i want to insert with foreign key resident_id using prepared statement in table_complaints.
here is my picture of :
also i get the $ides = $_POST["resident_id"]; in view page
$servername = "localhost";
$username = "root";
$password = "";
$database = "myDb";
$conn = mysqli_connect($servername, $username, $password, $database);
if(!$conn){
die("Connection Failed: " . mysqli_connect_error());
}
if(isset($_POST["submits"])){
$comp_text = $_POST["comp"];
$complaints = $_POST["complaints"];
$ides =$_POST["resident_id"];
$statementi = mysqli_stmt_init($conn);
mysqli_stmt_prepare($statementi, "INSERT INTO table_complaint (nature_of_complaints, status)
VALUES (?, ?) WHERE resident_id = ?");
mysqli_stmt_bind_param($statementi, "ssi", $comp_text, $complaints);
mysqli_stmt_execute($statementi);
mysqli_stmt_close($statementi);
}
mysqli_close($conn);
Your insert query is incorrect.
You can use this:
INSERT INTO table_complaint (resident_id,nature_of_complaints, status) VALUES (?,?,?)
and then bind the parameters:
mysqli_stmt_bind_param($statementi, "iss", $ides,$comp_text, $complaints);
Related
The below query wont insert to database, I had tried this query on my database so I am quite sure that the query is working. I also added the dbcon.php below.
<?php
require '../api/dbcon.php';
$stmt=$conn->prepare("INSERT INTO joborder (AirCondition,
CarpentryMasonry,
ElectricalWorks,
Plumbing,
Welding,
Campus,
priorityId,
RequestorName,
UserJobDescription,
SerialCode
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" );
$stmt->bind_param('ssssssssss',
$airConditioning,
$masonryCarpentry,
$electrical,
$plumbing,
$welding,
$campus,
$priority,
$requester,
$userJobDescription,
$serialCode);
$airConditioning = "check";
$masonryCarpentry = "check";
$electrical = "check";
$plumbing = "check";
$welding = "check";
$campus = 'NA';
$priority = '1';
$requester = "m";
$userJobDescription ="test";
//create serial code
$serialCode= "na12321";
?>
dbcon.php
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbtable = "table";
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbtable);
if(!$conn ){
die('Could not connect: ' . mysqli_error());
}
?>
you're using a bad error reporting mode, and thus need to meticulously check for errors everywhere, but you're not.
on not-dbcon.php on line 4 you're not checking that $conn->prepare succeeded, do that, it returns bool(false) if there was an error. on line 16 you're not checking that $stmt->bind_param succeeded, do that, it returns bool(false) if there was an error. or better yet, don't do that, just convert return-value-error-reporting into exception-error-reporting, by running $conn->report_mode = MYSQLI_REPORT_ALL; immediately after creating the object.
... and most importantly, seems you forgot to run $stmt->execute(), which actually executes the query, which obviously explains why you're not inserting anything.
<?php
$servername = "localhost";
$username = "root";
$password = "123456";
$database = "inventory";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
$stat = $conn->prepare("INSERT INTO salary (name, salary, job) values (?, ?, ?)");
$name = 'test';
$salary = '21123';
$job = 'demo';
$stat->bind_param($name,$salary, $job );
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO salary (name, salary, job) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$firstname = "Johnqqq";
$lastname = "123123";
$email = "sdadsad";
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$conn->close();
?>
So I've finished building a question and answer site and am now trying to defend it against SQL injection but having problems with CURRENT_DATE. I want to insert current date with the question into db but what binding marker would that be? "s" for string is not working?
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "questions87";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
session_start();
$question = $_POST["question"];
$uname = $_SESSION['username'];
$qa_email =$_SESSION['email'];
// prepare and bind
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $question, $uname, CURRENT_DATE, $qa_email);
$stmt->execute();
if ($stmt) {echo "Thank you ". $uname . " Your question has been submitted " . "<br>";}
else {echo "Error: " . $sql . "<br>" . mysqli_error($conn);}
$stmt->close();
$conn->close();
?>
Use simple mysql function NOW() and remove placeholder for q_date:
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, NOW(), ?)");
$stmt->bind_param("sss", $question, $uname, $qa_email);
Btw, I noticed, you have field username twice in this query. I suppose one of the occurences should be replaced with some other field.
I have a such select:
$sql = "SELECT milestone_id, project_id, sum(estimated_hours) as value_sum
FROM project_has_tasks GROUP BY milestone_id";
Getting a multiple results.
Is this possible to create a query to INSERT these results to multiple rows in DB?
Thanks to myself :) Is so simple as ....
<?php
$servername = "localhost";
$username = "db";
$password = "password";
$dbname = "db";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO `burndown_snap` (`project_id`,`milestone_id`,`estimated_sum`)
SELECT `project_id`, `milestone_id`, sum(estimated_hours) as value_sum FROM project_has_tasks WHERE status !='done' GROUP BY milestone_id";
$result = $conn->query($sql);
$conn->close();
?>
Am trying to insert multiple rows in to table using php:
<?php
$host = "localhost";
$username = "mysql_username";
$password = "mysql_password";
$dbname = "employee";
$con = mysqli_connect($host, $username, $password, $dbname) or die('Error in Connecting: ' . mysqli_error($con));
$st = mysqli_prepare($con, 'INSERT INTO emp(name, gender, designation) VALUES (?, ?, ?)');
// bind variables to insert query params
mysqli_stmt_bind_param($st, 'sss', $name, $gender, $designation);
for ($x = 0; $x <= 3; $x++) {
$name = 'tom';
$gender = 'male';
$designation = 'developer';
mysqli_execute($st);
}
//close connection
mysqli_close($con);
?>
But the rows that i want to insert are not saved in database. Are there any mistakes in my code ?
Actually I want the for loop from json array, I just test using for loop for knowing it is worked or not.
I think the code is right, but try this:
<?php
$host = "localhost";
$username = "mysql_username";
$password = "mysql_password";
$dbname = "employee";
$con = mysqli_connect($host, $username, $password, $dbname) or die('Error in Connecting: ' . mysqli_error($con));
$st = mysqli_prepare($con, 'INSERT INTO emp(name, gender, designation) VALUES (?, ?, ?)');
for ($x = 0; $x <= 3; $x++) {
$name = 'tom';
$gender = 'male';
$designation = 'developer';
// bind variables to insert query params
mysqli_stmt_bind_param($st, 'sss', $name, $gender, $designation);
mysqli_execute($st);
}
//close connection
mysqli_close($con);
?>
The mysqli_stmt_bind_param($query, 'is',…) means the first value is an integer (i) and the next value is a string (s). Feel free to adjust to best fit your actual data types.
What am I missing?
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$name = 'Samuel "L" Jackson';
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("INSERT INTO test2 (id, name) VALUES (?,
?)");
$stmt->bind_param("is",'600' , $name);
$stmt->execute();
$stmt->close();
$conn->close();
?>
I'm getting the following error:
Cannot pass parameter 2 by reference in C.... on line ...
bind_param accepts two or more arguments. The first must be a string identifying the data types for the SQL parameters. The rest of the arguments must be variables that can be passed by reference. '600' is a constant, so you cannot pass it by reference.
Just use a temporary variable to work around that limitation, like this:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$id = 600;
$name = 'Samuel "L" Jackson';
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("INSERT INTO test2 (id, name) VALUES (?, ?)");
$stmt->bind_param("is", $id, $name);
$stmt->execute();
$stmt->close();
$conn->close();
?>