Ok so i already have a few insert scripts working, however when i try and use this one nothing happens. I dont get an error or anything, it simply doesnt insert into the database. I have a feeling its the date parameter, however im unsure how to make it recognizable?
<?php //SETTING SESSION VARIABLES FOR ROUND 1 TEAMS AND SCORE
session_start();
if (isset($_POST['go1'])) { // MATCHUP 1
include_once 'dbcon.php';
$_SESSION['t_team1'] = $_POST['team-1'];
$_SESSION['t_team2'] = $_POST['team-2'];
$_SESSION['s_score1'] = $_POST['score-1'];
$_SESSION['s_score2'] = $_POST['score-2'];
$team1winner = mysqli_real_escape_string($conn, $_POST['team-1']);
$team2winner = mysqli_real_escape_string($conn, $_POST['team-2']);
$date1 = mysqli_real_escape_string($conn, $_POST['date-1']);
$sql = "INSERT INTO knockout (knockout_team1, knockout_team2, knockout_date)
VALUES ('$team1winner', '$team2winner', '$date1');";
header("Location: ../tables.php?tables=winner");
}
//date html
<input type="date" name"date-1" value="date" class="date">
First of all, you are putting the SQL command in a string but you are not actually executing the command.
Second of all, if you are executing the command but you are not showing it here and your dbcon.php file is working properly, then it is more likely a date format issue.
Finally, you need to execute all of your commands especially INSERT commands in prepared statements to prevent SQL injections winch is VERY important.
Here how your code should look like :
<?php //SETTING SESSION VARIABLES FOR ROUND 1 TEAMS AND SCORE
session_start();
if (isset($_POST['go1'])) { // MATCHUP 1
include_once 'dbcon.php';
$_SESSION['t_team1'] = $_POST['team-1'];
$_SESSION['t_team2'] = $_POST['team-2'];
$_SESSION['s_score1'] = $_POST['score-1'];
$_SESSION['s_score2'] = $_POST['score-2'];
$team1winner = mysqli_real_escape_string($conn, $_POST['team-1']);
$team2winner = mysqli_real_escape_string($conn, $_POST['team-2']);
$date1 = mysqli_real_escape_string($conn, $_POST['date-1']);
$TeamsStat = $conn->prepare("INSERT INTO knockout (knockout_team1, knockout_team2, knockout_date) VALUES (?, ?, ?)");
$TeamsStat->bind_param("sss", $team1winner, $team2winner, $date1);
$TeamsStat->execute();
$TeamsStat->close();
header("Location: ../tables.php?tables=winner");
}
Where $conn is the object of your database connection.
Since prepared statements doesn't support date type and since the date is not a free input value, the knockout_date column should be a string and the variable $date1 should also be a string.
Hope that helped you.
The date format in HTML is of type dd-mm-yyyy but while inserting it into database you need to make sure its YYYY-mm-dd type. So make sure you are converting it Before inserting it
Ex :
$originalDate = $yourDateVariable;
$newDate = date("d-m-Y", strtotime($originalDate));
Or Go through manual and find alternatives functions to convert it
Related
i want to send data with url
and my code php is:
<?php
$db_host="127.0.0.1"; $db_uid="root"; $db_pass="";
$db_name="highway_db"; $db_con =
mysqli_connect($db_host,$db_uid,$db_pass,$db_name);
$longitude =(isset( $_GET['lon`enter code here`gitude']));
$latitude = (isset($_GET['latitude']));
$timestamp = (isset($_GET['timestamp']));
$result = mysqli_query($db_con,"INSERT INTO accident (longitude, latitude, timestamp)
VALUES ($longitude, $latitude, $timestamp)");
if($result == true)
echo '{"query_result":"SUCCESS"}';
else
echo '{"query_result":"FAILURE"}';
mysqli_close($db_con);
?>
and my table is accident have id,longitude,latitude and timestamp
id is AUTO_INCREMENT.
but thme problem when i use this url :
http://127.0.0.1/addAccidents.php?longitude=3.54&latitude=3.09×tamp=2016-04-25 11:11:00
i find that is add to my table accident
longitude=1
latitude =1,
timestamp =0000-00-00 00:00:00.
and this my problem with url please help me
try this :
$result = mysqli_query($db_con,"INSERT INTO accident (longitude, latitude, timestamp) VALUES ('".$longitude."', '".$latitude."', '".$timestamp."')");
Echo the sql query and try to run query directly in your phpmyadmin and also check your database table column type.
try changing the setting of hte variables around - you should anyway because even if the GET value is not present - this code will still try to insert values into the db, such as :
if(isset( $_GET['longitude'])){$longitude =$_GET['longitude']};
and then write code that only allows the writing to the db if the three values are set.
isset() is a function which checks if a given variable has contents or not. If it has it returns 1 and if not it return 0.
In all 3 below statements, you are just checking the variables, you have not assigned values to your variables!
Try to use this code here, it should work if GET REQUEST with those specified parameters is sent!
<?php
$db_host="127.0.0.1";
$db_uid="root";
$db_pass="";
$db_name="highway_db";
$db_con = mysqli_connect($db_host,$db_uid,$db_pass,$db_name);
$longitude = isset($_GET['longitude'])?$_GET['longitude']:"";
$latitude = isset($_GET['latitude'])?$_GET['latitude']:"";
$timestamp = isset($_GET['timestamp'])?$_GET['timestamp']:"";
$query = "INSERT INTO accident (longitude,latitude,timestamp) VALUES ($longitude,$latitude,$timestamp)";
if(mysqli_query($db_con,$query)){
echo '{"query_result":"SUCCESS"}';
}
else{
echo '{"query_result":"FAILURE"}';
echo "ERROR= ". mysql_error();
}
mysqli_close($db_con);
?>
Let me know how it goes....
I receive a GET variable named $temp in my php code, after connecting to the server and selecting the correct database, and I am able to pass it into the table using:
mysql_query("INSERT INTO Temperature (Temperature) VALUES ($temp)");
However if I save a time variable using:
$time = date('G:i', time());
and try and pas it in with:
mysql_query("INSERT INTO Temperature (Temperature) VALUES ($temp)");
or even:
mysql_query("INSERT INTO Temperature (Time,Temperature) VALUES ($time,$temp)");
I am unable to get it to be passed into my table.
I am echoing both variables so I know they are being saved correctly into the variables. Also, in my table there are two columns named "Time" and "Temperature". The name of the table is "Temperature". Why won't the $time variable get passed in if it is the exact same line of code as $temperature variable except for changing the column name? Also both columns are set to recieve varchar (20) could this be the issue?
You're very close to having it right in your example. In this line you need quotes in your query around your values.
mysql_query("INSERT INTO Temperature (Time,Temperature) VALUES ($time,$temp)");
So it would look like this:
mysql_query("INSERT INTO Temperature (Time,Temperature) VALUES ('$time', '$temp')");
But this way of creating a query is soon to be deprecated for the easier to use and more modern method of using PDO. Using PDO would looking something like this:
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare('INSERT INTO Temparature (`time`, `temperature`)
VALUES (:time, :temperature)');
$stmt->bindParam(':time', $time);
$stmt->bindParam(':temperature', $temp);
// insert a row
$temp = "34";
$time = date('G:i', time());
$stmt->execute();
A time column in MySQL expects a string in the format 'hh:mm:ss'.
To do this, you could do:
$timestamp = time();
$time = date('G:i', $timestamp); // assuming you need $time somewhere else
mysql_query("INSERT INTO Temperature (Time,Temperature) VALUES ( ".date('H:i:s', $timestamp).", $temp)");
If you do not need $time for any other purpose than inserting it in the database, you could use:
mysql_query("INSERT INTO Temperature (Time,Temperature) VALUES (NOW(), $temp)");
And let MySQL do the time creation for you.
To only select the hours and minutes do:
SELECT TIME_FORMAT(Time, '%H:%i') FROM Temperature;
See the MySQL Documentation for more info on formatting date and time as strings.
I am posting data for event in this format via ajax:
doctor=100&date=2015-04-30&rCheck=1&rDate=2015-05-12&fromTime=21%3A35&toTime=22%3A40&status=open
I am getting it like this with php
$date = $_POST['date'];
$fromHours = $_POST['fromHours'];
$fromMinutes = $_POST['fromMinutes'];
$toHours = $_POST['toHours'];
$toMinutes = $_POST['toMinutes'];
$fromTime = $_POST['fromTime'];
$toTime = $_POST['toTime'];
$start = $date.' '.$fromTime.':00';
$end = $date.' '.$toTime.':00';
$status = $_POST['status'];
$doctor = $_POST['doctor'];
if($_POST['rCheck']==1){
$repeat = $_POST['rDate'];
}else{
$repeat = '0000-00-00';
}
When I echo any of that variables I get correct result.
I am inserting data in database like this:
$query = 'INSERT INTO events (start,end,doctor,status,repeat) VALUES ("'.$start.'","'.$end.'","'.$doctor.'","'.$status.'","'.$repeat.'")';
$result = mysqli_query($db, $query) or die (mysqli_error($db));
Now main problem is $repeat because without it everything is inserted without problem but with $repeat I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'repeat) VALUES ("2015-04-30 21:35:00","2015-04-30 22:40:00","100","offen","2015-' at line 1
Insert stops after fifth '-' character. Even if $repeat is 0000-00-00
Field for that in database is date field in format 0000-00-00
I really don't know where problem is.
Thank you for helping.
repeat is a MySQL reserved word
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
Either rename it to something else; for example "repeats", or use ticks around it
(start,end,doctor,status,`repeat`)
Look at what MySQL is telling you; it's pointing it out where it starts:
...for the right syntax to use near 'repeat
^
Sidenote:
If you're still having problems inserting data into your table, you can sanitize your input(s) using mysqli_real_escape_string() or using prepared statements as stated below.
I need to point out though, that your present code is open to SQL injection.
Use prepared statements, or PDO with prepared statements, they're much safer.
I'm trying to filter out repeated values entering into a MySQL table, by comparing the input PHP variable with the timestamp of an entry already present in the table and only if they don't match, the input PHP variable is entered into the table.
$user1_date = mysql_real_escape_string($user1_date); // the date variable
$user1_temp1 = mysql_real_escape_string($user1_temp1);
$user1_temp2 = mysql_real_escape_string($user1_temp2);
$user1_temp3 = mysql_real_escape_string($user1_temp3);
$user1_date = date("Y-m-d H:i:s", strtotime($user1_date)); //Typecasting PHP variable into timestamp
$sql_check = "SELECT * FROM user_details WHERE temp_date ='$user1_date'";
$result_check = mysql_query($sql_check);
$num_rows_check = mysql_num_rows($result_check);
if ($num_rows_check == 0) // To check if there is no entry in the table with the same date and time as input PHP variable
{
$sql_insert = "INSERT INTO data_hour (user_id, temp1, temp_date, temp2, temp3)
VALUES (1,'$user1_temp1', '$user1_date', '$user1_temp2', '$user1_temp3')";
$result_insert = mysql_query($sql_insert);
}
temp_date is a column in the table of type timestamp. Even when the $user1_date is the same as the temp_date(timestamp) column for one of the entries in the table, it considers it as not equal and is inserting it into the table and hence I'm getting repeated values. I'm guessing the WHERE temp_date = '$user1_date'is not working properly. Some troubleshooting that I have done included
Changing '$user1_date' to just $user1_date in the WHERE
statement
Changing the WHERE clause as follows WHERE temp_date = (date)'$user1_date'
It will be great if somebody can help me out with this!
A nice easy solution would be giving temp_date a UNIQUE INDEX in your Mysql Table, as that would not allow the same value to be inserted twice. This would also make your operations more efficient, as you wouldn't have to do SELECT * every time you want to insert something.
However, for what you're doing, I think I see your problem; there are some quirks in your logic so I'll try to dispel them here. (Hopefully?) this will make your program cleaner and you'll be able to pinpoint the error, if not eliminate it altogether.
Examining this piece of code:
// $user1_date doesn't have a value here! //
$user1_date = mysql_real_escape_string($user1_date);
...
$user1_date = date("Y-m-d H:i:s", strtotime($user1_date));
Error 1 - You escape the string before ever setting a value.
What you are doing is that you are using mysql_real_escape_string() before $user1_date is ever defined.
Correction:
// Getting better, but not done. //
$user1_date = date("Y-m-d H:i:s", strtotime($user1_date));
...
$user1_date = mysql_real_escape_string($user1_date);
Error 2 - You do not give the date() function appropriate parameters
The date() function in PHP expects a timestamp, which is just an int. You can easily get the time with time(), so that should rectify your problem
Correction:
// You use strtotime($user1_date), but you should use time() //
$user1_date = date("Y-m-d H:i:s", time());
...
$user1_date = mysql_real_escape_string($user1_date);
These are small mistakes, but they can be deadly. Like I said, you should assign temp_date to a UNIQUE INDEX in your MySQL table, but make sure to correct these errors listed as well.
Let me know how it goes!
I'm trying to insert some data into my mysql database. The connection is working fine but im having a problem with sending the query correctly to the database. Below you can find the code in my php file. I also post what for type of fields they are in the Database.
Fields in the mysql database:
Reservaties_id = int
Materialen_id = int
aantal = int
effectief_gebruikt = tinyint
opmerking = Varchar2
datum_van = date
datum_tot = date
$resID = $_REQUEST['resID'];
$materialen_id = $_REQUEST['materialen_id'];
$aantal = $_REQUEST['aantal'];
$effectief_gebruikt = $_REQUEST['effectief_gebruikt'];
$opmerking = $_REQUEST['opmerking'];
$datum_van = date('YYYY-MM-DD',$_REQUEST['datum_van']);
$datum_tot = date('YYYY-MM-DD',$_REQUEST['datum_tot']);
$string = "INSERT INTO `materialen_per_reservatie`(`reservaties_id`, `materialen_id`, `aantal`, `effectief_gebruikt`, `opmerking`, `datum_van`, `datum_tot`) VALUES ($resID, $materialen_id, $aantal, $effectief_gebruikt, '$opmerking', $datum_van, $datum_tot)";
mysql_query($string);
you have to include single quotes for the date fields '$dataum_van'
$string = "INSERT INTO `materialen_per_reservatie`(reservaties_id, materialen_id, aantal, effectief_gebruikt, opmerking, datum_van, datum_tot) VALUES ($resID, $materialen_id, $aantal, $effectief_gebruikt, '$opmerking', '$datum_van', '$datum_tot')";
and this is only a example query, while implementing don't forget to sanitize your inputs
Your code has some serious problems that you should fix. For one, it is not doing any error checking, so it's no surprise the query breaks silently when it fails. Check for errors and it will tell you what goes wrong - how to do it is outlined in the manual on mysql_query() or in this reference question.. Example:
$result = mysql_query($string);
// Bail out on error
if (!$result)
{
trigger_error("Database error: ".mysql_error(), E_USER_ERROR);
die();
}
In this specific case, I'm fairly sure it's because you are not putting your values into quotes after the VALUES keyword.
Also, the code you show is vulnerable to SQL injection. You need to escape every value you use like so:
$resID = mysql_real_escape_string($_REQUEST['resID']);
for this to work, you need to put every value in your query into quotes.
try this
$string = "INSERT INTO `materialen_per_reservatie`(`reservaties_id`) VALUES ('".$resID."')";