Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I get this two queries with the same variables :
$query = 'UPDATE payee SET payee="oui", datePaiement=\'' . $datePaiement . '\',paiement="'.$paiement.'", typePaiement="' . utf8_decode($moyenPaiement) . '" WHERE id_commande=' . $commande->getNum() . '';
$connexion->exec($query);
$query2 = 'UPDATE commande SET mpaiement="' . utf8_decode($moyenPaiement) . '",pxttc="'.$paiement.'" WHERE noCommande=" . $commande->getNum() . "';
$connexion->exec($query2);
For the first one, my $paiement isn't save in my DB. I get a $paiement = 0 while in my second one $paiement is save as I want.
I have the same pattern in my second query $moyenPaiement, moyenPaiement is save as I want but he is not save in my first query.
Sorry for my explanation, it's maybe confused.
You should not combine both single and double quotes, it will be confusing. Try this:
$query = 'UPDATE payee SET payee="oui", datePaiement="' . $datePaiement . '", paiement="'.$paiement.'", typePaiement="' . utf8_decode($moyenPaiement) . '" WHERE id_commande="' . $commande->getNum() . '"';
$connexion->exec($query);
$query2 = 'UPDATE commande SET mpaiement="' . utf8_decode($moyenPaiement) . '", pxttc="'.$paiement.'" WHERE noCommande="' . $commande->getNum() . '"';
$connexion->exec($query2);
Later edit:
Don't forget to print your queries if something weird happens. These queries can be tested in phpMyAdmin too.
print_r($query);
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
I am currently using PHP and SQL to throw back some paramters I enter in a form.
I can search numbers perfectly fine and it gives me the correct results but anytime I use a search like "443265dsa44dd" it displays nothing even though it's in the database.
$searchedID = $_POST['uuid'];
$sql = "SELECT name, contact, phone, address FROM test WHERE id = '.$searchedID.'";
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo "Name: " . $row["name"] . "<br>" . "Contact: " . $row["contact"] . "<br>" . "Phone: " . $row["phone"] . "<br>" . "Address: " . $row["address"] . " ";
}
}
The id is a primary key and set to VARCHAR, any ideas what is happening here?
You have an error when trying to include the searchedID into the sql-string.
Either concat like this:
$sql = "SELECT name, contact, phone, address FROM test WHERE id = '" . $searchedID . "'"
// note, the additional quotes
OR
let php parse that var for you (possible only inside double-quotes):
$sql = "SELECT name, contact, phone, address FROM test WHERE id = '$searchedID'"
BUT
You are vulnerable to sql-injection. So use prepared statements!
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
Im self learning mySQL and php few days and now Im stuck on this error and cant help myself. Can you look at code, Thanks!
this is error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 7
here is the page
switch($_GET['action']) {
case 'add':
switch($_GET['type']) {
case 'movie':
$query = 'INSERT INTO
movie
(movie_name, movie_year, movie_type)
VALUES
("' . $_POST['movie_name'] . '",
' . $_POST['movie_year'] . ',
' . $_POST['movie_type'] . ')';
break;
}
break;
}
if (isset($query)) {
$result = mysql_query($query, $db) or die(mysql_error($db));
}
I think problem may be in here
<td><select name='movie_type'>
<?php
$query = 'SELECT movietype_label FROM movietype ORDER BY movietype_id';
$result = mysql_query($query, $db) or die (mysql_error($db));
while ($row = mysql_fetch_assoc($result)) {
foreach ($row as $value) {
echo '<option value="' . $row['movietype_id'] . '">';
echo $row['movietype_label'] . '</option>';
}
}
?>
</select></td>
and here is print_r on
Array(
[movie_name] => asd
[movie_type] =>
[movie_year] => 2015
[submit] => ADD)
Shouldn't you be using a double quote " instead of single quote ' like below. You are mixing single and double quote.
$query = "INSERT INTO
movie
(movie_name, movie_year, movie_type)
VALUES
('" . $_POST['movie_name'] . "',
'" . $_POST['movie_year'] . "',
'" . $_POST['movie_type'] . "')";
Granted this is ugly, but would be surprised if it fails.
$query = "INSERT INTO
movie (movie_name, movie_year, movie_type)
VALUES
('"
. $_POST['movie_name'] . "','"
. $_POST['movie_year'] . "','"
. $_POST['movie_type'] . "')";
Also, you need to cleanse your data. Data acted upon directly from user without cleansing, or sent through proper separation of code, can, and someday will, contain sql injection.
Ugly code like the above starts to take on some beauty with mysqli and pdo, plus the parameters are safely separated, and all the moaning about injection goes away.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I have this function.
public function selection($table, $condition_var,$condition_val)
{
if ($condition_var != '') {
$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var=.":".$condition_var. " ");
$stm->bindParam(":".$condition_var, $condition_val);
return $stm->execute();
}
}
I am getting here in this below line
$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var=.":".$condition_var. " ");
dont know what I am doing wrong here. kindly please check
Please refer to this: http://php.net/manual/en/pdostatement.bindparam.php
$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var."=:condition_val");
$stm->bindParam(":condition_val", $condition_val);
$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var . " = :param");
$stm->bindParam(":param", $condition_val);
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
I am trying to insert some data in the database but it gives me a really confusing error
Now the error is:
Parse error: syntax error, unexpected ')'
Code:
$query = mysql_query("INSERT INTO `members` VALUES (''," .$username ."," . $password . "," . $date . "," .$email . ",1'"));
You forgot some dots over there.
$query = mysql_query("INSERT INTO `members` VALUES (" .$username ."," . $password . "," . $date . "," .$email . ",1)");
you have many mistakes , you forgot points . you forget ) .
you should also specify the columns names
this should work for you
$query = mysql_query("INSERT INTO `members` (firstcolumn ,username , password ,date,email , lastcolumn) VALUES ('' ,'$username','$password','$date','$email',1 ) ");
^----------^--------^-----^----^-----^^---your columns
HERE genaeral rule how to use insert :
INSERT into table (column1 , column2 , column3) VALUES (value1 , value2 , value3)
Try this (replace x,y,z,a,b with column name):
$query = mysql_query("INSERT INTO `members` (`x`,`y`,`z`,`a`,`b`) VALUES ('','.$username.','.$password.','.$date .','.$email.','1'"));
You haven't used ' and " in correct place.
write your query and add at the end
or die(mysql_error());
what it says?
I've worked it out now.
No more answers
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm having trouble getting a mysql transaction to work through PHP. I'm fairly new to PHP and very new to mysql.
If I take the var_dump of $query and try to run it through phpmyadmin it works fine.
$description =
mysql_real_escape_string($_REQUEST['description']);
$query = 'BEGIN;
INSERT INTO indiespark.tasks
(description, owner_user_id)
VALUES ("' . $description . '", '
. $user->user_id . ');
SET #task_id = LAST_INSERT_ID();
INSERT INTO indiespark.projecttasks
(task_id, project_id)
VALUES (#task_id, ' . $project->project_id . ');
COMMIT;';
$result = mysql_query($query);
var_dump($query);
var_dump($result);
if ($result) {
return viewproject();
} else {
throw new Exception('database error');
}
mysql_query doesn't support sending multiple queries in one call. Use separate calls.