This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 6 years ago.
In my PHP file I want to check if the email is already taken before inserting the data into my mysql database.
I cant find anything wrong with my code but it wont work.
PHP code:
<?php
$conn = mysqli_connect("s.amazonaws.com", "username", "pass", "SellerAccounts");
//If statement echos back to the browser if we connected to the server or not.
//Store the data from the POST (text from the user) into a variable.
$Sellers_CompanyName = $_POST["SellersCompanyName"];
$Sellers_CompanyWebsite = $_POST["SellersCompanyWebsite"];
$Sellers_IndustryName = $_POST["SellersIndustryName"];
$Sellers_SecondaryIndustryName = $_POST["SellersSecondaryIndustryName"];
$Sellers_FirstContactFirstName = $_POST["SellersFirstContactFirstName"];
$Sellers_FirstContactLastName = $_POST["SellersFirstContactLastName"];
$Sellers_FirstContactNumber = $_POST["SellersFirstContactNumber"];
$Sellers_FirstContactEmail = $_POST["SellersFirstContactEmail"];
$Sellers_SecondContactFirstName = $_POST["SellersSecondContactFirstName"];
$Sellers_SecondContactLastName = $_POST["SellersSecondContactLastName"];
$Sellers_SecondContactNumber = $_POST["SellersSecondContactNumber"];
$Sellers_SecondContactEmail = $_POST["SellersSecondContactEmail"];
$Sellers_Password = $_POST["Password"];
$result = mysql_query("SELECT * FROM user_info WHERE Sellers_FirstContactEmail = '".$Sellers_FirstContactEmail."'");
if ( mysql_num_rows($result) > 0 ){
echo("Email is already in use");
}else{
//
$statement = mysqli_prepare($conn, "INSERT INTO user_info (Sellers_CompanyName, Sellers_CompanyWebsite, Sellers_IndustryName, Sellers_SecondaryIndustryName, Sellers_FirstContactFirstName, Sellers_FirstContactLastName, Sellers_FirstContactNumber, Sellers_FirstContactEmail, Sellers_SecondContactFirstName, Sellers_SecondContactLastName, Sellers_SecondContactNumber, Sellers_SecondContactEmail, Sellers_Password) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ");
mysqli_stmt_bind_param($statement, "sssssssssssss", $Sellers_CompanyName, $Sellers_CompanyWebsite, $Sellers_IndustryName, $Sellers_SecondaryIndustryName, $Sellers_FirstContactFirstName, $Sellers_FirstContactLastName, $Sellers_FirstContactNumber, $Sellers_FirstContactEmail, $Sellers_SecondContactFirstName, $Sellers_SecondContactLastName, $Sellers_SecondContactNumber, $Sellers_SecondContactEmail, $Sellers_Password);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
if(mysqli_query($connection, $sql_query)){
// echo" Data insertion success...";
}
}
mysqli_close($conn);
?>
i can insert everything fine and connect to the DB
You cannot mix MySQL functions with MySQLi functions. And also your connection is $conn, so using $connection will not work.
<?php
$conn = mysqli_connect("s.amazonaws.com", "username", "pass", "SellerAccounts");
$Sellers_CompanyName = $_POST["SellersCompanyName"];
$Sellers_CompanyWebsite = $_POST["SellersCompanyWebsite"];
$Sellers_IndustryName = $_POST["SellersIndustryName"];
$Sellers_SecondaryIndustryName = $_POST["SellersSecondaryIndustryName"];
$Sellers_FirstContactFirstName = $_POST["SellersFirstContactFirstName"];
$Sellers_FirstContactLastName = $_POST["SellersFirstContactLastName"];
$Sellers_FirstContactNumber = $_POST["SellersFirstContactNumber"];
$Sellers_FirstContactEmail = $_POST["SellersFirstContactEmail"];
$Sellers_SecondContactFirstName = $_POST["SellersSecondContactFirstName"];
$Sellers_SecondContactLastName = $_POST["SellersSecondContactLastName"];
$Sellers_SecondContactNumber = $_POST["SellersSecondContactNumber"];
$Sellers_SecondContactEmail = $_POST["SellersSecondContactEmail"];
$Sellers_Password = $_POST["Password"];
$result = mysqli_query($conn, "SELECT * FROM user_info WHERE Sellers_FirstContactEmail = '$Sellers_FirstContactEmail'");
if ( mysqli_num_rows($result) > 0 ){
echo("Email is already in use");
} else {
$statement = mysqli_prepare($conn, "INSERT INTO user_info (Sellers_CompanyName, Sellers_CompanyWebsite, Sellers_IndustryName, Sellers_SecondaryIndustryName, Sellers_FirstContactFirstName, Sellers_FirstContactLastName, Sellers_FirstContactNumber, Sellers_FirstContactEmail, Sellers_SecondContactFirstName, Sellers_SecondContactLastName, Sellers_SecondContactNumber, Sellers_SecondContactEmail, Sellers_Password) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ");
mysqli_stmt_bind_param($statement, "sssssssssssss", $Sellers_CompanyName, $Sellers_CompanyWebsite, $Sellers_IndustryName, $Sellers_SecondaryIndustryName, $Sellers_FirstContactFirstName, $Sellers_FirstContactLastName, $Sellers_FirstContactNumber, $Sellers_FirstContactEmail, $Sellers_SecondContactFirstName, $Sellers_SecondContactLastName, $Sellers_SecondContactNumber, $Sellers_SecondContactEmail, $Sellers_Password);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
if(mysqli_query($conn, $sql_query)){
// echo" Data insertion success...";
}
}
mysqli_close($conn);
?>
how about you replace your query with the following?:
$result = mysql_query("SELECT * FROM user_info WHERE Sellers_FirstContactEmail = '".$Sellers_FirstContactEmail."'");
Note the use of string concatenation in the above. In your case, your query is trying to find out emails that match the string "$Sellers_FirstContactEmail", which is not intended - you want to check for the value of that variable.
Related
I've been working on this for a few days now and can not seem to find where i am going wrong, I imagine its something silly but as my university tutor has never used prepared statements before he has been of little to no use.
The first statement works a treat with no problems, the second doesn't input any of my data into my database. My goal is to take the information passed through the form (which i can include didn't want to bombard with information as i'm sure that is not the problem)and take the PictureID which is the primary key in my pictures table and insert this aswel as the other inforamtion into my pictureprice table.
any help would be welcomed, I'm fairly new to the site so be gentle please:)
<?php
include_once "dbh.php";
if (empty($imageTitle) || empty($imageDesc)) {
header("Location:changes.php?upload=empty");
exit();
} else {
$sql = "SELECT * FROM pictures;";
$sqltwo = "SELECT * FROM pictureprice;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: changes.php?sqlerror=failed");
exit();
} else { //Gallery order//
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$rowCount = mysqli_num_rows($result);
$setImageOrder = $rowCount + 1;
$sql = "INSERT INTO pictures (PhotographerID, PictureFolderPath,
imageDesc, imgFullNameGallery, orderGallery) VALUES (?, ?, ?, ?,
?);";
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: changes.php?sqlerror=failedtoinputdata");
exit();
} else {
mysqli_stmt_bind_param($stmt, "issss", $_SESSION['PhotographerID'], $fileDestination, $imageDesc, $imageFullName, $setImageOrder);
mysqli_stmt_execute($stmt);
move_uploaded_file($fileTempName, $fileDestination);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
$photoID = $row["PictureID"]; //new
header("Location:changes.php?upload=success11");
}
$sqltwo = "INSERT INTO pictureprice
(PictureID, PictureSize, PictureSize2, PictureSize3, PictureSize4,
PicturePrice, PicturePrice2, PicturePrice3, PicturePrice4) VALUES (?,
?, ?, ?, ?, ?, ?, ?, ?);";
if (!mysqli_stmt_prepare($stmt, $sqltwo)) {
header("Location: changes.php?
sqlerror=failedtoinputdatapictureprice");
exit();
} else {
mysqli_stmt_bind_param($stmt, "issssiiii", $photoID, $picturesize1, $picturesize2, $picturesize3, $picturesize4, $price1, $price2, $price3, $price4);
mysqli_stmt_execute($stmt);
header("Location:changes.php?upload=success");
}
I think the problem is that the you are trying to get the photo ID from an INSERT statement...
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
$photoID = $row["PictureID"]; //new
This probably won't fetching anything meaningful (as far as I can tell).
To get an auto increment value you would normally call...
$photoID = mysqli_insert_id($conn);
A little background. I have an Oracle database that I am trying to query and then insert into a local MYSQL database so that I can generate canned reports. I have been trying to figure out this insert into Mysql for a while now. I have the Oracle portion running correctly but when I try to insert I have been getting a syntax error in mysql.
The result set comes back with 8 rows the first of which is the Key in MYSQL. I would really like to convert this insert query I built into a insert on duplicate key update statement but am lost on how I would do this properly. Any help you guys can provide would be appreciated.
$db1 = '(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=HOST)(PORT = 1521))(CONNECT_DATA=(SERVICE_NAME=Service)))';
$c1 = oci_connect("Userid", "Pass", $db1);
$sql = oci_parse($c1, "select statement") ;
oci_execute($sql);
$i = 0;
while ($row = oci_fetch_array($sql)){
$i++;
$k = $row[0];
$dte = $row[1];
$cus = $row[2];
$odr = $row[3];
$lin = $row[4];
$cas = $row[5];
$lpo = $row[6];
$cpl = $row[7];
$cpo = $row[8];
};
$db_user = "userid";
$db_pass = "Pass";
$db = new PDO('mysql:host=host; dbname=databasename', $db_user, $db_pass);
$stmt = $db->prepare("INSERT INTO `cuspi` (k, dte, cus, odr, lin, casa, lpo, cpl, cpo) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$recordcount = count($k);
for ($i = 0; $i < $recordcount; $i++) {
$records[] = [
$k[$i],
$dte[$i],
$cus[$i],
$odr[$i],
$lin[$i],
$casa[$i],
$lpo[$i],
$cpl[$i],
$cpo[$i],
];
}
foreach ($records as $record) {
$stmt->execute($record);
}
?>
I was able to figure out the Answer. I was missing the grave accent around the column references for the insert.
Original
$stmt = $db->prepare("INSERT INTO `cuspi` (k, dte, cus, odr, lin, casa, lpo, cpl, cpo) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
Fixed
$stmt = $db->prepare("INSERT INTO `cuspi` (`k`, `dte`, `cus`, `odr`, `lin`, `casa`, `lpo`, `cpl`, `cpo`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
I'm new to PHP and I'm having a little trouble setting up my code to auto increment IDs for SQL. I'm aware that the method that I am attempting isn't a very good approach and know about the risks of race conditions etc. This will be temporary until I sort the rest of my code out properly.
Could somebody please tell me what I am doing wrong here? Or help me to get valid code?
My Class:
<?php
$user = 'root';
$pass = '';
$db = 'testuser';
$con=mysqli_connect('localhost', $user, $pass, $db) or die('Unable to connect');
$data = json_decode(trim(key($_POST), '[]'), true);
$email = $data['email'];
$name = $data['name'];
$shortDes = $data['shortDes'];
$longDes = $data['longDes'];
$max = mysqli_prepare($con, 'SELECT MAX(society_id) FROM society');
$society_id = $max + 1;
$statement = mysqli_prepare($con, 'INSERT INTO society(society_id, name, email, short_des, long_des) VALUES (?, ?, ?, ?, ?)');
mysqli_stmt_bind_param($statement, 'issss', $societyId, $name, $email, $shortDes, $longDes);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_close($statement);
mysqli_close($con);
?>
Focusing on the following snippet:
$max = mysqli_prepare($con, 'SELECT MAX(society_id) FROM society');
$society_id = $max + 1;
$statement = mysqli_prepare($con, 'INSERT INTO society(society_id, name, email, short_des, long_des) VALUES (?, ?, ?, ?, ?)');
mysqli_stmt_bind_param($statement, 'issss', $societyId, $name, $email, $shortDes, $longDes);
Just needed to remove the value for the auto incremented field altogether.
I am new to writing php file and are currently trying to create a database which stores heart rate measured together with the timestamp.
However I got confused how should I write for the update php file. Anyone knows how to write it given my situation where my
$statement = mysqli_prepare($con, "UPDATE `User` SET timestamp = ?, heartrate = ?, WHERE ***what to include here*** = ?"); // I am not sure what to include here.
Code of my store data in database:
$con = mysqli_connect("server27.000webhost.com" , "a6244607_history" , "123" , "a6244607_history");
$timestamp = $_POST["timestamp"];
$heartrate = $_POST["heartrate"];
$statement = mysqli_prepare($con, "INSERT INTO `User` (timestamp, heartrate) VALUES (?, ?) ");
mysqli_stmt_bind_param($statement, "ss", $timestamp, $heartrate);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
mysqli_close($con);?>
Code to fetch data from database:
$con = mysqli_connect("server27.000webhost.com" , "a6244607_history" , "123" , "a6244607_history");
$timestamp = $_POST["timestamp"];
$heartrate = $_POST["heartrate"];
$statement = mysqli_prepare($con, "SELECT * FROM `User` WHERE timestamp = ? AND heartrate = ?");
mysqli_stmt_bind_param($statement, "ss", $timestamp, $heartrate);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $timestamp, $heartrate);
$user = array();
while(mysqli_stmt_fetch($statement))
{
$user[timestamp] = $timestamp;
$user[heartrate] = $heartrate;
}
echo json_encode($user);
mysqli_stmt_close($statement);
mysqli_close($con);?>
Code to update database:
$con = mysqli_connect("server27.000webhost.com" , "a6244607_history" , "123" , "a6244607_history");
$timestamp = $_POST["timestamp"];
$heartrate = $_POST["heartrate"];
$statement = mysqli_prepare($con, "UPDATE `User` SET timestamp = ?, heartrate = ?, WHERE username = ?");
mysqli_stmt_bind_param($statement, "ss", $timestamp, $heartrate);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
mysqli_close($con);
?>
On a side note, is my timestamp written correctly? Sorry for asking so much questions at once...
Hope to get some help soon, thank you.
1) You should not include credentials to your MySQL server on the post
2) Considering you only have 3 tables (user_id, heartrate, timestamp) and in this Prepared Statement:
UPDATE `User` SET timestamp = ?, heartrate = ?, WHERE ***what to include here*** = ?
You use timestamp and heart rate, so for what to include here should be user_id.
If you want to insert a brand new heart rate, use INSERT instead of SET.
Also, your statement should look like:
UPDATE `User` SET `timestamp` = ?, `heartrate` = ?, WHERE `user_id` = ?
Use the grave (`) around table names.
I am having trouble using this prepare and bind. I have tried the same thing with less variables to bind. I have been successful using prepare with just Fname, Lname, Password, $UserID and using sssi with the bind_param object. Can someone explain what I am doing wrong when using more variables in my bind code? With the code below it only prints out the same data from mysqli and doesn't update it.
if ($stmt = $con->prepare("UPDATE users SET Fname = ?, Lname = ?, Password = ?, UserLevel = ?, Email = ?, WHERE UserID= ?"))
{
$stmt->bind_param("ssssssi", $firstname, $lastname, $PW, $UserLevel, $EM, $UserID);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: admin.php");
Although you haven't specified the data types which makes this tricky, I'll hazard a guess.
Fname = s
Lname = s
Password = s
UserLevel = i (?)
Email = s
I count 4 s' there, yet you have 6.
Try this,
$stmt->bind_param("sssisi", $firstname, $lastname, $PW, $UserLevel, $EM, $UserID);
Edit 1
As #Fred-ii- said, your SQL query is wrong.
Change
"UPDATE users SET Fname = ?, Lname = ?, Password = ?, UserLevel = ?, Email = ?, WHERE UserID= ?"
to,
"UPDATE users SET Fname = ?, Lname = ?, Password = ?, UserLevel = ?, Email = ? WHERE UserID= ?"
You had a training ,.