PHP query wont insert to database - php

The below query wont insert to database, I had tried this query on my database so I am quite sure that the query is working. I also added the dbcon.php below.
<?php
require '../api/dbcon.php';
$stmt=$conn->prepare("INSERT INTO joborder (AirCondition,
CarpentryMasonry,
ElectricalWorks,
Plumbing,
Welding,
Campus,
priorityId,
RequestorName,
UserJobDescription,
SerialCode
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" );
$stmt->bind_param('ssssssssss',
$airConditioning,
$masonryCarpentry,
$electrical,
$plumbing,
$welding,
$campus,
$priority,
$requester,
$userJobDescription,
$serialCode);
$airConditioning = "check";
$masonryCarpentry = "check";
$electrical = "check";
$plumbing = "check";
$welding = "check";
$campus = 'NA';
$priority = '1';
$requester = "m";
$userJobDescription ="test";
//create serial code
$serialCode= "na12321";
?>
dbcon.php
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbtable = "table";
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbtable);
if(!$conn ){
die('Could not connect: ' . mysqli_error());
}
?>

you're using a bad error reporting mode, and thus need to meticulously check for errors everywhere, but you're not.
on not-dbcon.php on line 4 you're not checking that $conn->prepare succeeded, do that, it returns bool(false) if there was an error. on line 16 you're not checking that $stmt->bind_param succeeded, do that, it returns bool(false) if there was an error. or better yet, don't do that, just convert return-value-error-reporting into exception-error-reporting, by running $conn->report_mode = MYSQLI_REPORT_ALL; immediately after creating the object.
... and most importantly, seems you forgot to run $stmt->execute(), which actually executes the query, which obviously explains why you're not inserting anything.

<?php
$servername = "localhost";
$username = "root";
$password = "123456";
$database = "inventory";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
$stat = $conn->prepare("INSERT INTO salary (name, salary, job) values (?, ?, ?)");
$name = 'test';
$salary = '21123';
$job = 'demo';
$stat->bind_param($name,$salary, $job );
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO salary (name, salary, job) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$firstname = "Johnqqq";
$lastname = "123123";
$email = "sdadsad";
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>

Related

insert a foreign key using prepared statement

i want to insert with foreign key resident_id using prepared statement in table_complaints.
here is my picture of :
also i get the $ides = $_POST["resident_id"]; in view page
$servername = "localhost";
$username = "root";
$password = "";
$database = "myDb";
$conn = mysqli_connect($servername, $username, $password, $database);
if(!$conn){
die("Connection Failed: " . mysqli_connect_error());
}
if(isset($_POST["submits"])){
$comp_text = $_POST["comp"];
$complaints = $_POST["complaints"];
$ides =$_POST["resident_id"];
$statementi = mysqli_stmt_init($conn);
mysqli_stmt_prepare($statementi, "INSERT INTO table_complaint (nature_of_complaints, status)
VALUES (?, ?) WHERE resident_id = ?");
mysqli_stmt_bind_param($statementi, "ssi", $comp_text, $complaints);
mysqli_stmt_execute($statementi);
mysqli_stmt_close($statementi);
}
mysqli_close($conn);
Your insert query is incorrect.
You can use this:
INSERT INTO table_complaint (resident_id,nature_of_complaints, status) VALUES (?,?,?)
and then bind the parameters:
mysqli_stmt_bind_param($statementi, "iss", $ides,$comp_text, $complaints);

What is the query binding marker for CURRENT_DATE when using mysqli prepared statements?

So I've finished building a question and answer site and am now trying to defend it against SQL injection but having problems with CURRENT_DATE. I want to insert current date with the question into db but what binding marker would that be? "s" for string is not working?
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "questions87";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
session_start();
$question = $_POST["question"];
$uname = $_SESSION['username'];
$qa_email =$_SESSION['email'];
// prepare and bind
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $question, $uname, CURRENT_DATE, $qa_email);
$stmt->execute();
if ($stmt) {echo "Thank you ". $uname . " Your question has been submitted " . "<br>";}
else {echo "Error: " . $sql . "<br>" . mysqli_error($conn);}
$stmt->close();
$conn->close();
?>
Use simple mysql function NOW() and remove placeholder for q_date:
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, NOW(), ?)");
$stmt->bind_param("sss", $question, $uname, $qa_email);
Btw, I noticed, you have field username twice in this query. I suppose one of the occurences should be replaced with some other field.

Insert Query into Online MySQL database not working

I am trying to insert data into an online MySql database,I used this query a few months ago now it doesn't seem to work,
My Form:
$name = "Hilary";
$number = "768";
$orderss = "Rice x1";
$location = "Chilenje";
$con= mysqli_connect($host,$user,$pass,$db);
$query= "insert into orders values('".$name."','".$number."','".$orderss."','".$location."');";
$result= mysqli_query($con,$query);
if(!$result)
{
$response = array();
$code= "reg_false";
$message="Error Placing Order...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
else
{
$response = array();
$code= "reg_true";
$message="Order Successful,Please wait for our call...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
mysqli_close($con);
?>
When i run this form i get the "Error placing orders" part of server response and values are not inserted.Please help me
Make your $query very simple like this if you're inserting into all columns of your table
$stmt = $conn->prepare("INSERT INTO orders VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);
or if you're inserting into specific columns you can use this by replacing column_name* with your actual column names
$stmt = $conn->prepare("INSERT INTO orders (column_name1, column_name2, column_name3, column_name4) VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);
or I also modified your current code so you can test at your end one more thing "siss" are arguments which are of 4 different types i - integer, d - double, s - string, b - BLOB
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$name = "Hilary";
$number = "768";
$orderss = "Rice x1";
$location = "Chilenje";
// Create connection
$con = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO orders VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);
if($stmt->execute()) {
$stmt->execute();
$response = array();
$code= "reg_true";
$message="Order Successful,Please wait for our call...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
} else {
$response = array();
$code= "reg_false";
$message="Error Placing Order...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
$stmt->close();
$con->close();
?>

Insert multiple rows in to table using php

Am trying to insert multiple rows in to table using php:
<?php
$host = "localhost";
$username = "mysql_username";
$password = "mysql_password";
$dbname = "employee";
$con = mysqli_connect($host, $username, $password, $dbname) or die('Error in Connecting: ' . mysqli_error($con));
$st = mysqli_prepare($con, 'INSERT INTO emp(name, gender, designation) VALUES (?, ?, ?)');
// bind variables to insert query params
mysqli_stmt_bind_param($st, 'sss', $name, $gender, $designation);
for ($x = 0; $x <= 3; $x++) {
$name = 'tom';
$gender = 'male';
$designation = 'developer';
mysqli_execute($st);
}
//close connection
mysqli_close($con);
?>
But the rows that i want to insert are not saved in database. Are there any mistakes in my code ?
Actually I want the for loop from json array, I just test using for loop for knowing it is worked or not.
I think the code is right, but try this:
<?php
$host = "localhost";
$username = "mysql_username";
$password = "mysql_password";
$dbname = "employee";
$con = mysqli_connect($host, $username, $password, $dbname) or die('Error in Connecting: ' . mysqli_error($con));
$st = mysqli_prepare($con, 'INSERT INTO emp(name, gender, designation) VALUES (?, ?, ?)');
for ($x = 0; $x <= 3; $x++) {
$name = 'tom';
$gender = 'male';
$designation = 'developer';
// bind variables to insert query params
mysqli_stmt_bind_param($st, 'sss', $name, $gender, $designation);
mysqli_execute($st);
}
//close connection
mysqli_close($con);
?>
The mysqli_stmt_bind_param($query, 'is',…) means the first value is an integer (i) and the next value is a string (s). Feel free to adjust to best fit your actual data types.

Mysqli Prepare statement not working

I am getting the following error when attempting to execute a prepared statement using MySQLi.
Any help to determine what I am doing incorrectly would be GREATLY appreciated.
Fatal error: Call to a member function prepare() on a non-object in etc.
I am connecting properly using this statement:
<?php
$DBHost = "localhost";
$DBUser = "xxxxxx";
$DBPass = "xxxxxx";
$DBName = "creati38_chicos";
$dbconn = new mysqli($DBHost, $DBUser, $DBPass, $DBName);
// check connection
if ($dbconn->connect_error) {
//echo $dbconn->connect_error;
die('Sorry, we are having some problems right now. Please check back later.');
}
else{
echo "You have connected Successfully";
}
?>
I am then using this statement:
<?php
if ((isset($_POST["update"])) && ($_POST["update"] == "Update Appliance")) {
$stmt = $mysqli->prepare("UPDATE appliances SET
category = ?,
make = ?,
model = ?,
description = ?,
price = ?
WHERE id = ?");
$stmt->bind_param('ssssdi',
$_POST['category'],
$_POST['make'],
$_POST['model'],
$_POST['description'],
$_POST['price'],
$_POST['id']);
$stmt->execute();
$stmt->close();
}
?>
it's not $mysqli->prepare( in your case it is $dbconn->prepare(
You are doing
$dbconn = new mysqli($DBHost, $DBUser, $DBPass, $DBName);
and using as
$mysqli->prepare()
make both same
Use $dbconn instead of $mysqli
$stmt = $dbconn->prepare("UPDATE appliances SET
category = ?,
make = ?,
model = ?,
description = ?,
price = ?
WHERE id = ?");
$stmt->bind_param('ssssdi',
$_POST['category'],
$_POST['make'],
$_POST['model'],
$_POST['description'],
$_POST['price'],
$_POST['id']);
$stmt->execute();
$stmt->close();
}
?>

Categories