Prepare() Statement isn't working PHP (SQL Query) - php

I'm working into a Php Script to create fields in an online database, and the prepare() statement isn't working so I think I might fail in the query as I'm not good using SQL, here is the function;
function createQuestion($CAT, $PREG, $RESP1, $RESP2, $RESP3, $RESPC) {
$sql = "INSERT INTO `table1` (`ID`, `CAT`, `PREG`, `RESP1`, `RESP2`, `RESP3`, `RESPC`) VALUES (NULL, ?, ? , ?, ?, '?, ?)";
if ($stmt = $this->con->prepare($sql)) {
echo "prepare works okay!";
$stmt->bind_param("isssss", $CAT, $PREG, $RESP1, $RESP2, $RESP3, $RESPC);
if ($stmt->execute()) {
return true;
} else{
return false;
}
} else {
echo "prepare isn't working."
}
}
Apart from others errors specified in other classes, I'm getting the "prepare isn't working."


Your statement has a typo in it:
INSERT INTO `table1` (`ID`, `CAT`, `PREG`, `RESP1`, `RESP2`, `RESP3`, `RESPC`) VALUES (NULL, ?, ? , ?, ?, '?, ?);
Note the single ' mark in the VALUES(...) section? Try this instead:
INSERT INTO `table1` (`ID`, `CAT`, `PREG`, `RESP1`, `RESP2`, `RESP3`, `RESPC`) VALUES (NULL, ?, ?, ?, ?, ?, ?);

Related

Insert query is not adding values to database

The value is not adding when executing this query. Can anyone guide me where I am doing mistake.
function addpost($val){
return execute("INSERT INTO `tbl_postcodelist` (`postcode`, `add1`, `add2`, `delivery`,`round`, `status`) VALUES (?, ?, ?, ?, ?,?)", array($val['postcode'],$val['add1'],$val['add2'],$val['price'],$val['round'],$val['status']));
}
function execute($query,$values=array(),$id=false){
$db=new db();
return $db->execute($query,$values,$id);
}

how to insert same id's to multiple tables in mysql. using php?

I've created this to insert to multiple tables, and I want to insert the same ID to both table. ID is auto-incremented in test table and I want test_category table to take the same ID.
I tried it but don't know where I am doing it wrong and getting an error
Fatal error: Call to undefined method mysqli_stmt::insert_id() in C:\wamp64\www\Android\include\DbOperations.php on line 27"
Check this pic for detailed error report
[https://www.dropbox.com/s/nuij2o2ac3xp8mz/Untitled4.png?dl=0]
My php
public function testReg($name, $pin, $a, $b, $ho, $ll, $c, $d){
$stmt = $this->con->prepare("INSERT INTO `test` (`name`, `pin`) VALUES (?, ?)");
$stmt->bind_Param("ss",$name,$pin);
if(!$stmt->execute()){
return 2;
}
$stmttst = $this->con->prepare("INSERT INTO `test_category` (`pid`, `name`, `a`, `b`, `ho`, `ll`, `c`, `d`) VALUES (?, ?, ?, ?, ?, ?, ?, ?);");
$stmttst->bind_Param("isssssss",$stmt->insert_id(),$name,$a,$b,$ho,$ll,$c,$d);
if ($stmttst->execute()){
return 1;
}else{
return 2;
}
}

The "mysqli::$insert_id" is an attribute of mysqli object and your trying on $stmt
Try Following code will resolve your issue.
public function testReg($name, $pin, $a, $b, $ho, $ll, $c, $d){
$stmt = $this->con->prepare("INSERT INTO `test` (`name`, `pin`) VALUES (?, ?);");
$stmt->bind_Param("ss",$name,$pin);
if(!$stmt->execute()){
return 2;
}
$stmttst = $this->con->prepare("INSERT INTO `test_category` (`pid`, `name`, `a`, `b`, `ho`, `ll`, `c`, `d`) VALUES (?, ?, ?, ?, ?, ?, ?, ?);");
$stmttst->bind_Param("isssssss",$this->con->insert_id(),$name,$a,$b,$ho,$ll,$c,$d);
if ($stmttst->execute()){
return 1;
}else{
return 2;
}
}
As of Documents
mysqli::$insert_id -- mysqli_insert_id — Returns the auto generated id used in the latest query
So instead of using $this->con->insert_id() you can use
$var = $this->con;
mysqli_insert_id($var);

Try putting your last inserted id in a variable and then pass it to your 2nd query.
public function testReg($name, $pin, $a, $b, $ho, $ll, $c, $d){
$stmt = $this->con->prepare("INSERT INTO `test` (`name`, `pin`) VALUES (?, ?);");
$stmt->bind_Param("ss",$name,$pin);
if(!$stmt->execute()){
return 2;
}else{
//ADDED ESLE AND STORE ID IN VAR
$lastid=$stmt->insert_id();
}
$stmttst = $this->con->prepare("INSERT INTO `test_category` (`pid`, `name`, `a`, `b`, `ho`, `ll`, `c`, `d`) VALUES (?, ?, ?, ?, ?, ?, ?, ?);");
$stmttst->bind_Param("isssssss",$lastid,$name,$a,$b,$ho,$ll,$c,$d);
// CHANGED BIND PARAM for last id
if ($stmttst->execute()){
return 1;
}else{
return 2;
}
}
Also, you shold specify if you are using mysqli or PDO as most people assume you are using PDO as it is most commonly used.
http://php.net/mysqli_multi_query might also help you in this case. Or try creating a second connectionto the BD, not just a 2nd statement.

You are probably looking for PDO::lastInsertId. It returns the ID of the last inserted row. Therefore you can use this in your second query as it will hold the ID of the first. More info here: http://php.net/manual/en/pdo.lastinsertid.php

Can't Insert data in MySql Table, but i can retrieve data just fine

I can conect to my database just fine, but whenever I try to insert data I get a "Call to a member function bind_param() on a non-object" error, which I know means that I must have mistyped the name of a slot, or something, but I just can't see it, I'm connecting locally, do I have to set up something in MyPhP to allow data to be added from a php file? Thanks in advance.
<?php
include 'connect.php';
if (isset($_POST['Slot1'])) {
$Slot1 = $_POST['Slot1'];
}
if (isset($_POST['Slot2'])) {
$Slot2 = $_POST['Slot2'];
}
if (isset($_POST['Slot3'])) {
$Slot3 = $_POST['Slot3'];
}
if (isset($_POST['Slot4'])) {
$Slot4 = $_POST['Slot4'];
}
if (isset($_POST['Slot5'])) {
$Slot5 = $_POST['Slot5'];
}
if (isset($_POST['Slot6'])) {
$Slot6 = $_POST['Slot6'];
}
if (isset($_POST['Slot7'])) {
$Slot7 = $_POST['Slot7'];
}
$stmt = $db->prepare("INSERT INTO `tabel` (Slot1, Slot 2, Slot3, Slot4,Slot5,
Slot6, Slot7)
VALUES (?, ?, ?, ?, ?, ?,?");
$stmt->bind_param('sssssss',$Slot1,$Slot2,$Slot3,$Slot4,$Slot5,$Slot6,$Slot7);
$stmt->execute();
$stmt->close();
header("Location: Display.php")
?>

You have missed one end parenthese
Replace
$stmt = $db->prepare("INSERT INTO `tabel` (Slot1, Slot 2, Slot3, Slot4,Slot5,
Slot6, Slot7)
VALUES (?, ?, ?, ?, ?, ?,?");
To
$stmt = $db->prepare("INSERT INTO `tabel` (Slot1, Slot 2, Slot3, Slot4,Slot5,
Slot6, Slot7)
VALUES (?, ?, ?, ?, ?, ?,?)");

Try to change your query to
$stmt = $db->prepare("INSERT INTO `tabel` (Slot1, Slot 2, Slot3, Slot4,Slot5,Slot6, Slot7)VALUES (?, ?, ?, ?, ?, ?,?)");

PHP,PDO,MySQLi function dont insert to database

I make code that using pdo to insert information to database and gain XSS protection.
now im few days look at the code and dont see the problem that make the code to not insert the requird information.
Here`s My code:
if ($register = $mysqli->prepare("INSERT INTO `accounts`(`id`, `username`, `email`, `password`, `salt`, `fullname`, `birthdate`, `gender`, `secure question`, `secure answer`, `asked`, `answered`, `lastlogin`) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
$register->bind_param("ssssssddsdds", $username, $email, $password, $random_salt, $fullname, $birthdate, $gender, $question, $answer, $z, $z, $lastlogin);
// Execute the prepared query.
if (! $register->execute()) {
echo "אירעה שגיאה";
$register->close();
}else{
echo 'אתם נרשמתם בהצלחה!. לחצו כאן';}
$register->close();
}
And the connection code:
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
Thank you.

Use mysqli_affected_rows to get the number of inserted row, if any function fails, check for errors using mysqli_error
$sql = "INSERT INTO `accounts`(`id`, `username`, `email`, `password`, `salt`, `fullname`, `birthdate`, `gender`, `secure question`, `secure answer`, `asked`, `answered`, `lastlogin`) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
if ($register = $mysqli->prepare($sql)) {
$register->bind_param("ssssssddsdds", $username, $email, $password, $random_salt, $fullname, $birthdate, $gender, $question, $answer, $z, $z, $lastlogin);
// Execute the prepared query.
if (!$register->execute()) {
echo "אירעה שגיאה";
die("execute() failed: ". mysqli_error($mysqli));
}
if(mysqli_affected_rows($register) > 0){
echo 'אתם נרשמתם בהצלחה!. לחצו כאן';
}else{
echo 'Did not inser any row';
}
}else{
die("prepare() failed: ". mysqli_error($mysqli));
}

Is it possible to combine mysqli prepared statement with multiple inserts?

I am well-versed in the old php mysql extension.
I am working on my first script that uses the mysqli extension.
I am going to be inserting a large number of rows into a table that are being generated dynamically.
Is it possible to use a prepared statement to insert multiple rows into a table without previously knowing the number of new rows that will be inserted each time?
$stmt = $mysqli->prepare("INSERT INTO `activity` (`id`, `name`, `type`) VALUES ?, ?, ?;");
If that isn't possible, which would be more efficient:
prepared statement, one row at a time
non-prepared statement, ~50 rows at a time
// prepared statement
$stmt = $mysqli->prepare("INSERT INTO `activity` (`id`, `name`, `type`) VALUES (?, ?, ?)");
for($i=0;$i<$limit;$i++)
{
$stmt->bind_param('iss', $id[$i], $name[$i], $type[$i]);
$stmt->execute();
}
// non-prepared statement
$query = "INSERT INTO `activity` (`id`, `name`, `type`) VALUES ";
for($i=0;$i<$limit;$i++)
{
$query .= "\n(".$mysqli->real_escape_string($id[$i]), $mysqli->real_escape_string($name[$i]), $mysqli->real_escape_string($type[$i])."),";
}
$query = substr($query, 0, -1).';';
PHP v.5.3.8
MySQL v. 5.1.60

$stmt = $mysqli->stmt_init();
if($stmt->prepare("INSERT INTO `activity` (`id`, `name`, `type`) VALUES (?, ?, ?)"))
{
$stmt->bind_param('iss', $_id, $_name, $_type);
for($i=0;$i<$limit;$i++)
{
$_id = $id[$i];
$_name = $name[$i];
$_type = $type[$i];
$stmt->execute();
}
}
should do it for you!

Categories