This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(2 answers)
Closed 5 years ago.
I´m new in php programming and so i tried to connect my php file with an sql database. It´s working till i come to the point were i want to use a query and execute them. Can someone please help me why i always get "Error querying database"?
$query = "INSERT INTO user (surname, name, e-mail, password) VALUES ('$text', '$text2', '$text3', '$text4')";
$query2 = "CREATE TABLE $text3 (
name VARCHAR(30) PRIMARY KEY,
password VARCHAR(30))";
//make the query
$result = mysqli_query($db, $query) or die('Error querying database.');
$result2 = mysqli_query($db, $query2) or die('Error querying database1.');
I am defenitely connected with the database before.
My second question is the right use of the Create Table statement. I want to create a table which is named like the users E-mail address. Is this the right usage?
CREATE TABLE $text3 (
name VARCHAR(30) PRIMARY KEY,
password VARCHAR(30))";
I especially want to know if i need to set ' before the $text3 or not.
I solved this Problem with the help of #FunkFortyNiner the problem is the - between the e-mail. I neededt to remove it.
Now the code looks like this:
$query = "INSERT INTO user (surname, name, email, password) VALUES ('$text', '$text2', '$text3', '$text4')";
$query2 = "CREATE TABLE $text3 (
name VARCHAR(30) PRIMARY KEY,
password VARCHAR(30))";
//make the query
$result = mysqli_query($db, $query) or die('Error querying database.');
$result2 = mysqli_query($db, $query2) or die('Error querying database1.');
Use
die('Error querying database.' . mysqli_error($db) );
To know about the exact error.
More specifically use e_mail or email instead of e-mail as the column name in your db schema.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I'm attempting to make a simple web app. I'm at the stage of creating the user profile section of it, and I'm stuck at allowing the user to upload their own profile picture. please see below for the query I'm using.
$username = $_SESSION['username'];
$insertImage = $db->prepare("UPDATE `members` SET `profile_pic` = ('$dbDirectory') WHERE `username` = $username");
$insertImage->execute($imageArray);
I can't work out how to add the username session in to the query correctly. Currently I just get the error
"SQLSTATE[42S22]: Column not found: 1054 Unknown column 'VALUE' in
'where clause'".
If I change my query to this.
$insertImage = $db->prepare("UPDATE `members` SET `profile_pic` = ('$dbDirectory') WHERE `profile_pic` = `profile_pic`");
The same image directory path is inserted into every users 'profile_pic' row.
I'm most probably missing something extremely small here, but I just can't resolve this issue, so would greatly appreciate any guidance/advice. Thanks in advanced
Text variables should be wrapped in quotes ''
$insertImage = $db->prepare("UPDATE `members`
SET `profile_pic` = '$dbDirectory'
WHERE `username` = '$username'");
But you should really be using parameters in your prepared queries, to avoid SQL Injection, then you dont need to worry about quoting text variables as it all gets dont by the PDO class, for example
$stmt = $db->prepare("UPDATE `members`
SET `profile_pic` = :pic
WHERE `username` = :uname");
$stmt->execute( array(':pic'=> $dbDirectory, ':uname'=>$username') );
Or
$stmt = $db->prepare("UPDATE `members`
SET `profile_pic` = :pic
WHERE `username` = :uname");
$stmt->bindParam(':pic', $dbDirectory, PDO::PARAM_STR);
$stmt->bindParam(':uname', $username, PDO::PARAM_STR);
$stmt->execute();
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 7 years ago.
I'm working on a little browser game, but when I have a condition in connection to MySQLi database, it doesn't work.
In else closure it should write $name, but it doesn't.
if ($conn->connect_error){
die("Connection failed: ".$conn->connect_error);
}
else{
//IF CONNECTION IS GOOD, GET DATA FROM DATABASE
$query = "SELECT name, separator, description, maintenance FROM configuration";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);
$name = $row['name'];
//this ↓↓↓
echo $name;
}
Use back ticks (``) when using reserved words.
From,
$query = "SELECT name, separator, description, maintenance FROM configuration";
To,
$query = "SELECT name, `separator`, description, maintenance FROM configuration";
Try with backticks:
$query = "SELECT name, `separator`, description, maintenance FROM configuration";
This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(2 answers)
Closed 7 years ago.
i'm new to PHP and MySQL. I'm having issues with one of my mysqli_query functions. I have a database connection that works perfectly as the first half of my php file actually stores data into certain tables of the database.
The problem starts when i want to perform another query against the database. Here's the code:
// INSERT statements.
$queryMember = "INSERT INTO member (surname, name, gender, email, telHome, telMobile, dob, studentNum, idNum) VALUES ('$sur_name', '$f_name', '$gender', '$email', '$tel_home', '$mobile_num', ,'$date_of_birth', '$studentNumber', '$id_number')";
$queryAddress = "INSERT INTO physicalDetails (houseNum, unitNum, streetAdd, suburb, city, province, code ) VALUES ('$house_number', '$unit_number', '$street_address', '$suburb_name', '$city_name', '$province_name', '$zip_code')";
$queryStaff = "INSERT INTO staff (staffID ) VALUES ('$staff_id')";
$queryStudent = "INSERT INTO student (major ) VALUES ('$student_major')";
// Statements that must query the database.
$resultMember = mysqli_query($dbc, $queryMember) or die ('Error while inserting data into member details table');
$resultAddress = mysqli_query($dbc, $queryAddress ) or die ('Error while inserting data into member physical details table');
$resultStaff = mysqli_query($dbc, $queryStaff ) or die ('Error while inserting data into staff information table' );
$resultStudent = mysqli_query($dbc, $queryStudent ) or die ('Error while inserting data into student major details table');
mysqli_close($dbc);
When i run my form, my first error is the following: "Error while inserting data into member details table".
I don't understand why it's giving me an error. Any advice or suggestions would be appreciated. :)
Don't output a fixed (and useless) error message: Have the DB tell you what you did wrong:
$resultMember = mysqli_query($dbc, $queryMember) or die (mysqli_error($dbc));
^^^^^^^^^^^^
If you had that, you'd have been told about your syntax errors:
$queryMember = "[..snip..], '$mobile_num', ,'$date_of_birth', '$studentNumber', '$id_number')";
^^^^
This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 2 years ago.
Yes I know this has been asked before and I literally copied code from multiple answers from this site trying to get it to work. This is the code I've been using now but it keeps allowing me to enter duplicate entries.
$query = mysqli_query($con, "SELECT * FROM Email WHERE Email = '".$testemail. "'");
if(mysqli_num_rows($query) > 0){
echo "Email is already in use.<br>";
}else{
$query = mysqli_query($con, "SELECT * FROM Username WHERE Username = '".$testname. "'");
if(mysqli_num_rows( $query) > 0){
echo "Username is already in use.<br>";
}else{
$sql = "INSERT INTO users (Username, Password, Email, Firstname, Lastname, Lastlogin, Registered) VALUES ('$testname', '$testpass', '$testemail', '$testfirstname' , '$testlastname', '$lastlogin', '$registered')";
if ($conn->query($sql) === TRUE) {
echo "New account created successfully<br>";
}
}
}
Is the specific code that should stop this from happening but here is the full page:
First time that I'm working with a login system like this so I wouldn't be surprised if I'm making some stupid mistake.
EDIT: I tried editing it but its still not working, I also made the 'Email' and 'Username' column unique in my database. But all this does is stop the data from being inputed at all. I also tried a workaround where it displays a error at error number 1062 but that happens hasn't worked yet.
The new code
I missed something obvious as well, I'm using a IF statement so it only loops through the fie query check once I think
I suspect those SELECT queries are failing because they're not reading the same data that's inserted into the database. Here's your insert:
INSERT INTO users ...
But you're selecting from different tables:
SELECT * FROM Email ...
SELECT * FROM Username ...
If the values are in a table called users, why are you selecting from tables called Email and Username? Maybe you meant to select from users instead? Which also means you can do it in one query instead of two:
SELECT * FROM users WHERE Username = '".$testname. "' OR Email = '".$testemail. "'
I made the name column UNIQUE within my database and than added new data through this line:
$sql = "INSERT INTO users (Username, Password) VALUES ('$testname', '$testpass')";
if (!($conn->query($sql))) {
echo "Username is already in use";
}else{
echo "New account created successfully";
}
If the entered data already exists it will give a error which than simply sends a message that the name is already in use.
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
I am trying to insert data into a database through php.. Easy enough (I thought). I can't figure out what I am doing wrong. Here is my code:
$DB_HostName = "localhost:8888";
$DB_Name = "Sample";
$DB_User = "root";
$DB_Pass = "root";
$DB_Table = "Check";
$con = mysql_connect($DB_HostName,$DB_User,$DB_Pass) or die(mysql_error());
mysql_select_db($DB_Name,$con) or die(mysql_error());
$sql = "INSERT INTO $DB_Table (name) VALUES ('Sally') ";
mysql_query($sql) or die ("Error with Result");
mysql_close($con);
It gives me an error saying "Error with Result". This means that it must be connecting to the database correctly and everything is working right except for the end part.. What am I missing? If I say (msql_error()) it also does tell me to check the $sql. I can't figure out though what I am typing in wrong.
escape your database name with backtick
$sql = "INSERT INTO `$DB_Table` (name) VALUES ('Sally') ";
or
$sql = "INSERT INTO `" . $DB_Table . "` (name) VALUES ('Sally') ";
CHECK is a MySQL Reserved Keyword.
MySQL Reserved Keyword List
How can I prevent SQL injection in PHP?
I can't stress this enough, don't use mysql_ functions, that time has gone. Use either mysqli or PDO.
A simple way to check what is wrong with your SQL query is to add an error flag on the end of your die statement mysql_query($sql) or die ("Error with Result<br>".mysql_error());
It appears in your case that check is a constraint used to limit the value range that can be placed in a column. You would need to identify that it is a table using "`":
$sql = "INSERT INTO `$DB_Table` (name) VALUES ('Sally') ";