Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
i'm trying to use the implode function in php to inserting multiple checked values into a table but i get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
PHP
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "edusa_form")) {
$engine1 = implode(',', $_POST['written_tests']);
$insertSQL = sprintf("INSERT INTO edusa_regis (fname) VALUES ('$engine1'))");
HTML
<input name="written_tests[]" type="checkbox" id="written_tests[]" value="SAT" />
SAT
<input name="written_tests[]" type="checkbox" id="written_tests[]" value="ACT" />
The problem is not with the implode function. You have a bad syntax in your query.
$insertSQL = sprintf("INSERT INTO edusa_regis (fname) VALUES ('$engine1'))");
You have an additional closing parenthesis in the query.
You have an extra ) after $_POST["MM_insert"] in your if statement and also in your sprintf at the end at 'engine1'))
if ((isset($_POST["MM_insert"]) && ($_POST["MM_insert"] == "edusa_form")) {
$engine1 = implode(',', $_POST['written_tests']);
$insertSQL = sprintf("INSERT INTO edusa_regis (fname) VALUES ('$engine1')");
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "edusa_form")) {
$engine1 = implode(',', $_POST['written_tests']);
$insertSQL = sprintf("INSERT INTO edusa_regis (fname) VALUES ('$engine1')");
mysqli_query($con, $insertSQL);
}
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
In my Mysql I have this table. And I want to send data
Id is autoincrement
Id
insertId
invoceTaxApplayId
sumOfDist
if (isset($_POST['basic'])) {
$user_string = $_POST['basic'];
$basic = json_decode($user_string);
foreach ($basic as $key => $value){
$sql2 = "INSERT INTO `insert_tax_applay_map`( `insertId`, `invoceTaxApplayId`, `sumOfDist`) VALUES ('$value','', 5)";
echo $sql2; //printed
echo $key;
}
exit();
}
I can see echos, but data isn't sent to mysql.
You can fix the issue of not executing and your serious SQL injection bug with one simple trick: Prepared statements with placeholder values!
if (isset($_POST['basic'])) {
$user_string = $_POST['basic'];
$basic = json_decode($user_string);
// Prepare your database query with placeholder values
$stmt = $db->prepare("INSERT INTO insert_tax_applay_map (insertId, invoceTaxApplayId, sumOfDist) VALUES (:insertId, :invoiceTaxApplayId, :sumOfDist)");
// For each entry...
foreach ($basic as $key => $value) {
// ...execute the statement with that particular set of values.
$stmt-execute([
'insertId' => $value,
'invoiceTaxApplayId' => '',
'sumOfDist' => 5
]);
}
exit();
}
This example uses PDO but can easily be adapted to mysqli or whatever you're using.
Tip: For general guidance on PHP, see PHP the Right Way for more resources.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have this PHP code:
$uniqueSessionID = 'd41740fd9dc75cb8a3eeee27165d2323';
$returnUrl = 'http://qapache.us.oracle.com:15671/OA_HTML/OA.jsp?OAFunc=ICX_\nCAT_PUNCHOUT_CALLBACK&OAHP=ICX_POR_HOMEPAGE_MENU&OASF=ICX_CAT_PUNCHOUT_\nCALLBACK&transactionid=1577779317'
$timestamp = $conn->real_escape_string('2016-02-10 07:57:21');
$cxmlVersion = $conn->real_escape_string('1.1.007');
$payloadID = $conn->real_escape_string('20040316032452.913060910.144270#ap6172rt.us.oracle.com');
$sql2 = "INSERT INTO return_cart_url (`sessionid`, `timestamp`, `version`, `return_url`, `payloadID`)
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}' '$returnUrl', '{$payloadID}')";
if ($conn->query($sql2) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql2 . "<br>" . $conn->error;
}
And i get this error:
Column count doesn't match value count at row 1
All my columns are varchar. In the beginning i only had the columns uniqueSessionID and returnURL, and with these 2 it worked. It happened when I added the timestamp, cxmlVersion and payloadID.
Anyone who can explain me why this happens?
You forgot 1 comma :
'{$cxmlVersion}','$returnUrl'
you forget one , after cxmlVersion
$sql2 = "INSERT INTO return_cart_url (`sessionid`, `timestamp`, `version`, `return_url`, `payloadID`)
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}', '$returnUrl', '{$payloadID}')";
I am guessing it is because you are missing the brackets in the values definition of the return Url, and there is a missing colon after cxmlVersion.
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}' '$returnUrl', '{$payloadID}')";
Becomes:
VALUES ('{$uniqueSessionID}','{$timestamp}', '{$cxmlVersion}', '{$returnUrl}', '{$payloadID}')";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have a PDO PHP file making use of just one $_POST value stored on the $data array, and if an statement is true, a second value is added to that array to make a new query with two values:
<?php
session_start();
include("../conexionbbdd.php");
if($_SESSION['estado'] == 'activo' && $_SESSION['rol'] == '1'){
$data = array(
'us_id' => $_POST['us_id'],
);
$selectUsers= "SELECT * FROM ws_users WHERE us_id= :us_id";
$statementSelectUsers = $pdo->prepare($selectUsers);
$statementSelectUsers->execute($data);
$result = $statementSelectUsers->fetch(PDO::FETCH_ASSOC);
$us_fk_ui_id = $result['us_fk_ui_id'];
if($us_fk_ui_id==='1'){
$data['us_credits']=$_POST['us_credits'];
$updateUser = mysqli_query($con,"UPDATE ws_users SET us_credits = :us_credits, us_access = '1' WHERE us_id = :us_id");
$statementUpdateUser = $pdo->prepare($updateUser);
$statementUpdateUser->execute($data);
}
Everything goes fine untill the $statementUpdateUser->execute($data); line (34), where I get the usual error
PDOException: SQLSTATE[42000]: Syntax error or access violation: 1065
Query was empty in C:\wamp\www**********\actions\ad_updateUserInfo.php on
line 34
As far as I've seen, this should be due to the unexistance of one of the placeholders on the array, but if I print the array values after the $data['us_credits']=$_POST['us_credits']; it seems to be correct, having the 2 expected values needed for my query:
Array (
[0] => 2
[1] => 1.5 )
How could I check where the mistake is? There's no possibility of echoing the query as it is an object unable to transform on string.
$updateUser = mysqli_query($con,"UPDATE ws_users SET us_credits = :us_credits, us_access = '1' WHERE us_id = :us_id");
^^^ WTF??
You have to pay more attention to the code you write. Stack Overflow is NOT the service for finding typos for you.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I can't figure out why I have the syntax error I receive a syntax error on line 25 once i start adding values of $_SESSION part, I am new to php and coding so any help would be appreciated.
<?php
ini_set('display_errors', 1);
//Adjust error reporting:
error_reporting(E_ALL | E_STRICT);
include('includes/session_config.inc');
require ('mysqli_connect.php');
$q = "INSERT INTO cards (sender_last,
sender_first,
sender_email,
recipient_last,
recepient_first,
recepient_email,
subject,
message,
image,
identifier,
date_entered
)
VALUES ($_SESSION['postcard']['from_first']',
$_SESSION['postcard']['from_last']',
$_SESSION['postcard']['from_email']',
$_SESSION['postcard']['to_first']',
$_SESSION['postcard']['to_last']',
$_SESSION['postcard']['to_email'],
$_SESSION['postcard']['subject'],
$_SESSION['postcard']['message'],
$_SESSION['postcard']['image'],
$_SESSION['postcard']['identifier']
NOW()
)";
try this, Don't use to long multidimentional array directly in query, Use like this save in varialbe then use it, and other also care full for SQL injection, and also u have missed the comma before NOW() at the end of query.
<?php
ini_set('display_errors', 1);
//Adjust error reporting:
error_reporting(E_ALL | E_STRICT);
include('includes/session_config.inc');
require ('mysqli_connect.php');
$from_first = mysql_real_escape_string($_SESSION['postcard']['from_first']);
$from_last = mysql_real_escape_string($_SESSION['postcard']['from_last']);
$from_email = mysql_real_escape_string($_SESSION['postcard']['from_email']);
$to_first = mysql_real_escape_string($_SESSION['postcard']['to_first']);
$to_last = mysql_real_escape_string($_SESSION['postcard']['to_last']);
$to_email = mysql_real_escape_string($_SESSION['postcard']['to_email']);
$subject = mysql_real_escape_string($_SESSION['postcard']['subject']);
$message = mysql_real_escape_string($_SESSION['postcard']['message']);
$image = mysql_real_escape_string($_SESSION['postcard']['image']);
$identifier = mysql_real_escape_string($_SESSION['postcard']['identifier']);
$q = "INSERT INTO cards (sender_last,
sender_first,
sender_email,
recipient_last,
recepient_first,
recepient_email,
subject,
message,
image,
identifier,
date_entered
)
VALUES ($from_first,
$from_last,
$from_email,
$to_first,
$to_last,
$to_email,
$subject,
$message,
$image,
$identifier,
NOW()
)";
Your values are strings, but you have only ending ': VALUES ($_SESSION...', $_SESSION...', replace it with VALUES ('{$_SESSION...}', '{$_SESSION...}'. Also missing , before NOW() in values list
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Hello guys i need your help with this php code,
and trying to create survey name using text box..but what happens is that $survey_name = $_POST['txtSurveyName']; does not save any input with e.g. Department's but it saves Departments.
I noticed that the problem is with the single quotes, how can write this code to accept the single quotes?
here is the full code:
**$survey_name = $_POST['txtSurveyName'];**
$survey_status = $_POST['status'];
// Save question
$sql = "INSERT INTO survey(survey_name, status) VALUES('{$survey_name}','{$survey_status}')";
$result = mysql_query($sql);
// Redirect to landing page
As much as I hate this answer I will still tell you that you need to escape your strings:
$survey_name = mysql_real_escape_string($_POST['txtSurveyName']);
But I would suggest using PDO or MySQLi prepared statements. Better for your security.
So easy with PDO:
//prepare query
$stmt = $pdoInstance->prepare('INSERT INTO survey(survey_name, status) VALUES(:name, :status)');
//bind params
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':status', $status, PDO::PARAM_STR);
if ($stmt->execute()) {
//success
}
This way your code is more secure and I feel better that I did not suggest something horrible.
From: http://us2.php.net/mysql_real_escape_string
$survey_name = $_POST['txtSurveyName'];
$survey_status = $_POST['status'];
$sql = sprintf("INSERT INTO survey(survey_name, status) VALUES('%s','%s')'",
mysql_real_escape_string($survey_name),
mysql_real_escape_string($survey_status));
$result = mysql_query($sql);
Change your query to escape specials chars :
$sql = "INSERT INTO survey(survey_name, status) VALUES(\"{$survey_name}\",\"{$survey_status}\")";
or
$sql = "INSERT INTO survey(survey_name, status) VALUES('".addslashes($survey_name)."','".addslashes($survey_status)."')";