Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I'm trying to insert a bunch of data into a database, but I am having this error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0' at line 1
Here are my two files:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert new Page</title>
</head>
<body>
<form action="insert_page.php" method="get">
New Page Name:<br>
<input type="text" name="pagename">
<input type="submit" value="Insert" >
</form>
</body>
</html>
This is insert_page.html, it's simply a text box and a button where the user can choose the new name for a new page to be entered in the database.
Now, here's the PHP being called when the button is pressed
<?php
$servername = "db.ist.utl.pt";
$username = "ist178349";
$password = "getrekt";
$dbname = "ist178349";
$pagename = $_POST['pagename'];
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO pagina (userid, pagecounter, nome, idseq, ativa)
VALUES (78349, 95002, " + $pagename + ",1151988, true)";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
However, I am getting that error, which I can't really understand. Any suggestions? Thanks in advance.
You should fix your query that contains + use . or leave it out and use single quote, that's acceptable in PHP sql query string.
$sql = "INSERT INTO pagina (userid, pagecounter, nome, idseq, ativa)
VALUES (78349, 95002, '$pagename', 1151988, true)";
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I'm just trying to store the integer (with id as id) that is entered by the user through html form, in database of phpmyadmin using php and mysql . I'm new to mysql and php. I'm sure that something wrong with the database connection code of php only or mysql queries. Database name is testdb and the table name is testdbtable.
My code is below.
<?php
if (isset($_POST['id'])) {
$integ = $_POST['id'];
}
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "testdb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO testdbtable (id)
VALUES ('$integ')";
$conn->close();
?>
<!DOCTYPE html>
<html>
<head>
<title>SAMPLE TEST2</title>
</head>
<body>
<form method="post">
<label >Enter your integer:</label>
<input type="number" id="id" name="id">
<br>
<br>
<button type="submit">Submit</button>
</form>
You're defining the query but never run it.
Try this:
$sql = "INSERT INTO testdbtable (id) VALUES ('$integ')";
$conn->query($sql);
As Paul T. said, move the } to the end of the script. Otherwise, even if condition is false, You will just prevent definig $integ, but still running all the rest of the code.
Also, user Prepared Statements to make it more secure.
if (isset($_POST['id'])) {
$integ = $_POST['id'];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "testdb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Use prepared statements to make it more secure
$sql = "INSERT INTO testdbtable (id) VALUES (?)";
// Prepare statement and bind params
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $integ);
// Execute statement
$stmt->execute();
$conn->close();
}
Take a look at Should we ever check for mysqli_connect() errors manually? as #Dharman commented to stop manually error checking.
Before
$conn->close();
you need to run
$conn->query($sql);
This will actually execute the query.
But this is not the end of the story. You have other issues:
Your code is vulnerable to SQL injection attack. Consider changing the line:
$integ = $_POST['id'];
to
$integ = (int)$_POST['id'];
or (better!) learn how to work with prepared statements.
The query will still be invalid. I bet that the datatype of the column "id" in the "testdbtable" is INT and therefore you should not put quotes around its value. So the $sql variable should be:
$sql = "INSERT INTO testdbtable (id) VALUES ($integ)";
And one more thing - move all query-related code inside the if statement. You should not execute the query if the POST variable is not set.
Your <form> tag has no "action" attribute. You should include it so it do an actual post...
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 3 years ago.
Improve this question
Currently, I have one table in my database called 'factory'. In this table, there are two columns, 'Fac_ID' and 'Fac_Name'. Now, I want to create a function to add some new factory to the table 'factory'.
The value of 'Fac_ID' and 'Fac_Name' must be same, which mean when I want to add factory 'F09', the value of Fac_ID and Fac_Name must be same which is 'F09'.
When I used to connect with MYSQL database (PDO), the addition is successful. BUt when i change to MSSQL (PDO),
" Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in C:\xampp\htdocs\ebooking\add_factory.php:24 Stack trace: #0 C:\xampp\htdocs\ebooking\add_factory.php(24): PDOStatement->bindParam(':Fac_ID', 'F11')"
Here is my code for add_factory.php
<?php
require_once "configPDO.php";
if(isset($_POST['Submit'])) {
$Fac_ID = $_POST['Fac_ID'];
// checking empty fields
if(empty($Fac_ID)) {
if(empty($Fac_ID)) {
echo "<font color='red'>Name field is empty.</font><br/>";
}
//link to the previous page
echo "<br/><a href='javascript:self.history.back();'>Go Back</a>";
} else {
// if all the fields are filled (not empty)
//insert data to database
$sql = "INSERT INTO factory(Fac_Name, Fac_ID) VALUES(:Fac_Name, :Fac_Name)";
$query = $conn->prepare($sql);
$query->bindParam(':Fac_Name', $Fac_ID,);
$query->bindParam(':Fac_ID', $Fac_ID,);
$query->execute();
//display success message
header("Location:factory.php");
}
}
?>
and here is my configPDO.php
<?php
$servername = 'xxx.xx.xx.xxx';
$username = 'xx';
$password = 'xxxxxx';
$dbname = 'xxxx';
try {
$conn = new PDO("sqlsrv:Server=$servername;Database=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $error) {
$error->getMessage();
}
?>
Can I know what the problem? the input at HTML to add the factory is 'Fac_ID'
in the following query
$sql = "INSERT INTO factory(Fac_Name, Fac_ID) VALUES(:Fac_Name, :Fac_Name)";
you are using :Fac_Name twice instead you should use the following
$sql = "INSERT INTO factory(Fac_Name, Fac_ID) VALUES(:Fac_Name, :Fac_ID)";
and if you need to set the same value for the name and id you should ommit the following line
$query->bindParam(':Fac_ID', $Fac_ID,);
since you are trying to bind data to a parameter that doesnt exist in your query
the following statement is sufficent in your case
$query->bindParam(':Fac_Name', $Fac_ID,);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have been struggling for about a week now and still have not got any results. I have read the following questions:
Unable to insert form data in MySQL database
Connection to database seems successful but INSERT INTO sends no data
PHP MySQL not inserting into database
https://askubuntu.com/questions/435746/unable-to-send-data-to-mysql-database-it-is-not-taking-by-my-php-code
I tried everything suggested in the above questions' answers. After reviewing my code, if you still think that the above questions' solution relates then please do tell.
My code -
connect.php -
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "practice_user";
// Create connection
$con = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($con->connect_error) {
echo "Connection failed: " . $con->connect_error;
}
else {
echo "Success";
}
//Insert data into database
$sql = "INSERT INTO simple_login (name,email) VALUES('{$mysqli->real_escape_string($_POST['name'])}','{$mysqli->real_escape_string($_POST['email'])}')";
$insert = $mysqli->query($sql);
if(!$insert)
{
echo $mysqli->error;
}
$mysqli->close();
register.html -
<html>
<head>
<title>TODO supply a title</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="connect.php" method="post">
Name: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit" value="Submit" name="submit">
</form>
</body>
</html>
As usual I am getting a "Successful" message for connection. Also it is not outputting any error message(if I have not appropriately tried to output insertion error in the given code, please do tell in the comments).
Thank you in anticipation.
I'll post this here, we all make mistakes so don't worry! As suggested your $mysqli function is undefined, you've stored your mysqli instance as the $con variable, so you should refer any mysqli functions on that.
Examine http://php.net/manual/en/mysqli.query.php for more information!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I have tried rewrite the code, i have looked on previously succesful codings i have made and i really cant find the problem.. i am going crazy.
I am trying to post some data from a form to a database.
The database i setup correctly as far as i can tell, but something is making the script fail every time.
IMAGE OF DATABASE: http://imgur.com/F93A9ot
(sry for the language being in danish.)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<?php
// defining database information
define("HOSTNAME", "localhost");
define("MYSQLUSER", "admin");
define("MYSQLPASS", "admin");
define("MYSQLDB", "lynx");
// establishing database connection
if(isset($_POST['submit'])){
$connection = new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);
$name = mysqli_real_escape_string($connection, $_POST['name']);
$price = mysqli_real_escape_string($connection, $_POST['price']);
$desc = mysqli_real_escape_string($connection, $_POST['desc']);
$insert = "INSERT into products (id, name, price, desc) VALUES (NULL, '$name', '$price', '$desc')";
if($connection->query($insert)) {
echo "Succes";
} else {
echo "Something went wrong";
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="name">
<input type="text" name="price">
<input type="text" name="desc">
<input type="submit" name="submit">
</form>
</body>
</html>
Can you see what i am doing wrong?
products (id, name, price, desc)
Tried reading the manual as well? desc is a reserved word.
If you didnt have this useless piece of code
else {
echo "Something went wrong";
}
and had
else {
echo $connection-error;
}
You would find that out yourself
desc is reverse keyword of mysql you can use it using backtick
$insert = "INSERT into products (`id`, `name`, `price`, `desc`) VALUES (NULL, '$name', '$price', '$desc')";
This is with your field 'desc' . this is not allowed by MYSQL because it is reserved. So please rename it. It will solve your issue.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I've been trying to get a form to insert records to a MySQL database using a form, but for some reason it errors out on me and I can't figure out why.
Here is the code that processes the request:
if ($_SERVER['REQUEST_METHOD']=='POST'){
// database connection
try {
$dbh = new PDO('mysql:host='.$host.';dbname='.$dbName, $dbUser, $dbPass);
$dbh -> setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$dbh -> exec("SET NAMES 'utf8'");
} catch (Exception $e) {
echo "Error!: " . $e->getMessage() . "<br/>";
die();
}
// new data
$title = $_POST["txtTitle"];
$description = $_POST["txtDesc"];
$content = $_POST["txtContent"];
$sql = "INSERT INTO tblPageContent
SET (PageTitle, Description, PageContent)
VALUES (:title, :desc, :content)";
try {
$update = $dbh->prepare($sql);
$update->bindParam(":title",$title, PDO::PARAM_STR);
$update->bindParam(":desc",$description, PDO::PARAM_STR);
$update->bindParam(":content",$content, PDO::PARAM_STR);
$update->execute();
$id = $update->dbh->lastInsertId();
$update->dbh->commit();
echo $id;
} catch (Exception $e) {
echo "Data could not be updated in the database.";
echo $e;
exit;
}
}
Whenever I try to use it, I end up with this:
exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error
or access violation: 1064 You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '(PageTitle, Description, PageContent) VALUES
('Awards', 'This is a test', '' at line 2'
I've tried tweaking the SQL syntax, but I still can't get it to work. Is there something I'm missing here?
Your insert syntax is WRONG.
The correct syntax is:
insert into tblPageContent (pageTitle, Description, PageContent)
values (:title, :desc, :content)
I recommend you have MySQL reference manual at hand
In your SQL, take out the SET before the first (. You use SET in updates, not inserts.