I am unable to find any error shown but for some reason there is still an issue entering data into my table using SQL. I am new to coding and am not really sure what the issue is . I am sure that everything that needs to be passed and given is done but the mysql query is where it goes wrong and i am not able to understand why . could someone please help me out ?
<?php
session_start();
$conb = mysqli_connect("127.0.0.1","root","","demo");
$sellmail = $_SESSION['sellermaill'];
$buyermail = $_POST['email'];
$bid = $_POST["bid"];
$title = $_SESSION["Titleofp"];
echo"$sellmail";
echo"$buyermail";
echo"$bid";
echo"$title";
$mysqlbuy = "INSERT INTO buyer (Seller Mail,Buyer Mail,Bid,Product Title) VALUES ('$sellmail','$buyermail','$bid','$title')";
$mysqlsellq = mysqli_query($conb,$mysqlbuy);
if(!$mysqlsellq)
{echo "Your Bid has not been saved ";}
else echo "Your Bid has been Saved ";
?>
Error
You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 'Mail,Seller Mail,Product Title,Bid) VALUES
('rao.7#gmail.com','rsk101295#gmail.c' at line 1
(I) Change your column name in Database table:
1)Seller Mail to Seller_Mail
2)Buyer Mail to Buyer_Mail
3)Product Title to Product_Title
Then insert
$mysqlbuy = "INSERT INTO buyer (Seller_Mail,Buyer_Mail,Bid,Product_Title) VALUES ('$sellmail','$buyermail','$bid','$title')";
Embedded spaces or special characters are NOT ALLOWED in column name.
For more info, click Characters that are not allowed in table name & column name
OR
(II)
If, you don't want to put underscore in column name or don't want to modify your column name. Use like this. (Use Backtick to enclose column name.). But, make sure you follow naming conventions of column name.
$mysqlbuy = "INSERT INTO buyer (`Seller Mail`,`Buyer Mail`,`Bid`,`Product Title`) VALUES ('$sellmail','$buyermail','$bid','$title')";
For more info, Please click How to select a column name with space between in mysql
Find Backtick in Keyboard:
Related
I can get MySQL errors with mysqli_error() function in php, but I don't want to show user the error that MySQL has been sent. I want to get the name of the field or column that the error relates to it and tell user that your input in 'example' field should be changed. I know that I can use a function like strpos() in PHP to check whether the error expression contains the names of the columns or not, but as you know some of the MySQL error expressions contain names of all the columns in table and here I can't decide next to which input field show error?
is there a function like for example mysqli_error_column() to get the name of the column throws the error? or any other advises?
$sql = "INSERT INTO customers (password, active, email, active_code, submit_date)VALUES('$codedPass', '0', '$email', '$verificationKey', '$currDate')";
$insertResult = mysqli_query($conn,$sql);
if(!$insertResult) {
$queryError = mysqli_error($conn);
if(preg_match("/\b"."email"."\b/",$queryError)) {
$php_input_error['email'] = $error_msg['unknown'];
}
else if(preg_match("/\b"."password"."\b/",$queryError)) {
$php_input_error['pass'] = $error_msg['unknown'];
}
else $php_input_error['general'] = "there's an error with your inputs, please check them again.";
}
I do not think that there is some other way to do that.
However I would advise you completely different solution:
it will be nice to validate data BEFORE sending it to DB (in PHP code).
In such case:
You may implement validation rules of any complexity (length,
allowed symbols, data ordering, validation dependencies between
fields, etc).
You will know everything about an error. So you may show more understandable message to user.
You will decrease load of database server.
I've been fighting with a bit of code for a week now, not seeing what the heck is wrong...
I have a gaming site I'm trying to build new character sheets for, the form is all done, the action pointing to another page that is strictly the sql for inserting the information into the database. We have good connection, but it is hanging at the second insert statement. The code was working previously, but we had to delete the database and rebuild it, resulting in a rebuild of the insert sql lines.
The first portion of the insert code is:
if($_POST['Submit']=="Submit")
{
$sql="INSERT INTO accounts (log_name,owner,account_type,date_joined) VALUES (\"$_POST[char_name]\",\"$_SESSION[logname]\",\"$_POST[account_type]\",NOW())";
$result = mysql_query($sql)
or die("<p>Couldn't add character.<br/>".mysql_error()." in accounts.<br/>Please send this exact message to <a href='mailto:savvannis#houston-by-night.com'>Savvannis</a> with your character's name.</p>");
echo $result;
echo $_SESSION['logname'];
$sql="INSERT INTO topdata (log_name,char_venue,sub_venue,species,char_name,create_date,gender,age,appage,nature,demeanor,concept,description,web_site,view_pword,sfa) VALUES (\"$_SESSION[logname]\",\"$_POST[char_venue]\",\"$_POST[sub_venue]\",\"$_POST[species]\",\"$_POST[char_name]\",NOW(),\"$_POST[gender]\",\"$_POST[age]\",\"$_POST[appage]\",\"$_POST[nature]\",\"$_POST[demeanor]\",\"$_POST[concept]\",\"$_POST[description]\",\"$_POST[web_site]\"\"$_POST[viewpw]\",\"$_POST[sfa]\")";
$result=mysql_query($sql)
or die ("<p>Could not create character.<br/>".mysql_error()." in topdata.<br/>Please send this exact message to <a href='mailto:savvannis#houston-by-night.com'>Savvannis</a> with your character's name.</p>");
echo $result;
When the information is entered into the form and submit is hit, I get the following:
1
Could not create character.
Column count doesn't match value count at row 1 in topdata.
Please send this exact message to Savvannis with your character's name.
I look at the database and the information is entered into the accounts table, so that statement is working, but it is hanging up on the topdata table. It's not echoing the $_SESSION['logname'] and looking at the database, it's not saving the owner, which should be $_SESSION['logname'], so I'm wondering if that statement is now somehow incorrect??
I can't figure out what the heck is wrong. Any and all help would be greatly appreciated.
You have missed a comma here: \"$_POST[web_site]\"\"$_POST[viewpw]\" in your second insert SQL.
It should be \"$_POST[web_site]\", \"$_POST[viewpw]\"
First off the error message is telling you that there is an unequal number of columns and values in your SQL
Lets have a look at that
INSERT INTO topdata (
log_name,
char_venue,
sub_venue,
species,
char_name,
create_date,
gender,
age,
appage,
nature,
demeanor,
concept,
description,
web_site,
view_pword,
sfa
) VALUES (
\"$_SESSION[logname]\",
\"$_POST[char_venue]\",
\"$_POST[sub_venue]\",
\"$_POST[species]\",
\"$_POST[char_name]\",
NOW(),
\"$_POST[gender]\",
\"$_POST[age]\",
\"$_POST[appage]\",
\"$_POST[nature]\",
\"$_POST[demeanor]\",
\"$_POST[concept]\",
\"$_POST[description]\",
\"$_POST[web_site]\"\"$_POST[viewpw]\",
\"$_POST[sfa]\"
)";
Now by formatting your SQL (which is vulnerable to sql injection) I've noticed a missing comma between web_site and viewpw values
Thanks for reading.
Reading through all the articles on here helped me locate my problem, I'm just not sure how I should edit the code. I still learning.
The message I get is:
SELECT attachid
FROM ilace_attachment WHERE attachtype = 'ads' AND user_id ='6' AND ads_id='1'
MySQL Error : Unknown column 'ads_id' in 'where clause'
Error Number : 1054
This all started after I upgrade my software script to a newer version. I checked the ads_ads in MYSQL and there isn't a colum for ads_id, just one called; id.
I believe the solution to my problem is to change the "ads_id" to just "id". But I'm not sure if thats right or what I should change.
$sql = $ilace->db->query("SHOW TABLE STATUS LIKE '". DB_PREFIX ."ads_ads'");
$ads_id_temp = $ilace->db->fetch_array($sql);
$ads_id=$ads_id_temp['Auto_increment'];
}
else
{
$ads_id=$ilace->GPC['id'];
}
$attachid = $ilace->db->fetch_field(DB_PREFIX . "attachment", "attachtype = '".'ads'."' AND user_id ='".$_SESSION['ilacedata']['user']['userid']."' AND ads_id='".$ads_id."'", "attachid");
Here is the script it runs.
http//wwwWEBSITEcom/campaign.php?id=0&cmd=_create- campaign&1=Advertise+here+for+%245.00+per+1000+views&2=Targeted+AdTITLENAME+adverts&3=http%3A%2F%2FwwwWEBSITEcom%2Fcampaign.php%3Fcmd%3Dcreate%26mode%3Dppc&4=Vist&zone=header&mode=PPI&clicks=0&5=1&keywords=KEYWORD1%2C+was%2C+KEYWORD2%2C+KETWORD3%2C+KEYWORD4&dotw[1]=1&dotw[2]=1&dotw[3]=1&dotw[4]=1&dotw[5]=1&dotw[6]=1&dotw[0]=1
You change AND ads_id= to AND id= because that is the field name in the SQL statement, and seemingly the field name has changed.
You do not change $ads_id because that is the name of your PHP variable, and this works fine as it is and does not need to be the same as the field name.
On a wider level, you should sit and figure out how the last line of the PHP quoted puts together the SQL statement quoted in the error. You should know that the . is used to concatenate strings together, that PHP strings must start and end with the same character but that can be either ' or ", and that the SQL statement requires ' around values.
Also, if you've updated a third-party software script and it's now incompatible with your database you should look to see if there was some sort of data migration script that you've not run.
Depends. Is the id column containing the same information as ads_id? If so, yes you should change it. If no, you should figure out what happened to the ids and why they were removed.
I'm pretty new to web development so there's a good chance I'm doing something pretty dumb here.
I'm using AJAX to send data to a PHP file which will use the data to run SQL commands to update a table. I'm dealing with editing articles, so my PHP file needs to know three things: The original name of the article (for reference), the new name and the new content. I also tell it what page the user is looking at so it knows which table to edit.
$('#save_articles').click(function () {
var current_page = $('#current_location').html();
var array_details = {};
array_details['__current_page__'] = current_page;
$('#article_items .article_title').each(function(){
var article_name = $(this).html(); //The text in this div is the element name
var new_article_name = $(this).next('.article_content');
new_article_name = $(new_article_name).children('.article_content_title').html();
var new_article_content = $(this).next('.article_content');
new_article_content = $(new_article_content).children('.article_content_content').html();
array_new_deets = {new_name:new_article_name, content:new_article_content};
array_details[article_name] = array_new_deets;
});
send_ajax("includes/admin/admin_save_articles.php", array_details);
});
In the PHP file, I first retrieve the current page and store it in $sql_table and then remove the current page variable from $_POST. Then I run this.
foreach($_POST as $key => $value){
$original_name = $key;
$new_name = $value['new_name'];
$new_cont = $value['content'];
$query = "UPDATE
`$sql_table`
SET
`element_name`= '$new_name',
`element_content` = '$new_cont',
WHERE
`element_name` = '$original_name'";
$query = mysql_query($query);
if(!$query){
die(mysql_error());
}
}
I always receive an error saying that 'sitep_Home' is an incorrect table name. Not only is it a real table in my db, but I've actually changed its name to make sure it isn't an issue with keywords or something.
If I instead run the query without the variable $sql_table (specifying that the table is called 'sitep_Home'), the query accepts the table. It then doesn't actually update the table, and I suspect it's because of the WHERE argument that also uses a variable.
Can anyone see what I'm doing wrong here?
try to use $sql_table as '$sql_table' if you are sure that this contain a right table name.
Like you are using other column's value
Check if this can help!!
Dump/log your query before executing it - the problem should be quite visible after that (I suspect some additional characters in the table name).
Couple of things:
you should never trust your users and accept everything they'll send you in $_POST, use whitelist for the fields you'd like to update instead
your code is vulnerable to SQL injection, I recommend to use some framework / standalone library or PDO at least, avoid mysql_query which will be deprecated in the future. Check this to get some explanation http://www.phptherightway.com/#databases
Table names are case sensitive in MySQL. Please check if there is mistake in the case.
You have to surround name of mysql table in query in this `` qoutes. When you dinamically create mysql table it is very important to trim($variable of mysql name table) before create, because if "$variable of mysql name table" have space in the edns or in the start mysql not create table. And the last when you call dinamically $variable of mysql name table in query you have to trim($variable of mysql name table) again.
I have a php form with two text boxes and i want to enter the text box values into the database. I have created the table (with two columns namely webmeasurementsuite id and webmeasurements id) I used the following syntax for creating table:
CREATE TABLE `radio` (
`webmeasurementsuite id` INT NOT NULL,
`webmeasurements id` INT NOT NULL
);
Utilising the tutorial in the following link, I wrote the php coding but unfortunately the datas are not getting entered into the database. I am getting an error in the insert sql syntax. I checked it but i am not able to trace out the error.Can anyone correct me? I got the coding from http://www.webune.com/forums/php-how-to-enter-data-into-database-with-php-scripts.html
$sql = "INSERT INTO $db_table(webmeasurementsuite id,webmeasurements id) values
('".mysql_real_escape_string(stripslashes($_REQUEST['webmeasurementsuite
id']))."','".mysql_real_escape_string(stripslashes($_REQUEST['webmeasurements id']))."')";
echo$sql;
My error is as follows:
INSERT INTO radio(webmeasurementsuite id,webmeasurements id) values ('','')ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id,webmeasurements id) values ('','')' at line 1
Because your table names have a space in them, you have to always surround them in backticks. Try this for your query:
$sql = "INSERT INTO $db_table(`webmeasurementsuite id`,`webmeasurements id`) values ('".mysql_real_escape_string(stripslashes($_REQUEST['webmeasurementsuite id']))."','".mysql_real_escape_string(stripslashes($_REQUEST['webmeasurements id']))."')";
Looking at your pastebin, it looks like you have forgotten to close your input tags:
<input TYPE="text" name="webmeasurementsuite id"