PHP version 5.3.3, mysql 5.0.95
Need to migrate data from an existing table to two identical tables. Data from original needs parsing before insert into the two new tables. (That code not shown as I'm hoping to isolate this problem.)
Wanted to use transaction to insure new tables are identical.
task_id field is autoincrement in test_timecard and is unsigned mediumint in test_timecar_2.
Engine is InnoDB for both tables.
Separate queries works:
$timecard_data_results = array();
$fill_old_data_array_def = " SELECT task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment FROM timecard WHERE company_id = '" . $company_request . "' AND employee_id = '" . $employee_request . "' AND DATE(task_start_time) < '" . $new_text_format_date . "' AND (DATE(task_end_time) > '2014-12-31' OR DATE(task_end_time) = '2000-01-01') ORDER BY task_start_time";
$timecard_data_results = mysqli_query($conn, $fill_old_data_array_def);
while($timecard_record = mysqli_fetch_assoc($timecard_data_results)) {
$company_id = $timecard_record['company_id'];
$employee_id = $timecard_record['employee_id'];
$location = $timecard_record['location'];
$task_name = $timecard_record['task_name'];
$task_start_time = $timecard_record['task_start_time'];
$task_end_time = $timecard_record['task_end_time'];
$tccomment = $timecard_record['tccomment'];
$troubleshoot_def = "INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
$troubleshoot_2_def = "INSERT INTO test_timecard_2 (task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES (LAST_INSERT_ID(), '" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
$troubleshoot = mysqli_query ($conn, $troubleshoot_def);
$troubleshoot_2 = mysqli_query ($conn, $troubleshoot_2_def);
}
transaction with mysqli_multi_query inserts one row only to both tables. No errors reported.
$timecard_data_results = array();
$fill_old_data_array_def = " SELECT task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment FROM timecard WHERE company_id = '" . $company_request . "' AND employee_id = '" . $employee_request . "' AND DATE(task_start_time) < '" . $new_text_format_date . "' AND (DATE(task_end_time) > '2014-12-31' OR DATE(task_end_time) = '2000-01-01') ORDER BY task_start_time";
$timecard_data_results = mysqli_query($conn, $fill_old_data_array_def);
while($timecard_record = mysqli_fetch_assoc($timecard_data_results)) {
$company_id = $timecard_record['company_id'];
$employee_id = $timecard_record['employee_id'];
$location = $timecard_record['location'];
$task_name = $timecard_record['task_name'];
$task_start_time = $timecard_record['task_start_time'];
$task_end_time = $timecard_record['task_end_time'];
$tccomment = $timecard_record['tccomment'];
$troubleshoot_def = "START TRANSACTION; INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "'); INSERT INTO test_timecard_2 (task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES (LAST_INSERT_ID(), '" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "'); COMMIT;";
$troubleshoot = mysqli_multi_query ($conn, $troubleshoot_def);
}
Stumped.
$troubleshoot_def = "INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
$troubleshoot_2_def = "INSERT INTO test_timecard_2 (task_id, company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment) VALUES (LAST_INSERT_ID(), '" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
There are lot's of problems here. First is that it does not make any sense at all to insert nearly identical data into two different tables. In fact when the operation completes you have three tables with nearly identical data namely test_timecard_2, test_timecard and timecard
Secondly you are inserting unescaped data. Since data comes from another of your tables there isn't much chance of an sql injection but there is still a likelyhood that the queries will fail. Specifically I am talking about code like this:
VALUES ('" . $company_id . "', '" . $employee_id . "', '" . $location . "', '" . $task_name . "', '" . $task_start_time . "', '" . $task_end_time . "', '" . $tccomment . "')";
Thirdly, you almost never need to do SELECT - LOOP - INSERT because mysql has a built in INSERT SELECT command.
INSERT INTO test_timecard (company_id, employee_id, location, task_name, task_start_time, task_end_time, tccomment)
SELECT * FROM time_card
take care to get the columns right (the above is just a copy paste from two sections of your code)
Here is my code:
$result = mysql_query("INSERT INTO clients (client_id, name, surname, tel1,tel2,id_num,address)
VALUES ('" .$updating_id . "','" .$updatedName1 . "','" .$updatedName1 . "', '" .$updatedSurname1
. "', '" . $updatedTel1 . "', '" .$updatedTel2 . ", '" .$updatedId_num1. "', '" .$updatedAddress1.
") ON DUPLICATE KEY UPDATE name='" . $updatedName1 . "', surname='" . $updatedSurname1 . "',
tel1='" . $updatedTel1 . "', tel2='" . $updatedTel2 . "', id_num='" . $updatedId_num1 . "',
address='" .$updatedAddress1 . "'");
if(mysql_query($result))
{ echo $updatedName1," ", $updatedSurname1, " updated successfully ";
}
else {
echo mysql_error();}
}
I am noticing that the first quote on the mysql_query("INSERT INTO...
is closing with the first quote of the VALUES ('" .$updating_id . "'... statement and yet the way I quoted is the one in my examples, I have assessed.
Use if($result) instead of if(mysql_query($result)). thx #Vinie
And you miss two simple quotes in your VALUES statement:
$updatedTel2 . "'
$updatedAddress1."'
And you need to have a look at mysql_real_escape_string(); or at least use PDO :)
I have a problem with the condition 'where'.
I want one more condition in this code:
$sql="UPDATE
coursegrade
SET
FirstExam='" . mysql_real_escape_string($_POST['FirstExam']) . "',
SecondExam='" . mysql_real_escape_string($_POST['SecondExam']) . "',
ThirdExam='" . mysql_real_escape_string($_POST['ThirdExam']) . "',
Assignments='" . mysql_real_escape_string($_POST['Assignments']) . "',
FinalExam='" . mysql_real_escape_string($_POST['FinalExam']) . "'
WHERE
SID=" . mysql_real_escape_string($_POST['SID']) ;
Tell now I have no problem .. but the problem is that I don't know how to set the second condition.
CourseID=" . mysql_real_escape_string($_POST['CourseID'])
I want the condition to be something like...
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
How could I do it?
Unless you use heredoc syntax php will parse strings on a single line.
ie the rendered clause is:
"WHERE SID=19AND CourseID=45"
Basically you missed a space before
"AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or you could put quotes around the values
"SID='" . mysql_real_escape_string($_POST['SID']) . "'
AND CourseID='" . mysql_real_escape_string($_POST['CourseID'])."'"
This is may help
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
OR CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or
WHERE
SID in (
mysql_real_escape_string($_POST['SID']),
mysql_real_escape_string($_POST['CourseID'])
)
its will work for INT value of SID and CourseID
You can try this, and let me know if there is error message
$sql="UPDATE coursegrade
SET
FirstExam = '" . mysql_real_escape_string($_POST[' FirstExam ']) . "',
SecondExam = '" . mysql_real_escape_string($_POST[' SecondExam ']) . "',
ThirdExam = '" . mysql_real_escape_string($_POST[' ThirdExam ']) . "',
Assignments = '" . mysql_real_escape_string($_POST[' Assignments ']) . "',
FinalExam = '" . mysql_real_escape_string($_POST[' FinalExam ']) . "'
WHERE
SID = ". mysql_real_escape_string($_POST['SID'])."
AND
CourseID = " . mysql_real_escape_string($_POST['CourseID']) .";
I am trying to insert the current date into MySQL database in this format: (12/31/2013 10:26:12 PM). I've tried to make a simple code to change the format, but all I get is a syntax error
$sql = "INSERT INTO Students
VALUES
('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "',
'" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "',
'" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA']
"TO_CHAR(SYSDATE(),'dd/mm/yyyy')";
Tell me please what shall I do with it.
Just try this
$sql = "INSERT INTO Students VALUES ('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "', '" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "', '" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] . gmdate('m/d/Y g:i:s A').")";
or try this one
$sql = "INSERT INTO Students VALUES ('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "', '" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "', '" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] ."', '" . gmdate('m/d/Y g:i:s A').")";
You can also change gmdate with date
Have A nice day
USE
DATE_FORMAT(NOW(),'%m/%d/%Y %h:%i:%s %p') ;
i think some error in query also check:
$sql = "INSERT INTO Students
VALUES
('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "',
'" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "','" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] ."',DATE_FORMAT(NOW(),'%m/%d/%Y %h:%i:%s %p') )";
it should work.
check link:
http://www.w3schools.com/sql/func_date_format.asp
I'm trying to update two rows in my database using a query (which is going to be run from a PHP script) and there is just one Condition (WHERE). What I've tried is:
$sql = 'UPDATE ' . CANNED_MESSAGES . "
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "'" ;
$db->sql_query($sql);
Can you tell me whats wrong with my query? :)
This may be due to Quotes mismatch. Please use this
$sql = "UPDATE '" . CANNED_MESSAGES ."'
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "' " ;
I highly doubt that two rows can have the same id column. Do they? If not, how could you update 2 rows by specifying a condition on a column with such a constraint?