This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I have the following INSERT Statement but it doesn't insert a record in the table. It works when i add only the CALC_STOCK_NO field but not when i add Description field to the insert statement.
Here sample Description value: DSSY68678/787-15.5 14 328 I3 TL 8-8-6.01 ABC
$itemid = $data2['fields']['CALC STOCK NO'];
$pdesc = $data2['fields']['Item Description'];
mysqli_query($con,
"INSERT INTO 600XXX
(CALC_STOCK_NO, pdesc) VALUES
($itemid, $pdesc)"
);
here is what my table looks like:
You are not writing the correct field name for the description field. You placed pdesc instead of Description_for_Purchases in your sql statement. You also need to have apostrophes before and after your string values, which is the case for your second field. To correct these problems:
change this code:
mysqli_query($con,
"INSERT INTO 600XXX
(CALC_STOCK_NO, pdesc) VALUES
($itemid, $pdesc)"
);
to this code:
mysqli_query($con,
"INSERT INTO 600XXX
(CALC_STOCK_NO, Description_for_Purchases) VALUES
({$itemid}, '{$pdesc}')"
);
I am used to adding {} as well when I insert values into strings directly. You don't need to do it to work in this case, though since there are situations in which it is needed, I like to remain consistent and do it everywhere :). Let me know if that worked for you.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 2 years ago.
I want to select the name contained in the column with the same name as my variable $column_id, which I pass to the function displayed below. It's passed correctly but without putting the '' around it the query results in an error. If I put them the result of the select is the value of $column_id itself, which is wrong. (the syntax equals to the one for prepared queries because that's the next step, if I can fix this issue)
$nirk2 = $this->conn->prepare("SELECT '" .$column_id. "' FROM t_values WHERE device_id='".$device_id."'");
$nirk2->execute();
$nirk2->bind_result($Value_Description);
$nirk2->fetch();
All I want to do is basically use my variable $column_id as name of the column to search the value in.
If you want to use a string as a column name you need to ensure that this column actually exists (is whitelisted) and then wrap it using backticks.
// whitelist column name
if(!in_array($column_id, ['my_col 1', 'my_col 2'])){
throw new \Exception('Invalid column name!');
}
// V backticks V
$nirk2 = $conn->prepare("SELECT `" .$column_id. "` FROM t_values WHERE device_id=?");
$nirk2->bind_param('s', $device_id);
$nirk2->execute();
$nirk2->bind_result($Value_Description);
$nirk2->fetch();
This question already has answers here:
The 3 different equals
(5 answers)
Closed 4 years ago.
I'm using a very simple code to extract data from a MySQL DB to a CSV file.
The code didn't provide the result I expected so I made the code including the query in the CSV file.
In a fist part of the code seemes that the variable containing the query result doesn't actually contain any value, but in another part of the code the variable contains the correct value.
In short, the same variable seems to contain two values in different part of the code.
$sql="SELECT destinazione AS dest,ndc AS n FROM npitz";
$query = mysql_query($sql);
$q="ERROR";
while($row = mysql_fetch_array($query)) {
$query="DELETE FROM npitz_reduced_tmp WHERE
destinazione='".$row['dest']."' AND
ndc LIKE CONCAT('".$row['n']."','%') AND
ndc NOT LIKE '".$row['n']."'";
if($row['n']='77') $q=$query." - ".$row['n'];
mysql_query($query);
}
The variable $row['n'] should contain the result of the SQL query.
After the while loop the variable $q is:
DELETE FROM npitz_reduced_tmp WHERE destinazione='UNITED STATES' AND ndc LIKE CONCAT('','%') AND ndc NOT LIKE '' - 77
The question is: if in the IF statement the value of $row['n'] is '77' why it isn't the same in the $query variable assignment?
You probably should use == instead of = in the if statement
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
When I add a new product sold with product code 00072 it saves nice but if I update the product sold and edit the product code to 00073 etc it gets saved as 73 and the 000 are missing.
Tried with INT VARCHAR CHAR and all the same Tried with unsigned zerofill and it just added a lot of 000000000000
The code I am using to update is:
<?php include("police.php"); ?>
<?php
$old = mysqli_real_escape_string($database,$_POST['old']);
$new = mysqli_real_escape_string($database,$_POST['new']);
$updating = mysqli_query($database, "UPDATE sales SET code = $new WHERE id = $old");
?>
What can be wrong?
Currently using VARCHAR 30 latin swedish, when adding new product sale it works fine but not when updating ...
Use single quotes to surround the values. Values sent to the database without quotes surrounding them may be interpreted as numbers instead of text.
$updating = mysqli_query($database, "UPDATE sales SET code = '$new' WHERE id = '$old'");
I want to insert the data into postgresql database which includes radio button and dropdwn box. I tried 3 different insert queries.
1)
$query = sprintf("INSERT INTO onf VALUES('%s','%s','%s','%s','%s','%s','%d')",$_REQUEST['title'],$_REQUEST['name'],$_REQUEST['district'],$_REQUEST['rurban'],$_REQUEST['taluk'],$_REQUEST['village'],$_REQUEST['wardno']);
2)
$qry="INSERT INTO onf(title, name, district,rurban,taluk,village,wardno) VALUES ('$tile', '$name', '$district','$rurban','$taluk','$village','$wardno')";
3)
$qy="INSERT INTO onf(title, name, district,rurban,taluk,village,wardno) VALUES (('$_POST[title]','gen','$_POST[gen]),'$_POST[name]','$_POST[district]','$_POST[rurban]','$_POST[taluk]','$_POST[village]','$_POST[wardno]')";
$res = pg_query($db,$qy);
My problem is in 1st query oly name alone gets inserted and in 2nd , 3rd no record gets inserted. Y dropdown nd radio button is not inserting into database?
Tanx in advance..
May just be because neither of those 3 is proper PHP code.
Query 1:
Don't use $_REQUEST. Use $_POST.
Query 2:
Unless you have register_globals turned on, which I SERIOUSLY hope you don't, your vars ($tile, $name, etc.) will not contain the information submitted by the form. Again, you want to use $_POST.
Query 3:
Your variables aren't properly escaped. Generally, I recommend not embedding variables into double-quoted strings if you don't quite have a grasp on string concatenation in PHP. Use single-quoted strings and build them by breaking the string and concatenating with ..
Now, I feel like your second query is the closest to what you want, so try this:
$qry = '
INSERT INTO onf (
title,
name,
district,
rurban,
taluk,
village,
wardno
) VALUES (
"'.$_POST['tile'].'",
"'.$_POST['name'].'",
"'.$_POST['district'].'",
"'.$_POST['rurban'].'",
"'.$_POST['taluk'].'",
"'.$_POST['village'].'",
"'.$_POST['wardno'].'"
);
';
I'm using the p4a application framework, i need to insert rows into my database via fields that i have made previously, when the user presses submit, the database should update and thus other new rows should be able to to made etc.
I'm struggling to find how to input the data into the database, i can easily do it through putting the values into the sql statement but this is completely alien to me,
The code is:
public function submit()
{
$location = $this->location->getNewValue();
$date = $this->date->getNewValue();
$merono = $this->merono->getNewValue();
$sql = $db->query("INSERT INTO 'meetingrooms'(location, date, merono)
VALUES
($location, $date, $merono)");
p4a_db::singleton()->newRow($sql, array($location));
$this->load();
location, date and merono are all set in the fields i have created before this function and it should work as i have previously done the same for a login page, so i know the first section should be getting the variables. and as i have accessed the db previously i know that it is connecting, so it must be to do with the MySQL statement.
Thanks,
Steve.
on your query, i found out that you are enclosing the table name with single quote, if you want to escape tableName or columnName use backtick instead,
INSERT INTO `meetingrooms`(location, date, merono)
VALUES ($location, $date, $merono)
but since your tableName is not a reserved word or contains any invalid characters, you can get rid of the backtick.
If you are inserting values on the table which are not numeric, wrap it with single quotes,
INSERT INTO meetingrooms (location, date, merono)
VALUES ('$location', '$date', '$merono')
I finally managed to figure it out (even though this question was only active for a few mins XD)
the SQL statement was wrong for a start (Thanks to John Woo for the help (y)) now the statement goes:
query("INSERT INTO meetingrooms(location, date, merono)
VALUES
('$location', '$date', '$merono')");
this successful statement allows for the variables placed into $location $date and $merono to be inserted into the table plus the extra addition to the start of the statement
goes as:
p4a_db::singleton()->
this calls the P4A database extension which in this pop-up class i have made, is not accessible,
so the full function now goes:-
public function submit()
{
$location = $this->AreaName->getNewValue();
$date = $this->date->getNewValue();
$merono = $this->merono->getNewValue();
p4a_db::singleton()->query("INSERT INTO meetingrooms(location, date, merono)
VALUES
('$location', '$date', '$merono')");
Thanks for the help,
Steve.