mysql prepared statments insert issue

mysql prepared statments insert issue - php

I am having a weird problem with a insert statment. What's happening is that if I insert into only one column, it works but anything greater than 1 column doesn't get inserted and there are no errors displayed
This works
$db = mysqli new('localhost','root','','db');
$stmt = $db->prepare("insert into test (id) values(?)");
echo $db->error;
$stmt->bind_param("s",$id);
$stmt->execute();
But not this:
$id = 1;
$name = "test";
$stmt = $db->prepare("insert into test (id,name) values(?,?)");
echo $db->error;
$stmt->bind_param("ss",$id, $name);
$stmt->execute();
Does anyone have a clue? Not sure if this is helpful but some of the columns don't have a value under collation tab and others have latin1_swedish_ci in the table

Try to bind parameters separately, Like below:
$stmt = $db->prepare("insert into test (id,name) values(:id, :name)");
echo $db->error;
$stmt->bind_param(":id", $id);
$stmt->bind_param(":name", $name);
$stmt->execute();

Related

How will I get mysqli last insert id

How will i get the last insert id in mysql following code?
All variable are set.
Insertion works!
$Restconnection = mysqli_connect("host","user","passwd","db ");
$query3 = mysqli_query($Rconnection, $strSQL3);

$stmt = $conn->prepare("INSERT INTO table (name, email, password) VALUES(?,?,?)");
$stmt->bind_param("sss", $name, $email, $password);
$stmt->execute();
$last_id = $conn->insert_id;
echo "Last inserted ID is: " . $last_id;

print mysqli_insert_id($Restconnection);
http://php.net/manual/de/mysqli.insert-id.php

Use mysqli_insert_id($connection)

Use the following:
$last_insert_id = mysqli_insert_id($Restconnection);

Preventing SQL injection insert into

I am having trouble inserting data into my database. This is my first time dealing with SQL injection.
$stmt = $dbConnection->prepare('INSERT INTO users(name) VALUES('name = ?')');
$stmt->bind_param('s', $name);
$stmt->execute();
But that doesn't work. Any help would be appriciated!

You have a few syntax errors in your code. Try this:
$stmt = $dbConnection->prepare('INSERT INTO users (name) VALUES (:s)');
$stmt->bindParam(':s', $name);
$stmt->execute();
If you want to insert and define more values, do it like this:
$stmt = $dbConnection->prepare('INSERT INTO users (name, email) VALUES (:s, :email)');
$stmt->bindParam(':s', $name);
$stmt->bindParam(':email', $email);
$stmt->execute();
If you're using mysqli, your code will look like this:
$stmt = $dbConnection->prepare('INSERT INTO users (name) VALUES (?)');
$stmt->bind_param('s', $name);
$stmt->execute();

You don't need name = in the SQL, the column name is specified in the list (name) after the table name. Just put a ? where you would normally put the value.
$stmt = $dbConnection->prepare('INSERT INTO users(name) VALUES(?)');
$stmt->bind_param('s', $name);
$stmt->execute();

$mysqli->prepare with SQL Transactions

I am pretty new to SQL Transactions and tried to execute following statement which did unfortunately not work...
$stmt = $mysqli->prepare("
BEGIN;
INSERT INTO groups (group_name, group_desc, user_id_fk) VALUES ("'.$groupName.'","'.$groupDesc.'","'.$user_id.'");
INSERT INTO group_users (group_id_fk, user_id_fk) VALUES (LAST_INSERT_ID(), "'.$username.'");
COMMIT;
") or trigger_error($mysqli->error, E_USER_ERROR);
$stmt->execute();
$stmt->close();
Is this even possible what I am trying here or is it completely wrong?
I appreciate every response, thank you!

You are using prepare() wrong way. There is absolutely no point in using prepare() if you are adding variables directly in the query.
This is how your queries have to be executed:
$mysqli->query("BEGIN");
$sql = "INSERT INTO groups (group_name, group_desc, user_id_fk) VALUES (?,?,?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssi",$groupName,$groupDesc,$user_id);
$stmt->execute();
$sql = "INSERT INTO group_users (group_id_fk, user_id_fk) VALUES (LAST_INSERT_ID(), ?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("s",$username);
$stmt->execute();
$mysqli->query("COMMIT");

How do I get the ID of an inserted row?

I have this following example query, which works - I CAN insert values into my MySQL table, which also includes an unique id column. I want to get the id from the inserted row, after I execute the query. However what I get is 0 every time ($gotId=0).
What am I doing wrong?
$stmt = $conn->prepare("INSERT INTO ....... ");
$stmt-> bind_param("ss", ....);
$stmt->execute();
$gotId = $conn->insert_id;
Full query:
$conn = $db->connect();
$stmt = $conn->prepare("INSERT INTO table(value1, value2) VALUES(?, ?)");
$stmt-> bind_param("ss", $value1, $value2);
$stmt->execute();
$gotId = $conn->insert_id;

After calling the execute() method on the PreparedStatement, the id of the insert row will be in the insert_id attribute Only read it.
$stmt->execute();
$gotId = $stmt->insert_id;
Taken from here

$query = "INSERT INTO .......";
$mysqli->query($query);
printf ("New Record has id %d.\n", $mysqli->insert_id);
More Info

Mysqli INSERT with $_POST

I have been ripping my hair for days over this problem so any helpful advice would be appreciated. Calling the following function returns nothing. The POST values are set (They print with echo) and the database let me update and extract with other functions. What am i missing?
Oh yea, all the values are strings.
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)");
$stmt->bind_param("sss", $_POST['name'], $_POST['layout'], $_POST['page_id']);
$stmt->execute();
$stmt->close();

At glance, there is nothing wrong with this code (in case you are indeed using mysqli). So, the only way to get to know what is going wrong is to get the error message.
Add this line before connect
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
and make sure you can see PHP errors

Try this
$sql = "INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)";
if (!$stmt = $db->prepare($sql)) {
die($db->error);
}
$stmt->bind_param("ssi", $_POST['name'], $_POST['layout'], $_POST['page_id']);
if (!$stmt->execute()) {
die($stmt->error);
}
$stmt->close();
Or, if, as you said, all your values are strings (given, they are as well defined as varchars/something similar in your database), you can still bind_param("sss"...

Aren't page_id's integers ? Since the asker first tagged the question as PDO, here is the PDO version :
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (:name,:layout,:pid)");
$sth->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
$sth->bindParam(':layout', $_POST['layout'], PDO::PARAM_STR);
$sth->bindParam(':pid', $_POST['page_id'], PDO::PARAM_INT);
$stmt->execute();
Or (MySQLi):
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)");
$stmt->bind_param("ssi", $_POST['name'], $_POST['layout'], $_POST['page_id']);
$stmt->execute();
Or (PDO) :
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)");
$stmt->execute(array($_POST['name'], $_POST['layout'], $_POST['page_id']));

Here you are:
$name = $_POST['layout'];
$layout = $_POST['layout'];
$page_id= $_POST['page_id'];
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES ('".$name."','".$layout."','".$page_id."')");

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

mysql prepared statments insert issue - php

Try to bind parameters separately, Like below: $stmt = $db->prepare("insert into test (id,name) values(:id, :name)"); echo $db->error; $stmt->bind_param(":id", $id); $stmt->bind_param(":name", $name); $stmt->execute();

Related

How will I get mysqli last insert id

Preventing SQL injection insert into

$mysqli->prepare with SQL Transactions

How do I get the ID of an inserted row?

Mysqli INSERT with $_POST

Categories

Resources