I need to put into database a $username, but my query gives me Invalid query: Unknown column ....
This is my query:
"INSERT INTO `user`(`screen_name`) VALUES (".$userName.")"
Anyone can help me?
There are no quotes at the string.
"INSERT INTO `user`(`screen_name`) VALUES ('".$userName."');"
Add the semi-colon at the end but it is not always necessary.
You can try like this
$sql = "INSERT INTO table_name (firstname, lastname, email) VALUES ('John', 'Doe', 'john#example.com')";
Related
This question already has answers here:
Multiple mysql INSERT statements in one query php [duplicate]
(8 answers)
Closed 3 years ago.
I'm trying to insert multiple data in one table, however I got an error that says:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO author (firstname, lastname) VALUES ('Rasmus', 'Lerdorf')INSERT INT' at line 1
Here's the method:
$sql = "INSERT INTO author (firstname, lastname) VALUES ('Roal', 'Dahl')";
$sql .= "INSERT INTO author (firstname, lastname) VALUES ('Rasmus', 'Lerdorf')";
$sql .= "INSERT INTO author (firstname, lastname) VALUES ('Jane', 'Doe')";
Do I need to create a for loop for this? How could this work?
You can do this :
$sql = INSERT INTO author ( firstname, lastname) VALUES ('Roal', 'Dahl'), ('Rasmus', 'Lerdorf'), ('Jane', 'Doe');
Generally, mysqli and PDO cannot execute multiple statements in a single query. There are alternatives like mysqli_multi_query, but that is not really what you need.
Your query can have multiple rows added by appending extra sections after VALUES like so:
$sql = "INSERT INTO author (firstname, lastname) VALUES ";
$sql .= "('Roal', 'Dahl'), ('Rasmus', 'Lerdorf'), ('Jane', 'Doe')";
You can use two options:
mysqli_multi_query
$sql = "INSERT INTO author (firstname, lastname) VALUES ('Roal', 'Dahl');";
$sql .= "INSERT INTO author (firstname, lastname) VALUES ('Rasmus', 'Lerdorf');";
$sql .= "INSERT INTO author (firstname, lastname) VALUES ('Jane', 'Doe');";
if(!$mysqli->multi_query($sql)){
echo 'Error query:'. $mysqli->error . '.';
}else{
//do any operation
}
Or use one query like:
$sql = INSERT INTO author ( firstname, lastname) VALUES ('Roal', 'Dahl'), ('Rasmus', 'Lerdorf'), ('Jane', 'Doe');
if(!$mysqli->query($sql)){
echo 'Error query:'. $mysqli->error . '.';
}else{
//do any operation
}
Change $mysqli with your connection
I am really new to php and I am trying to use simple insert to my mysql database from the form.
I know that this mysql connection/insertion is dangerous and not used anymore. so can anyone please help me with this simple thing? I tried to google, but nothing is working so far :/
<?
$text=$_POST['name'];
$text=$_POST['surename'];
mysql_connect("localhost", "db_name", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$result = mysql_query("INSERT INTO `table` (name, surename)
VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
Maybe change
$text=$_POST['name'];
$text=$_POST['surename'];
to
$name = $_POST['name'];
$surename = $_POST['surename'];
PS: And also your column names don't match your values. Your query, after inserting params
"INSERT INTO `table` (name, surename) VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')"
will probably look like this
INSERT INTO `table` (name, surename) VALUES (NOW(), 'Jhon', 'Wick')
As you can see there's name, surename (which probably should be surname) and (NOW(), 'Jhon', 'Wick'). So either add a column (if you have that column in your database):
INSERT INTO `table` (created_at, name, surename) VALUES (NOW(), 'Jhon', 'Wick')
or remove NOW() from your values
INSERT INTO `table` (name, surename) VALUES ('Jhon', 'Wick')
I have the follow php script for registering a user
<?php
require_once "setting.php";
extract($_REQUEST);
$link = mysqli_connect($dbHost, $dbUser, $dbPass, $dbName);
if (mysqli_connect_errno()){
echo "Connection failed".mysqli_connect_error();
}
$initQuery = "SELECT * FROM users WHERE email = ".$email;
$initResult = mysqli_query($link, $initQuery);
$dbResults = mysqli_fetch_array($initResult, MYSQLI_ASSOC);
if($dbResults == null ){
echo('in the if statement');
$userId = uniqid();
echo($userId);
$query = "INSERT INTO users(email, password, userId) VALUES ($email, $password, $userId )";
echo($query);
$addResult = mysqli_query($link, $query);
echo($addResult);
}
mysqli_free_result($initResult);
mysqli_free_result($addResult);
mysqli_close($link);
?>
The second mysqli_query is not adding a user, I've checked the syntax of the sql statement and it works fine. Does anyone have any ideas?
Also I was thinking about maybe trying to write a mysqli_multi_query to run both queries. I've read that the multi_query will return false if the first query fails, is there anyway to have it execute the second query if the first one fails and not execute the second query if the first one succeeds?
For the love of God, at least put the string values inside quotes if not use prepared statements
"INSERT INTO users(email, password, userId) VALUES ($email, $password, $userId)"
Is invalid. Those string values should be inside quotes
"INSERT INTO users(email, password, userId) VALUES ('$email', '$password', '$userId')"
Please read this before you implement the solution given above:
How can I prevent SQL injection in PHP?
At the very least, please escape the values with mysqli_real_escape_string
Use quotes for your values.
$query = "INSERT INTO users(email, password, userId) VALUES ('$email', '$password', '$userId' )";
$addResult = mysqli_query($link, $query);
If you are facing error than use die function to get the error detail.
$addResult = mysqli_query($link, $query) or die(mysqli_error($link));
It will show you the error also.
Hope this works:
$query = "INSERT INTO users (email, password, userId) VALUES ('$email', '$password', $userId)";
Give a space after table name and all the variables in single quote. :)
UPDATE
Space is not mandatory to give, but would be good for better coding :)
Try to put the values inside quotes.
$query = "INSERT INTO users(email, password, userId) VALUES ('$email', '$password', '$userId' )";
To understand why quotes are mandatory i give an example :).
Mysql supports SELECT from another table for inserted values like in the code below:
INSERT INTO users (email, password, userId)
VALUES
((SELECT email FROM user_info WHERE id = '$userId'),'$password','$userId'))
Okay, so I'm updating my site from MySQL to MySQLi, which means I have to re-code some of the database stuff.
I looked on php.net on how to use MySQLi queries to insert data into a table and did exactly what they said to, but no luck.
Here's my connection variable:
$con = mysqli_connect("localhost", "username", "password", "database");
And here is the code to insert the data:
mysqli_query($con, "INSERT INTO users ('user', 'pass', 'email') VALUES ('$user', '$pass', '$email')");
It doesn't reply with any errors, and it just takes me to the intended landing page. It doesn't actually add the data to the table though.
Any ideas?
As answered above, removing the quotes from the column names will solve your problem:
mysqli_query($con, "INSERT INTO users (user, pass, email) VALUES ('$user', '$pass', '$email')");
But I also noted that your script is vulnerable against SQL injection attacks.
In MySQLi you can prepare your statements before execution, so you will be sure that no one will inject SQL commands in your database.
If you don't want to prepare each sql statements before execution, at least use the mysqli_real_escape_string function, that will protect your system against SQL injection too. Use like that:
mysqli_query($con, "INSERT INTO users (user, pass, email) VALUES ('" . mysqli_real_escape_string($user) . "', '" . mysqli_real_escape_string($pass) . "', '" . mysqli_real_escape_string($email) . "')");
remove single quotes from column names
mysqli_query($con, "INSERT INTO users (user, pass, email) VALUES ('$user', '$pass', '$email')");
OR
mysqli_query($con, "INSERT INTO users (`user`, `pass`, `email`) VALUES ('$user', '$pass', '$email')");
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and email) VALUES ('','','')' at line 1
i am now getting this error for specifically this line:
$sql= "INSERT INTO tbl_member (username, password and email) VALUES ('$username','$password','$email')";
It should be:
$sql= "INSERT INTO tbl_member (username, password, email) VALUES ('$username','$password','$email')";
First of all, you don't use the 'AND' keyword like that.
$sql = "INSERT INTO tbl_member (username, password, email) VALUES ('$user','$pass','$mail')";
Secondly, the error message indicates that at the time the query is run the 3 variables, $user, $pass and £mail are empty.
What are the names of your columns? if it's really "password and email", you should use backticks surronding them:
$sql= "INSERT INTO tbl_member (`username`, `password and email`) VALUES ('$username','$password','$email')";
otherwise use #Shivan-Raptor 's sollution?