I'm trying to make an insert using ST_Makepoint with get values, but I run into 500 Error.
This is my php code:
<?php
try {
$user = 'user';
$dbh = new PDO('pgsql:host=localhost;dbname=userdb', $user);
$stmt = $dbh->prepare("INSERT INTO table(id_a, id_b, geom) VALUES (?,?,?);");
if ($stmt->execute(array($_GET['id_a'], $_GET['id_b'], ST_SetSRID(ST_MakePoint($_GET['lat'], $_GET['long']),4326)))) {
print_r("OK");
} else {
print_r("Error");
}
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
?>
If I run this query with pgAdmin, it runs well:
INSERT INTO table(id_a, id_b, geom) VALUES (1,1,ST_SetSRID(ST_MakePoint(2, 2),4326));
Do you know how to fix the problem in php code?
I solved in this way:
$stmt = $dbh->prepare("INSERT INTO table(id_a, id_b, geom) VALUES (?,?,ST_SetSRID(ST_MakePoint(?, ?),4326));");
if ($stmt->execute(array($_GET['id_a'], $_GET['id_b'], $_GET['lat'], $_GET['long']))) {
print_r("OK");
} else {
print_r("Errore");
}
Related
PHP PDO Statement inserting Null value to Db table
MY CODE:-
function pdate_product_desc_preview($fieldvalues, $company_digms1, $company_digms2, $company_digms3)
{
$query = "INSERT INTO eco_product_descTemp(`blockdigms1`, `blockdigms2`, `blockdigms3`) values(:company_digms1,:company_digms2,:company_digms3)";
try {
$stmt = $this->conn->prepare($query);
$stmt->bindValue(":company_digms1", $company_digms1);
echo $company_digms2;
$stmt->bindValue(":company_digms2", $company_digms2);
echo $company_digms3;
$stmt->bindValue(":company_digms3", $company_digms3);
$stmt->execute();
var_dump($stmt->errorInfo());
$productid = $this->conn->lastInsertId();
return $productid;
} catch (PDOException $e) {
$e->getMessage();
}
}
When i am executing, it only insert null value with auto increment id.
Thanks in advance.
function pdate_product_desc_preview($fieldvalues, $company_digms1, $company_digms2, $company_digms3)
{
$query = "INSERT INTO eco_product_descTemp (`blockdigms1`, `blockdigms2`, `blockdigms3`) values(:company_digms1,:company_digms2,:company_digms3)";
try {
$stmt = $this->conn->prepare($query);
$stmt->bindParam(":company_digms1", $company_digms1);
echo $company_digms2;
$stmt->bindParam(":company_digms2", $company_digms2);
echo $company_digms3;
$stmt->bindParam(":company_digms3", $company_digms3);
$stmt->execute();
var_dump($stmt->errorInfo());
$productid = $this->conn->lastInsertId();
return $productid;
} catch (PDOException $e) {
$e->getMessage();
}
}
Try this one.
Just replacing bindValue with bindParam
You can check prepared-statements.php here.
I've left $fieldvalues in but i dont see what it is doing..
Here's my take on it:
function pdate_product_desc_preview($fieldvalues, $company_digms1, $company_digms2, $company_digms3)
{
if (!empty($company_digms1) && !empty($company_digms2) && !empty($company_digms3))
{
$stmt = $this->conn->prepare("INSERT INTO `eco_product_descTemp` (`blockdigims1`, `blockdigims2`, `blockdigims3`) VALUES (?,?,?)");
$stmt->execute([$company_digms1, $company_digms2, $company_digms3]);
echo 'Inserted!';
} else {
echo 'make sure all fields have been filled in!';
}
}
So on the condition that if none of the fields are empty (NULL) then run the query. If one is empty (NULL) then run the make sure statement.
I have been trying to make a project where I need to upload information to a sqlite3 database. For that I'm using simple PHP scripts.
I succeeded already uploading information from a PHP script to a database with something like this:
<?php
try
{
$db = new PDO('sqlite:mydatabase.db');
$db->exec("INSERT INTO temps (zone,temperature) VALUES ('maia',77)");
echo "Row Inserted\n";
}
catch(PDOException $e)
{
print $e->getMessage();
}
?>
Now I am struggling to do the same with a script lie this:
<?php
$data = htmlspecialchars($_GET["temp1"]);
$file = "temps.txt";
$current = file_get_contents($file);
$current .= $data;
file_put_contents($file, $current);
try
{
$db = new PDO('sqlite:teste1.db');
$db->exec('BEING;');
$db->exec('INSERT INTO temps (temperature) VALUES ($temp1)');
$db->exec('COMMIT;');
}
catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
?>
My table "temps" has a schema like this:
CREATE TABLE temps (temperature NUMERIC);
Is it because of the var type in the PHP since I declared it as numeric in the database? If so how can I solve that?
Appreciate all your ideas.
Thank you
You might be interested in prepapred statements and (named|positional) parameters:
<?php
$temp1 = '1234';
try
{
$db = new PDO('sqlite::memory:');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec('CREATE TABLE temps (temperature NUMERIC)');
$stmt = $db->prepare('INSERT INTO temps (temperature) VALUES (?)');
$stmt->execute( array($temp1) );
}
catch (PDOException $e) {
echo $e->getMessage();
}
I am new to pdo as I am just moving into it from the traditional method of doing queries. Below is what I have wrote and it works. My concern now is that if there any error in any of the query either the select,insert or update they are all capture by that one catch but then I cant pin point exactly to the error. So will multiple try and catch be the right direction ?
try {
$dsn = 'mysql:dbname='.dbDatabase.';host='.dbHost;
$link = new PDO($dsn, dbUser, dbPassword );
$link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $pe) {
die("Could not connect to the database $dbname :" . $pe->getMessage());
}
$link->beginTransaction();
$rollBackStatus="False";
try
{
$selectQuery1 ="Select ......";
$selectQueryResult1 = $link->prepare($selectQuery1);
$selectQueryResult1->bindParam(':uname', $userName);
$selectQueryResult1->execute();
$n1=$selectQueryResult1->rowCount();
//echo "TEST : ".$n1;
if($n1==1)
{
$row1 = $selectQueryResult1->fetch();
$userID=$row1['userID'];
if($row1['up']==$up){
$insertQuery1 ="Insert .......... ".
$insertQueryResult1 = $link->prepare($insertQuery1);
$insertQueryResult1->bindParam(':uID', $userID);
$insertQueryResult1->bindParam(':uIP', $userIP);
if($insertQueryResult1->execute()){
}
else{
$rollBackStatus="True";
$link->rollback();
}
$updateQuery1 ="Update ........ ";
$updateQueryResult1 = $link->prepare($updateQuery1);
$updateQueryResult1->bindParam(':uID', $userID);
if($updateQueryResult1->execute()){
}
else{
$rollBackStatus="True";
$link->rollback();
}
}
}
catch(PDOException $pe)
{
$rollBackStatus="True";
die("Error in selectQuery1 :" . $pe->getMessage());
$link->rollback();
}
if($rollBackStatus=="False"){
$link->commit();
$link=null;
if($headerSent!="")
{
header($headerSent);
}
}
You can check any error after execute query with following method.
$selectQueryResult1->execute();
$arr = $selectQueryResult1->errorInfo();
print_r($arr);
I am trying to get the primary key by using SELECT LAST_INSERT_ID()but I am getting an error SQLSTATE[HY000]: General error
function logCallDetails($db,$student_id,$currentStory,$currentCall){
try{
$query= "INSERT INTO `call`(`student_id`, `story_id`, `call_number`) VALUES ('$student_id','$currentStory','$currentCall');SELECT LAST_INSERT_ID();";
echo $query;
$result=$db->prepare($query);
$result->execute();
$result = $result->fetchall(PDO::FETCH_ASSOC);
#$result->closeCursor();
return $result;
}
catch(PDOException $e) {
echo $e->getMessage();
}
}
initialize.php
$get_call_id=logCallDetails($db,$student_id,$call_number,$story_id);
foreach($get_call_id as $row=>$s)
{
foreach($s as $k=>$v)
{
echo $k.'->'.$v.'<br/>';
}
}
You've got 2 separate queries in a single query call. This is NOT allowed for security reasons by the underlying MySQL drivers. You'll have to prepare/execute the INSERT and SELECT queries separately.
function logCallDetails($db,$student_id,$currentStory,$currentCall){
$query= "INSERT INTO `call`(`student_id`, `story_id`, `call_number`)
VALUES (?,?,?)";
$result=$db->prepare($query);
$result->execute(array_slice(func_get_args()));
return $db->lastInsertId();
}
$get_call_id = logCallDetails($db,$student_id,$call_number,$story_id);
echo $get_call_id;
I have the following PHP code:
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$insert_query = mysql_query("INSERT INTO articles(articleTitle, articleContent, typeID)
VALUES
('$_POST[articleTitle]','$_POST[articleContent]',$_POST[articleType])");
}
typeID => is number, the other values are text.
There is no error in this code, but the insert query doesn't work (I have no idea why because I don't get any error message).
How can I fix it?
There are a number of problems with your code.
It's open to SQL injectoion
mysql_* functions have been deprecated
This code is untested but should give you an idea:
try
$dbh = new PDO('mysql:host=localhost;dbname=your_database_name', $user, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sth = $dbh->prepare('INSERT INTO Persons (articleTitle, articleContent, typeID) VALUES (:articleTitle, :articleContent, :articleType)');
$sth->execute($_POST);
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
}
Have a look at this article on Why you Should be using PHP’s PDO for Database Access
Try this
if(isset($_POST[articleTitle])) {
$insert_query = mysqli_query("INSERT INTO Persons (articleTitle, articleContent,typeID)
VALUES
('$_POST[articleTitle]','$_POST[articleContent]',$_POST[articleType])");
}