Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have an SQL piece of code that every time a user inserts a name creates a new column with the name (and this part works fine). I also want it to add a row to that column with the respective comment given by the user. I don't see why this add row statement won't work.
$value = mysql_real_escape_string($_POST['name']);
$comment = mysql_real_escape_string($_POST['comment']);
$add = mysql_query("ALTER TABLE Names ADD $value Text NOT NULL");
$sql = mysql_query("INSERT INTO Names VALUES $comment");
Try with
$sql = mysql_query("INSERT INTO Names (`$value`) VALUES ('$comment')") or die(mysql_error());
You need to specify the column list.
Ideally you should start using PDO or an ORM to be able to work and debug easier
Try this:
$value = mysqli_real_escape_string($db, $_POST['name']);
$comment = mysqli_real_escape_string($db, $_POST['comment']);
$add = mysqli_query($db, "ALTER TABLE Names ADD '{$value}' Text NOT NULL");
$sql = mysqli_query($db, "INSERT INTO Names({$value}) VALUES('{$comment}')");
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 1 year ago.
Improve this question
Why is this working:
$sql_query = "SELECT * FROM Content WHERE id IN (1,5,7,9)";
But this isn't:
$array_values = "1,5,7,9";
$sql_query = "SELECT * FROM Content WHERE id IN ('$array_values')";
I want to select data from the database based on the integers in the $array_values string.
How can I do it?
because there are ` s in your code here
$sql_query = "SELECT * FROM Content WHERE id IN ('$array_values')";
use :
$sql_query = "SELECT * FROM Content WHERE id IN ( $array_values )";
or
$sql_query = "SELECT * FROM Content WHERE id IN (".$array_values.")";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have the following code. I am grabbing values from a form, and using those values to try to update "customers" and "workorder". The "name" value will be duplicate across the customers and workorder table. I keep on getting the error "number of bound variables does not match number of tokens". I am totally new to using PDO, and am unsure on how to proceed. Any ideas?
$pdo = Database::connect();
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "UPDATE customers set name = ?, email = ?, mobile =? WHERE id = ?; UPDATE workorder set name = ?;";
$q = $pdo->prepare($sql);
$q->execute(array($name,$email,$mobile,$id));
Database::disconnect();
header("Location: index.php");
You have 4 variables here:
$q->execute(array($name,$email,$mobile,$id));
Should be 5:
$q->execute(array($name,$email,$mobile,$id, $name));
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I'm trying to do in-place editing way in my site.
Now I set up all the things I need.
When the user clicks Submit, it will send the id of the div element (what kind of content) and the new value to update.
Here's my code:
if($pedit = $mysqli->prepare("UPDATE `accounts` SET ? = ? WHERE `id`= ? ")){
$pedit->bind_param("sss", $id, $value, $_SESSION["user_id"]);
$pedit->execute();
$pedit->free_result();
$pedit->close();
}
I don't know why it doesn't update the information.
$id = the row that change: description, fullname, email etc.
$value = the new information about $id. User can update his profile information.
The code doesn't show me any kind of error but still doesn't update.
You can't specify a column name as a parameter in a prepared statement. You'll instead have to substitute column names into the statement before preparing it. Don't forget to whitelist editable column names to make sure no unwanted SQL gets executed.
<?php
$accounts_editable_cols = array(
'name'=>true, 'street'=>true, 'city'=>true,
'region'=>true, 'postal'=>true, 'phone'=>true
);
// prevent SQL injection by whitelisting column names
if (!array_key_exists($id, $accounts_editable_cols)) return false;
$pedit = $mysqli->prepare("UPDATE `accounts` SET $id = ? WHERE `id`= ? ")
if ($pedit) {
$pedit->bind_param("ss", $value, $_SESSION["user_id"]);
$pedit->execute();
$pedit->free_result();
$pedit->close();
}
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I want to store my JSON string into database but when i give json string it is not working but when i give simple value it work
this is what i am doing
// $data contain json string
// info is a TEXT type in mysql
$q = "Update user set info = $data where userid = $id";
$sql= $this->db->query($q);
You should really check your error log or enable display_errors to see where the query is failing, but my guess is you probably just need to wrap the data field in quotes. Try this:
// $data contain json string
// info is a TEXT type in mysql
$q = "Update user set info = '$data' where userid = $id";
$sql= $this->db->query($q)
You are missing the quotes around $data and $id. And you need to close the string before concatenating variables, like this:
$q = "Update user set info = '". $data."' where userid = '". $id."'";
$sql= $this->db->query($q);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
$sql = "CREATE TABLE Persons(FirstName VARCHAR(30),
Lastname VARCHAR(30), AGE INT)PRIMARY KEY (Firstname)";
mysql_select_db('strsmi_database');
$query = "(mysql_query($sql, $con)";
if (! $query)
{
echo ("Could Not Create Table: " . Smysqli_error());
}
else
{
echo ("Table Created");
}
mysql_close($con);
?>
My output said that it had created the table but when I went into PHP Myadmin no table had been created.
Your closing paren after int should be a comma and the closing paren should go at the end.
CREATE TABLE Persons (
FirstName VARCHAR(30),
Lastname VARCHAR(30),
AGE INT,
PRIMARY KEY (Firstname)
);
EDIT:
You can see this work on SQL Fiddle here.
if (!$query) will evaluate as false since $query is a string.
its the same as if (!isset($query))
remove the quotes and outer parenthesis from $query = "(mysql_query($sql, $con)";
Also I recommend against using mysql_ functions. they're depreciated and will be removed in future versions.
you should use mysqli_ or pdo (my preference due to prepared statements)