PHP version 5.3.3, mysql 5.0.95
Need to migrate data from an existing table to two identical tables. Data from original needs parsing before insert into the two new tables. (That code not shown as I'm hoping to isolate this problem.)
Wanted to use transaction to insure new tables are identical.
task_id field is autoincrement in test_timecard and is unsigned mediumint in test_timecar_2.
Engine is InnoDB for both tables.
Separate queries works:
$timecard_data_results = array();
$fill_old_data_array_def = " SELECT task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment FROM timecard WHERE company_id = '" . $company_request . "' AND employee_id = '" . $employee_request . "' AND DATE(task_start_time) < '" . $new_text_format_date . "' AND (DATE(task_end_time) > '2014-12-31' OR DATE(task_end_time) = '2000-01-01') ORDER BY task_start_time";
$timecard_data_results = mysqli_query($conn, $fill_old_data_array_def);
while($timecard_record = mysqli_fetch_assoc($timecard_data_results)) {
$company_id = $timecard_record['company_id'];
$employee_id = $timecard_record['employee_id'];
$location = $timecard_record['location'];
$task_name = $timecard_record['task_name'];
$task_start_time = $timecard_record['task_start_time'];
$task_end_time = $timecard_record['task_end_time'];
$tccomment = $timecard_record['tccomment'];
$troubleshoot_def = "INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
$troubleshoot_2_def = "INSERT INTO test_timecard_2 (task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES (LAST_INSERT_ID(), '" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
$troubleshoot = mysqli_query ($conn, $troubleshoot_def);
$troubleshoot_2 = mysqli_query ($conn, $troubleshoot_2_def);
}
transaction with mysqli_multi_query inserts one row only to both tables. No errors reported.
$timecard_data_results = array();
$fill_old_data_array_def = " SELECT task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment FROM timecard WHERE company_id = '" . $company_request . "' AND employee_id = '" . $employee_request . "' AND DATE(task_start_time) < '" . $new_text_format_date . "' AND (DATE(task_end_time) > '2014-12-31' OR DATE(task_end_time) = '2000-01-01') ORDER BY task_start_time";
$timecard_data_results = mysqli_query($conn, $fill_old_data_array_def);
while($timecard_record = mysqli_fetch_assoc($timecard_data_results)) {
$company_id = $timecard_record['company_id'];
$employee_id = $timecard_record['employee_id'];
$location = $timecard_record['location'];
$task_name = $timecard_record['task_name'];
$task_start_time = $timecard_record['task_start_time'];
$task_end_time = $timecard_record['task_end_time'];
$tccomment = $timecard_record['tccomment'];
$troubleshoot_def = "START TRANSACTION; INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "'); INSERT INTO test_timecard_2 (task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES (LAST_INSERT_ID(), '" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "'); COMMIT;";
$troubleshoot = mysqli_multi_query ($conn, $troubleshoot_def);
}
Stumped.
$troubleshoot_def = "INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
$troubleshoot_2_def = "INSERT INTO test_timecard_2 (task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES (LAST_INSERT_ID(), '" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
There are lot's of problems here. First is that it does not make any sense at all to insert nearly identical data into two different tables. In fact when the operation completes you have three tables with nearly identical data namely test_timecard_2, test_timecard and timecard
Secondly you are inserting unescaped data. Since data comes from another of your tables there isn't much chance of an sql injection but there is still a likelyhood that the queries will fail. Specifically I am talking about code like this:
VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
Thirdly, you almost never need to do SELECT - LOOP - INSERT because mysql has a built in INSERT SELECT command.
INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment)
SELECT * FROM time_card
take care to get the columns right (the above is just a copy paste from two sections of your code)
Related
I am looking to update one of the table. After I update, all the duplicate data is getting inserted again. Especially, the cloneSQL part of the code. I tried using DISTINCT, NOT EXISTS but no luck.
if(DB_num_rows($checkResult) > 0){
$cloneSQL = "UPDATE DISTINCT pricematrixdiscount SET
discount='" . $vals[3] . "'
WHERE debtorno='" . $_POST['cloneTo'] . "',
product_line='" . $vals[1] . "',
salestype='" . $vals[2] . "' ";
}
else {
$cloneSQL = "INSERT into pricematrixdiscount
(debtorno,
product_line,
salestype,
discount) VALUES
('" . $_POST['cloneTo'] . "',
'" . $vals[1] . "',
'" . $vals[2] . "',
'" . $vals[3] . "')";
How can I insert only distinct values on the pricematricdiscount table without the duplicates being inserted?
Here is my code:
$result = mysql_query("INSERT INTO clients (client_id, name, surname, tel1,tel2,id_num,address)
VALUES ('" .$updating_id . "','" .$updatedName1 . "','" .$updatedName1 . "', '" .$updatedSurname1
. "', '" . $updatedTel1 . "', '" .$updatedTel2 . ", '" .$updatedId_num1. "', '" .$updatedAddress1.
") ON DUPLICATE KEY UPDATE name='" . $updatedName1 . "', surname='" . $updatedSurname1 . "',
tel1='" . $updatedTel1 . "', tel2='" . $updatedTel2 . "', id_num='" . $updatedId_num1 . "',
address='" .$updatedAddress1 . "'");
if(mysql_query($result))
{ echo $updatedName1," ", $updatedSurname1, " updated successfully ";
}
else {
echo mysql_error();}
}
I am noticing that the first quote on the mysql_query("INSERT INTO...
is closing with the first quote of the VALUES ('" .$updating_id . "'... statement and yet the way I quoted is the one in my examples, I have assessed.
Use if($result) instead of if(mysql_query($result)). thx #Vinie
And you miss two simple quotes in your VALUES statement:
$updatedTel2 . "'
$updatedAddress1."'
And you need to have a look at mysql_real_escape_string(); or at least use PDO :)
Please help!
What is wrong with this INSERT INTO query?!
This is before the query on the newUser.php page
$result2=mysqli_query($con,"SELECT count(*) AS count FROM boards");
while($row2 = mysqli_fetch_array($result2)){
$postNumber=$row2["count"];
}
echo $postNumber;
echo $_POST['bday'];
This is the query
mysqli_query($con,"INSERT INTO users (userID, profPicLoc, age, username, realName, birthday, password, meBoardID, email) VALUES (0, 'aa', 17, '" . $_POST['username2'] . "', '" . $_POST['name'] . "', '" . $_POST['bday'] . "', '" . $_POST['password2'] . "', " . $postNumber+2 . ", '" . $_POST['email'] . "')";
The connection is made to the database correctly, the userID is auto increment, and the birthday field in the database is DATE type
it recieves the information from this form on another page...
<form action="newUser.php" method="post">
</br>Name: <input type="text" name="name"></input></br>
Username: #<input type="text" name="username2"></input></br>
Password: <input type="password" name="password2"></input></br>
Email: <input type="text" name="email"></input></br>
Birthday: <input type="date" name="bday"></br>
<input type="submit"></input>
</form>
mysqli_query() parenthesis closing is wrong. Need one more closing parenthesis at the end.
remove the user_id from inserting if it is AI
mysqli_query($con,"INSERT INTO users (profPicLoc, age, username, realName, birthday, password, meBoardID, email)
VALUES ('aa', 17, '" . $_POST['username2'] . "', '" . $_POST['name'] . "', '" . $_POST['bday'] . "', '" . $_POST['password2'] . "', " . $postNumber+2 . ", '" . $_POST['email'] . "')");
Use it:
mysqli_query($con,"INSERT INTO users
(profPicLoc, age, username, realName, birthday, password, meBoardID, email)
VALUES ('aa', 17, '" . $_POST['username2'] . "', '" . $_POST['name'] . "', '" . $_POST['bday'] . "', '" . $_POST['password2'] . "', " . $postNumber+2 . ", '" . $_POST['email'] . "')";
never include primary key with auto incremented column while inserting.
I am trying to insert the current date into MySQL database in this format: (12/31/2013 10:26:12 PM). I've tried to make a simple code to change the format, but all I get is a syntax error
$sql = "INSERT INTO Students
VALUES
('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "',
'" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "',
'" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA']
"TO_CHAR(SYSDATE(),'dd/mm/yyyy')";
Tell me please what shall I do with it.
Just try this
$sql = "INSERT INTO Students VALUES ('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "', '" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "', '" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] . gmdate('m/d/Y g:i:s A').")";
or try this one
$sql = "INSERT INTO Students VALUES ('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "', '" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "', '" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] ."', '" . gmdate('m/d/Y g:i:s A').")";
You can also change gmdate with date
Have A nice day
USE
DATE_FORMAT(NOW(),'%m/%d/%Y %h:%i:%s %p') ;
i think some error in query also check:
$sql = "INSERT INTO Students
VALUES
('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "',
'" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "','" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] ."',DATE_FORMAT(NOW(),'%m/%d/%Y %h:%i:%s %p') )";
it should work.
check link:
http://www.w3schools.com/sql/func_date_format.asp
I have a pre-constructed array created from some test data as I have not yet set up a post form. The array looks like this:
$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => 'email#email.com', 'developer_or_client' => 'developer', 'email' => 'email#email.com');
foreach ($ud as $key => $value) {
$value = mysql_real_escape_string($value);
}
From this array, I then try to insert the data via a MySQL query into my database:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
However, it dies with the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#email.com, username, password, london, mobile, developer, hello, email#email.com)' at line 1
Please can you tell me where I am going wrong?
You need quotes around each value in parenthases
Two things:
As Jeff notes, you need to put quotes around the strings.
Before putting quotes around them, you need to pass each string through mysql_real_escape_sring().
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
try it:)
From the sounds of the column names those are varchar column types so you need to wrap your values with quotes:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
Also if the values are coming from user input you should run each value through mysql_real_escape_string to help prevent against SQL injection attacks
See this:
VALUES (" . $ud['name'] . ",
Nedd that:
VALUES ('" . $ud['name'] . "',
And for other columns too (if is not numberic)