This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
I am trying to insert data into a MySQL database using PHP. As far as I can see I am using the correct code, but it is not inserting - nothing changes in phpMyAdmin. Am I doing anything wrong? (I changed the database name and password here just for safety- it connects without any issues)
<?php
$link = mysqli_connect("localhost", "dbname", "password", "dbname");
if (mysqli_connect_error()) {
die ("Error connecting to the database");
}
$query = "INSERT INTO 'users' ('email', 'password')
VALUES ('example#example.com', '12345678')";
mysqli_query($link, $query);
?>
Use backticks `` instead of single quote ':
$query = "INSERT INTO `users` (`email`, `password`)
VALUES ('example#example.com', '12345678')";
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(2 answers)
Closed 5 years ago.
I´m new in php programming and so i tried to connect my php file with an sql database. It´s working till i come to the point were i want to use a query and execute them. Can someone please help me why i always get "Error querying database"?
$query = "INSERT INTO user (surname, name, e-mail, password) VALUES ('$text', '$text2', '$text3', '$text4')";
$query2 = "CREATE TABLE $text3 (
name VARCHAR(30) PRIMARY KEY,
password VARCHAR(30))";
//make the query
$result = mysqli_query($db, $query) or die('Error querying database.');
$result2 = mysqli_query($db, $query2) or die('Error querying database1.');
I am defenitely connected with the database before.
My second question is the right use of the Create Table statement. I want to create a table which is named like the users E-mail address. Is this the right usage?
CREATE TABLE $text3 (
name VARCHAR(30) PRIMARY KEY,
password VARCHAR(30))";
I especially want to know if i need to set ' before the $text3 or not.
I solved this Problem with the help of #FunkFortyNiner the problem is the - between the e-mail. I neededt to remove it.
Now the code looks like this:
$query = "INSERT INTO user (surname, name, email, password) VALUES ('$text', '$text2', '$text3', '$text4')";
$query2 = "CREATE TABLE $text3 (
name VARCHAR(30) PRIMARY KEY,
password VARCHAR(30))";
//make the query
$result = mysqli_query($db, $query) or die('Error querying database.');
$result2 = mysqli_query($db, $query2) or die('Error querying database1.');
Use
die('Error querying database.' . mysqli_error($db) );
To know about the exact error.
More specifically use e_mail or email instead of e-mail as the column name in your db schema.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
This is my PHP code:
$sql = "INSERT INTO `reviews`(`Departed`, `Returned`, `Name`, `Review`) VALUES ($departed,$returned,$name,$message)";
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
$review[] = mysql_fetch_assoc($sql_result);
The query fails to execute, but the string looks okay:
request "Could not execute SQL query" INSERT INTO `reviews`(`Departed`, `Returned`, `Name`, `Review`) VALUES (2015-08-01,2015-08-06,test,test)
You need to put quotes around the input strings
... VALUES ('2015-08-01', '2015-08-06', 'test', 'test')
or way better use Prepared Statements that do that and more for you.
VARCHAR and DATE must be enclosed in quotes. Only numbers may be stripped of quotes.
$sql = "INSERT INTO `reviews`(`Departed`, `Returned`, `Name`, `Review`) VALUES ('$departed','$returned','$name','$message')";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
include("db_connector.php");
$soru = "asdasds";
$tip = 1;
$soruId = 0;
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
$islem = mysql_query($sql)or die(mysql_error());;
if(isset($islem))
{
$soruId = mysql_insert_id();
}else
{
header("refresh:2;sorular.php");
}
this code give an error like this : Unknown column 'asdasds' in 'field list'
You need to change the SQL statement in this:
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."','".$soru."',".$tip.")";
Strings needs to be encapsulated with a single quote. :)
I just add ' before and after every variable in query. You cannot pass string to query without adding single quote '.
Change From:
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
to :
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."', '".$soru."', '".$tip."')";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 8 years ago.
Can someone help me understand this error?
Fatal error: Call to a member function bind_param() on a non-object in C:\MAMP\htdocs\MyCMS\insert_posttwo.php on line 64
<?php
$mysqli = mysqli_connect("localhost", "root", "root", "mycms");
if (isset($_POST['submit'] )) {
$post_author = $_POST['post_author'];
$stmt = $mysqli->prepare ("INSERT INTO 'posts' ('post_author') VALUES(?)");
$stmt->bind_param('s', $post_auth);
$post_auth = $post_author;
$stmt->execute();
echo "<script>alert('Post has been published')</script>";
echo "<script>window.open('insert_post','_self')</script>";
$stmt->close();
}
?>
Instead of single quotes ' use backticks ` to escape field or table names .
$stmt = $mysqli->prepare ("INSERT INTO `posts` (`post_author`) VALUES(?)");
Change this (For columns you have to use back ticks not single quotes):
'posts'
to:
`posts`
Also you have to create a object and not the procedural method otherwise you can't do that so use this:
$mysqli = new mysqli_connect("localhost", "root", "root", "mycms");
//^^^ See here so you create a object
And also you have to close your connection like this:
$mysqli->close();
//^^^^^ Close the connection and not the stmt
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
I am trying to insert data into a database through php.. Easy enough (I thought). I can't figure out what I am doing wrong. Here is my code:
$DB_HostName = "localhost:8888";
$DB_Name = "Sample";
$DB_User = "root";
$DB_Pass = "root";
$DB_Table = "Check";
$con = mysql_connect($DB_HostName,$DB_User,$DB_Pass) or die(mysql_error());
mysql_select_db($DB_Name,$con) or die(mysql_error());
$sql = "INSERT INTO $DB_Table (name) VALUES ('Sally') ";
mysql_query($sql) or die ("Error with Result");
mysql_close($con);
It gives me an error saying "Error with Result". This means that it must be connecting to the database correctly and everything is working right except for the end part.. What am I missing? If I say (msql_error()) it also does tell me to check the $sql. I can't figure out though what I am typing in wrong.
escape your database name with backtick
$sql = "INSERT INTO `$DB_Table` (name) VALUES ('Sally') ";
or
$sql = "INSERT INTO `" . $DB_Table . "` (name) VALUES ('Sally') ";
CHECK is a MySQL Reserved Keyword.
MySQL Reserved Keyword List
How can I prevent SQL injection in PHP?
I can't stress this enough, don't use mysql_ functions, that time has gone. Use either mysqli or PDO.
A simple way to check what is wrong with your SQL query is to add an error flag on the end of your die statement mysql_query($sql) or die ("Error with Result<br>".mysql_error());
It appears in your case that check is a constraint used to limit the value range that can be placed in a column. You would need to identify that it is a table using "`":
$sql = "INSERT INTO `$DB_Table` (name) VALUES ('Sally') ";