I'm probably just too tired, and looking over a small error, but this code will not input any information into my database.
$sql = "INSERT INTO TABLE_NAME (UPC, Description, Make, Model, SNLocation, IMEI_MEID, Resetting, Notes, Image)
VALUES ($UPC, $Desc, $Make, $Model, $SNLocation, $IMEI_MEID, $Resetting, $Notes, $Image)";
mysqli_query($con, $sql) or die(mysqli_error($sql));
Could someone help me check if this has syntax issues or something?
Its because you had an error
$sql = "INSERT INTO TABLE_NAME (UPC, Description, Make, Model, SNLocation, IMEI_MEID, Resetting, Notes, Image)
VALUES ('$UPC', '$Desc', '$Make', '$Model', '$SNLocation', '$IMEI_MEID', '$Resetting', '$Notes', '$Image')";
removed ] from Notes, Image)] <----- and values need to be quoted
You need to remove ] and enclose string values with single quotes(') :
$sql = "INSERT INTO TABLE_NAME
(UPC, Description, Make, Model,
SNLocation, IMEI_MEID, Resetting, Notes, Image)] <-- Here -->
VALUES ($UPC, $Desc, $Make, $Model, $SNLocation, $IMEI_MEID, $Resetting, $Notes, $Image)";
mysqli_query($con, $sql) or die(mysqli_error($sql));
Related
I am really new to php and I am trying to use simple insert to my mysql database from the form.
I know that this mysql connection/insertion is dangerous and not used anymore. so can anyone please help me with this simple thing? I tried to google, but nothing is working so far :/
<?
$text=$_POST['name'];
$text=$_POST['surename'];
mysql_connect("localhost", "db_name", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$result = mysql_query("INSERT INTO `table` (name, surename)
VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
Maybe change
$text=$_POST['name'];
$text=$_POST['surename'];
to
$name = $_POST['name'];
$surename = $_POST['surename'];
PS: And also your column names don't match your values. Your query, after inserting params
"INSERT INTO `table` (name, surename) VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')"
will probably look like this
INSERT INTO `table` (name, surename) VALUES (NOW(), 'Jhon', 'Wick')
As you can see there's name, surename (which probably should be surname) and (NOW(), 'Jhon', 'Wick'). So either add a column (if you have that column in your database):
INSERT INTO `table` (created_at, name, surename) VALUES (NOW(), 'Jhon', 'Wick')
or remove NOW() from your values
INSERT INTO `table` (name, surename) VALUES ('Jhon', 'Wick')
i'm making a query to insert some values to a table and update other in other table all this in the same function.
The problem i have is with the Insert query, when has been execute, give me a syntax error that you can see below.
I reviewed the code many times but i don't see any error. When I remove the Insert query works fine and if I remove de update query and leave just the insert give me the same error.
Here the query
if (isset($_POST['goodalt']) && isset($_POST['gengood'])){
$goodalt = mysqli_real_escape_string($con, $_POST['goodalt']);
$genid = mysqli_real_escape_string($con, $_POST['gengood']);
$res = mysqli_query($con, "SELECT * FROM `generators` WHERE `name` = '$genid'") or die(mysqli_error($con));
while($row = mysqli_fetch_assoc($res)) {
$genname = $row['name'];
}
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
mysqli_query($con, "UPDATE `generator$genid` SET `status` = '3' WHERE `alt` = '$goodalt'") or die(mysqli_error($con));
}
Any help? Thanks.
Apart form error, there is a BIG issue about concurrency and threading model.
Every time you split INSERT/UPADATE in more separate PHP calls two mysql, you can analyze CAREFULLY if separate queries maintain DB consistent.
Consider carefully is two (or more) web requests (executing the same PHP script) can be safely run in parallel, especially on code where You did:
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
mysqli_query($con, "UPDATE `generator$genid` SET `status` = '3' WHERE `alt` = '$goodalt'") or die(mysqli_error($con));
Insert and Updates are atomic, but here you call two separate queries
Your missing a close bracket in your insert...
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1')") or die(mysqli_error($con));
BUT you should also be using prepared statements and bind variables...
The issue that you're facing is because of the unnecessary usage of backticks or single quotation marks. You can follow the following article to make the changes and the issue should be sorted out.
Article here
Change these from:
mysqli_query($con, "INSERT INTO `user_accounts` (`username`, `accs`, `genid`, `gen-name`, `date`, `status`) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
to
mysqli_query($con, "INSERT INTO user_accounts (username, accs, genid, gen-name, date, status) VALUES ('$username', '$goodalt', '$genid', '$genname', '$date', '1'") or die(mysqli_error($con));
Hope that helps!
I will admit I am a newbie when it comes to PDO, but I have to change over a form that is in mysql.. I am getting connection, but nothing inserted.. I am truly stuck and feel like an idiot because I know it is something simple I am missing
I have tried having the arrays above and after the insert.. Neither work
Any help would be appreciated
Here is my code:
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make, Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES ('', '$pin', '$year', '$make', '$model', '$mileage', '$first', '$last', '$phone', '$email', '1234' )");
$STH->bindParam(':PIN', $_POST['pin']);
$STH->bindParam(':Year', $_POST['year']);
$STH->bindParam(':Make', $_POST['make']);
$STH->bindParam(':Model', $_POST['model']);
$STH->bindParam(':Mileage', $_POST['mileage']);
$STH->bindParam(':FirstName', $_POST['first']);
$STH->bindParam(':LastName', $_POST['last']);
$STH->bindParam(':Phone', $_POST['phone']);
$STH->bindParam(':Email', $_POST['email']);
$STH->execute();
Get rid of the dollar signs and quotes in your query values:
$STH = $conn->prepare("INSERT INTO PinTrade (ID, PIN, Year, Make,
Model, Mileage, FirstName, LastName, Phone, Email, Date)
VALUES (null, :PIN, :Year, :Make, //and so on....
Also note, assuming ID is an auto incrementing field, just insert null
VALUES (null, :PIN,
Finally, if you're pulling from the post array, I'd use bindValue over bindParam
I have following lines:
$sql = "INSERT INTO news (title, content) VALUES :title, :content";
$pre = $this->prepare($sql);
$pre->bindValue(":title", "xxx");
$pre->bindValue(":content", "yyy");
$pre->execute();
I get no error, but the query is also not executed (i checked the query log).
I tried following changes desperately:
$t="xxx" and $pre->bindValue(":title", $t); (the same also for y)
$sql = "INSERT INTO `news` (`title`, `content`) VALUES :title, :content";
$sql = "INSERT INTO `news` (`title`, `content`) VALUES ':title', ':content'";
Nothing changes. Funny thing is i get no response, no warning, no error just nothing.
But the query is not executed.
I found similar posts but non of them solved my problem.
(about $this ... The code is in a class extended from PDO class.)
try this, your values should be wrapped inside the values()
"INSERT INTO news (title, content) VALUES (:title, :content)";
instead of
"INSERT INTO news (title, content) VALUES :title, :content";
Try: "INSERT INTO news (title, content) VALUES (:title, :content)";
You must surround the insert values with parentheses.
I would like to use two different insert statements with two different tables such as
<?
mysql_query("INSERT INTO Customer (ID,Name,Subject, OrderDate) VALUES ('$ID', '$name', '$status', '$ODate')");
mysql_query("INSERT INTO Order (ID,Subject, Department, Status, OrderDate, Receive, Notes) VALUES ('$ID', '$status', 'Financial', 'Financial Department', '$ODate', 'NO', 'Notes')");
?>
It just works with the first table and does not work with the second table.
Can some one help solving this problem?
Thanks
You need to check for errors:
<?php
$query1 = "INSERT INTO Customer (ID,Name,Subject, OrderDate) VALUES ('$ID', '$name', '$status', '$ODate')";
if(!mysql_query($query1)) {
throw new Exception(mysql_error());
}
$query2 = "INSERT INTO Order (ID,Subject, Department, Status, OrderDate, Receive, Notes) VALUES ('$ID', '$status', 'Financial', 'Financial Department', '$ODate', 'NO', 'Notes')";
if(!mysql_query($query2)) {
throw new Exception(mysql_error());
}
I'm guessing you are getting an error because Order is a reserved word in MySQL and should be escaped accordingly:
$query2 = "INSERT INTO `Order` (ID,Subject, Department, Status, OrderDate, Receive, Notes) VALUES ('$ID', '$status', 'Financial', 'Financial Department', '$ODate', 'NO', 'Notes')";
It also seems to me like you're inserting a fixed value as a primary key - are you sure that's what you want?
As I said in the comments, you should stop using mysql_ functions completely and use MySQLi or PDO instead.
First of all thanks to DCoder who helped me to solve the problem and advised me to use PDO and MySQLi.
The problem was with the tabel name Order, when I replaced it with a new name, it works fine.
I thought the problem with using two mysql_query but it is not. The table name that I used is a reserved word in MySQL.
Thanks