I am having an issue where it seems my insert code is wrong but i do not know how to fix it.
It keeps resorting to my page being blank with no error_log and error reporting is not working either, below is the code
<?php
$connect = mysqli_connect("localhost","dfhdfhd","dfhdfh","fhgdfh");
$url = 'url';
$banner = 'banner';
$title = 'title';
$date = 'date';
$time = 'time';
$description = 'description';
$region = 'region';
$sponsors = 'sponsors';
mysqli_query($connect,"INSERT INTO information (url, banner, title, date, time, description, region, sponsors)
VALUES ('$url', '$banner', '$title', '$date' '$time', '$description', '$region', '$sponsors')";
?>
There's a few things wrong here.
First, a missing comma after '$date' and a missing bracket for your opening $connect,
Here:
mysqli_query($connect,"INSERT INTO information (url, banner, title, date, time, description, region, sponsors)
VALUES ('$url', '$banner', '$title', '$date', '$time', '$description', '$region', '$sponsors')");
Having checked for errors, it would have told you about those errors.
Consult these following links http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php
Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements.
you should add error_reporting and show mysqli error if a query for some reason doesn't work:
<?php
error_reporting(-1);
$connect = mysqli_connect("localhost","dfhdfhd","dfhdfh","fhgdfh");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$url = 'url';
$banner = 'banner';
$title = 'title';
$date = 'date';
$time = 'time';
$description = 'description';
$region = 'region';
$sponsors = 'sponsors';
$result = mysqli_query($connect,"INSERT INTO information (url, banner, title, date, time, description, region, sponsors)
VALUES ('$url', '$banner', '$title', '$date', '$time', '$description', '$region', '$sponsors')");
if (!result)
{
echo("Error description: " . mysqli_error($connect));
}
?>
See for more information: http://www.w3schools.com/php/func_mysqli_error.asp
Also make sure that the php is not executed somewhere, where errors would be echoed but not visible because they are outside html or hidden by css.
You also forgot a comma inbetween '$data' and '$time' and closing the mysqli_query function.
Related
I am currently learning OOP, but I can't figure out how to insert date into database.
I have tried:
$time=date('now');
$time=date("timestamp");
$time=date("Y-m-d H:i:s");
$time=date("m/d/y g:i A");
When I submit I get error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2014-03-11 14:18:07'' at line 1
I can't figure this out. Before I did use:
$result = mysql_query ("INSERT INTO test (title,url,time) VALUES ('$title','$url',now())");
I tried to use now() , but it does not seem to work. :/
Update:
Insert:
public function insert($cat,$title,$article,$author,$image,$time)
{
$sql=mysql_query("INSERT INTO blog_posts(cat, title, article, time, author, image) VALUES('$cat', '$title', '$article', '$author', '$image, '$time'");
if(!$sql)
{
echo mysql_error();
}
}
proccess file:
$cat=$_POST['cat'];
$title=$_POST['title'];
$article= $_POST['article'];
$author=$_POST['author'];
$image=$_POST['image'];
$time= date( 'Y-m-d H:i:s' );
$n=new db();
$n->connect();
$n->insert($cat,$title,$article,$author,$image,$time);
You're missing a quote:
'$author', '$image, '$time'"
^^^^^
HERE
INSERT INTO blog_posts(cat, title, article, time, author, image) VALUES('$cat', '$title', '$article', '$author', '$image', '$time'"
Your parameters are also out of order.
Columns: cat, title, article, time, author, image
Values: '$cat', '$title', '$article', '$author', '$image', '$time'
Forget about the mysql_* functions.
If you want to create future-proof applications you will use PDO. This is OOP.
$db = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME, DB_USER, DB_PASS);
$db->exec('SET NAMES utf8'); // Set this transfer's charset to utf-8
$title = 'here is a title';
$url = 'here is a URL';
$time= date( 'Y-m-d H:i:s' ); // I dont know what type the time column is. (date, datetime, timestamp)-> ??
$prepare = $db->prepare("INSERT INTO test (title, url, time) VALUES (:title, :url, :time)");
$prepare->bindParam(':title', $title);
$prepare->bindParam(':url', $url);
$prepare->bindParam(':time', $time);
$prepare->execute(); // Run the query, in this case, insert!
If the time column is of type date or datetime, you can use NOW() or CURDATE() like so:
$prepare = $db->prepare("INSERT INTO test (title, url, time) VALUES (:title, :url, NOW())");
theres nothing to do with objects in this code.
and the first snippet of code is bascily overwriting all over
so its left with the latest. what exactly are you trying to achieve?
could you post some more of your code?
if you wish to use mysql OBJECT oriented, use MySQLi or PDO driver.
Hi guys my process page does not work, my code is
<?php
$id = $_POST['item_id'];
$qty = $_POST['item_qty'];
$name = $_POST['item_name'];
$con = mysqli_connect ("localhost", "name", "password", "db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql = "INSERT INTO Temp (id, qty, name)
VALUES
('$_POST[id]', '$_POST[qty]', '$_POST[name]')";
if (!mysqli_query($con, $sql))
{
die('Error: ' . mysqli_error());
}
header('Location: http://url.com/');
mysqli_close($con);
?>
Should be all correct, just copy from w3school,
The problem is, the db only get 0,
ie. my $id is 4, $qty is 12, $name is "Hello", after the process page, the table only get two 0s in id and qty, name is void.
The values should be processed to this process page successfully, bc I have tried
echo $id, $qty, $name;
All are the same as I typed in before.
Could anyone help me? thanks :-)
this line:
INSERT INTO Temp (id, qty, name) VALUES ('$_POST[id]', '$_POST[qty]', '$_POST[name]')";
should be:
INSERT INTO Temp (id, qty, name) VALUES ('$id', '$qty', '$name')";
If the form is from your previous question, you dont need:
$id = $_POST['item_id'];
$qty = $_POST['item_qty'];
$name = $_POST['item_name'];
I agree it looks like you left out item_. You might want to sanitize your data first.
$id=mysqli_real_escape_string($_POST['item_id']);
$qty=mysqli_real_escape_string($_POST['item_qty']);
$name=mysqli_real_escape_string($_POST['item_name']);
$sql = "INSERT INTO Temp (id, qty, name)
VALUES ('$id', '$qty', '$name')";
I have a foreach statement looping through JSON data and inserting the contents into MySQL. I want to skip the insert if a specific username is shown for $author string. Is the below method ok or is it better to handle at the database level?
foreach ($response['data'] as $data) {
$id = $data['id'];
$created_time = $data['created_time'];
$thumbnail = $data['images']['low_resolution']['url'];
$author = $data['user']['username'];
$caption = mysql_real_escape_string($data['caption']['text']);
$link = $data['link'];
$likes = $data['likes']['count'];
if ($author == 'USERNAME') {
mysql_close($con);
} else {
$query = "INSERT IGNORE INTO pbr (id, created_time, thumbnail, author, caption, link, likes, hash) VALUES ('$id', '$created_time', '$thumbnail', '$author', '$caption', '$link', '$likes', '$hash')";
$result = mysql_query($query) or die(mysql_error());
mysql_close($con);
}
}
Why closing SQL connection at each loop iteration?
Why not simply do:
if ($author == 'USERNAME')
continue; // next iteration
$query = "INSERT IGNORE INTO pbr (id, created_time, thumbnail, author, caption, link, likes, hash)
VALUES ('$id', '$created_time', '$thumbnail', '$author', '$caption', '$link', '$likes', '$hash')";
$result = mysql_query($query) or die(mysql_error());
BTW you should bind parameters to your queries, or at least use mysql_real_escape_string() otherwise will have problems with values containing quotes (currently, you only do it for variable $caption, I guess that $link, $thumbnail and $username can contain single quotes as well).
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("d/m/y : H:i:s", time());
$dbc = mysqli_connect('localhost', 'root', 'derp', 'derpdb')
or die("Database connection fried.");
$query = "INSERT INTO ipstore (tstamp, ip), " .
"VALUES ('$date', '$ip')";
mysqli_query($dbc, $query);
mysqli_close($dbc);
?>
Can anyone tell me what's wrong with this code? It's meant to store the users IP/date they requested the page in the database. I've tried replacing localhost with 127.0.0.1, no luck. It doesn't bring a message, so it must be connected, however when it comes to querying it just doesn't do it. And it doesn't give a warning. I've checked the DB, nothings there.
Also don't worry, nothing sensitive is there ;)
Thanks
$query = "INSERT INTO ipstore (tstamp, ip), " . "VALUES ('$date', '$ip')";
You are not supposed to use a comma after specifying columns - try
$query = "INSERT INTO ipstore (tstamp, ip) VALUES ('$date', '$ip')";
try it this way
$query = mysql_query("INSERT INTO ipstore (tstamp,ip) VALUES ('$date', '$ip')") or die(mysql_error()); if($query) {echo 'Success'; esle { echo 'Failed'; }
And you will get success for sure
$author = $_SESSION['username'];
$subject = $_POST['subject'];
$body = $_POST['body'];
$branched = $_POST['branched'];
$time = time();
$branchedFrom = $_POST['parent'];
$id = $_POST['parent'];
$next = 0;
$previous = 0;
$branchedTo = 0;
mysql_query(
"INSERT INTO offtopic
VALUES(
'',
'$author',
'$subject',
'$body',
'$time',
'$next',
'$previous',
'$branchedFrom',
'$branchedTo'
");
I've tried it lots of times, even tried changing some stuff, but it doesn't save the info into the database.
The blank space at the begining is where the index is in the database.
The SESSION and POST stuff I'm pretty sure gets passed properly.
"INSERT INTO offtopic VALUES('', '$author', '$subject', '$body', '$time', '$next', '$previous', '$branchedFrom', '$branchedTo'"
Missing closing ‘)’ inside the string. Pick up the error message using mysql_error() and simple syntax errors like this should be obvious.
Also you have SQL injection security holes you could drive a bus through. You need to be calling mysql_real_escape_string() over each string value you concatenate into the string, or use mysqli parameterised queries.
Maybe it is because that your query missing which fields to insert
"INSERT INTO offtopic(field1, field2, etc....) VALUES('', '$author', '$subject', '$body', '$time', '$next', '$previous', '$branchedFrom', '$branchedTo'");