I am having error and I am not able to identify the problem. I will really appreciate help.
$sql = "INSERT INTO scrapeddata (Id,Store, ImageURL, ShortDescription, CashPercentage, ShoppingPoints, LongDescription, Contact, Information)
VALUES ($ID, $name, $ImageUrl, $ShortDecription, $CashBack, $SallingPoints, $LongtDecription, $Contact, $Information)";
Structure of my Table is :
Update :
Following image illustrate the actual error, php variable is resolved dynamically to retreive the string , but "with in the string" it contains single quotes ' according to me these quotes are causing error . Help !!
Put quotations on string variables.
And escape all ur variables before inserting in query.
mysql-escape-string
$name = mysql_escape_string($name);
$sql = "INSERT INTO scrapeddata (Id,Store, ImageURL, ShortDescription, CashPercentage, ShoppingPoints, LongDescription, Contact, Information)
VALUES ('$ID', '$name', '$ImageUrl', '$ShortDecription', '$CashBack', '$SallingPoints', '$LongtDecription', '$Contact', '$Information')";
Related
I am working on my website and I can't access myPhpAdmin right now, so I tried making a script for inserting values for a search thing. However, when I visit the link, website.com/search/create.php?l=link&d=description&t=title, I get an error. This one
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'link, description, title)' at line 1
Here's what my script looks like.
$link = "https://website.com";
$description = "The homepage of the site";
$title = "Home";
// sql to create table
$sql = "INSERT INTO search (link, description, title) VALUES (".$link.", ".$description.", ".$title.")";
if (mysqli_query($conn, $sql)) {
echo "it's working";
} else {
echo "it's not working?" . mysqli_error($conn);
}
replace
$sql = "INSERT INTO search (link, description, title) VALUES ('".$link."', '".$description."', '".$title."')";
instead of :
$sql = "INSERT INTO search (link, description, title) VALUES (".$link.", ".$description.", ".$title.")";
you are trying to insert a string without '
it seems you are missing single quotation in SQL query, try the following:-
$sql = "INSERT INTO search (link, description, title) VALUES ('".$link.", '".$description."', '".$title."')";
Just Change the Query syntax in your code and check it ... Hope your error should be resolve.
// sql to create table
$sql = "INSERT INTO search (link, description, title) VALUES ('$link', '$description', '$title')";
Your code for inserting data into database table is wrong (assuming you already executed database connection query ($conn) and have 'search' table on database).
$sql = "INSERT INTO search (link, description, title) VALUES ('$link', '$description', '$title')";
You don't have to put concatenate operator ('.') inside your SQL query as you are not concatenating PHP and markup texts.
I would like to know when to use a single quote within a double quote and vice-versa. The scenario becomes more complicated when there is a variable involved.
For example, I was trying to insert values into the database using the following code:
$sql = 'INSERT INTO demo_table (name, dob, age, address) VALUES ("$name", "$dob", "$age", "$address")';
It did work but it interpreted $name, $dob, $age and $address as strings and not a variable holding values, so actual values were not saved.
Are there any rules when to use single quote, double quote, quotes with backslash(like \' or \") and what to do when there is need to use quotes within quotes. I have also seen some codes using concatenation sign(.) within quotes. What is the logic behind that?
database characters requires single quotes ' '.
So keep the characters in query in ' '.
$query="INSERT INTO table_name (name, email, password) VALUES ('$username','$email','$password')";
It should be like this:
$sql = "INSERT INTO demo_table (name, dob, age, address) VALUES ('".$name."', '".$dob."', '".$age."', '".$address."')";
In php a string in single quotes is a constant value and a string in double quotes is a dynamic string.
so you can use:
$sql = "INSERT INTO demo_table (name, dob, age, address) VALUES ('$name', '$dob', '$age', '$address')";
OR
$sql = "INSERT INTO demo_table (name, dob, age, address) VALUES ('".$name."', '".$dob."', '".$age."', '".$address."')";
Notice the . either side of the $name, $dob, $age, $address variable which concatenates string values.
And it may be better to create your queries as strings. Doing that allows you to echo the queries when checking to ascertain that produces values you are expecting.
Hope that helps.
i've been trying to insert a row into an Sql database table , and that row's last column is supposed to contain a variable and i can't figure out how to concatenate that variable with a date function. The problem becomes the single quote marks
$SQL = "INSERT INTO news VALUES (NULL, '$user', '$text'.'date('Y-m-d H:i:s')')";
That $text is supposed to have a "date now" function called right after it so that i would have the date that it was inserted into the table...
Thanks
Try this:
$sql = "INSERT INTO news VALUES (NULL, '$user', '$text<br>".date('Y-m-d H:i:s')."')";
You can try this
$SQL = "INSERT INTO news VALUES (NULL, '$user', '".$text." now()')";
I'm having a little trouble with my insert statement this morning. Yes, I am using the deprecated mysql_query function. My insert statement looks as follows:
$query3 = "INSERT INTO ".$db_prefix ." offer_det
(fname, lname, 10k, 14k, 18k, 21k, 22k, 24k, 925, coins, bars)
VALUES '".$fname."', '".$lname."', '".$_10k."', '".$_14k."',
'".$_18k."', '".$_21k."', '".$_22k."', '".$_24k."',
'".$_925."', '".$coins."', '".$bars."')";
$result3 = mysql_query($query3);
My PHP form values are all the variables listed in the first part of the insert statement, 'fname', etc.
My variables are set to pull from the post and are listed as the values going into the insert.
I had to change the variables to underscore before they started, I guess PHP didn't like that.
My questions:
Are those 10k, 14k, etc, okay mysql table row names?
Is there an issue I'm missing here?
The datatype for fname and lname are varchar and for the 10k through bars are decimal (7,3).
The column name 925 must be quoted using backticks.
(`fname`, `lname`, `10k`, `14k`, `18k`, `21k`, `22k`, `24k`, `925`, `coins`, `bars`)
You may also want to consider changing the column names to something else to avoid further similar problems in the future.
You should quote the 925 column name, as per MySQL Schema Object names
So correctly:
$query3 = "insert into ".$db_prefix."offer_det (fname, lname, 10k, 14k, 18k, 21k, 22k, 24k, `925`, coins, bars)
values
('".$fname."', '".$lname."', '".$_10k."', '".$_14k."', '".$_18k."', '".$_21k."',
'".$_22k."','".$_24k."', '".$_925."', '".$coins."', '".$bars."')";
Another recommendation: you should escape the incoming strings, because SQL injection is a nasty thing to experience...
Use the QUERY as like follow..
$query3 = "insert into ".$db_prefix."offer_det (fname, lname, 10k, 14k, 18k, 21k, 22k, 24k, 925, coins, bars)
values ('$fname', '$lname', '$_10k', '$_14k', '$_18k', '$_21k', '$_22k',
'$_24k', '$_925', '$coins', '$bars')";
$query_exec=mysql_query($query3) or die(mysql_error());
And for inserting a variable you need to use single codes only..
Can I be bold and suggest a change in your implementation?
/// put your vars in an easier to use format
$insert = array(
'fname' => $fname,
'lname' => $lname,
'10k' => $_10k,
/* and so on ...*/
);
/// considering you are using mysql_query, use it's escape function
foreach ( $insert as $field => $value ) {
$insert[$field] = mysql_real_escape_string($value);
}
/// pull out the keys as fields and the values as values
$keys = array_keys($insert);
$vals = array_values($insert);
/// the following should auto backtick everything... however it should be
/// noted all the values will be treated like strings as you were doing anyway
$query = "INSERT INTO `" . $db_prefix . "offer_det` " .
"(`" . implode('`,`', $keys) . "`) " .
"VALUES ('" . implode("','", $vals ) . "')";
I have the following lines of PHP code in my file along with some other code:
$command = "INSERT INTO inventory_items (Index, Name, Price) VALUES (NULL, 'Diamond', '3.99')";
$insertion = mysql_query($command) or die(mysql_error());
if ($insertion == FALSE)
{
echo "Error: Insert failed.";
}
else
{
echo "Insert successful.";
}
It keeps returning this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Index, Name, Price) VALUES (NULL, 'Diamond', '3.99')' at line 1
myAdmin says I am using MySQL client version 5.0.91. What am I doing wrong? I just can't figure it out! I tried searching a lot...
Index is a reserved word in MySQL and as such, you need to either change the name of the column, or escape it with backticks. Try this $command:
$command = "INSERT INTO inventory_items (`Index`, Name, Price) VALUES (NULL, 'Diamond', '3.99')";
Read more about reserved words here: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
Try this:
$command = "INSERT INTO inventory_items (`Index`, Name, Price) VALUES (NULL, 'Diamond', '3.99');";
MySQL reserved words and how to treat them.
Can you verify that the columns in your inventory_items table are:
Index
Name
Price
And that you have the Index field set to AUTO_INCREMENT.
The best thing is probably to remove that field from your insert statement.
Try
$command = "INSERT INTO inventory_items (Name, Price) VALUES ('Diamond', '3.99')";
Since you're not inserting an Index anyway.
Hope that helps!