Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I am a beginner at PHP and MYSQL. Here is my simple code to add data to a data base. it is not working
the connection.php(sets up the mysql connection variables) files have already been created and are working fine with other files and functions. Am receiving no errors while this code here does not add the data to the database
could someone please tell me where the problem could be?
<?php
if (isset($_POST['bookt']) & isset($_POST['type']) & isset($_POST['publisher']) & isset($_POST['year']) & isset($_POST['class']) & isset($_POST['subject'])) {
//set the values
$bookt= $_POST['bookt'];
$type= $_POST['type'];
$publ=$_POST['publisher'];
$year=$_POST['year'];
$class= $_POST['class'];
$subj= $_POST['subject'];
//INSERTING A ROW
$add_query= "INSERT INTO books ('Book Title','Type','Publisher','Yearp', 'Class','Subject')
VALUES ('$bookt','$type','$publ','&year','$class','$subj')";
//query
$result=mysql_query($add_query);
if (!$result) {die("couldn't perform query".mysql_error());}
if ($result) {echo " </ br> <p><script type='text/javascript'>alert('INSERT SUCCESSFUL!!!');</script></p><br /><br /> insert id was ".mysql_insert_id();}
};
?>
You have a lot of major problems with this code.
First, please don't use mysql_*; the mysql_* functions are outdated, deprecated, and insecure. They were removed entirely from PHP 7. Use MySQLi or PDO instead.
Second, the Boolean "and" operator is &&, not & (the bitwise "and" operator).
Third, it's $year, not &year.
Fourth, put column names in backticks, not single quotes ('...'):
$add_query= "INSERT INTO books (`Book Title`,`Type`,`Publisher`,`Yearp`, `Class`,`Subject'`)
VALUES ('$bookt','$type','$publ','$year','$class','$subj')";
Single quotes will cause your query to fail. This is why your query isn't working at all.
Fifth, you aren't doing any error checking or data validation.
Sixth, you are wide open to SQL injection. You need to use prepared statements and never put user input directly into SQL.
There may be even more issues, but these are the big ones.
If you want multiple conditions in your if-statement use a logical operator "&". Also mysql_ has been gone from PHP7 for a long time.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
$insert_query = "Asset Addition (server_name, phy_ip, nat_ip, server_model) values ('$server_name','$phy_ip','$nat_ip','$server_model')";
if(mysqli_query($con, $insert_query))
Do you think there is an issue with the syntax here?
"Do you think there is an issue with the syntax here?"
Yes, as I said in comments; syntax is English-based.
You need to use: INSERT INTO your_table and replacing with your table's actual name.
Your code also is open to an sql injection, use a prepared statement.
https://en.wikipedia.org/wiki/Prepared_statement
and mysqli_error($con) on the query.
Edit: Now seeing more comments, make sure you did successfully connect to your database and using the same MySQL API, and that all variables contain value and running off a webserver with PHP/MySQL installed and running.
Reference(s):
http://php.net/manual/en/function.mysqli-connect.php
http://php.net/manual/en/function.error-reporting.php
Example:
if(mysqli_query($con, $insert_query)) {
echo "Success";
} else {
echo "Error: " . mysqli_error($con);
}
Should this also fail, then you may also be inserting characters that MySQL is complaining about, such as an apostrophe and is seeing it as an sql injection.
Therefore you will need to escape that data, to which you should be doing in any case.
Again; use a prepared statement.
You need to make sure that the column types/lengths can also accomodate the incoming data. That could fail silently.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
Ex: If I have code :
$data = array('a','b','c');
foreach($data as $val){
mysql_query("INSERT INTO db (`title`)VALUES('$val')");
}
I want to insert all data from variable $val how can I coding it ?
please help !!!
thank !!
There are two things wrong which i can see at a glance.
mysql is deprecated, use mysqli instead. Reference
Since you will have to switch over to mysqli you will need to reference your database connection every time you want to do a mysql database related operation, unless you do some PHP magic (classes or methods).
Other than these two i guess there is no problem in your code, the for loop should work perfectly fine.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
SO, I want to create a pretty big mysql table that should save all of the squares of a chess board and their value, I'm using a PHP for() since it has 64 squares.
This always gives me 'not working'
<?php
mysql_connect('localhost','pierostesting','');
mysql_select_db('my_pierostesting');
$query="CREATE TABLE board (";
for($i=0;$i<63;$i++){
$query .= "i".$i." INT(1) NOT NULL,";
}
$query .="turno BOOL";
if (mysql_query($query)){
echo 'working';
}else echo 'not working'; ?>
I'm an idiot, didn't close the bracket.
try echoing out your complete SQL string, then use phpMyAdmin and see if the sql string actually works, or if it throws errors. You may have a sql syntax error.
If it does work, make sure your connection variables are correct (host, db name, username, password)
that should get you close to the answer.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
<?php echo mysql_real_escape_string('tientrer') ;?>
The above code is return an empty string in one server but is working fine in other servers. Why is it so?
Wildly random guess:
You are not connecting to a database using mysql_connect. mysql_real_escape_string needs a database connection to do its job (because you are escaping for the database; you are escaping this for a database query, right?!). If no connection exists yet, it'll try to establish one automatically using a standard username and password. On one server this standard password works, on another it doesn't.
you are escaping a string ?
you mean maybe like that
<?php echo mysql_real_escape_string($tientrer) ;?>
to escape the variable tientrer if its a variable.
EDIT:
then maybe the server which not working maybe the mysql is deprecated there , try change to mysqli or pdo
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I've decided to switch to MySQLi, because some people have told me it's more secure.. What I'm really confused about, is the new extensions. I tried just added 'i' after every mysql, but that gave me a crap load of errors. I looked up in the PHP manual why that was happening and there was a whole bunch of other functions.. I honestly can't figure out how to convert. Can you help me out?
include("dbinfo.php");
mysql_connect($c_host,$c_username,$c_password);
#mysql_select_db($c_database) or die(mysql_error());
$mycon = new mysqli($c_host, $c_username, $c_password, $c_database);
$query="SELECT * FROM users WHERE username='" .$_COOKIE['username']. "'";
$result=mysql_query($query) or die(mysql_error());
$num=mysql_numrows($result);
$username=mysql_result($result,$i,"username");
Here's what you need to do:
Read the overview so that have an understanding of the differences/advantages.
Consult the old -> new function summary on the PHP site and get your existing code up and running with the mysqli interface.
Take advantage of the improvements (such as using prepared statements) otherwise this is a futile exercise. (By default mysqli really isn't any more secure than mysql.)
One of the reasons MySQLi is more "secure" is because it offers a different interface, which is better in many ways. Instead of trying to translate your code directly, learn the new interface and use it. If that's all your code, it wouldn't be easy to rewrite from scratch, and which is more important, look up the equivalents (and alternatives) for everything you're doing in the code that you pasted.
For starters, you should use $mysqli->prepare with parameters instead of interpolating variables like you're doing.
http://www.php.net/manual/en/mysqli.prepare.php