INSERT no Result Value - php

I'm trying to insert some value into my database, but I got no result, but the code got no error, and the result label said it is succeed. My database connection working. How to check the issue here, I confused.
My Code Here
// insert new data to menu table
$sql_query = "INSERT INTO tbl_jadwal (Nama_Lokasi, Category_ID, Longitude, Latitude, Phone, Email, Menu_image, Description)
VALUES(?, ?, ?, ?, ?, ?, ?, ?)";
$upload_image = 'upload/images/' . $menu_image;
$stmt = $connect->stmt_init();
if ($stmt->prepare($sql_query))
{
// Bind your variables to replace the ?s
$stmt->bind_param('sssssss',
$nama_lokasi,
$category_ID,
$longitude,
$latitude,
$phone,
$email,
$upload_image,
$description
);
// Execute query
$stmt->execute();
// store result
$result = $stmt->store_result();
$stmt->close();
}

This should do, you were missing one s in the param string
$stmt->bind_param('ssssssss',
$nama_lokasi,
$category_ID,
$longitude,
$latitude,
$phone,
$email,
$upload_image,
$description
And you have way too much code. Only a very little part of it is relevant

Related

Can a prepared statement hold multiple queries in php

I am trying to protect my queries from SQL injections, recently. I have started turning the strings I used to make the queries into statements, however, some of the strings I made need to make multiple queries simultaneously, because one insert's id will be added to the next one as a foreign key, which I'll get by using the LAST_INSERT_ID(), and I need them to be executed one after another because of it.
Can a statement hold multiple queries simultaneously and be executed at once?
Here's what the code was before, by the by.
$sql = "INSERT INTO `user_info`(`first_name`, `last_name`, `phone`, `cpf`)
VALUES ('{$firstName}', '{$lastName}', '{$phone}', '{$cpf}');";
$sql .= "SELECT LAST_INSERT_ID() INTO #mysql_variable_here;";
$sql .= "INSERT INTO `{$table}`(`email`, `password`, `active`,`user_info_id`, `created`, `role_id`" . $restaurantInsert . ")
VALUES ('{$email}','{$password}', 1, #mysql_variable_here, '{$created}', {$role}" . $restaurantValue . " );";
$sql .= "INSERT INTO `address`(number, street, city, state, zip, district, country, created, user_info_id)
VALUES ('{$number}', '{$street}', '{$city}', '{$stateCode}', '{$zip}', '{$district}', 'BR', '{$created}', #mysql_variable_here);";
$result = $conn->multi_query($sql);```
You can't execute multiple statements in a prepared query:
SQL syntax for prepared statements does not support multi-statements
(that is, multiple statements within a single string separated by ;
characters)
so you will need to prepare and execute each of the queries separately, using mysqli_stmt::insert_id to get the appropriate id value for the second and third queries:
$sql = "INSERT INTO `user_info`(`first_name`, `last_name`, `phone`, `cpf`)
VALUES (?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('ssss', $firstName, $lastName, $phone, $cpf);
$stmt->execute();
$insert_id = $stmt->insert_id;
$stmt->close();
$sql = "INSERT INTO `{$table}`(`email`, `password`, `active`,`user_info_id`, `created`, `role_id`" . $restaurantInsert . ")
VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('ssiisss', $email, $password, 1, $insert_id, $created, $role, $restaurantValue);
$stmt->execute();
$stmt->close();
$sql = "INSERT INTO `address`(number, street, city, state, zip, district, country, created, user_info_id)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);";
$stmt = $conn->prepare($sql);
$country = 'BR';
$stmt->bind_param('sssssssi', $number, $street, $city, $stateCode, $zip, $district, $country, $created, $insert_id);
$stmt->execute();
$stmt->close();
Note I'm not 100% certain what you're trying to achieve with role_id" . $restaurantInsert . ", you might need to edit the second query appropriately to use that.

Data Not inserted in Database php, mysql

Can't insert data into DB . When i remove user_id then data is inserted. Please check below my code and help me.
function adddata($data) {
global $db;
if (is_array($data)) {
$stmt = $db->prepare('INSERT INTO `pay` (id, payment, status, itemid, time, user_id) VALUES(?, ?, ?, ?, ?, ?');
$userid = 2;
$stmt->bind_param(
'sdssss',
$data['txn_id'],
$data['payment_amount'],
$data['payment_status'],
$data['item_number'],
date('Y-m-d H:i:s'),
$userid
);
$stmt->execute();
$stmt->close();
return $db->insert_id;
}
return false;
}
It's subtle, but your SQL string is missing a closing bracket:
$stmt = $db->prepare('INSERT INTO `pay` (...) VALUES (?, ?, ?, ?, ?, ?)');
Where the VALUES list was not properly closed.
A lot of problems can be detected and resolved by enabling exceptions in mysqli so mistakes aren't easily ignored. This should show up as a SQL error in your logs.

Mysqli bind parameters not working

I'm trying to use prepared statements to enter data in a database. The unprepared statement works but this prepared statement does not. I can't find out why.
Prepared version:
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date, path)
VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $newstring, $id, $date->format('Y-m-d'), $location);
$stmt->execute();
Unprepared version:
$sql = "INSERT INTO videos (file_name, upload_by, date, path) VALUES ('$newstring', '$id', '
$date', 'Nominator/$location$newstring')";
mysqli_query($mysqli, $sql);
Replace $stmt-execute(); with $stmt->execute();
Also, don't use date and path in query. Rename them with some other name like date1 and path1.
Update your Query like below that will surely work (Tested Offline):
<?php
$mysqli = new mysqli('localhost', 'root', '', 'test2');
if ($mysqli->errno) {
printf("Connect failed: %s\n", $mysqli->error);
exit();
}
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date1, path1) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $file_name, $upload_by, $date1, $path1);
$date1 = date("Y-m-d");
$file_name = "test.jpg";
$upload_by = "amit";
$path1 = "test";
if ($result = $stmt->execute()){
echo "success";
$stmt->free_result();
} else {
echo "error";
}
$stmt->close();
?>
You are binding your parameter twice, if you are using only ?, don't bind parameter again just execute directly.
//Prepare your query first
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date, path)
VALUES (?, ?, ?, ?)");
//Just pass your argument and execute directly without binding the parameter (The parameter is binded already)
$stmt->execute('ssss', $newstring, $id, $date->format('Y-m-d'), $location);

INSERT INTO sqlsrv_query statement not working

When working with the sqlsrv_query command I can request data from the MSSQL server.
This works
But!
When I want to add data it returns the error [error:array].
The code I use for this is:
$tsql= "INSERT INTO dbo.VERLOF_events (id,
username,
soort,
afdeling,
description,
evdate,
trdate)
VALUES
(?, ?, ?, ?, ?, ?, ?)";
$var = array('', $username, $soort, $afdeling, $description, $evdate, $trdate);
if (!sqlsrv_query($conn, $tsql, $var))
{
die('Error: ' . sqlsrv_errors());
}
echo "1 record added";
The array values are set in the POST statement.
$afdeling = $row['Afdeling'];
$submit = #$_POST['submit'];
$description = #$_POST["description"];
$evdate = #$_POST["evdate"];
$trdate = #$_POST["trdate"];
$username = #$_SESSION['username'];
$soort = #$_POST['Dagen'];
Why does it return the array error?
I looked it up but could not find the problem returning the error.
Any help is appreciated!
The problem is probably you're trying to add an empty value in the id field. If you set identity on it with auto-numbering, you don't need to include it in your query :
$tsql= "INSERT INTO dbo.VERLOF_events (
username,
soort,
afdeling,
description,
evdate,
trdate)
VALUES
(?, ?, ?, ?, ?, ?)";
$var = array($username, $soort, $afdeling, $description, $evdate, $trdate);
if (!sqlsrv_query($conn, $tsql, $var))
{
die('Error: ' . sqlsrv_errors());
}
echo "1 record added";

sqlite php getting unrecognized token: ":" error while inserting and parameterized query

I am working with sqlite for the first time.
Preparing a query string like
$articleInsertQuery = "INSERT INTO Articles VALUES (?, ?, ?, ?, ?)", ($i, $title, $content, $date, 93,);
It returns "Parse error". I also tried without passing parametrized query like
$articleInsertQuery = "INSERT INTO Articles VALUES ($i, $title, $content, $date, 93)";
ANd getting "Unable to prepare statement: 1, unrecognized token: ":" "
Any idea where I am doing wrong?
#arnoldIf you are using PDO for that.
The way to prepare and execute your query would be as follows.
$dbObject = new PDO('sqlite:sqlitedb');// NEW LINE
$articleInsertQuery = "INSERT INTO Articles VALUES (?, ?, ?, ?, ?)";
$query = $dbObject->prepare($articleInsertQuery);
$query->execute(array($i, $title, $content, $date, 93));
EDIT:
See sqlite3 prepare.
$articleInsertQuery = "INSERT INTO Articles VALUES (:i, :title, :content, :date, :int)";
$query = $dbObject->prepare($articleInsertQuery);
$query->bindValue(':i', $i, SQLITE3_INTEGER);
$query->bindValue(':title', $title, SQLITE3_TEXT);
$query->bindValue(':content', $content, SQLITE3_TEXT);
$query->bindValue(':date', $date, SQLITE3_TEXT);
$query->bindValue(':int', 93, SQLITE3_INTEGER);
$result = $query->execute();
Hope this helps.

Categories