I am inserting values in a table but it's not working in sequence, see screenshot:
Code:
$query = "insert into msgs values(NULL,'".$sender."','".$receiver."','".$message."','".$state."','".$time."')";
mysql_query($query);
First of all don't use mysql, use mysqli. Please check this: The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
Using null when inserting autoincrement is fine (see Devon's first comentary).
When looking at your timestamp (msg_time) i can see that your table is short by another column because they are not in order anyway. This is only an visual shorting and don't affect entries structure, so don't worry.
Related
After executing the query below I use the PHP function mysql_insert_id() and it always gives me 0.
UPDATE
tbl_training_types
SET
fld_serial = $serial_no,
fld_name = $training_name,
fld_description = $training_description
WHERE
fld_id = $id
When you update a note in database you already have something using what you can identify it. In your example you already have $id which should be containing the value of data you have recently updated. If you don't have id and you try to update with name or something different after update you can simply retrieve updated data with simple query:
select * from table_name where your condition
Note: mysql_* functions are deprecated and won't be supported in future versions. You should be using either mysqli_* or PDO.
Return Values
The ID generated for an AUTO_INCREMENT column by the previous query on success, 0 if the previous query does not generate an AUTO_INCREMENT value, or FALSE if no MySQL connection was established.
Source PHP Manual
I have a weird problem.
I have a table which has a title field.
I am inserting values into this title field using mysql_real_escape_string. Inserting is working fine for values with single quotes.
Some other place I am doing a select using title filed in the where clause as below
SELECT * FROM table WHERE title=mysql_real_escape_string(Girish's Photo);
This query is returning empty result set even when I inserted Girish's Photo.
---- Editing to put some code
$photo_title=mysql_real_escape_string($_POST[photo_title]);<br/>
$sql = "INSERT INTO photos values($id,'$photo_title');<br/>
using this from a form I have inserted Girish's Photo into photo_title. It worked fine.
...
..
..
Then at some other place in PHP
$title="Girish's Photo";
$sql = "SELECT photo_id,photo_title FROM photos WHERE photo_title ='" . mysql_real_escape_string($title)."'" ;
But this query is returning empty result set.
Using phpMyAdmin, if I try to run the above query .. the result is empty. If I browse the table I see value Girish\'s Photo
Now if I run the query on phpMyAdmin replacing where clause with where photo_title='Girish\''s Photo' I am getting the record.
$data = "Girish's Photo";
$query = "SELECT * FROM table WHERE title='".mysql_real_escape_string($data)."'";
mysql_real_escape_string() is a PHP-function, which should be used as follow:
"SELECT * FROM table WHERE title='".mysql_real_escape_string("Girish's Photo")."'";
However, this is bad practice.
Okay so you're going to want to use PDO for all queries. Primarily for the following reasons:
mysql_* is being deprecated.
It's not safe from SQL Injection.
PDO is capable of accessing numerous database engines making it much more flexible without changing the API.
Please take a look at this post to get a look at how to issue a SELECT using PDO.
Parameterized SELECT queries via PDO?
I had a similar problem recently which I solved by using htmlentites() instead of mysql_real_escape_string() check it out in the manual or w3 schools
EDIT: this is a valid answer because he's using mysql_real_escape_string() in the wrong context in the first place. if you read the question, he's escaping a FILENAME and therefore he's not at risk of injection. If you're going to downvote at least say why..
The value in your database should not contain backslashes. That's why your query doesn't match. Girish's Photo does not match Girish\'s Photo. Sounds like you are a victim of magic quotes. Read the manual and get rid of them.
Am trying to making a specific query as follow
$query = "SELECT * FROM users WHERE uid IN (1,10,50,60,94,102)";
how can i use a mysql escape string for where clause or if i just use it like that, is it ok?
The way you are doing now is not an UPDATE query. You are only retrieving records from the database. In order to update records from the database, you need to use the UPDATE DML. The syntax for that is
UPDATE tableName
SET columnName = newValue
WHERE columnN = value // <== this is your condition
Returning back to your question, the way you are doing the query doesn't need mysql_escape_string because you are only passing integer values. Currently, more PHP developers are not using mysql_escape_string anymore because it's already been discourage and as the PHP Manual site says this function is already depreciated. Alternatively, PDO_MYSQL or MYSQLi extensions should be used instead.
I have a database table [id,first,second,third] with a lot of entries and I would like to delete all the entries when [first,second,third] are empty.
Can I use WHERE and OR?
Here is my code I would like to use. However, it might show some errors:
$sql= "delete * from mytable where first='' or second='' or third=''";
mysql_query($sql) or die("query failed: $sql".mysql_error());
You don't need * in this statement.
$sql= "delete from mytable where first='' or second='' or third=''";
Remove the star
$sql= "delete from mytable where first='' or second='' or third=''";
You don't need that with the delete statement
It's delete from, not delete * from
Adding something new to what hasn't already been said:
The asterisk isn't something that DELETE can use, only SELECT can. Yet what I am adding here is that an (mysql) aggregate function such as COUNT() can also use the asterisk.
An basic example:
SELECT COUNT(*) AS Total
FROM products
Here are their respective references:
https://dev.mysql.com/doc/refman/8.0/en/delete.html
https://dev.mysql.com/doc/refman/8.0/en/select.html
https://dev.mysql.com/doc/refman/8.0/en/counting-rows.html
Notes:
Some coders who are new to working with databases who used a SELECT query for something that worked for them, might have thought that using the asterisk (a.k.a. "star") in a DELETE statement uses the same syntax as SELECT and that it would delete everything. It's logical though, but it doesn't quite work that way with DELETE.
What needs to be used would either be TRUNCATE or DROP TABLE depending on what you want to do exactly. Delete just the selected records, all of the records or the table itself? The decision is yours.
For a specific record, use the WHERE clause.
Warning
Be careful with DROP TABLE, it will delete everything including any existing columns empty or not and their definitions.
Use TRUNCATE to only delete all of the records and not the columns and their definitions.
Please consult the manuals before usage:
https://dev.mysql.com/doc/refman/8.0/en/truncate-table.html
https://dev.mysql.com/doc/refman/8.0/en/drop-table.html
Footnote:
For those (re)visiting the question, please note that the mysql_* api is deprecated and deleted (no longer supported) in PHP 7.0.
Upgrade to either the mysqli_* or PDO api.
Consult the following references:
http://php.net/manual/en/migration55.deprecated.php
http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.pdo.php
Im wondering if the way i use to retrieve the id of the last row inserted in a postgresql table is efficent..
It works, obviously, but referencing on the serial sequence currval value could be problematic when i have many users adding rows in the same table at the same time.
My actual way is:
$pgConnection = pg_connect('host=127.0.0.1 dbname=test user=myuser password=xxxxx')or die('cant connect');
$insert = pg_query("INSERT INTO customer (name) VALUES ('blabla')");
$last_id_query = pg_query("SELECT currval('customer_id_seq')");
$last_id_results = pg_fetch_assoc($last_id_query);
print_r($last_id_results);
pg_close($pgConnection);
Well, its just a test atm.
But anyway, i can see 3 issues with this way:
Referencing on the customer_id_seq, if two user do the same thing in the same time, could happen that them both get the same id from that way... or not?
I have to know the table's sequence name. Becose pg_get_serial_sequence dont works for me (im newbie on postgresql, probably is a configuration issue)
Any suggestion/better ways?
p.s: i can't use the PDO, becose seem lack a bit with the transaction savepoint; I wont use zend and, in the end, i'll prefer to use the php pg_* functions (maybe i'll build up my classes in the end)
EDIT:
#SpliFF(thet deleted his answer): this would works better?
$pgConnection = pg_connect('host=127.0.0.1 dbname=test user=myuser password=xxxxx')or die('cant connect');
pg_query("BEGIN");
$insert = pg_query("INSERT INTO customer (name) VALUES ('blabla')");
$last_id_query = pg_query("SELECT currval('customer_id_seq')");
$last_id_results = pg_fetch_assoc($last_id_query);
print_r($last_id_results);
//do somethings with the new customer id
pg_query("COMMIT");
pg_close($pgConnection);
If you use a newer version of PostgreSQL (> 8.1) you should use the RETURNING clause of INSERT (and UPDATE) command.
OTOH if you insist on using one of the sequence manipulation functions, please read the fine manual. A pointer: "Notice that because this is returning a session-local value, it gives a predictable answer whether or not other sessions have executed nextval since the current session did."
Insert and check curval(seq) inside one transaction. Before commiting transaction you'll see curval(seq) for your query and no matter who else inserted at the same time.
Don't remember the syntax exactly - read in manual (last used pgsql about 3 years ago), but in common it looks like this:
BEGIN TRANSACTION;
INSERT ...;
SELECT curval(seq);
COMMIT;
ex. minsert into log (desc,user_id) values ('drop her mind',6) returning id