Update column from another table mysql - php

I have 2 tables(violator and officer) and both of them have column name reference, now what I want to do is whenever I add a new value to the violator table, the value of its reference should be equal to the value of reference on officer table. I am new to programming but how can I achieve that? I couldn't quite understand the notes I can find on the internet. This is how I add values to the violator table:
php
<?php
$user_name = "Demo";
$password = "Demopass";
$server = "localhost";
$db_name = "TMTRO";
$con = mysqli_connect($server, $user_name, $password, $db_name);
if ($con) {
$Name = $_POST['name'];
$LName = $_POST['lname'];
$LNumber = $_POST['lnumber'];
$Violation = $_POST['violation'];
$Aplace = $_POST['aplace'];
$Address = $_POST['address'];
$PNumber = $_POST['pnumber'];
$OName = $_POST['oname'];
$RNumber = $_POST['rnumber'];
$DTime = $_POST['dtime'];
$query = "insert into violators (name,lname,lnumber,violation,aplace,address,pnumber,oname,reference,datetime) values ('" . $Name . "','" . $LName . "','" . $LNumber . "','" . $Violation . "','" . $Aplace . "','" . $Address . "','" . $PNumber . "','" . $OName . "','" . $RNumber . "','" . $DTime . "');";
$result = mysqli_query($con, $query);
if ($result) {
$status = 'OK';
} else {
$status = 'FAILED';
}
} else {
$status = 'FAILED';
}
echo json_encode(array("response" => $status));
mysqli_close($con);
?>

Related

For User before Update

I have made an API to insert data of 7 fields (fullname, city, bloodgroup, password, mobileno, lastdonated, created_date) in a mysql database using INSERT, please help me to add some code to search if the user is already added using the mobileno field and only then add the record else show the message "User already exists".
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
if(count($_REQUEST) > 0)
{
$conn = mysqli_connect("localhost", "creative_bloodapp", "PasSwORd", 'creative_bldapp');
$fullname =$_POST['fullname'];
$city =$_POST['city'];
$bloodgroup =$_POST['bloodgroup'];
$password =$_POST['password'];
$mobileno =$_POST['mobileno'];
$lastdonated =$_POST['lastdonated'];
$created_date = date('Y-m-d H:i:s');
$sql = "INSERT INTO register (fullname, city, bloodgroup, password, mobileno, lastdonated, created_date) VALUES ('" . $fullname . "','" . $city . "','" . $bloodgroup . "','" . $password . "','" . $mobileno . "','" . $lastdonated . "','". $created_date . "');";
$qur = $conn->query($sql);
if($qur){
$query="SELECT * FROM register ORDER BY mobileno DESC LIMIT 1;";
$data=array();
$result=mysqli_query($conn, $query);
$row=mysqli_fetch_assoc($result);
mysqli_close($conn);
response(1,"User has been registered!",$row);
}else{
mysqli_close($conn);
response(0,"Not Registered!",NULL);
}
}
else
{
response(0,"Not Registered!",NULL);
}
function response($status,$status_message,$data)
{
header("HTTP/1.1 ".$status);
$response['status']=$status;
$response['status_message']=$status_message;
$response['data']=$data;
$json_response = json_encode($response);
echo $json_response;
}
?>

Looking for something like this; I changed some queries and re-wrote a part for you. Also added mysqli_real_escape_string.
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
if(count($_REQUEST) > 0)
{
$conn = mysqli_connect("localhost", "creative_bloodapp", "PasSwORd", 'creative_bldapp');
$fullname = mysqli_real_escape_string($conn, $_POST['fullname']);
$city = mysqli_real_escape_string($conn, $_POST['city']);
$bloodgroup = mysqli_real_escape_string($conn, $_POST['bloodgroup']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$mobileno = mysqli_real_escape_string($conn, $_POST['mobileno']);
$lastdonated = mysqli_real_escape_string($conn, $_POST['lastdonated']);
$created_date = date('Y-m-d H:i:s');
$query="SELECT * FROM register WHERE mobileno = '".$mobileno."'";
$qur=mysqli_query($conn, $query);
if(count(mysqli_num_rows($qur) !== 0)){
$data=array();
$result=mysqli_query($conn, $query);
$row=mysqli_fetch_assoc($result);
mysqli_close($conn);
response(1,"User has been registered!",$row);
}else{
$sql = "INSERT INTO register (fullname, city, bloodgroup, password, mobileno, lastdonated, created_date) VALUES ('" . $fullname . "','" . $city . "','" . $bloodgroup . "','" . $password . "','" . $mobileno . "','" . $lastdonated . "','". $created_date . "');";
$qur=mysqli_query($conn, $query);
mysqli_close($conn);
response(0,"Not Registered!",NULL);
}
}
else
{
response(0,"Not Registered!",NULL);
}
function response($status,$status_message,$data)
{
header("HTTP/1.1 ".$status);
$response['status']=$status;
$response['status_message']=$status_message;
$response['data']=$data;
$json_response = json_encode($response);
echo $json_response;
}

Yes, Make it mobileno unique key so
if($qur)
{
// new mobileno
//add it will take
}
else
{
// repeated i will not accept, you put mobileno exist.
}

<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
if(count($_REQUEST) > 0)
{
$conn = mysqli_connect("localhost", "creative_bloodapp", "PasSwORd", 'creative_bldapp');
$fullname = mysqli_real_escape_string($conn, $_POST['fullname']);
$city = mysqli_real_escape_string($conn, $_POST['city']);
$bloodgroup = mysqli_real_escape_string($conn, $_POST['bloodgroup']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$mobileno = mysqli_real_escape_string($conn, $_POST['mobileno']);
$lastdonated = mysqli_real_escape_string($conn, $_POST['lastdonated']);
$created_date = date('Y-m-d H:i:s');
$verifysql = "select id from register where mobileno='".$mobileno."'";
$qur = $conn->query($verifysql);
if($qur->num_rows == 0){
$sql = "INSERT INTO register (fullname, city, bloodgroup, password, mobileno, lastdonated, created_date) VALUES ('" . $fullname . "','" . $city . "','" . $bloodgroup . "','" . $password . "','" . $mobileno . "','" . $lastdonated . "','". $created_date . "');";
$result = $conn->query($sql);
if($result){
mysqli_close($conn);
response(200,"User has been registered!",$row);
}else{
mysqli_close($conn);
response(500,"Registeration Failed",NULL);
}
}
else{
mysqli_close($conn);
response(409,"User Already Exists!",NULL);
}
}
else
{
response(400,"Not Registered!",NULL);
}

I am unable to increament id

I searched many stackoverflow questions it didn't help
I want to increment id by fetching last id from MySQL table.
I don't want to do auto increment in MySQL table because already one column is auto incremented.
<?php
include 'db.php';
$created = date('Y-m-d H:i:s');
//$json_data = array();
$message = array();
$error = array();
if ($_GET['vendor_id'] == "") {
$message[] = array("message" => "Values Empty");
} else {
$result = mysqli_query("SELECT loo_id FROM loo_list ORDER BY loo_id DESC LIMIT 1");
if ($result) {
$order_array = mysqli_fetch_assoc($result) or die(mysqli_error());
//echo $order_array['loo_id'];
}
$loo_id = $order_array['loo_id'] + 1;
$sql = "insert into loo_list(loo_id,name,address,geolocation,price,facility_category,facilities,count,accessbility,image,type,category,created_vendor,days,timings,terms_conditions,vendor_approval,created,warning,url,user_ids,overall,admin_approval,updated)values('" . $loo_id . "','" . $_GET['loo_name'] . "','" . $_GET['address'] . "','" . $_GET['loo_location'] . "','" . $_GET['price'] . "','" . $_GET['facility_category'] . "','" . $_GET['facilities'] . "','" . $_GET['count'] . "','" . $_GET['accessbility'] . "','" . $_GET['image'] . "','Offerers','" . $_GET['category'] . "','" . $_GET['vendor_id'] . "','" . $_GET['days'] . "','" . $_GET['timings'] . "','" . $_GET['terms_conditions'] . "','1','" . $created . "','0','','" . $_GET['user_ids'] . "','" . $_GET['overall'] . "','1','" . $created . "')";
$res1 = mysqli_query($db, $sql) or die(mysqli_error());
$message[] = array("message" => "success");
}
$json_data = array("result" => $message);
echo json_encode($json_data);
?>

Try this code.
if(trim($order_array['loo_id']) === ''){
$loo_id = 1;
}else{
$loo_id = intval($order_array['loo_id']) + 1;
}

Couldn't enter the data to mysql using php

It couldn't store the data to mysql. What to do? All variable and file name are correct.
<?php
require 'connection.php';
$conn = Connect();
$id =$conn->real_escape_string ($_POST['id']);
$name = $conn->real_escape_string ($_POST['name']);
$phone = $conn->real_escape_string ($_POST['phone']);
$address = $conn->real_escape_string ($_POST['address']);
$city = $conn->real_escape_string ($_POST['city']);
$zip = $conn->real_escape_string ($_POST['zip']);
$state = $conn->real_escape_string ($_POST['state']);
$item = $conn->real_escape_string ($_POST['item']);
$status = $conn->real_escape_string ($_POST['status']);
$enquiry_date = $conn->real_escape_string ($_POST['enquiry_date']);
$enquiry_user = $conn->real_escape_string ($_POST['enquiry_user']);
$query = "INSERT into enquiry
(id, name, phone, address, city, zip, state, item, status, enquiry_date, enquiry_user)
VALUES('" . $id . "','" . $name . "','" . $phone . "','" . $address . "','" . $city . "','" . $zip . "','" . $state . "','" . $item . "','" . $status . "','" . $enquiry_date . "')";
$success = $conn->query($query);
if (!$success) {
die("Couldn't enter data: ".$conn->error);
}
echo "Thank You For Contacting Us <br>";
$conn->close();
?>

As #Jeff said:
$query = "INSERT into enquiry
(id, name, phone, address, city,
zip, state, item, status, enquiry_date, enquiry_user)
VALUES('" . $id . "','" . $name . "','" . $phone . "','" . $address . "','"
. $city . "','" . $zip . "','" . $state . "','" . $item . "','"
$status . "','" . $enquiry_date . "','" . $enquiry_user . "')";
You were missing . "','" . $enquiry_user

When import csv file into DB Rows are shuffled?

When I import csv files into database rows are shuffled. Please Refer the image
Shuffled db
I need import without shuffling the rows. I am seeking for solution more than one week. I cannot able to fix this issue.
Any one could you please help to resolve this issue?
<?php
include 'connection1.php';
$target_dir = dirname(__FILE__) . "/upload/";
if (isset($_POST["import"]) && !empty($_FILES)) {
$testid =$_POST['testidno'];
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$fileType = pathinfo($target_file, PATHINFO_EXTENSION);
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
if (($getdata = fopen($target_file, "r")) !== FALSE) {
fgetcsv($getdata);
while (($data = fgetcsv($getdata)) !== FALSE) {
$fieldCount = count($data);
for ($c = 0; $c < $fieldCount; $c++) {
$columnData[$c] = $data[$c];
}
$subtopicid = mysqli_real_escape_string($con, $columnData[0]);
$subtopic = mysqli_real_escape_string($con, $columnData[1]);
$question = mysqli_real_escape_string($con, $columnData[2]);
$img_question = mysqli_real_escape_string($con, $columnData[3]);
$sub_question = mysqli_real_escape_string($con, $columnData[4]);
$answer1 = mysqli_real_escape_string($con, $columnData[5]);
$answer2 = mysqli_real_escape_string($con, $columnData[6]);
$answer3 = mysqli_real_escape_string($con, $columnData[7]);
$answer4 = mysqli_real_escape_string($con, $columnData[8]);
$answer5 = mysqli_real_escape_string($con, $columnData[9]);
$correctanswer = mysqli_real_escape_string($con, $columnData[10]);
$solution = mysqli_real_escape_string($con, $columnData[11]);
$setQ = mysqli_real_escape_string($con, $columnData[12]);
$topicname = mysqli_real_escape_string($con, $columnData[13]);
$import_data[] = "('" . $subtopicid . "','" . $subtopic . "','" . $testid . "','" . $_GET['id'] . "',
'" . $question . "','" . $img_question . "','" . $sub_question . "',
'" . $answer1 . "','" . $answer2 . "','" . $answer3 . "','" . $answer4 . "',
'" . $answer5 . "','" . $correctanswer . "','" . $solution . "',
'" . $setQ . "','" . $topicname . "')";
// SQL Query to insert data into DataBase
}
$import_data = implode(",", $import_data);
$query = "INSERT INTO advanced_questions (subtopicid,subtopic,testid,courseid,
question,img_question,sub_question,answer1,answer2,answer3,answer4,answer5,correctanswer,
solution,setQ,topicname) VALUES $import_data ";
$result = mysqli_query($con, $query);
fclose($getdata);
}
}
}
?>

PHP X MYSQL | Error in Injecting data using $_POST [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I have been trying to input data from $_Post variables but I cannot spot where the error is? Hope you can help me.
Below is the code:
$conn = mysql_connect("localhost", "root");
if (isset($_POST['studLog'])) {
$uName = $_POST['uName'];
$pWord = $_POST['pWord'];
mysql_select_db("sis_main", $conn);
if (mysql_num_rows(mysql_query("SELECT * from student where stud_uname='$uName' and stud_pword='$pWord'"))) {
include("stud-view.html");
} else {
echo 'Account doesnt exist!';
echo "<br><br>";
echo "<a href='stud-start.html'>GO BACK!</a>";
}
} else if (isset($_POST['studReg'])) {
mysql_select_db("sis_main", $conn);
$stdID = $_POST['studID'];
$fname = $_POST['firstNme'];
$mname = $_POST['midNme'];
$lname = $_POST['lastNme'];
$stadd = $_POST['stAdd'];
$ctadd = $_POST['ctAdd'];
$bdate = $_POST['bDate'];
$gendr = $_POST['gender'];
$email = $_POST['email'];
$mobno = $_POST['mobNum'];
$uname = $_POST['newUName'];
$pword = $_POST['newPWord'];
$age = birthday($bdate);
if (mysql_query("INSERT INTO student values (`$stdID`,`$fname`,`$lname`, `$mname`,`$stadd`,`$ctadd`,`$age`,`$bdate`,`$gendr`, `$email`,`$mobno`,`$uname`,`$pword`);")) {
echo 'Account Successfully Regsitered!';
} else {
echo 'ERROR: '.mysql_error();
echo "<a href='stud-start.html'>GO BACK!</a>";
}
}
}
ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '#gmail.com, 09981744039, kuyschan, kuyschan)' at line 1

This is suppposed to be a comment, but i have a low reputation here.
Before i answer your question, please do not use the mysql functions as its no longer supported . Consider a switch to either MYSQLI or PDO. Also, do not trust user input. Meaning do not directly post field values from your form to your database as an attcker can easily exploit it by adding funny javascripts or worse.
To your question,
In your insert statement, you did not specify the columns:
Try:
<?php
$sql = "INSERT INTO student (`studID`, `firstNme`, `lastNme`,`stAdd`,`ctAdd`,`bDate`,`gender`,`email`,`mobNum`,`newUName`,`newPWord`)VALUES
('" . mysqli_real_escape_string($con, $_POST['studID']) . "',
'" . mysqli_real_escape_string($con, $_POST['firstNme']) . "',
'" . mysqli_real_escape_string($con, $_POST['lastNme']) . "',
'" . mysqli_real_escape_string($con, $_POST['stAdd']) . "',
'" . mysqli_real_escape_string($con, $_POST['ctAdd']) . "',
'" . mysqli_real_escape_string($con, $_POST['bDate']) . "',
'" . mysqli_real_escape_string($con, $_POST['gender']) . "',
'" . mysqli_real_escape_string($con, $_POST['email']) . "',
'" . mysqli_real_escape_string($con, $_POST['mobNum']) . "',
'" . mysqli_real_escape_string($con, $_POST['newUName']) . "',
'" . mysqli_real_escape_string($con, $_POST['newPWord']) . "')";
if ($con->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
Where $con is your database connection.
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$con = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}

Categories