i'm making a query to insert some values to a table and update other in other table all this in the same function.
The problem i have is with the Insert query, when has been execute, give me a syntax error that you can see below.
I reviewed the code many times but i don't see any error. When I remove the Insert query works fine and if I remove de update query and leave just the insert give me the same error.
Here the query
if (isset($_POST['goodalt']) && isset($_POST['gengood'])){
$goodalt = mysqli_real_escape_string($con, $_POST['goodalt']);
$genid = mysqli_real_escape_string($con, $_POST['gengood']);
$res = mysqli_query($con, "SELECT * FROM `generators` WHERE `name` = '$genid'") or die(mysqli_error($con));
while($row = mysqli_fetch_assoc($res)) {
$genname = $row['name'];
}
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
mysqli_query($con, "UPDATE `generator$genid` SET `status` = '3' WHERE `alt` = '$goodalt'") or die(mysqli_error($con));
}
Any help? Thanks.
Apart form error, there is a BIG issue about concurrency and threading model.
Every time you split INSERT/UPADATE in more separate PHP calls two mysql, you can analyze CAREFULLY if separate queries maintain DB consistent.
Consider carefully is two (or more) web requests (executing the same PHP script) can be safely run in parallel, especially on code where You did:
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
mysqli_query($con, "UPDATE `generator$genid` SET `status` = '3' WHERE `alt` = '$goodalt'") or die(mysqli_error($con));
Insert and Updates are atomic, but here you call two separate queries
Your missing a close bracket in your insert...
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1')") or die(mysqli_error($con));
BUT you should also be using prepared statements and bind variables...
The issue that you're facing is because of the unnecessary usage of backticks or single quotation marks. You can follow the following article to make the changes and the issue should be sorted out.
Article here
Change these from:
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
to
mysqli_query($con, "INSERT INTO user_accounts (username, accs, genid, gen-name, date, status) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
Hope that helps!
Related
I'm looking to insert values from two sources (variables and a field from another table) into a new table. After some research, I found that this was possible, but cannot figure out how to accomplish this with my query.
Let me know if I have not provided enough context or code.
//Query to INSERT data
$query3 = "INSERT INTO `Checked_Out` (`name`, `quantityCheckedOut`, `checkedOut`, `returnDate`, `image`, `ID`) VALUES ('$name', '$quantityTaken', '$checkedOut', '$returnDate', '$ID')
SELECT `image` FROM `Checked_In` WHERE `ID` = '$ID'";
Try this:
$query3 = "INSERT INTO `Checked_Out` (`name`, `quantityCheckedOut`, `checkedOut`, `returnDate`, `image`, `ID`)
SELECT '$name', '$quantityTaken', '$checkedOut', '$returnDate', `image`, '$ID' FROM `Checked_In` WHERE `ID` = '$ID'";
I am really new to php and I am trying to use simple insert to my mysql database from the form.
I know that this mysql connection/insertion is dangerous and not used anymore. so can anyone please help me with this simple thing? I tried to google, but nothing is working so far :/
<?
$text=$_POST['name'];
$text=$_POST['surename'];
mysql_connect("localhost", "db_name", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$result = mysql_query("INSERT INTO `table` (name, surename)
VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
Maybe change
$text=$_POST['name'];
$text=$_POST['surename'];
to
$name = $_POST['name'];
$surename = $_POST['surename'];
PS: And also your column names don't match your values. Your query, after inserting params
"INSERT INTO `table` (name, surename) VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')"
will probably look like this
INSERT INTO `table` (name, surename) VALUES (NOW(), 'Jhon', 'Wick')
As you can see there's name, surename (which probably should be surname) and (NOW(), 'Jhon', 'Wick'). So either add a column (if you have that column in your database):
INSERT INTO `table` (created_at, name, surename) VALUES (NOW(), 'Jhon', 'Wick')
or remove NOW() from your values
INSERT INTO `table` (name, surename) VALUES ('Jhon', 'Wick')
$name = mysqli_real_escape_string($connection, $_POST["name"]);
$surname = mysqli_real_escape_string($connection, $_POST["surname"]);
$username = mysqli_real_escape_string($connection, $_POST["username"]);
$email = mysqli_real_escape_string($connection, $_POST["email"]);
$pw1 = mysqli_real_escape_string($connection, $_POST["pw1"]);
$query = "INSERT INTO 'users' ('id','name', 'surname', 'username', 'email', 'password') VALUES (NULL,'$name', '$surname', '$username', '$email', '$pw1')";
$result = mysqli_query($connection, $query);
if(!$result){
echo ("fail");
}
I test if the query has worked using if(!$result){ echo ("fail");} and it echoes fail every time and no data is inserted into the database every time! I have checked the syntax and i believe it is correct... could this be because of the database "collation"?
You should not use the single quote at the table or field name. You have to use a Backtick (like ``) which is located in under Esc key or left side of 1 Key or upper side of Tab key. It should looks like:
$query = "INSERT INTO `users` (`id`, `name`, `surname`, `username`, `email`,
`password`) VALUES ('null', '$name', '$surname', '$username', '$email', '$pw1')";
or
$query = "INSERT INTO users (id, name, surname, username, email,
password) VALUES ('null', '$name', '$surname', '$username', '$email', '$pw1')";
Note: If your id field is already set auto increment then you can remove id and value null. Because id value will automatically increment.
Hope it will helpful.
Using Variable in MySQL
I have tried many possibilities and consulted a number of sources but still not have been
able to insert a string into a MySQL command in php.
Code below works well
$SQL = 'INSERT INTO tb_addressbook (`ID`, `First_Name`, `Last_Name`, `Address`) VALUES (\'24\', \'JJ\', \'Gates\', \'Microsoft\');';
Code below does not work
$SQL = 'INSERT INTO tb_addressbook (`ID`, `First_Name`, `Last_Name`, `Address`) VALUES (\'27\', \''.'"$first"'.'\''.', \'Gates\', \'Microsoft\');';
Can you help?
P.S. Is there a special way to insert a string for numbers?
Hugh
hugh#hahaggerty.com
Try like this :
$SQL = "INSERT INTO tb_addressbook (ID, First_Name, Last_Name, Address) VALUES ('27', '".$first."', 'Gates', 'Microsoft')";
i have a db query in php that is not inserting into database. Have used this format lots of times but for some reason its not working now. any ideas please
$query = "INSERT INTO `databasename`.`member_users` (`id`, `first_name`, `last_name`, `username`, `password`, `address1`, `address2`, `postcode`, `access`, `expires`) VALUES (NULL, '$fname', '$lname', '$email', '', '$add1', '$add2', '$postcode', '0', '')";
$result = mysql_query($query);
if($result){
echo"query inserted";
}else{
echo "nope";
}
Instead of echo "nope"; I suggest something like :
echo 'error while inserting : ['.mysql_errno().'] '.mysql_error();
echo 'query : '.$query;
This way you will be able to see the exact error and the query that was executed.
It can be a lot of things :
Constraint error with a foreign key
Data type error
Non-existent field
Wrong database or table name
Instead of...
$query = "INSERT INTO `databasename`.`member_users` ..."
do
$query = "INSERT INTO member_users ..."
Hope it works. :)
If databasename and member_users are variables then,
Instead of
$query = "INSERT INTO databasename.member_users...
do
$query = "INSERT INTO $databasename.$member_users...