i'm trying to insert some records into the db and i'm getting this error: Query was empty
$data= json_decode(file_get_contents("php://input"));
$usercomment= mysql_real_escape_string($data->usercomment);
$wardrobe= mysql_real_escape_string($data->wardrobe);
$ctype= mysql_real_escape_string($data->ctype);
$pic= mysql_real_escape_string($data->pic);
$vtype= mysql_real_escape_string($data->vtype);
$query=mysql_query ("INSERT INTO db.comment(`comment`,`pic`,`wardrobe`,`comment_type`,`vtype`)
VALUES('".$usercomment."','".$pic."','".$wardrobe."','".$ctype."','".$vtype."')");
$Result1 = mysql_query($query, $dbcon) or die(mysql_error());
$query is already a mysql_query, so you can't add it inside the other mysql_query.
You can make $query be the string for the mysql_query below it.
$query = "INSERT INTO db.comment(`comment`,`pic`,`wardrobe`,`comment_type`,`vtype`) VALUES('".$usercomment."','".$pic."','".$wardrobe."','".$ctype."','".$vtype."')";
$result1 = mysql_query($query, $dbcon) or die(mysql_error());
Also, don't use the mysql_* functions, use mysqli_* instead.
See this answer for more details on why.
I have modified your code.. try this
data= json_decode(file_get_contents("php://input"));
$usercomment= mysql_real_escape_string($data->usercomment);
$wardrobe= mysql_real_escape_string($data->wardrobe);
$ctype= mysql_real_escape_string($data->ctype);
$pic= mysql_real_escape_string($data->pic);
$vtype= mysql_real_escape_string($data->vtype);
$query="INSERT INTO db.comment(`comment`,`pic`,`wardrobe`,`comment_type`,`vtype`)
VALUES('".$usercomment."','".$pic."','".$wardrobe."','".$ctype."','".$vtype."')";
$Result1 = mysql_query($query) or die(mysql_error());
Related
So I have form1 that contains information from multiple tables in a database. I've got listboxes and textboxes within this form that have that information. So all I'm trying to do is insert whatever information the user submits back into the database and have it outputted on form2. I've got my INSERT INTOs on my output page. I know you can't use one INSERT INTO query, so I was wondering how to use multiple INSERTS and submit that information back into the database.
The variables created below come from the previous page and all of the values are there.
if (isset($_POST['n_submit'])){
$oid = $_POST['oid'];
$odate = $_POST['odate'];
$ostatus = $_POST['ostatus'];
$cfname = $_POST['cfname'];
$cname = $_POST['clname'];
$efname = $_POST['efname'];
$elname = $_POST['elname'];
echo "New record created successfully";
$db = mysqli_connect('127.0.0.1:3307', 'mysql_user', 'mysql_password') or die ("I cannot connect to the database because: ".mysqli_connect_error());
$query = "select status_id from ostatus where status_type = '$ostatus'";
$result = mysqli_query($db, $query) or die("Error in SQL statement:" .mysqli_error());
$row = mysqli_fetch_array($result);
$statusid = $row[0];
$query1 = "insert into cust ('c_fname', 'c_lname') values ('$cfname', $clname)";
$result1 = mysqli_query($db, $query1) or die("Error in SQL statement:" .mysqli_error());
$query2 = "insert into employed ('e_fname', e_lname) values ('$efname', '$elname')";
$result2 = mysqli_query($db, $query1) or die("Error in SQL statement:" .mysqli_error());
$query3 ="INSERT INTO sorder (o_id, o_date, s_id) VALUES ('{$oid}', '{$odate}', '{$statusid}')";
$result3 = mysqli_query($db, $query3);
}
First of all your query is vulnerable to SQL injection. I am not going to fix that.
Second, you should Google how to handle forms properly. And you should consider starting SQL transaction if you really care about the data to go into all the tables for sure.
Third, you should be able to use multiple inserts like you are doing in your code. but you need to correct your syntax errors.
Try this code (I also removed the select code are based on your question it is not needed)
if (isset($_POST['n_submit'])){
$oid = $_POST['oid'];
$odate = $_POST['odate'];
$ostatus = $_POST['ostatus'];
$cfname = $_POST['cfname'];
$cname = $_POST['clname'];
$efname = $_POST['efname'];
$elname = $_POST['elname'];
$db = mysqli_connect('127.0.0.1:3307', 'mysql_user', 'mysql_password') or die ("I cannot connect to the database because: ".mysqli_connect_error());
$query1 = "insert into cust (c_fname, c_lname) values ('".$cfname."', '".$clname."')";
$result1 = mysqli_query($db, $query1) or die("Error in SQL statement:" .mysqli_error());
$query2 = "insert into employed (e_fname, e_lname) values ('".$efname."', '".$elname."')";
$result2 = mysqli_query($db, $query2) or die("Error in SQL statement:" .mysqli_error());
$query3 ="INSERT INTO sorder (o_id, o_date, s_id) VALUES ('".$oid."', '".$odate."', '".$statusid."')";
$result3 = mysqli_query($db, $query3);
if($result1 && $result2 && $result3)
echo 'New record created successfully';
else
echo 'something did not work';
}
I need to insert the details (name, id , number )of many documents into database if they are not already existing and if they exist i just need to do a update for any changed information. I have arrived at the following code but it doesn't work. I am new to this and need help on this.
foreach($A->Documents -> Document as $Document)
{
$query = "SELECT * from table where id = '".$Document->id."'";
$outcome = mysql_query($query) or die(mysql_error());
if(($outcome)&&(mysql_num_rows($result)>0)){
echo "Document already available" ;
while($row = mysql_fetch_object($outcome)){
if(!($outcome->name == $document->name)){
$update= "UPDATE table SET name= '.$Document->Name.'";
mysql_query($update) or die(mysql_error());
}
else
{
$insert= "INSERT table SET name= '.$Document->Name.'";
mysql_query($update) or die(mysql_error());
}
}
}
}
Use $row->name instead of $outcome->name. and your INSERT statement is wrong.
while($row = mysql_fetch_object($outcome)){
if(!($row->name == $document->name)){
$update = "UPDATE table SET name ='".$Document->Name."' WHERE id = ".$Document->id;
mysql_query($update) or die(mysql_error());
}
else {
$insert = "INSERT INTO table (name) VALUES('".$Document->Name."')";
mysql_query($insert) or die(mysql_error()); // $insert not $update
}
}
Note: Stop using mysql_* functions! Use PDO or mysqli_* instead. And use prepared statements
Change the
mysql_query($update) or die(mysql_error());
To:
$insert = INSERT into table_name values(" values");
mysql_query($insert) or die(mysql_error());
in the else condition
Issue is with $result variable with in if statement
( if(($outcome)&&(mysql_num_rows($result)>0)){)
It should be $outcome because you initialized query output to $outcome variable
First of, dont yse mysql_ functions. Read the docs (read the warning).
use mysqli or PDO instead.
Then, your INSERT statement is wrong.
INSERT INTO table (col1) VALUES (value_for_col1);
Warning: mysql_fetch_array() expects parameter 1 to be resource, string given in C:\xampp\htdocs\arun\login.php on line 9
Code:
$db_select = mysql_select_db('my_db', $con);
$username = $_GET['username'];
$password = $_GET['password'];
$role = $_GET['role'];
$result = mysql_query("Insert into table1(Username,Password,Role) values (Username='$username', Password='$password',Role='$role') ",$con);
$row = mysql_fetch_array($result);
if ( mysql_error() )
{
die ( mysql_error());
}
$row_PK = mysql_fetch_assoc($row);
mysql_close($con);
?>
Replace
$result = mysql_query("Insert into table1(Username,Password,Role) values (Username='$username', Password='$password',Role='$role') ",$con);
with
$result = mysql_query("Insert into table1(`Username`,`Password`,`Role`) values ('$username', '$password','$role') ",$con);
You don't have to assign the value to the column on your INSERT query as you have done. Just map the values as shown above.
Apart from the above issues... Dissecting your code ..
The main issue with your code is you are doing an INSERT but you are expecting a resultset as you have done a SQL SELECT which is wrong.
You need to change your code like this..
The below code is just an illustration to tell you what you had done was actually wrong. Do not use this code ! You first need to migrate to the latest database API provided for you in the side note section.
$db_select = mysql_select_db('my_db', $con);
if(isset($_GET['username'],$_GET['password'],$_GET['role']))
{
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$role = mysql_real_escape_string($_GET['role']);
$result = mysql_query("Insert into table1(`Username`,`Password`,`Role`) values ('$username', '$password','$role') ",$con);
if (!$result)
{
die (mysql_error());
}
else
{
echo "Record Inserted";
}
mysql_close($con);
}
SideNote
The (mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead,the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !
For a INSERT query the return value isn't a resource, it's a TRUE on success or FALSE on error.
A resource is returned for a SELECT, SHOW, DESCRIBE or EXPLAIN query.
this is your solution change your query to
$result = mysql_query("Insert into table1(Username,Password,Role) values ('$username', '$password','$role') ",$con);
your query should be like this
$result = mysql_query("Insert into table1(Username,Password,Role) values ('$username', '$password','$role') ",$con);
NOTE: mysql_* is deprecated use mysqli_* OR PDO
I am trying to delete a file or copy a row into a new table, depending on a $_GET.
The $_GET works fine, and I'm not including all the code, I know it isn't relevant.
The table copy works, but the select statement that gets called when the $_GET is a different value returns nothing, except when I copy the query directly into phpmyadmin.
Base code:
$pID = $_GET['pID'];
$con = mysqli_connect("...","...","...","...");
The following works:
$query = 'INSERT INTO `photos` (`id`, `photo1`, `photo2`, `demographic_id`)
SELECT `id`, `photo1`, `photo2`, `demographic_id`
FROM `photos_queue`
WHERE `photos_queue`.`demographic_id` = '.$pID;
mysqli_query($con, $query);
This does not:
$query = 'SELECT `photo1` FROM `photos_queue` WHERE `demographic_id` = '.$pID;
$result = mysqli_query($con, $query);
print($result);
unlink($result);
I've printed $query and the value of it is valid; I can copy it directly into phpmyadmin and it will work fine.
mysqli_query() doesn't return the table data, it just returns a resource that can be used to fetch it. You need to do:
$result = mysqli_query($con, $query) or die (mysqli_error($con));
$row = mysqli_fetch_assoc($result);
$filename = $row['photo1'];
print($filename);
unlink($filename);
($row = mysqli_fetch_array($result)
This should be placed after,
$result = mysqli_query($con, $query);
I keep having an error in mysql_fetch_(assoc,array,row) I can't find the problem and when I try to count the rows of the result by using echo the result is 1
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Jocales\login.php on line 88
in query SELECT * FROM users WHERE uName ='nuha' AND uPassword = '123'
<?php
$login= $_POST['login'];
$password= $_POST['password'];
if($login && $password){
$con = mysql_connect("localhost", "root", "")or die ('no connection');
mysql_select_db("jocales",$con) or die ('no');
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
$record=mysql_fetch_assoc($query) or die(mysql_error()." in query $query");
?>
Change
$record=mysql_fetch_assoc($query)
To
$record=mysql_fetch_assoc($result)
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
WARNING: You code is vulnerable to SQL Injection.
use this code ( replace $query with $result )
<?php
$login= $_POST['login'];
$password= $_POST['password'];
if($login && $password){
$con = mysql_connect("localhost", "root", "")or die ('no connection');
mysql_select_db("jocales",$con) or die ('no');
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
$record=mysql_fetch_assoc($result) or die(mysql_error()." in query $query");
?>
The function mysql_fetch_assoc() expects one parameter and it should be a resource type. You're providing a string.
$query= "SELECT * FROM users WHERE uName ='$login' AND uPassword = '$password'";
$result = mysql_query($query)or die(mysql_error()." in query $query");
//this is the issue!
$record = mysql_fetch_assoc($query) or die(mysql_error()." in query $query");
the last statement should be
$record = mysql_fetch_assoc($result) or die(mysql_error()." in query $query");
NOTE (straight from php.net about mysql_*)
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.