This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 6 years ago.
My PHP Code:
<?php
//Connecting to sql db.
$mysqli = new mysqli("127.0.0.1", "admin", "pass", "enedpt_faculties");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
mysqli_set_charset($mysqli,"utf8");
$user = $_POST['user'];
$pass = $_POST['pass'];
$nome = $_POST['nome'];
$apelido = $_POST['apelido'];
$fac = $_POST['fac'];
$data = $_POST['data'];
$email = $_POST['email'];
mysqli_query($mysqli,"`enedpt_faculties`.`users` (`user`, `pass`, `name`, `sname`, `facid`, `nasc`, `mail`)
VALUES ('$user', '$pass', '$nome', '$apelido, '$fac', '$data', '$email')");
?>
For some reason the query is not inserting, and there are no errors on the error Log. Please Help.
You have to uae correct SQL.
An insert statement looks like this:
'INSERT INTO "table" (columnnames) VALUES (values)';
In your specific case you also have to concatenate the variables to the SQL-string:
'INSERT INTO `users` (`user`, `pass`, `name`, `sname`, `facid`, `nasc`, `mail`) VALUES ('.$user.', '.$pass.', '.$nome.', '.$apelido.', '.$fac.', '.$data.', '.$email.')'
You also can use back tics on the variables. Also you had some mistakes like missing quotes.
Related
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Reference - What does this error mean in PHP?
(38 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 5 years ago.
I have this form and I can’t get it to post to my sql database?
https://xcanberracars.com/assets/booking/bookride_bu240118.php
This is the code I believe I have everything right but obviously not.
error_reporting(E_ALL & ~(E_STRICT|E_NOTICE|E_WARNING));
$host="localhost";
$dbuser="xcanberr_accountmanager";
$dbpass="*********”;
$dbname="xcanberr_PromoCodes";
$link = mysqli_connect($host, $dbuser, $dbpass,$dbname);
if(!$link)
{
echo "ERROR| Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
$booking_id = "XBR".date("dmYHis");
$sql = "INSERT INTO booking_table (bookingID, first_name, last_name, email, phone, pickup_location, drop_location)
VALUES ('$bookingId', '$firstName', '$lastName', '$email', '$phone,'$pickupAddressLine1', '$dropAddressLine1')";
mysqli_query($conn, $sql);
I can get it to work on my local host pc but won’t work on the server
In your code their is 2 mistakes.
1- line no. 19 '$phone should be '$phone'
2- line no. 21 mysqli_query($conn, $sql); should be mysqli_query($link, $sql);
3- booking_id AND bookingId
use this code
error_reporting(E_ALL & ~(E_STRICT|E_NOTICE|E_WARNING));
$host="localhost";
$dbuser="xcanberr_accountmanager";
$dbpass="*********”;
$dbname="xcanberr_PromoCodes";
$link = mysqli_connect($host, $dbuser, $dbpass,$dbname);
if(!$link){
$bookingId = "XBR".date("dmYHis");
$firstName = mysqli_real_escape_string($link, $firstName);
$email = mysqli_real_escape_string($link, $email);
$phone = mysqli_real_escape_string($link, $phone);
$pickupAddressLine1 = mysqli_real_escape_string($link, $pickupAddressLine1);
$dropAddressLine1 = mysqli_real_escape_string($link, $dropAddressLine1);
$sql = "INSERT INTO booking_table (bookingID, first_name, last_name, email, phone, pickup_location, drop_location)
VALUES ('$bookingId', '$firstName', '$lastName', '$email', '$phone','$pickupAddressLine1', '$dropAddressLine1')";
mysqli_query($link, $sql);
I try to insert some values from a form into my database with this code:
<?php
$link = mysqli_connect("myHost", "myUsername", "myPW", "myDB");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$name1 = mysqli_real_escape_string($link, $_REQUEST['plannercolumn1']);
$name2 = mysqli_real_escape_string($link, $_REQUEST['plannercolumn2']);
$name3 = mysqli_real_escape_string($link, $_REQUEST['plannercolumn3']);
$name4 = mysqli_real_escape_string($link, $_REQUEST['plannercolumn4']);
$name5 = mysqli_real_escape_string($link, $_REQUEST['plannercolumn5']);
$name6 = mysqli_real_escape_string($link, $_REQUEST['plannercolumn6']);
// attempt insert query execution
$sql = "INSERT INTO anmeldungen (FR_PM) VALUES ('$name1')";
$sql = "INSERT INTO anmeldungen (SA_AM) VALUES ('$name2')";
$sql = "INSERT INTO anmeldungen (SA_PM) VALUES ('$name3')";
$sql = "INSERT INTO anmeldungen (SO_AM) VALUES ('$name4')";
$sql = "INSERT INTO anmeldungen (SO_PM) VALUES ('$name5')";
$sql = "INSERT INTO anmeldungen (MO_AM) VALUES ('$name6')";
if(mysqli_query($link, $sql)){
echo "Name ", $name1, " erfolgreich eingetragen. Wir freuen uns auf dich!";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
When I submit the form, it's creating a new row, but it's not inserting any values in all of the columns, but the column MO_AM. Is there a fault in my PHP?
Your query should look like:
$sql = "INSERT INTO anmeldungen
(FR_PM,SA_AM,SA_PM,SO_AM,SO_PM,MO_AM)
VALUES ('$name1','$name2','$name3','$name3','$name4','$name5','$name6')";
Are you sure that the $name variables have values?
Your SQL Query should be:
$sql = "INSERT INTO `anmeldungen`(`FR_PM`,`SA_AM`,`SA_PM`,`SO_AM`,`SO_PM`,`MO_AM`)
VALUES ('$name1','$name2','$name3','$name4','$name5','$name6')";
Though you shouldn't be using $variable as the insert you should look to binding these to prevent SQL Injections.
What you did just overwrite the query.You can insert multiple values into the same table.
Change your query:-
EDIT:
If you use multiple lines for the query it should look like this.
Also When you append the variable.
$sql = 'INSERT INTO anmeldungen (FR_PM,SA_AM,SA_PM,...)'
.' VALUES ('.$name1.','.$name2.','. .... .)'
;
Having trouble submitting data to a database because of syntax error.
Database Structure
database: red_fungi
username: fungi_47
password: *******
Table Structure:
columns > type
id > int(11)
first_name > text
last_name > text
email > text
phone > text
website > text
description > text
As well as the php code:
<?php
$servername = "localhost";
$username = "fungi_47";
$password = "********";
$dbname = "red_fungi";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Escape user inputs for security
$first_name = mysqli_real_escape_string($link, $_POST['first_name']);
$last_name = mysqli_real_escape_string($link, $_POST['last_name']);
$email = mysqli_real_escape_string($link, $_POST['email']);
$phone = mysqli_real_escape_string($link, $_POST['phone']);
$website = mysqli_real_escape_string($link, $_POST['website']);
$comment = mysqli_real_escape_string($link, $_POST['comment']);
$hosting = mysqli_real_escape_string($link, $_POST['hosting']);
$sql = "INSERT INTO contact (id, first_name, last_name, email, phone, website, description, hosting)
VALUES (NULL, $first_name, $last_name, $email, $phone, $website, $comment, $hosting)";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
When submitting, I see that the post has been successful:
first_name=Bill&last_name=Nye&email=bill%40nye.com&phone=8888888888&website=billnyefungi.com&comment=help%20me%20make%20a%20fungi%20website&hosting=yes
but the post response shows the following error:
Error: INSERT INTO contact (id, first_name, last_name, email, phone, website, description, hosting)
VALUES (NULL, , , , , , , )You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near ' , , , , , )' at line 2
However I've checked the syntax and can't see anything wrong with it. Any ideas what's going wrong?
Your sql statement needs to look more like this:
$sql = "INSERT INTO `contact` (`id`, `first_name`, `last_name`, `email`, `phone`, `website`, `description`, `hosting`)
VALUES (NULL, '{$first_name}', '{$last_name}', '{$email}', '{$phone}', '{$website}', '{$comment}', '{$hosting}')";
The first thing I do when I have a problem like this is echo out the sql and see if there are obvious problems
and follow up on all the data validation & security points made by other users.
Your code is assuming that $_POST['XXX'] will be populated, and it isn't. Thats what all those ,,,,,,,, mean in the error.
Instead, first check if $_POST['XXX'] is created, and has a value prior to using it.
if ((isset($_POST['first_name'])) && (!empty( $_POST['first_name'])) ) {
//do query and rest of your script
} else { die('Need form input');}
Im having a problem with my PHP code, it says the error is "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1"
It connects to the database ok as it echos "Database Connection Successful" but it dosnt insert the data into the database. This worked fine before, but now all of a sudden its stopped working. Can anyone help?
<?php
$username = "student";
$password = "student";
$hostname = "localhost";
$db = "details";
$link = new mysqli($hostname, $username, $password, $db);
if ($link->connect_errno)
printf("Connect failed: %s\n", $link->connect_error);
else
echo "Database Connection Successful \n";
echo nl2br("\n");
$Urgency = "Urgency";
if(isset($_POST['submit'])){
$TypeOfProblem = $_POST['problemtype'];
$ProblemDescription = $_POST['problem'];
$RoomNo = $_POST['roomno'];
$Problem = $_POST['reporter'];
$Urgency = $_POST['Urgency'];
$Date = $_POST['date'];
//Insert into Database
$sql = "INSERT INTO `details`.`problem` (`Type Of Problem`, `Problem Description`, `RoomNo`, `Urgency`, `UserIDProblem`,`Date` ) VALUES ('$TypeOfProblem', '$ProblemDescription', '$RoomNo', '$Urgency', '$Problem', $Date)";
if (!mysqli_query($link, $sql))
{
die('Error: ' . mysqli_error($link));
}
echo "\n Thank you. Your Helpdesk Call has been submitted.";
mysqli_close($link);
}//////// end isset submit if ////////
?>
Thanks
Try using this, the problem is the single quote ` should be '
$sql = "INSERT INTO 'details'.'problem' ('Type Of Problem', 'Problem Description', 'RoomNo', 'Urgency', 'UserIDProblem','Date' ) VALUES ('$TypeOfProblem', '$ProblemDescription', '$RoomNo', '$Urgency', '$Problem', '$Date')"
Or try to set an echo $sql and test the query directly on de dbms
The date '$Problem', $Date)"; needs single-quotes '$Problem', '$Date')";
First, it is a good idea to leave out the database name:
$sql = "INSERT INTO `problem` (`Type Of Problem`, `Problem Description`, `RoomNo`, `Urgency`, `UserIDProblem`, `Date`) VALUES ('$TypeOfProblem', '$ProblemDescription', '$RoomNo', '$Urgency', '$Problem', $Date)";
Are you sure, that your column names have spaces in it? I mean this would work, but this is not a good idea, I think.
I cannot find another problem in your query, maybe you should quote the date:
$sql = "INSERT INTO `problem` (`Type Of Problem`, `Problem Description`, `RoomNo`, `Urgency`, `UserIDProblem`, `Date`) VALUES ('$TypeOfProblem', '$ProblemDescription', '$RoomNo', '$Urgency', '$Problem', '$Date')";
Otherwise, please provide us with the full query:
die("INSERT INTO `problem` (`Type Of Problem`, `Problem Description`, `RoomNo`, `Urgency`, `UserIDProblem`, `Date`) VALUES ('$TypeOfProblem', '$ProblemDescription', '$RoomNo', '$Urgency', '$Problem', $Date)");
And you SHOULD notice, that your code is exploitable with SQL-Injections! Use mysqli_real_escape_string.
For debugging this, output the actual SQL text that is being submitted to the database, using echo or vardump e.g.
$sql = "INSERT INTO ...";
echo "SQL=" . $sql ;
That will show you the actual statement that's going to be submitted to the database, and you can usually debug the problem from there.
If date isn't a numeric, if it represents a DATE datatype or a string, the value needs to be enclosed in single quotes. Otherwise, it's likely going to be interpreted in a numeric context.
Note that this code appears to be vulnerable to SQL Injection, because it includes potentially unsafe values in the SQL text. Consider what happens when a value contains "special" characters, like a single quote, or comma.
Potentially unsafe values must be properly escaped. With mysqli, you can use the mysqli_real_escape_string function.
A better pattern is to use a prepared statement with bind placeholders.
As an example of what that would look like (before it's cluttered up with code to checks for errors from the return of the mysqli_ function calls)
$sql = "INSERT INTO `details`.`problem`
(`Type Of Problem`,`Problem Description`,`RoomNo`,`Urgency`,`UserIDProblem`,`Date`)
VALUES (?,?,?,?,?,?)";
$sth = mysqli_prepare($link,$sql);
if (!$sth) {
echo "error:" . mysqli_error($link);
)
mysqli_stmt_bind_param($sth,"ssssss"
,$TypeOfProblem,$ProblemDescription,$RoomNo,$Urgency,$Problem,$Date);
mysqli_stmt_execute($sth);
I am new to using MySQLi. I try to use MySQLi in order to insert data in my database. But does not work. Where may be the error?
echo 'connected';
$con = mysqli_connect("localhost",$username,$password,$database);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// mysqli_select_db($con,"kraus");
$firstname = $_POST['uname'];
$lastname = $_POST['address'];
$age = $_POST['pass'];
$sql = "INSERT INTO registration('uname', 'address', 'password') VALUES ('$firstname', '$lastname', '$age')";
mysqli_query($con,$sql);
echo "1 record added";
mysqli_close($con);
Why is line this commented out? You are selecting the database in mysqli_connect("localhost","root","root","kraus") but it makes no sense why that is there:
// mysqli_select_db($con,"kraus");
Should you not have that commented like this?
mysqli_select_db($con,"kraus");
Also there is no space here between registration and the fields in (…) as well as the quotes around your fields:
$sql = "INSERT INTO registration('uname', 'address', 'password') VALUES ('$firstname', '$lastname', '$age')";
That should be like the following with a space added between the table name & the fields. And since there should just be no quotes around your field names so the final query should be this:
$sql = "INSERT INTO registration (uname, address, password) VALUES ('$firstname', '$lastname', '$age')";
Or perhaps have back ticks like this:
$sql = "INSERT INTO registration (`uname`, `address`, `password`) VALUES ('$firstname', '$lastname', '$age')";
Also, you should really refactor & cleanup your whole codebase like this:
// Set the connection or die returning an error.
$con = mysqli_connect("localhost","root","root","kraus") or die(mysqli_connect_errno());
echo 'connected';
// Select the database.
// mysqli_select_db($con, "kraus");
$post_array = array('uname','address','pass');
foreach ($post_array as $post_key => $post_value) {
$$post_key = isset($_POST[$post_value]) && !empty($_POST[$post_value]) ? $_POST[$post_value] : null;
}
// Set the query.
$sql = "INSERT INTO registration (uname, address, password) VALUES (?, ?, ?)";
// Bind the params.
mysqli_stmt_bind_param($sql, 'sss', $uname, $address, $pass);
// Run the query.
$result = mysqli_query($con, $sql) or die(mysqli_connect_errno());
// Free the result set.
mysqli_free_result($result);
// Close the connection.
mysqli_close($con);
echo "1 record added";
Note how I am using mysqli_stmt_bind_param and also setting an array of $_POST values & rolling throughout them. Doing those two basic things at least enforce some basic validation on your input data before it gets to the database.
You have quotes around the column names in your query. Maybe you meant to use backticks instead:
(`uname1`, `address`,...)
You are also vulnerable to sql injection. Look into mysqli prepared statements.