I'm making a simple CURD operation using PHP and MYSQL. However I'm not able to insert/add data in the created table.
I think it might be a syntax error itself, but I can't figure out which one. The rest of the code works fine.
operation.php:
require_once("../CRUD/php/db.php");
$conn = createDB();
if(isset($_POST['create']))
{
createData();
}
function createData()
{
$name = textboxValue("name_type");
$age = textboxValue("age_type");
$gender = textboxValue("gender_type");
$email = textboxValue("email_type");
$contact = textboxValue("contact_type");
$dept = textboxValue("dept_type");
$sql = "INSERT INTO details(name,age,gender,email,contact,department)
VALUES('$name', '$age', '$gender', $email', '$contact', '$dept');";
if(mysqli_query($GLOBALS['conn'],$sql))
{
echo "Data added";
}
else
{
echo "Error adding data";
}
}
function textboxValue($value)
{
$textbox = mysqli_real_escape_string($GLOBALS['conn'], trim($_POST[$value]));
if(empty($textbox))
{
return false;
}
else
{
return $textbox;
}
}
"Error adding data" gets echoed. I can share the html code as well if needed.
$sql = "INSERT INTO details(name,age,gender,email,contact,department)
VALUES(\"$name\", \"$age\", \"$gender\", \"$email\", \"$contact\", \"$dept\");";
and so? By the way one quote you forgot near $email
I have this code on "insert.php":
if ($stmt = $GLOBALS['mysqli']->prepare("INSERT INTO table1(iduser, title, msg, anonim, ip, iduniversity) VALUES (?,?,?,?,?,?)")) {
$stmt->bind_param("issisi", $_SESSION['iduser'], $_POST['title'], $_POST['msg'], $anonim, getIP(), $_SESSION['iduniversity']);
if ($stmt->execute()) {
$idmsg = $GLOBALS['mysqli']->insert_id;
$i = 0;
$stmt2 = $GLOBALS['mysqli']->prepare("INSERT INTO tag(idmsg, tag) VALUES(?,?)");
foreach ($tags as $tag) {
if ($tag != '') {
$stmt2->bind_param("is", $idmsg, $tag);
if ($stmt2->execute()) {
$i++;
}
}
}
$stmt2->close();
$stmt->close();
mysqli_close($GLOBALS['mysqli']);
sendFile($idmsg);
header("Location: /public/watch_msg.php?idmsg=" . $idmsg);
exit();
} else {
exit("Ops! Ocorreu algum erro. COD1370");
}
} else {
exit("Ops! Ocorreu algum erro. COD1371");
}
So, everything is working fine, except that sometimes when it redirects to "watch_msg.php" the message seems not to be on the database yet. When this happens, as soon as I refresh the page, everything is there!
First thing I thought is that there could be a race-condition somewhere, but I read in another question that PHP is sequential, and as I close both statements and connection before the redirect (so that used tables should be unlocked), why i'm getting this result somethimes? What i'm doing wrong?
Also, no functions outputs anything, but "sendFile" saves an image if the user sends one, so headers should be fine (it also gives me the error when I comment the function).
Code on watch_msg:
$msg = NULL;
$tags = NULL;
$coments = NULL;
$data_high = date("Y-m-d H:i:s");
$iduser;
if ($loggedin) { //If logged in
$idmsg = filter_input(INPUT_GET, 'idmsg', FILTER_SANITIZE_STRING);
$iduser = $_SESSION['iduser'];
$query = "SELECT * FROM table1 WHERE iduser = ? AND idmsg = ? AND datemsg < ?";
$stmt = $GLOBALS['mysqli']->prepare($query);
$stmt->bind_param("iis", $iduser, $idmsg, $data_high);
if ($stmt->execute()) {
$msg = mysqli_fetch_assoc($stmt->get_result());
if ($msg === NULL) {
exit('This message doesn\'t exists');
}
...
} else {
echo "Error.";
}
}
The data is not inserting into another table, here's the code below :
if (isset($_POST))
{
$job = $_POST['jobtitle'];
$dur = $_POST['duration'];
$deg = $_POST['requireddegree'];
$exp = $_POST['experiance'];
$sal = $_POST['salary'];
$mark = $_POST['marks'];
if ( !empty($job) && !empty($dur) && !empty($deg) && !empty($exp) && !empty($sal) && !empty($mark))
{
$dur = mysql_real_escape_string($dur);
$deg= mysql_real_escape_string($deg);
$exp = mysql_real_escape_string($exp);
$sal = mysql_real_escape_string($sal);
$mark = mysql_real_escape_string($mark);
$job = mysql_real_escape_string($job);
$query="INSERT INTO jobposting (duration,degree,experiance,salary,marks,Jobtitle) VALUES ('".$dur."','".$deg."','".$exp."','".$sal."','".$mark."','".$job."') ";
if ($query_run= mysql_query($query))
{
header('location : Main.html');
}
else
{
echo ' Data not Inserted! ';
}
}
With this it gives me server error or there was an error in CGI script.But when I write the variables in this form '$dur' instead of '".$dur." then the else conditon runs after insert query and displays data is not inserted.
However, i have written the same logic while inserting data in my another table and it inserts successfully.But there I put '$dur'.
I can't find the problem.Will be glad for your suggestions :)
I can't seem to find any other error by seeing this code expect for
$query="INSERT INTO jobposting (duration,degree,experiance,salary,marks,Jobtitle) VALUES ('$dur','$deg','$exp','$sal','$mark','$job') ";
//Use ".$job." only for stuff like '".md5($_POST['password'])."' otherwise this creates problem some times.
// Adding this always helps
if(!mysqli_query($con,$query))
{
die('error'.mysqli_error($con));
}
// in $con = $con=mysqli_connect("localhost","root","");
else
{
if ($query_run= mysql_query($query))
{
header('location : Main.html');
}
else
{
echo ' Data not Inserted! ';
}
}
I think by making these changes and making sure that your db name and other basic stuff are correct then you should be good to go otherwise, specify your exact error.
I am trying to pass an array of data to a Update query, to update customer records. However for some reason the ?success page is showing saying my details have been updated, however they aren't. If I debug and echo
echo implode(', ', $update);
die();
I get the result
mem_first_name = 'Josh', mem_last_name = 'smith', mem_email = 'j.smith#gmail.com', allow_email = '0'
Which looks fine to me. This is my update_user function
function update_user($mem_id, $update_data) {
$update = array();
array_walk($update_data, 'array_sanitize');
foreach ($update_data as $field=>$data) {
$update[] = '`' . $field . '` = \'' . $data . '\'';
}
mysql_query("UPDATE `members` SET " . implode(', ', $update) . " WHERE `mem_id` = '$mem_id'") or die(mysql_error());
}
And my $update_data array
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
$message = 'Your details have been updated';
} else {
if (empty($_POST) === false && empty($errors) === true) {
$update_data = array(
'mem_first_name' => $_POST['mem_first_name'],
'mem_last_name' => $_POST['mem_last_name'],
'mem_email' => $_POST['mem_email'],
'allow_email' => ($_POST['allow_email']) ? 1 : 0
);
update_user($session_member_id, $update_data);
header('Location: settings.php?success');
exit();
} else if (empty($errors) === false) {
$message = output_errors($errors);
}
}
So I have worked out I am losing my backticks after I implode, thus the column names don't have back ticks
This is some sort of typo (and thus not a real question of course).
You are adding backticks to your fields
$update[] = '`' . $field . '`
^ here
But they are absent in the debug out.
So, you are either run or post wrong code, which makes whole question pointless.
check connection with db, and table field name spells., i think no problem in this code.
I have two *.sql files that I use when creating a new web site database. The first file creates all the tables. The second file populates some default records. I would like to execute these files from PHP. I also use the Zend_Framework, if that will help accomplish this.
Additional Info
I don't have console access
I'm trying to automate site generation from within our application.
SOLUTION
Using shell_exec()...
$command = 'mysql'
. ' --host=' . $vals['db_host']
. ' --user=' . $vals['db_user']
. ' --password=' . $vals['db_pass']
. ' --database=' . $vals['db_name']
. ' --execute="SOURCE ' . $script_path
;
$output1 = shell_exec($command . '/site_db.sql"');
$output2 = shell_exec($command . '/site_structure.sql"');
...I never did get useful output, but followed some suggestions on another thread and finally got it all working. I switch to the --option=value format for the commands and used --execute="SOURCE ..." instead of < to execute the file.
Also, I never got a good explanation of the difference between shell_exec() and exec().
This question comes up from time to time. There's no good solution for running a .sql script directly from PHP. There are edge cases where statements common in a .sql script can't be executed as SQL statements. For example, the mysql tool has builtin commands that are not recognized by the MySQL Server, e.g. CONNECT, TEE, STATUS, and DELIMITER.
So I give +1 to #Ignacio Vazquez-Abrams's answer. You should run your .sql script in PHP by invoking the mysql tool, for instance with shell_exec().
I got this test working:
$command = "mysql --user={$vals['db_user']} --password='{$vals['db_pass']}' "
. "-h {$vals['db_host']} -D {$vals['db_name']} < {$script_path}";
$output = shell_exec($command . '/shellexec.sql');
See also my answers to these related questions:
Loading .sql files from within PHP
is it possible to call a sql script from a stored procedure in another sql script?
PHP: multiple SQL queries in one mysql_query statement
$commands = file_get_contents($location);
$this->_connection->multi_query($commands);
You'll need to create a full SQL parser for this. I recommend you use the mysql command line tool for this instead, invoking it externally from PHP.
Here is what I use:
function run_sql_file($location){
//load file
$commands = file_get_contents($location);
//delete comments
$lines = explode("\n",$commands);
$commands = '';
foreach($lines as $line){
$line = trim($line);
if( $line && !startsWith($line,'--') ){
$commands .= $line . "\n";
}
}
//convert to array
$commands = explode(";", $commands);
//run commands
$total = $success = 0;
foreach($commands as $command){
if(trim($command)){
$success += (#mysql_query($command)==false ? 0 : 1);
$total += 1;
}
}
//return number of successful queries and total number of queries found
return array(
"success" => $success,
"total" => $total
);
}
// Here's a startsWith function
function startsWith($haystack, $needle){
$length = strlen($needle);
return (substr($haystack, 0, $length) === $needle);
}
I have never had to use it but the mysqli class has a multi_query method:
http://php.net/manual/en/mysqli.multi-query.php
I know I'm pretty late to the party but PHP Mini Admin has been a lifesaver on a couple of occasions. It's basically a "lite" PHPMyAdmin all contained in one file so no need for complicated installs, just upload it and log in. Simples!
Don't forget about phpMyAdmin. Pretty solid interface for interacting with MySQL.
I don't know if it solves your problem, since I don't know if you can interact with it directly from code, but just wanted to throw it out there.
You can use this script to run MySQL script files. You'll need to set $hostName, $userName, $password, $dataBaseName, $port and $fileName of course.
<?php
function parseScript($script) {
$result = array();
$delimiter = ';';
while(strlen($script) && preg_match('/((DELIMITER)[ ]+([^\n\r])|[' . $delimiter . ']|$)/is', $script, $matches, PREG_OFFSET_CAPTURE)) {
if (count($matches) > 2) {
$delimiter = $matches[3][0];
$script = substr($script, $matches[3][1] + 1);
} else {
if (strlen($statement = trim(substr($script, 0, $matches[0][1])))) {
$result[] = $statement;
}
$script = substr($script, $matches[0][1] + 1);
}
}
return $result;
}
function executeScriptFile($fileName, $dbConnection) {
$script = file_get_contents($scriptFleName);
$statements = parseScript($script);
foreach($statements as $statement) {
mysqli_query($dbConnection, $statement);
}
}
$hostName = '';
$userName = '';
$password = '';
$dataBaseName = '';
$port = '';
$fileName = '';
if ($connection = #mysqli_connect($hostName, $userName, $password, $dataBaseName, $port)) {
executeScriptFile($fileName, $connection);
} else {
die('Can not connect to MySQL');
}
I created a migration script with multi_query. It can process mysqldump output and phpmyadmin exports without mysql command line tool. I also made some logic to process multiple migration files based on timestamp stored in DB like Rails. I know it needs more error handling but currently does the work for me.
Check it out: https://github.com/kepes/php-migration
I think if you don't process user input with it only scripts made by developers or export tools you can use it safely.
Here is my solution and the below code explains what is does.
The principle is to read the file line by line, build a query and execute each of them. I saw many solutions using the "file_get_contents" which is not a good solution because it could cause a buffer issue as it read the whole file contents to string variable.
My solution takes also into account TRIGGERs' queries.
There's no array allocation, comment and empty lines are stripped.
<?php
/**
* Get a connection from database
* #param type $db_host database hostname
* #param type $db_user database username
* #param type $db_password database password
* #param type $db_name database name
* #return \PDO
*/
function get_db_connection($db_host, $db_user, $db_password, $db_name)
{
$dns = "mysql:host=$db_host;dbname=$db_name";
try
{
return new PDO($dns, $db_user, $db_password);
} catch (PDOException $ex)
{
return null;
}
}
/**
* Runs SQL queries from file
*/
function exec_sql_queries_from_file($script_file, $db_host, $db_user, $db_password, $db_name)
{
// to increase the default PHP execution time
set_time_limit ( 60 ); // Max time = 60 seconds
// Connect to database
$connection = get_db_connection($db_host, $db_user, $db_password, $db_name);
// If the connection is acquired
if($connection != null){
// Open sql file
$f = fopen($script_file, 'r');
// sql query
$query = '';
// Default delimiter for queries
$delimiter = ';';
// read line by line
while (!feof($f))
{
$line = str_replace(PHP_EOL, '', fgets($f)); // read a line and remove the end of line character
/* if the current line contains the key word 'DELIMITER'. Ex: DELIMITER ;; or DELIMITER $$
* mostly used for TRIGGERS' queries
*/
if(strpos($line, 'DELIMITER') !== false)
{
// change the delimiter and read the next line
$delimiter = str_replace('DELIMITER ', '', $line);
continue;
}
// Consider the line as part of a query if it's not empty and it's not a comment line
if (!empty($line) && !starts_with($line, '/*') && !starts_with($line, '--'))
{
// the query hasn't reach its end: concatenate $line to $query if $line is not a delimiter
$query .= $line !== $delimiter ? $line : '';
// if the current line ends with $delimiter: end of current query
if (ends_with($line, $delimiter))
{
// exec the query
$connection->exec($query) or die($connection->errorInfo());
// start new query
$query = '';
}
}
}
fclose($f);
}
}
/**
* Starts with function
*/
function starts_with($haystack, $needle)
{
return $haystack{0} === $needle{0} ? stripos($haystack, $needle) === 0 : false;
}
/**
* Ends with function
*/
function ends_with($haystack, $needle)
{
$pos = stripos($haystack, $needle);
return $pos === FALSE ? FALSE : substr($haystack, $pos) === $needle;
}
To execute table generation from within the application, you may want to create a php file that will do just that when you run it.
$hostname = "localhost";
$database = "databasename";
$username = "rootuser";
$UserPassword = "password";
$myconnection = mysql_pconnect($hostname, $username , $UserPassword) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_connect($hostname , $username , $UserPassword ) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
if ( !$myconnection ){ echo "Error connecting to database.\n";}
$userstableDrop = " DROP TABLE IF EXISTS `users`";
$userstableCreate = " CREATE TABLE IF NOT EXISTS `users` (
`UserID` int(11) NOT NULL,
`User_First_Name` varchar(50) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=15" ;
$userstableInsert = "INSERT INTO `users` (`UserID`, `User_First_Name`) VALUES
(1, 'Mathew'),
(2, 'Joseph'),
(3, 'James'),
(4, 'Mary')";
$userstableAlter1 = "ALTER TABLE `users` ADD PRIMARY KEY (`UserID`)";
$userstableAlter2 = " ALTER TABLE `users` MODIFY `UserID` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=15";
$createDb_sql = $userstableDrop;
$insertSite = mysql_query($createDb_sql);
$createDb_sql = $userstableCreate;
$insertSite = mysql_query($createDb_sql);
$createDb_sql = $userstableInsert;
$insertSite = mysql_query($createDb_sql);
$createDb_sql = $userstableAlter1;
$insertSite = mysql_query($createDb_sql);
$createDb_sql = $userstableAlter2;
$insertSite = mysql_query($createDb_sql);
echo "Succesful!";
mysql_close($myconnection );
Just wanna to add to #Bill Karwin answer given above.
You can import | reinitialize | execute custom SQL; the database using sql script file, by simply clicking on button. That button would execute the sql script file using ajax.
eg.
Front end code
<input type="button" value="Execute SQL Script" id="btnExecuteScript" />
<input type="button" value="reset" onclick="clearDiv('divExecuteScript')" />
<div id="divExecuteScript" style='display: none'></div>
<br />
Jquery code calling the ajax
$('#btnExecuteScript').click(function (event) {
if ($('#divExecuteScript').html() == '') {
$('#divExecuteScript').html("<b style='font-family: sans-serif;font-size: larger'>Please Wait, It might take a few minutes</b>");
$('#divExecuteScript').show();
$.get("../controller/Controller.php?executeScript=TRUE", function (data) {
// alert("$" + data + "$");
$('body').css('cursor', 'default');
$('#divExecuteScript').html(data);
$('#divExecuteScript').show();
});
} else
$('#divExecuteScript').toggle();
});
connection file
class Conn {
protected $databaseURL; // const
protected $databaseName;
protected $databaseUName;
protected $databasePWord;
public $mysqli;
public function __construct($args = null) {
if (stripos($_SERVER['SERVER_NAME'], "localhost") !== FALSE) {
$this->databaseURL = "host";
$this->databaseName = "database";
$this->databaseUName = "user";
$this->databasePWord = "password";
}
$this->mysqli = new mysqli($this->databaseURL, $this->databaseUName, $this->databasePWord, $this->databaseName) or die('Could not connect to the database server' . mysqli_connect_error());
if (empty($this->mysqli))
die("Error while connecting to host");
}
function get_databaseURL() {
return $this->databaseURL;
}
function get_databaseUName() {
return $this->databaseUName;
}
function get_databasePWord() {
return $this->databasePWord;
}
function get_databaseName() {
return $this->databaseName;
}
}
controller code executing the command
$con = new Conn();
$mysqli = new mysqli($con->get_databaseURL(), $con->get_databaseUName(), $con->get_databasePWord(), $con->get_databaseName()) or die('Could not connect to the database server' . mysqli_connect_error());
if (isset($_GET['executeScript'])) {
$script_path = '/path-to-script-file/filename.sql';
$command = "mysql --user={$con->get_databaseUName()} --password='{$con->get_databasePWord()}' "
. "-h {$con->get_databaseURL()} -D {$con->get_databaseName()} < {$script_path}";
$output = shell_exec($command);
if (!empty($output))
echo "<b style='font-family: sans-serif;font-size: large'>Execute the SQL script<br />";
else
echo "<b style='font-family: sans-serif;font-size: large'>Unable to execute the SQL script</b><br />";
return;
}
PHP Code
The code I found on this page worked for me.
(Scroll down to see the commented version)
<?php
$conn = new mysqli('localhost', 'root', '' , 'sql_auto_test_table');
$query = '';
$sqlScript = file('sqlFileName.sql');
foreach ($sqlScript as $line) {
$startWith = substr(trim($line), 0 ,2);
$endWith = substr(trim($line), -1 ,1);
if (empty($line) || $startWith == '--' || $startWith == '/*' || $startWith == '//') {
continue;
}
$query = $query . $line . "/*<br>*/";
if ($endWith == ';') {
mysqli_query($conn,$query) or die('<div>Problem in executing the SQL query <b>,<br><br>' . $query. '</b><br><br>'.$conn->error.'</div>');
$query= '';
}
}
echo '<div>SQL file imported successfully</div>';
?>
Potential Fixes
I tested this file with a WordPress database exported to SQL using phpMyAdmin and it worked fine. I had to add the following lines at the top of the .sql file to avoid a few DEFAULT VALUE errors in some DATE columns. Alternatively, you can try executing the following queries before executing your SQL file if you receive a similar error.
SET GLOBAL sql_mode = 'NO_ENGINE_SUBSTITUTION';
SET SESSION sql_mode = 'NO_ENGINE_SUBSTITUTION';
In addition, substitute the violent die() function with a better error-handling mechanism.
Explanation
In case you want, I added a few comment lines to explain the behavior.
<?php
$conn = new mysqli('localhost', 'root', '' , 'db_name');
$query = ''; //Set an empty query variable to hold the query
$sqlScript = file('mySqlFile.sql'); //Set the sql file location
//Read each line of the file
foreach ($sqlScript as $line) {
//Get the starting character and the ending character of each line
$startWith = substr(trim($line), 0 ,2);
$endWith = substr(trim($line), -1 ,1);
//Check for empty or comment lines. (If the line starts with --,/*,// or the line is empty, skip to the next line)
if (empty($line) || $startWith == '--' || $startWith == '/*' || $startWith == '//') {
continue;
}
//Add the line to the query. (Additional optional commented out <br> tag added to query for easy error identification)
$query = $query . $line . "/*<br>*/";
//If the line end with a ";" assume the last query has ended in this line
if ($endWith == ';') {
//Therefore, try to execute the query. Upon failure, display the last formed query with the SQL error message
mysqli_query($conn,$query) or die('<div>Problem in executing the SQL query <b>,<br><br>' . $query. '</b><br><br>'.$conn->error.'</div>');
//Reset the query variable and continue to loop the next lines
$query= '';
}
}
//If nothing went wrong, display a success message after looping through all the lines in the sql file
echo '<div>SQL file imported successfully</div>';
/*
If failed with an invalid DEFAULT value for a DATE column error, try adding the following lines to the top of your SQL file. Otherwise, execute these lines before executing your .sql file.
SET GLOBAL sql_mode = 'NO_ENGINE_SUBSTITUTION';
SET SESSION sql_mode = 'NO_ENGINE_SUBSTITUTION';
*/
?>
I found the easy solution, that's works for me
$new_conn=mysqli_connect("localhost","db_user","pass","db_name");
$quries=file_get_contents("db_backup.sql");
$res=mysqli_multi_query($new_conn,$quries);
One suggestion:
// connect to db.
if (mysql_query("SOURCE myfile.sql")) {
echo "Hello Sonny";
}