::connect();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO ativos (item,comentario,data_aquisicao,localizacao,fabricante,modelo,anexo_a,numero_serie,imei,ativo_sap,evento,data_entrega,data_devolucao,data_estravio,id_user) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$q = $pdo->prepare($sql);
$q->execute(array($item,$comentario,$data_aquisicao,$localizacao,$fabricante,$modelo,$anexo_a,$numero_serie,$imei,$ativo_sap,$evento,$data_entrega,$data_devolucao,$data_estravio,$id_user));
Database::disconnect();
header("Location: index.php");
}
Without seeing how your PHP code generates your associated MySQL queries, we can't possibly tell you how to re-factor your specific case to achieve this functionality.
On a more generic level, you'd probably have to pass the username from the input form into a subquery as part of your INSERT statement:
INSERT INTO `item` (item_id, item_name, owner_id)
VALUES (1, 'abcdef', (SELECT user_id FROM user WHERE user_name = 'user1'))
Edit after OP edit to add PHP code:
Just refactor your $sql string query to include the subquery:
$sql = "INSERT INTO ativos (item,comentario,data_aquisicao,localizacao,fabricante,modelo,anexo_a,numero_serie,imei,ativo_sap,evento,data_entrega,data_devolucao,data_estravio,id_user) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, (SELECT user_id FROM user WHERE user_name = ?))";
... which should return the user_id associated with a particular user_name and insert the ID value to the record.
Is there a way to make this Query work in MySQL Codeigniter
Basically is make a select inside a Insert to avoid double Query
I want to make an INSERT a row in a table called recibos_nomina but the field recibos_nomina.id_usuario is one a table called usuarios i have usuarios.rfc and i want to nest SELECT id FROM usuarios WHERE rfc = XXX to get the id and insert in recibos_nomina.id_usuario with one Query only, this is possible with MySQL but i don't know how to make it with codeigniter.
$this->db->trans_begin();
$this->db->query('insert into recibos_nomina(id_empresa, id_usuario, fecha, folio, total, uuid, url_xml, temporal, folio_fiscal, fechahora_certificado, csd_sat, sello_cfd, sello_sat, sello)
values(?, (SELECT id FROM usuarios WHERE rfc = ?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', array(
2,
//intval($this->post('id_empleado')),
$recibo->usuario->rfc,
date("Y-m-d"),
$recibo->folio,
$recibo->total,
$recibo->uuid,
$recibo->url_xml,
1,
$recibo->uuid,
//str_replace("T", " ", $recibo->fecha),
$recibo->fecha,
$recibo->csd_sat,
$recibo->sello_cfd,
$recibo->sello_sat,
$recibo->sello_cfd
));
$id_recibo = $this->db->insert_id();
I have a quick question...I am updating all values in a row using a prepared statement and an array.
When initially inserting, my statement looks like this (and works perfect)
$sql="INSERT INTO $dbtable VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
The first and last values are NULL as the first is an auto increment ID field and last is a timestamp field.
Is there a way to keep my UPDATE statement as simple as my INSERT statement like this...
$sql="UPDATE $dbtable SET (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) WHERE `announcements`.`id` = $id LIMIT 1";
I realize this does not work as is due to the first value being an auto increment field, is there a value I could put into my array to 'skip' this field?
This may not be the best way to describe my question but if you need more info, please let me know!
Thank you in advance!
UPDATE has no "implicit columns" syntax like INSERT does. You have to name all the columns that you want to change.
One alternative you can use in MySQL is REPLACE:
REPLACE INTO $dbtable VALUES (?, ?, ?, ?, ?, ...)
That way you can pass the current value for your primary key, and change the values of other columns.
Read more about REPLACE here: https://dev.mysql.com/doc/refman/5.6/en/replace.html
Note that this is internally very similar to #Devon's suggestion of using two statements, a DELETE followed by an INSERT. For example, when you run REPLACE, if you have triggers, both the ON DELETE triggers are activated, and then the ON INSERT triggers. It also has side-effects on foreign keys.
The solution I can think of doesn't involve an UPDATE at all.
DELETE FROM $dbtable WHERE id = $id;
INSERT INTO $dbtable VALUES ($id, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);
Since you don't want to use the UPDATE syntax, this would delete the row and add a new row with the same id, essentially updating it. I would recommend wrapping it in a transaction so you don't lose your previous row if the insert fails for any reason.
I am receiving error 'Number of variables doesn't match number of parameters in prepared statement'
$stmt = $this->conn->prepare( "INSERT INTO user
(
st1, u1, e1, sa1,
h1, roles_id, name_titles_id, first_name,
last_name, phone, mobile, address_road,
address_area, address_region, post_code, city,
country_id, creation_date, activated_at, modified_date_time,
created_by, referred_by, gender, ad1, status
)
VALUES
(
?, ?, ?, ?,
?, ?, ?, ?,
?, ?, ?, ?,
?, ?, ?, ?,
?, ?, ?, ?,
?, ?, ?, ?, ?
)"
)
$stmt->bind_param('i',$st1);
$stmt->bind_param('s',$u1);
$stmt->bind_param('s',$e1);
$stmt->bind_param('s',$sa1);
$stmt->bind_param('s',$h1);
$stmt->bind_param('i',$roles_id);
$stmt->bind_param('i',$name_titles_id);
$stmt->bind_param('s',$first_name);
$stmt->bind_param('s',$last_name);
$stmt->bind_param('s',$phone);
$stmt->bind_param('s',$mobile);
$stmt->bind_param('s',$address_road);
$stmt->bind_param('s',$address_area);
$stmt->bind_param('s',$address_region);
$stmt->bind_param('s',$post_code);
$stmt->bind_param('s',$city);
$stmt->bind_param('i',$country_id);
$stmt->bind_param('s',$creation_date);
$stmt->bind_param('s',$activated_at);
$stmt->bind_param('s',$modified_date_time);
$stmt->bind_param('i',$created_by);
$stmt->bind_param('i',$referred_by);
$stmt->bind_param('s',$gender);
$stmt->bind_param('s',$ad1);
$stmt->bind_param('i',$status);
Edit:
Just make a small test and it confirms, we can't use multiple bind_param with mysqli.
Not work:
$stmt->bind_param('s',$a);
$stmt->bind_param('s',$b);
Work:
$stmt->bind_param('ss',$a, $b);
Hopefully it'll be useful for future searches.
Your problem is simple. You are trying to do the thing manually, while the number of data asks for the automated process. You have to make a program to create a query for you.
Suppose You have an array with data already. All you need is to define the list of fields to insert
$fields = "st1,u1,e1,sa1,h1,roles_id,name_titles_id,first_name,last_name,phone,";
$fields .= "mobile,address_road,address_area,address_region,post_code,city,";
$fields .= "country_id,creation_date,activated_at,modified_date_time,";
$fields .= "created_by,referred_by,gender,ad1,status" ;
$fields = explode(",",$fields);
and then use some programming. Luckily, it's already done:
include 'safemysql.class.php';
$db = new safeMysql();
$insert = $db->filterArray($_POST,$fields);
$db->query("INSERT INTO user SET ?u", $insert);
And yeah, you are using bind_param wrong way. Correct usage can be seen in the manual page.
This question already has answers here:
Can I parameterize the table name in a prepared statement? [duplicate]
(2 answers)
Closed 1 year ago.
I'm trying to create a mysqli prepared statement where I import tables from an odbc connected database into a mysql database, I'm getting this error with 106-column wide table query.
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '? (ID, column1, column2, column3, column4, ' at line 1"
When I echo out the query here it is...
INSERT INTO ? (ID, column1, column2, column3, column4, ...106 total columns... ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?)
$sql = "SELECT * FROM $table WHERE $key = '$acct'";
$link = getODBCConnection();
$result = odbc_do($link, $sql);
$data = array();
while ($row = odbc_fetch_array($result)) {
//store all query rows as array
array_push($data, $row);
}
//insert into mysql table of the same name
//get column count from first row
$columns = count($data[0]);
$params = str_repeat(" ?,",$columns);
$params = rtrim($params,',');
$types = str_repeat("s",$columns+1);
$fields = implode(", ", array_keys($data[0]));
$sql = "INSERT INTO ? ($fields) VALUES ($params) ON DUPLICATE KEY UPDATE";
echo $sql."<br>";
$link = getSalesConnection();
$stmt = $link->prepare($sql);
var_dump($link->error);
foreach ($data as $row) {
$stmt->bind_param($types, $table, implode(", ",array_values($row)));
$stmt->execute();
}
I've tried this using standard bind_param and also using the call_user_func_array() method. I've tried quoting my parameter strings and the column names, without effect. If there was an error with my bind_param types I should not have an error on the prepare statement should I? But there is some problem with the SQL going to the prepare command that I can't pinpoint. Please help!
Query parameters can be used in place of scalar values only. You can't parameterize table names, column names, SQL expressions, keywords, lists of values, etc.
WRONG: SELECT ?, b, c FROM t WHERE a = 1 ORDER BY b ASC
The parameter value will be a literal value, not the name of a column.
WRONG: SELECT a, b, c FROM ? WHERE a = 1 ORDER BY b ASC
Syntax error.
WRONG: SELECT a, b, c FROM t WHERE ? = 1 ORDER BY b ASC
The parameter value will be a literal value, not the name of a column.
WRONG: SELECT a, b, c FROM t WHERE a IN (?) ORDER BY b ASC
The parameter value will be a single literal value, not a list of values, even if you pass a string of comma-separated values.
WRONG: SELECT a, b, c FROM t WHERE a = 1 ORDER BY ? ASC
The parameter value will be a literal value, not the name of a column.
WRONG: SELECT a, b, c FROM t WHERE a = 1 ORDER BY b ?
Syntax error.
Basically if you could write a string literal, date literal, or numeric literal in place of the query parameter, it should be okay. Otherwise you have to interpolate the dynamic content into the SQL string before you prepare() it.
It looks as though the bind_param() function does not replace the very first '?' that defines the table name. Try manually putting the table name into the prepared string first and only use '?' markers where it is expecting values.