This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 5 years ago.
here is my code, as you can see, I just wanna to connect mysql then insert a info field, but it seems not execute the next code after selected the db code, I am a newer in php, and it did not return an error, so I do not know where am I wrong..
<html>
<body>
Welcome <?php echo "show" ?><br>
Your email address is:
<?php
$servername = "localhost";
$username = "root";
$password = "123456";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
// 检测连接
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "mysql successed connected.";
mysql_select_db("flowers", $conn) or die("database flowers failed".mysql_error()) ;
echo "database successed";
$sql="INSERT INTO flowers (username, password)
VALUES
('$_POST[name]','$_POST[email]')";
if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($conn);
?>
</body>
</html>
test demo info
and here is the db info:
dn info
I use ubuntu 16.04 apache2
So the main issue here is that you are using a combination of mysql_ and mysql functions. Note that mysql has been depreciated since PHP5 and has been completely removed in PHP7 so you should be using the newer mysqli or PDO. I personally use PDO, however have kept your code with mysqli.
<?php
$servername = "localhost";
$username = "root";
$password = "56lj0721";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
// 检测连接
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "mysql successed connected.";
mysqli_select_db($conn,"flowers") or die("database flowers failed".mysqli_error()) ;
echo "database successed";
$sql="INSERT INTO flowers (username, password)
VALUES
('$_POST[name]','$_POST[email]')";
if (!mysqli_query($conn, $sql))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysqli_close($conn);
?>
You should also really be using prepared statements to help prevent SQL Injection. You can read more here for mysqli.
It's also important to remember that you should be validating your $_POST['name'] and $_POST['email'] values as well, which I have not included.
If you want to read further about PDO, take a look here.
You have these two statements in your php code.
$conn = mysqli_connect($servername, $username, $password);
...
$conn = mysqli_connect($servername, $username, $password);
You should get rid of the second one if you must use the mysql_ interface to run your query.
You should also know, with respect, that only a fool uses the mysql_ interface in 2017. It has been deprecated for years, for reasons of cybersecurity, and is going away soon.
Related
I made a procedure in mySql. It looks like this.
I called this procedure from php.
After this call the table still remains empty and I do not know why.
Problems that I have checked:
variable names
connection
syntax (I think is the right syntax)
UPDATE: Php code
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbName = "shoppingcartdb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbName);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO address (Address, PostalCode, City, County, Phone, Fax)
VALUES ('".$_POST["address"]."', '".$_POST["p_code"]."', '".$_POST["city_sector"]."', '".$_POST["county"]."', '".$_POST["phone"]."', '".$_POST["fax"]."')";
$conn->query($sql);
$sql = "CALL Insert_User('".$_POST["username"]."', '".$_POST["f_name"]."', '".$_POST["l_name"]."', '".$_POST["psw"]."', '".$_POST["email"]."')";
if(!$conn->query($sql))
echo "failed";
$conn->close();
?>
UPDATE: Procedure
Code ScreenShot
You have mixed up the input and local variables with session variables. #id_add is not the same as id_add, nor is #f_name the same ad f_name. Therefore you are trying to insert empty values into your table.
I cannot see on the screenshot if the delimiter was appropriatly set before and after the query. Pls check that.
Check the stored proc by testing it from phpmyadmin.
This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 5 years ago.
I'm trying to learn really basic PHP/SQL and I did search prior to asking but they're really complicated examples for me.
So here is a basic tutorial code that I used and edited lightly.
What can I add to the existing code to check if the username already exists so I don't create it again?
<html>
<body>
<?php
// put your code here
$servername = "localhost"; //should be same for you
$username = "user"; //same here
$password = "password"; //your localhost root password
$db = "myDB"; //your database name
$conn = new mysqli($servername, $username, $password, $db);
if($conn->connect_error){
die("Connection failed".$conn->connect_error);
}else{
echo "Connected<br>";
}
$sql="INSERT INTO login (username, password)
VALUES
('$_POST[username]','$_POST[password]')";
echo "<br><br>Inserting into db: ";
if($conn->query($sql)==TRUE){ //try executing the query
echo "Query executed<br>";
}
else{
echo "Query did not execute<br>";
}
$conn-> close(); //close the connection to database
?>
</body>
</html>
You could always set the username column in MySQL to be unique. It will reject any duplicates from there.
I am using the following code to insert Event Logs and User Info from my Mobile App to a mysql database.
I am finding the " Character gives me issues later on when in use with JSON arrays that I pull from the db. What I would like to do is remove the " character in the php code completely before posting to the db.
Removing the " character by Javascript from the Mobile App is not really an option.
<?php
$servername = "localhost";
$username = "Fred";
$password = "Barney";
$dbname = "BamBam";
// Create connection
$conn = new mysqli ($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// escape variables for security
$event_log = mysqli_real_escape_string($conn, $_POST['event_log']);
$logged_by = mysqli_real_escape_string($conn, $_POST['logged_by']);
$sql = "INSERT INTO time_event (event_log, logged_by)
VALUES ('$event_log', '$logged_by')";
if ($conn->query($sql) === TRUE) {
echo "Data entered successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
Use mysqli_prepare and mysqli_stmt_bind_param to execute a parameterised query. I strongly advise this approach.
If you really want to just escape special characters for manual interpolation
into a query string, use mysqli_real_escape_string.
Hand-rolling a solution presents a real risk that you will
miss something important, leaving your program vulnerable
to SQL injection attacks.
I did not try, but this should do
$sql = sprintf("INSERT INTO time_event (event_log, logged_by)
VALUES ('%s' ,'%s'",$event_log,$logged_by);
We have the following code in the HTML of one of our webpages. We are trying to display all of the Wifi speeds and GPS locations in our database using the MySQL call and while loop shown in the below PHP code. However, it doesn't return anything to the page. We put echo statements in various parts of the PHP (ex. before the while loop, before the database stuff) and it doesn't even print those statements to the webpage.
<body>
<h2>WiFi Speeds in the System</h2>
<p>Speeds Recorded in the System</p>
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbc = mysql_connect($hostname, $username, $password)
or die('Connection Error: ' . mysql_error());
mysql_select_db('createinsertdb', $dbc) or die('DB Selection Error' .mysql_error());
$data = "(SELECT Wifi_speed AND GPS_location FROM Instance)";
$results = mysql_query($data, $dbc);
while ($row = mysql_fetch_array($results)) {
echo $row['Wifi_speed'];
echo $row['GPS_location'];
}
?>
</body>
This line is incorrect, being the AND:
$data = "(SELECT Wifi_speed AND GPS_location FROM Instance)";
^^^
Change that to and using a comma as column selectors:
$data = "(SELECT Wifi_speed, GPS_location FROM Instance)";
However, you should remove the brackets from the query:
$data = "SELECT Wifi_speed, GPS_location FROM Instance";
Read up on SELECT: https://dev.mysql.com/doc/refman/5.0/en/select.html
Using:
$results = mysql_query($data, $dbc) or die(mysql_error());
would have signaled the syntax error. Yet you should use it during testing to see if there are in fact errors in your query.
Sidenote:
AND is used for a WHERE clause in a SELECT.
I.e.:
SELECT col FROM table WHERE col_x = 'something' AND col_y = 'something_else'
Or for UPDATE, i.e.:
UPDATE table SET col_x='$var1'
WHERE col_y='$var2'
AND col_z='$var3'
Footnotes:
Consider moving to mysqli with prepared statements, or PDO with prepared statements, as mysql_ functions are deprecated and will be removed from future PHP releases.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Error reporting should only be done in staging, and never production.
"Thank you for the suggest but we tried that and it didn't change anything. – sichen"
You may find that you may not be able to use those functions after all. If that is the case, then you will need to switch over to either mysqli_ or PDO.
References:
MySQLi: http://php.net/manual/en/book.mysqli.php
PDO: http://php.net/manual/en/ref.pdo-mysql.php
hi mate i see some problem with your DB connection & query
here is example check this out
in SELECT is incorrect, being the AND .using a comma as column selectors:
and make condition for after set query & check data validation that is proper method
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "createinsertdb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); }
$sql = "SELECT `Wifi_speed `, `GPS_location `, FROM `Instance`";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo $row['Wifi_speed'];
echo $row['GPS_location'];
}
} else {
echo "0 results";
}
$conn->close();
?>
Good morning,
I am quite new to php and I am trying to create a connection to a MSSQL server, I've been able to do it through MYSQL php connection but what I thought would be a simply change to MSSQL is proving to be much harder than expected.
The below code is basically what I am using after much googleing and search in this website this is what i've come up with:
<?php
$Server = "127.0.0.1";
$User = "BOB123";
$Pass = "BOBPASS";
$DB = "BOBDB";
//connection to the database
$dbconn = mssql_connect($Server, $User, $Pass)
or die("Couldn't connect to SQL Server on $Server");
//select a database to work with
$selected = mssql_select_db($DB, $dbconn)
or die("Couldn't open database $myDB");
//declare the SQL statement that will query the database
$query = "SELECT CustomerName from tblCustomer ";
//execute the SQL query and return records
$result = mssql_query($query);
$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";
//display the results
while($row = mssql_fetch_array($result))
{
echo "<br>" . $row["name"];
}
//close the connection
mssql_close($dbconn);
?>
As you can see the above script is very basic and there are very similar ones knocking around on the web could anyone help in connecting to the server this script doesn't seem to want to connect. I've changed the log on details as you'd probably know.
Thanks
Kris
You have a typo on:
$dbconn = mssql_connect($Server, $User, $Pass);
Should be:
$dbconn = mysql_connect($Server, $User, $Pass);
You're typing mysql wrong on each mysql_ function you create, change all mssql_ to mysql_
Note:
You shouldn't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and use PDO or MySQLi.
#Daniel Gelling Doesn't look like a typo, looks like he is trying to connect to Microsoft SQL Server using mssql. You are correct about the API being outdated however.