I have this code:
$date = '1991-08-13';
$sql = "INSERT into TABLEA
(nombre, apellido1, apellido2, direccion, codigoPostal,fechaNacimiento, notas)
VALUES
('agds', 'asdgff', 'gerth', 'dfghdfghd efdgvwr', 86486, $date, 'ShhhHH');";
My problem is the next one:
When I insert that $date's value is: 1991-13-08 but in the DB appears: 0000-00-00
I've seen other posts with solutions like: STR_TO_DATE() and it dosen't work for me, it inserts NULL. Any other solution?
EDIT: missing: '' in $date (it should have been: '$date') Thanks for the correction! (:
Please enclose the $date with single quotes like
$sql = "INSERT into TABLEA (nombre, apellido1, apellido2, direccion, codigoPostal,fechaNacimiento, notas) VALUES ('agds', 'asdgff', 'gerth', 'dfghdfghd efdgvwr', 86486, '$date', 'ShhhHH');";
Maybe you can try by this way:
$date = '1991-08-13'; //yyyy-mm-dd
$sql = "INSERT into TABLEA
(nombre, apellido1, apellido2, direccion, codigoPostal,fechaNacimiento, notas)
VALUES
('agds', 'asdgff', 'gerth', 'dfghdfghd efdgvwr', 86486, '$date', 'ShhhHH');";
use Str_to_date
Str_to_date('1991-13-08','%Y-%d-%m')
or try this :-
$sql = "INSERT into TABLEA (nombre, apellido1, apellido2,
direccion, codigoPostal,fechaNacimiento, notas)
VALUES ('agds', 'asdgff', 'gerth', 'dfghdfghd efdgvwr',
86486, Str_to_date("1991-13-08","%Y-%d-%m"), 'ShhhHH');";
Related
I am really new to php and I am trying to use simple insert to my mysql database from the form.
I know that this mysql connection/insertion is dangerous and not used anymore. so can anyone please help me with this simple thing? I tried to google, but nothing is working so far :/
<?
$text=$_POST['name'];
$text=$_POST['surename'];
mysql_connect("localhost", "db_name", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$result = mysql_query("INSERT INTO `table` (name, surename)
VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
Maybe change
$text=$_POST['name'];
$text=$_POST['surename'];
to
$name = $_POST['name'];
$surename = $_POST['surename'];
PS: And also your column names don't match your values. Your query, after inserting params
"INSERT INTO `table` (name, surename) VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')"
will probably look like this
INSERT INTO `table` (name, surename) VALUES (NOW(), 'Jhon', 'Wick')
As you can see there's name, surename (which probably should be surname) and (NOW(), 'Jhon', 'Wick'). So either add a column (if you have that column in your database):
INSERT INTO `table` (created_at, name, surename) VALUES (NOW(), 'Jhon', 'Wick')
or remove NOW() from your values
INSERT INTO `table` (name, surename) VALUES ('Jhon', 'Wick')
Is there any difference between this 3 query?
query 1
$query = "INSERT INTO reserve( c_id, c_username, r_id, r_name, checkin, checkout)";
$query .= " VALUES ( $c_id, $c_username, $r_id, $r_name, $checkin, $checkout )";
query 2
$sql = "INSERT INTO reserve( c_id, c_username, r_id, r_name, checkin, checkout)
VALUES ( '$c_id' , '$c_username', '$r_id', '$r_name', '$checkin', '$checkout' )";
query 3
$result = $mysqli->query("INSERT INTO reserve (c_id, c_username, r_id, r_name, checkin, checkout) VALUES ('$c_id' , '$c_username', '$r_id', '$r_name', '$checkin', '$checkout');")
And which one should I use to select a data from my database and which one should I use to insert data into database
On a quickly glance they all appear to do the same thing. You don't need to learn parameter passing at your stage. Be aware of injection attacks and clean those variables before you do calls.
I tend to do this for readability:
$sql = "INSERT INTO reserve(c_id
,c_username
,r_id
,r_name
,checkin
,checkout)
VALUES ('$c_id'
,'$c_username'
,'$r_id'
,'$r_name'
,'$checkin'
,'$checkout')";
$query = "INSERT INTO clients(ID_Client,Upgrade,Nome,Email,Cod_Postal,Localidade,Contacto,NIF,Factura,Data_Factura,N_Serie,Codigo,Marca,Modelo) VALUES (NULL,'$Upgrade',
'$Nome',
'$Email',
'$Cod_Postal',
'$Localidade',
'$Contacto',
'$NIF',
'$Factura',
'$N_Serie',
'$Data_Factura', ".$N_Serie.",
'$Codigo',
'$Marca',
'$Modelo')";
What it's wrong about this ? I got the same number of fields / values ..
You've got '$N_Serie', twice, remove the first one.
Columns matching values below:
$query = "
INSERT INTO clients(
ID_Client,
Upgrade,
Nome,
Email,
Cod_Postal,
Localidade,
Contacto,
NIF,
Factura,
Data_Factura,
N_Serie,
Codigo,
Marca,
Modelo
) VALUES (
NULL,
'$Upgrade',
'$Nome',
'$Email',
'$Cod_Postal',
'$Localidade',
'$Contacto',
'$NIF',
'$Factura',
'$Data_Factura',
'$N_Serie',
'$Codigo',
'$Marca',
'$Modelo'
)";
My string field won't insert into my database.
(The columns follower_username and following_username they are VARCHAR(200) don't insert )
The: follower and following column values insert work.
mysql_query("INSERT INTO `follow` (`follower`, `following`, `follower_username`, `following_username`) VALUES ('".$userid."', '".$get_user_id."', '".$username."', '".$get_user."')");
Strings:
$get_user = mysql_real_escape_string($row['username']);
$get_user_id = (int)mysql_real_escape_string($row['id']);
$userid = (int)mysql_real_escape_string($user_data['id']);
$username = mysql_real_escape_string($user_data['username']);
I have no idea what to do, whether it is the PHP or the database itself :S
Thanks in advance :)
You could try echoing the mysql statement just before the mysql_query, i.e.
echo "INSERT INTO `follow` (`follower`, `following`, `follower_username`, `following_username`) VALUES ('".$userid."', '".$get_user_id."', '".$username."', '".$get_user."')";
and check if the string is what you expected it to be. If it is what you expected, try manually copying the string and pasting it into the mysql console and see if any errors occur.
try this :
mysql_query("INSERT INTO follow (`follower`, `following`, `follower_username`, `following_username`) VALUES ('".$userid."', '".$get_user_id."', '".$username."', '".$get_user."')");
don't use single quotes around table name.
Try adding mysql_error to your statement to find out what error is it so you can fix it:
mysql_query("INSERT INTO `follow` (`follower`, `following`, `follower_username`,
`following_username`) VALUES ('".$userid."', '".$get_user_id."', '".$username."',
'".$get_user."')") or die (mysql_error());
For debug and simple work I recommended you store SQL query in variable.
$query = "INSERT INTO `follow` (`follower`, `following`, `follower_username`, `following_username`) VALUES ('".$userid."', '".$get_user_id."', '".$username."', '".$get_user."')";
echo "DEBUG:".$query;
mysql_query($query);
Try this:
$objQuery = mysql_query("INSERT INTO `follow` (`follower`, `following`, `follower_username`,
`following_username`) VALUES ($userid, $get_user_id, '".$username."',
'".$get_user."')") or die (mysql_error());
if(!$objQuery){
echo "something went wrong!";
}
"INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date) VALUES (".$category_id.", '$poster_id', '$topic_title', '$message', NOW()";
mysql_error() says that there is a problem with the syntax, however it might be something else. I'm gonna post the variables just so you know where they come from.
$message = $_POST['topic_message'];
$topic_title = $_POST['topic_title'];
$category_id = $_GET['id'];
EDIT
Changed it to
$topic_sql = "INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date) VALUES (".$category_id.", '$poster_id', '$username', '$topic_title', '$message', NOW())";
However it still doesn't work...
You're missing the closing paren for VALUES:
... NOW())";
There are other issues:
The parameter count is incorrect
Your query is vulnerable to injection since you are not using parameterized queries with PDO/mysqli
Maybe you list 6 columns but only give data for 5? And missing closing ).
Looks like you're missing a closing parenthesis and only inserting 5 values into 6 columns...
INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date)
VALUES (".$category_id.", '$poster_id', '$username', '$topic_title', '$message', NOW())
You missing the user name?