hostSo i know how to get the two fields to concatenate from directly inside of MYSQL, but having trouble getting it to work with my PHP.
Directly from MYSQL = SELECT CONCAT(ConfigurationItem, ' - ', ,Buzzword) FROM Buzz;
But how do i incorporate it into this PHP below, I have researched to no end. I want to combine the two fields ConfigurationItem and Buzzword into a field named shortdescription, without having to do it manually through MYSQL everytime the PHP is submitted.
<?php
$con = mysql_connect("host","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("buzz_feed", $con);
$sql = "INSERT INTO Buzz (BuzzID, ConfigurationItem, Buzzword, OccurrenceDate, PostingDate, TierStatus, MasterTicket)
VALUES
('$_POST[BuzzID]','$_POST[ConfigurationItem]','$_POST[Buzzword]','$_POST[OccurrenceDate]','$_POST[PostingDate]','$_POST[TierStatus]','$_POST[MasterTicket]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Buzz Phrase information updated";
mysql_close($con)
?>
I've concatenated them together in php as the insert.
Although there is nothing wrong with catting them in your select statement.
In fact I'd opt for that because it is redundnant-y, you are inserting the same data twice in essence.
But this should do what you are asking for.
I have also corrected your quotation marks in the query.
Also google sql injection
<?php
$con = mysql_connect("host","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("buzz_feed", $con);
$sql = "INSERT INTO Buzz (BuzzID, ConfigurationItem, Buzzword,
OccurrenceDate, PostingDate,
TierStatus, MasterTicket, shortdescription)
VALUES
('".$_POST['BuzzID']."','".$_POST['ConfigurationItem']."',
'".$_POST['Buzzword']."','".$_POST['OccurrenceDate']."','".$_POST['PostingDate']."',
'".$_POST['TierStatus']."','".$_POST['MasterTicket']."',
'".$_POST['ConfigurationItem']."' - '". $_POST['Buzzword']."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Buzz Phrase information updated";
mysql_close($con)
?>
I ended up resolving my issue by inserting "ShortDescription" in the INSERT INTO line and then just telling it to insert the two fields I wanted together in the field "ShortDescription" and by using double spaces between my hyphen, I was able to get the desired effect I was looking for which turns out like this "Example - Example" See my code below
$sql = "INSERT INTO Buzz (BuzzID, ConfigurationItem, Buzzword, OccurrenceDate, PostingDate, TierStatus, MasterTicket, ShortDescription)
VALUES
('$_POST[BuzzID]','$_POST[ConfigurationItem]','$_POST[Buzzword]','$_POST[OccurrenceDate]','$_POST[PostingDate]',
'$_POST[TierStatus]','$_POST[MasterTicket]','$_POST[ConfigurationItem]' ' - ' '$_POST[Buzzword]')";
Related
I am having a little difficulty in saving values via the URL into a SQL database. I can explicitly put in values into the the INSERT command, but that is not what I want.
Say I had a URL like the following:
and code like the following:
<?php
include 'curr.php';
$url = curPageURL();
$query_str = parse_url($url, PHP_URL_QUERY);
$query = parse_str($query_str, $query_params);
$fn = $_REQUEST['Firstname'];$sn = $_REQUEST['Surname'];
$link = mysql_connect('server.co.li', 'username', 'pass333');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
$sql = 'INSERT INTO p_database '.
'(Firstname, Surname) '.
'VALUES ($fn, $sn)';
mysql_select_db('my_db');
$retval = mysql_query( $sql, $link );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($link);
?>
I have tried $_Get and $_POST as well as $_REQUEST to get the information, and here is the error that is produced when I run:
"Connected successfullyCould not enter data: Unknown column '$fn' in 'field list'"
Any assistance would be appreciated.
(P.s. I know the code is not secure or safe, that will come after the functional parts are complete).
Your quotes are incorrect,
$sql = "INSERT INTO p_database ".
"(Firstname, Surname) ".
"VALUES ('$fn', '$sn')";
Waring: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
You need to escape your $fn and $sn like so:
$sql = "INSERT INTO p_database (Firstname, Surname) VALUES ('$fn', '$sn')";
Can't quite figure this one out. Not posting to MySQL. Not getting errors, just not posting.
<?php
$con = mysql_connect("localhost","XXXX","XXXX");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("XXXX", $con);
for( $i = 1; $i <= $count; $i++ )
{
$newtest1 = $_POST['test1'.$i];
$newtest2 = $_POST['test2'.$i];
$newtest3 = $_POST['test3'.$i];
}
$sql="INSERT INTO database (test1,test2,test3) VALUES ('".$newtest1."','".$newtest2."','".$newtest3."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
?>
Tried ('$_POST[test1]') and (' . $_POST['test1'.$i] . ')
$sql="INSERT INTO database (test1,test2,test3) VALUES ('".$newtest1."','".$newtest2."','".$newtest3."')";
Here there is a "table" which you want to insert a data.
You may get the idea of using $sql wrong.
I'll try to explain it from an example photo: PHOTO
As you see i have a database called "test" and a table in it which im inserting my data.
You should use this code and connect to that database:
mysql_select_db("XXXX", $con); //to select "my" database (on the example) type "test" to "XXXX"
The "database" you wrote here:
$sql="INSERT INTO database (test1,test2,test3) VALUES ('".$newtest1."','".$newtest2."','".$newtest3."')";
must be changed to your selected database. In this case you just wrote "XXXX" to that.
So the final code is:
$sql="INSERT INTO XXXX (test1,test2,test3) VALUES ('".$newtest1."','".$newtest2."','".$newtest3."')";
I have the following simple form
simple form
TEST RUN FORM
<form method=post action='android.php'>
firstname:<input type='text' name='firstname'/><br>
secondname:<input type='text' name='secondname'/><br>
email:<input type='text' name='email'/><br>
password<input type='text' name='password'/><br>
<input type=submit name='submit' value='chekiii'/><br>
</form>
</body>
the php file is the one below, but it doesn't input any data into the database and doesn't show an error...infact it echoes out the 'success' message after parsing past the error code.
<?php
$con = mysql_connect("www.######.com","#####","######");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("android", $con);
if ($_POST[submit])
{
$sql=mysql_query("INSERT INTO magic (firstname,secondname,email,password)
VALUES
('$_POST[firstname]','$_POST[secondname]','$_POST[email]','$_POST[password]')");
if (mysql_query(!$sql,$con))
{
die('Error: ' . mysql_error());
}
echo "success";
mysql_close($con);}
?>
What error might i have?
Have you tried echoing the $sql query and then manually adding it to the database? That might give you an error you can work with. The one thing I notice is that you don't have quotes around your $_POST variables: i.e. use $_POST['firstname'] in stead of $_POST[firstname].
Oh, and please add some checks on the userinput before you go live with this form...
Your error is when you are passing your $_POST variables into your query string.
First, you need to sanitize this data before throwing it into a query or you're open to SQL injection attacks.
Second, the fix the error, add { and } around your $_POST variables, so they can be evaluated in the double quoted string. You're also missing single quotes in your $_POST variable indeces.
$sql=mysql_query("INSERT INTO magic (firstname,secondname,email,password)
VALUES
('{$_POST['firstname']}','{$_POST['secondname']}','{$_POST['email']}','{$_POST['password']}')");
See php variables documentation for further explanation.
please, dont use deprecated code:
$con = mysqli_connect(..... );
mysqli_select_db(...);
mysqli_query($con,...);
and to every $_POST mysqli_real_escape_string($con,....);
this wont work
$sql=mysql_query("INSERT INTO magic (firstname,secondname,email,password)
VALUES ('$_POST[firstname]','$_POST[secondname]','$_POST[email]','$_POST[password]')");
use this
"INSERT INTO magic (firstname,secondname,email,password)
VALUES ('".$_POST['firstname']."','".$_POST['secondname']."','".$_POST['email']."','".$_POST['password']."')"
also change this :
if (mysql_query(!$sql,$con)){
die('Error: ' . mysql_error());
}
to
if (!mysql_query($sql,$con)){
die('Error: ' . mysql_error());
}
you have errors all over your code
<?php
$con = mysql_connect("www.######.com","#####","######");
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("android", $con);
if ($_POST['submit']){ //$_POST['submit'] NOT $_POST[submit]
$sql=mysql_query("INSERT INTO magic (firstname,secondname,email,password)
VALUES ('".$_POST['firstname']."','".$_POST['secondname']."','".$_POST['email']."','".$_POST['password']."')");
if (mysql_query(!$sql,$con)){
die('Error: ' . mysql_error());
}
echo "success";
mysql_close($con);
}
The problem was with the references to the database. With CPANEL installed by my host i hadn't realized there were database naming prefixes which i wasn''t aware of as a noob (still am) . Thanks everyone. Still learning.
I would like to be able to select a category from a dropdown and depending on the category it will add it to whatever SQL table is it equal with.
<?php
$article = $_POST['article'];
$con = mysql_connect("******","******","*******");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("jstaltso_staltsoft", $con);
$sql="INSERT INTO $article (headline, content)
VALUES ('$_POST[headline]', '$_POST[content]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Content Added!";
echo "<br/>";
echo "<a href='articles.php'><- Back</a>";
mysql_close($con)
?>
I want the variable $articles to be in the place of where you out the name of the table.
$sql="INSERT INTO $article (headline, content)
VALUES ('$_POST[headline]', '$_POST[content]')";
So whatever I choose in the dropdown, it will put it at $articles.
Try:
"INSERT INTO `{$article}` ...."
Don't forget to sanitize your input! (mysql_real_escape_string, for starters)
You cannot use that type of variables, change last code to
$sql="INSERT INTO $article (headline, content)
VALUES ('" . $_POST['headline'] " . ', '" . $_POST['content'] . "')";
I know this answer won't be too helpful for you right now, but sice there is just too much wrong with that code and that approach, here are a few tips:
Use PDO instead of PHP's MySQL functions. It'll seem daunting at first, especially if you haven't got any experience with object-oriented programming, but it's definately worth the effort.
Sanitize that $article value! if($article == 'foo' || $article == 'bar') {...}
The best ways to use variables in strings are: "This is a ".$adjective." string" and "This is a {$adjective} string"
I have my code below to update a my MySQL database, it's running but is not updating the database when I check rcords using phpmyadmin. plae hlp me.
$database = "carzilla";
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$manufacturerTable = $_POST[vehicleManufacturer];
$numberToSearch = $_POST[vehicleIdNo];
$engineType = $_POST[engineType];
$engineCC = $_POST[engineCC];
$year = $_POST[year];
$numberofDoors = $_POST[numberofDoors];
$tireSize = $_POST[tireSize];
$chasisNumber = $_POST[chasisNumber];
$vehicleMake = $_POST[vehicleMake];
$price=$_POST[price];
mysql_select_db("$database", $con);
$sql = mysql_query("UPDATE $manufacturerTable SET username='vehicleMake',
engineType='$engineType', engineCC='$engineCC', year='$year', chasisNo='$chasisNumber', numberOfDoors='$numberofDoors' ,numberOfDoors='$numberofDoors', tireSize='$tireSize', price='$price' WHERE `index` ='$id'");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo 'record has been successfuly';
mysql_close($con);
?>
Take a good look at your query. You are referring to PHP variables in several different fashions in the same statement. In the query $manufacturerTable is just $manufacturerTable, you encase a few others in single quotes, some of which you remove the $ from, others you do not. I know I preach this far too often, but you should really look into using prepared statements. They take all the guess work out of using variables in your queries, and they prevent you from being victimized by injection hacks. But the short answer here is that you are not referencing your variables correctly in the query.
Sometimes putting the variables directly in the syntax can cause issues. Have you tried to use concatenation for the query.
$query = "UPDATE ".$manufacturerTable." SET username='vehicleMake', engineType='."$engineType."', engineCC='".$engineCC."', year='".$year."', chasisNo='".$chasisNumber."', numberOfDoors='".$numberofDoors."' ,numberOfDoors='".$numberofDoors."', tireSize='".$tireSize."', price='".$price."' WHERE index =".$id;
$sql = mysql_query($query); # this should be put in the if else
If index is number based you do not need the '' surrounding it. Plus is username='vehicleMake' or is it a variable. if it is a variable, add the $ or use concatenation like the rest. Your SQL check should be something like follows.
if (mysql_query($query))
{
echo 'record has been successfuly';
} else {
die('Error: ' . mysql_error() . ' | ' . $query);
}
The reason you export the query is so you can try it manually to make sure it works and what error you may be getting. phpMySQL can show a different error then the mysql_error() at times
Plus you should be escaping all input that is user entered using mysql_escape_string() or mysql_real_escape_string()