To Start.. I am using mysqli_real_escape_string() on every text field, and leaving INT as they are:
The following query successfully inserts the record into the table without fail, every field is correctly stored... There has to be something I'm being glib about, I have blurry coding eyes at this point... But after the INSERT statement is run, mysqli_error($con) tosses the following error:
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
(I'm nearly 100% certain I do not even use the number 1 at all, whether it be in the php code or a value)
$query = mysqli_query($con,"INSERT INTO hj_media
(mediaID,MedDropID,MediaName,GLCode,Store,MediaType,MiscDetail,ArtDueDate,RunDate,EndDate,AdvMonth,Size,Dimensions,TotalCost,HJShare,CoOpShare,Vendor,HamiltonFiscal,VendorFiscal,AdDescription,Category,AddedtoVCM,ArtworkRequested,InvoiceProcessed,BilledVendor,NetCost,ProductionCost,CostPiece,QuantityOrdered,HJCostPrinting,Postage,DDFee,EventDescription,EventDate,DateToPrint,DateInMail,DateInHome,TotalPrintQuantity,TotalMailFile,TotalActualMail,ReturnedPieces,SalesResultsUnits,SaleResultsDollars,SpendNonPrint,SpendPrint,SpendAdvertising,SpendPR,MediaNameOther,ClientPersona,Campaign)
VALUES(NULL,$add_medid,'$add_vehicle',$add_glcode,'$add_loclist','$add_type','$add_miscdetails','$add_artdate','$add_rundate','$add_enddate','$add_month','$add_size','$add_dimensions','$add_totalcost','$add_hjshare','$add_coopshare','$add_vendor',$add_hamiltonfiscal,$add_vendorfiscal,'$add_addescription','$add_category','$add_addedtovcm','$add_artworkrequested','$add_invoiceprocessed','$add_billedvendor','$add_netcost','$add_productioncost','$add_costperpiece',$add_quantityordered,'$add_hjprintcost','$add_postage','$add_ddfee','$add_eventdescription','$add_eventdate','$add_datetoprint','$add_dateinmail','$add_dateinhome',$add_printquantity,$add_totalmailfile,$add_totalactualmail,$add_returnedpieces,$add_salesunits,'$add_salesdollars','$add_spendnonprint','$add_spendprint','$add_spendadvertising','$add_spendpr','$add_medianameother','$add_persona','$add_campaign')");
if (mysqli_query($con, $query)) {
echo "New record created successfully";
}
else {
echo mysqli_errno($con) . ": " . mysqli_error($con) . "\n";
}
UPDATED QUERY, TRY THIS
$query="INSERT INTO hj_media
(mediaID,MedDropID,MediaName,GLCode,Store,MediaType,MiscDetail,ArtDueDate,RunDate,EndDate,AdvMonth,Size,Dimensions,TotalCost,HJShare,CoOpShare,Vendor,HamiltonFiscal,VendorFiscal,AdDescription,Category,AddedtoVCM,ArtworkRequested,InvoiceProcessed,BilledVendor,NetCost,ProductionCost,CostPiece,QuantityOrdered,HJCostPrinting,Postage,DDFee,EventDescription,EventDate,DateToPrint,DateInMail,DateInHome,TotalPrintQuantity,TotalMailFile,TotalActualMail,ReturnedPieces,SalesResultsUnits,SaleResultsDollars,SpendNonPrint,SpendPrint,SpendAdvertising,SpendPR,MediaNameOther,ClientPersona,Campaign) ";
$query.=" VALUES(NULL,$add_medid,'$add_vehicle',$add_glcode,'$add_loclist','$add_type','$add_miscdetails','$add_artdate','$add_rundate','$add_enddate','$add_month','$add_size','$add_dimensions','$add_totalcost','$add_hjshare','$add_coopshare','$add_vendor',$add_hamiltonfiscal,$add_vendorfiscal,'$add_addescription','$add_category','$add_addedtovcm','$add_artworkrequested','$add_invoiceprocessed','$add_billedvendor','$add_netcost','$add_productioncost','$add_costperpiece',$add_quantityordered,'$add_hjprintcost','$add_postage','$add_ddfee','$add_eventdescription','$add_eventdate','$add_datetoprint','$add_dateinmail','$add_dateinhome',$add_printquantity,$add_totalmailfile,$add_totalactualmail,$add_returnedpieces,$add_salesunits,'$add_salesdollars','$add_spendnonprint','$add_spendprint','$add_spendadvertising','$add_spendpr','$add_medianameother','$add_persona','$add_campaign');";
$result =mysqli_query($con,$query);
If($result){
echo "Success"';
}
else{
echo " query failed ". mysqli_errno();
}
The problem is yoir sending a boolean gotten from the first query test into another mysqli query function. It's a good thing to have set a variable that refernces your query string, so that you use but this value in the mysqli query function . Try this
$query="put your myqli query here;";
$result =mysqli_query($con,$query);
If($result){
echo "Success"';
}
else{
echo " query failed ". mysqli_errno();
}
can you knidly thick the question answered if this solves your problem ?
Related
I'm currently working on creating a login system, one part of which is of course registration. It's been going smoothly up until this point, where I'm getting an error.
I've researched this as thoroughly as I can, but I can't find the solution as it is giving me an incorrect line number.
The error I'm getting is:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
My SQL query is
$token = (round(microtime(true) * 1000));
$query = mysql_query("INSERT INTO "
. "`users` "
. "(name, password, email, token) "
. "VALUES "
. "('$_POST[user]'"
. ",'".hash('sha512',$_POST['pass'])."'"
. ",'$_POST[email]'"
. ",'$token')") or die(mysql_error());
if (mysql_query($query) === TRUE) {
//echo "Sucsessfuly registered! Check your email for a confirmation link.";
} else {
echo "Error: " . mysql_error();
}
(this is not the first line of the file, it's the 22d)
When the code runs, even though it throws the error it still is inserting the values into the table correctly.
Also when I run the same query in phpmyadmin, it runs just fine with no errors.
I've been trying to solve this error for the last 3 hours so any help would be appreciated ;)
You're calling mysql_query twice: first with the SQL, and then you're using the result of the query as if it were a query. The error you're getting is because $query is true, which gets turned into 1 when treated as a string.
Either you should just set $query to the SQL string:
$query = "INSERT INTO ...";
if (mysql_query($query)) {
...
} else {
...
}
or you should just check the value of $query:
$query = mysql_query(...);
if ($query) {
...
} else {
...
}
I am trying to do simple insert in php and MySQL.
The HTML form has 3 fields with 1st one being mandatory and other 2 optional.
their names being :
name, address and phoneno
table name is users : id(int)|name(varchar)|address(varchar)|phoneno(int) , id is primary-key and auto-increment
and all except name and id are allow-nulls
assuming i have connection created and held in $con ,providing a value just for name and submitting the form
$name = $_POST['name']?$_POST['name']:NULL;
$address= $_POST['address']?$_POST['address']:NULL;
$phoneno= $_POST['phoneno']?$_POST['phoneno']:NULL;
$q="INSERT INTO users (name,address,phoneno)
VALUES('{$name}','{$address}',{$phoneno})";
if(mysql_query($q,$con)){
echo "data inserted successfully";
}
else{
echo "ERROR: ".mysql_error();
}
Is giving me
ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
Never do this in production environments! But for learning, try this:
$name = $_POST['name']?$_POST['name']:'NULL';
$address= $_POST['address']?$_POST['address']:'NULL';
$phoneno= $_POST['phoneno']?$_POST['phoneno']:'NULL';
$q="INSERT INTO users (name,address,phoneno) VALUES('$name','$address',$phoneno)";
if(mysql_query($q,$con)){
echo "data inserted successfully";
}
else{
echo "ERROR: ".mysql_error();
}
You have to use 'NULL' as string
Do not wrap variables with {}. this is only needed when you use object properties like {$obj->foo}
There are some other serious security issues in this code like sql injection. So never do this in production environments!
I have the following stored procedure that executes correctly when I run my program:
$insertIntoEmployeesProcedure = "
CREATE PROCEDURE EmployeeInsert(name VARCHAR(50),password VARCHAR(50), email VARCHAR(50))
BEGIN
INSERT INTO employees(name,password,email) values(name,password,email);
END";
$returnInsertIntoEmpProc = $conn->query($insertIntoEmployeesProcedure);
if(! $returnInsertIntoEmpProc )
{
die('Could not create insert procedure: ' . $conn->error);
}
else
{
echo "Insert Procedure created successfully<br/>";
}
I then call this procedure in another class when needed:
$insertEmp = mysqli_query($conn, "Call EmployeeInsert('$username','$password', '$email')");
$executeInsertEmp = $conn->query($insertEmp);
if(!$executeInsertEmp )
{
die('Employees not added: ' . $conn->error);
}
else
{
echo "Employees added<br/>";
}
The problem is, when I execute this code, I get the following error
Employees not added: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
The main issue I have with this is that even though it returns this error, the record is still added into the database and everything seems to be working fine. I guess I'm more curious as to why I'm getting this error as clearly I'm overlooking something.
Ah I see what I've done, I seem to have added an additional query which was unnecessary, the line:
$executeInsertEmp = $conn->query($insertEmp);
can be ommited, the check in the if statement is then done on the variable which holds the stored procedure. The following code works:
$insertEmp = mysqli_query($conn, "Call EmployeeInsert('$username','$password', '$email')");
if(!$insertEmp )
{
die('Employees not added: ' . $conn->error);
}
else
{
echo "Employees added<br/>";
}
I am trying to run PHP could which inserts a value into a MySQL table.
My db connection is working ok.
I have the code in a function:
function InsertRighmoveID($RightmoveID)
{
# Connection already created in main program
#Define the query to insert righmove ID already in Database
#VALUES ('" . substr($name, 23, 31) . "')";
echo "In InsertRighmoveID() function </br>";
$query_enter_rightmove_ID =
"INSERT INTO tblRightMoveIDs (rightmoveID)
VALUES ('" . $RightmoveID . "');";
#Echo the query to check it
echo $query_enter_rightmove_ID . "</br>";
#Execute the query
$query_enter_rightmove_ID = mysql_query($query_enter_rightmove_ID);
echo "Leaving InsertRighmoveID() function </br>";
#Execute the query
$query_enter_rightmove_ID = mysql_query($query_enter_rightmove_ID);
#Check to see if the query worked
if (!$query_enter_rightmove_ID)
{
die("Database query failed:" . mysql_error());
}
echo "Leaving InsertRighmoveID() function </br>";
}
when I run the code in a webpage, get it to print the query to screen this is the message:
INSERT INTO tblRightMoveIDs (rightmoveID) VALUES ('44047607')
Database query failed:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
44047607 is the value passed to the function.
If I run the:
INSERT INTO tblRightMoveIDs (rightmoveID) VALUES ('44047607');
Outside the program it works.
Remove the semicolon ; from here
"INSERT INTO tblRightMoveIDs (rightmoveID)
VALUES ('" . $RightmoveID . "');";
-------^
There is error here in the starred parts:
**$query_enter_rightmove_ID** = mysql_query($query_enter_rightmove_ID);
echo "Leaving InsertRighmoveID() function </br>";
#Execute the query
$query_enter_rightmove_ID = mysql_query(**$query_enter_rightmove_ID**);
You are executing mysql_query first time with a proper query and it puts the result into $query_enter_rightmove_ID variable. Second time, you are using the result of first query as the parameter to mysql_query which is wrong
Im fairly new to both PHP and SQL but what i want is for the details entered into my form to be inserted into a database.
The code i have written works and the data is submitted into the database but there are a couple things not right.
Firstly here is the code;
<?php
include "credentials.php";
function insert_post($cnhost,$cnusername,$cnpassword,$cndatabase,$titlein,$contentin,$comment_optionin) {
$connect = mysqli_connect($cnhost,$cnusername,$cnpassword,$cndatabase);
if (mysqli_connect_errno($connect))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}else{
echo "Connection Success! <br>";
$submitpost_query = mysqli_query($connect,"INSERT INTO blog_posts (title,content,comment_option) VALUES ('".$titlein."','".$contentin."','".$comment_optionin."')");
if (!mysqli_query($connect,$submitpost_query))
{
die('Error: ' . mysqli_error($connect));
}else{
echo "Post submitted.";
}
mysqli_close($connect);
}
}
$title = $_POST["title"];
$content = $_POST["content"];
$comment_option = $_POST["comment_option"];
insert_post($host,$username,$password,$database,$title,$content,$comment_option);
?>
Although the data is submitted into the database as i want i get the following error;
"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"
The $comment_option variable contains the value 1 or 0, depending on which radio button is selected so this error might be referring to this variable but this SQL error is the same whether the value of $comment_option is 1 or 0.
I do see "Connection success!" before this error but do not see "Post submitted" even though the post is actually submitted. Any ideas why?
As well as helping me with this problem i would be very grateful if somebody could give me some general tips to improve what iv wrote. I am a noob so im sure there's a few things that could be improved here!
Thanks very much!
The problem is here:
if (!mysqli_query($connect,$submitpost_query))
You're passing a mysqli_query result which is $submitpost_query to another mysqli_query which is in the if statement.
The problem is with following chunk of code
if (!mysqli_query($connect,$submitpost_query))
it should be instead following
if (!$submitpost_query)
Reason : You are executing return object again through mysql_queri function that is causing warning, invalid resource, as this function only excepts valid sql query or connection object
I know your question is answered but I seriously recommend you to sanitize the POST data before concatenating it in a query.