I am trying to check the database tables for data before entering new data and avoiding the dublicates.
$sqlQuery = "INSERT INTO " . $table . " ( " . $columns . ") VALUES( '" . $columnData . "')
SELECT " . $columnData . " FROM " . $columns . "
WHERE NOT EXISTS (SELECT '" .$columnData . "'
FROM " . $table . " WHERE '" . $columnData . "' = '" . $columnData . "')";
The query does not throw any errors, although the query is not executed as expected.
Thanks in advance
to avoid duplicate entrys just use INSERT IGNORE
If you want to update when it's a duplicate use Insert ... ON DUPLICATE KEY UPDATE...
If you want to avoid duplicates, then create a unique constraint or index on the columns you want to be unique:
create unique index idx_table_cols on table(col1, col2, . . .);
Then the database will prevent duplicates. If you want the insert to fail silently instead of generating an error, you can use insert ignore, but I would recommend insert on duplicate key update:
insert into table(col1, col2, . . .)
select <values>
from . . .
on duplicate key update col1 = values(col1);
I am giving you example with all conditions please check it
First step would be to set a unique key on the table:
ALTER TABLE thetable ADD UNIQUE INDEX(pageid, name);
Then you have to decide what you want to do when there's a duplicate. Should you:
ignore it?
INSERT IGNORE INTO thetable (pageid, name) VALUES (1, "foo"), (1, "foo");
Overwrite the previously entered record?
INSERT INTO thetable (pageid, name, somefield)
VALUES (1, "foo", "first")
ON DUPLICATE KEY UPDATE (somefield = 'first')
INSERT INTO thetable (pageid, name, somefield)
VALUES (1, "foo", "second")
ON DUPLICATE KEY UPDATE (somefield = 'second')
Update some counter?
INSERT INTO thetable (pageid, name)
VALUES (1, "foo"), (1, "foo")
ON DUPLICATE KEY UPDATE (pagecount = pagecount + 1)
Related
I am in a confusion.
I have a cron job written in PHP to insert values into a table. But some values may already exist in the table. But we are not sure which are they. So I used INSERT IGNORE INTO method to insert my entries like follows,
$insertSql = "INSERT IGNORE INTO `my_procuts` (`product_id`, `category_id`) VALUES " . $valueString . ";";
$insertResult = mysqli_query($conn, $insertSql);
$affectedRows = mysqli_affected_rows($conn);
Where $valueString is the output of a previous for loop. And those are the values to insert. This query works fine. Values are inserting as I expected.
Now,
I want to add a TRANSACTION to this insertion. So I try it like this,
mysqli_begin_transaction($conn, MYSQLI_TRANS_START_READ_ONLY);
$insertSql = "INSERT IGNORE INTO `my_procuts` (`product_id`, `category_id`) VALUES " . $valueString . ";";
$insertResult = mysqli_query($conn, $insertSql);
$affectedRows = mysqli_affected_rows($conn);
mysqli_commit($conn);
Now the query is not working. $affectedRows gives -1 result always. What may the issue I have made.
Thanks in advance. :)
I have a php script that take data from a table and then try to insert the obtained data in a second table copy of the first one:
function copy_data($id,$mysql_conn){
if($res=mysql_query("SELECT * from table1 WHERE id='".$id."'", $mysql_conn)){
if($row=mysql_fetch_array($res)){
$sql ="INSERT INTO table2 (id, Field1, Field2) values('" . $row['id'] . "', '" . $row['Field1'] . "', '" . $row['Field2'] . "')";
mysql_query($sql,$mysql_conn);
}
}
}
copy_data($id,$mysql_conn);// $id is id of the element I want to add
The insert query works fine but there is one case that makes an exception :one of the field contains a ' character, exp of a query that failed:
INSERT INTO table2 (id, Field1, Field2) values ('12','Company', 'Kurt's Reifen-Shop') the exception comes from the ' character how to insert php variables that do contain this character.
You have to escape the data before insert them into $sql:
function copy_data($id,$mysql_conn){
if($res=mssql_query("SELECT * from table1 WHERE id='".$id."'", $mysql_conn)){
if($row=mysql_fetch_array($res)){
$row['Field1'] = mysql_real_escape_string($row['Field1']);
$row['Field2'] = mysql_real_escape_string($row['Field2']);
$sql ="INSERT INTO table2 (id, Field1, Field2) values('" . $row['id'] . "', '" . $row['Field1'] . "', '" . $row['Field2'] . "')";
mysql_query($sql,$mysql_conn);
}
}
}
copy_data($id,$mysql_conn);// $id is id of the element I want to add
You can do it with a single statement:
$id = mysql_real_escape_string($id);
INSERT INTO table2 (id, Field1, Field2) SELECT id, Field1, Field2 FROM table1 WHERE id='".$id."'"
i dont understand how you managed to put that ' in to the first table but you should use
mysql_real_escape_string
like $field1 = mysql_real_escape_string($row['Field1']);
than put the $field1 as it will be safe now
I would like to always replace the same existing database entry.
The following code always creates a new entry, How do I have to modify that it always overwrites "version"?
$sql = "REPLACE INTO `traumprojekt`
(`version`, `geschlecht`, `alter`, `fuehrerschein`)
VALUES(
'" .mysql_real_escape_string( $version ). "',
'" .mysql_real_escape_string( $geschlecht ). "',
" .$alter. ",
" .$fuehrerschein. "
)";
mysql_query( $sql );
REPLACE is just an insert, that will "delete" the old row before adding a new.
It can only determine an "old" row if there are constraints that mark the new row as "existing".
Your replace statement is OK, but you should add a UNIQUE INDEX on geschlecht, alter, fuehrerschein so it can just change the version.
An alternative can be INSERT ... ON DUPLICATE KEY UPDATE, but you also need a unique key there. The difference is that REPLACE does a DELETE, then INSERT; while INSERT ... ON DUPLICATE KEY UPDATE does an UPDATE instead of the INSERT. It matters with for example triggers...
Personally, I would use UPDATE instead. For example:
REPLACE INTO `traumprojekt`
(`version`, `geschlecht`, `alter`, `fuehrerschein`)
VALUES(
'" .mysql_real_escape_string( $version ). "',
'" .mysql_real_escape_string( $geschlecht ). "',
" .$alter. ",
" .$fuehrerschein. "
)
WHERE
/* Your condition here */;
Create a unique key on some of the columns. This way the script will insert once when there is no data and then will update when the column key duplicates. Lets say you create an unique index on the version column:
$sql = "INSERT INTO `traumprojekt`
(`version`, `geschlecht`, `alter`, `fuehrerschein`)
VALUES(
'" .mysql_real_escape_string( $version ). "',
'" .mysql_real_escape_string( $geschlecht ). "',
" .$alter. ",
" .$fuehrerschein. "
) ON DUPLICATE KEY UPDATE
`geschlecht`='" .mysql_real_escape_string( $geschlecht ). "',
`alter`=" .$alter. ", `fuehrerschein`= " .$fuehrerschein;
Or, if you want to have only one record in your table, then you can create an unique column called Id as TinyINT and base your logic on it:
$sql = "INSERT INTO `traumprojekt`
(`id`,`version`, `geschlecht`, `alter`, `fuehrerschein`)
VALUES(1,
'" .mysql_real_escape_string( $version ). "',
'" .mysql_real_escape_string( $geschlecht ). "',
" .$alter. ",
" .$fuehrerschein. "
) ON DUPLICATE KEY UPDATE
`version`='" .mysql_real_escape_string( $version ). "',
`geschlecht`='" .mysql_real_escape_string( $geschlecht ). "',
`alter`=" .$alter. ", `fuehrerschein`= " .$fuehrerschein;
MySQL docs here:
http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
I'm trying to insert 2 values from arrays into a database. There's nothing wrong with the connection, the fields where $fullArr and $thumbArr get inserted are longtexts, and when I try to insert 1 array value it works fine ($fullArr or $thumbArr). As soon as both arrays get used in the query it stops working.
The values in the arrays are data-urls.
private function submitPhoto() {
global $database;
$projectid = $_POST['projectid'];
$fullArr = $_POST['fullArr'];
$thumbArr = $_POST['thumbArr'];
$count = 0;
foreach($thumbArr as $key) {
// Insert Thumb
$database->query("INSERT INTO `photo` (photoid, projectid, dataurlfull, dataurlthumb) VALUES('', '" . $projectid . "', '" . $fullArr[$count] . "', '" . $key . "')");
$count++;
}
}
Try changing the query:
$database->query("INSERT INTO `photos` (photoid, projectid, dataurlfull, dataurlthumb) VALUES('', '$projectid', '$fullArr[$count]', '$key')");
Is it possible you are not executing the query inside the foreach() loop, so the last one will 'overwrite' any that you had before? Also, the $count is not necessary as you can use the $key. Try something like-
foreach($thumbArr as $key=>$value) {
// Insert Thumb
$database->query("INSERT INTO `photo` (photoid, projectid, dataurlfull, dataurlthumb) VALUES('', '" . $projectid . "', '" . $fullArr[$key] . "', '" . $thumbArr[$key] . "')");
$database->execute();
}
Be aware that you are open to SQL injection as you are using $_POST data without sanitizing. If you are using mysqli_ or PDO, use paramatized statements
foreach($thumbArr as $key=>$value) {
// Insert Thumb
$database->query("INSERT INTO `photo` (photoid, projectid, dataurlfull, dataurlthumb) VALUES('', ?, ?, ?)");
$database->bindParam(1,$projectid);
$database->bindParam(2,$fullArr[$key]);
$database->bindParam(3,$thumbArr[$key]);
$database->execute();
}
The php code below get's the results from a form and inserts them into a table.
I have to used this table structure where each row corresponds to a different value from the form eg First Name.
I've written the code below but it's cumbersome.
Can you help me with a better way? Thanks heaps!
$lists = $_POST['form']['lists'][0];
$first_name = $_POST['form']['first_name'];
$last_name = $_POST['form']['last_name'];
$idu = $db->insertid();
$db->setQuery("INSERT INTO #__rsmail_subscriber_details (`IdList`, `FieldName`,
`FieldValue`, `IdSubscriber`) VALUES ('" . $db->getEscaped($lists) . "', 'First Name'
, '" . $db->getEscaped($first_name) . "', '" . $db->getEscaped($idu) . "')");
$db->query();
$db->setQuery("INSERT INTO #__rsmail_subscriber_details (`IdList`, `FieldName`,
`FieldValue`, `IdSubscriber`) VALUES ('" . $db->getEscaped($lists) . "', 'Last Name'
, '" . $db->getEscaped($last_name) . "', '" . $db->getEscaped($idu) . "')");
$db->query();
You can perform bulk insert:
INSERT INTO table (field1, field2) VALUES ('val1', 'val2'), ('val3', 'val4'), ...
In your case it is something like:
$db->setQuery("INSERT INTO #__rsmail_subscriber_details (`IdList`, `FieldName`,
`FieldValue`, `IdSubscriber`) VALUES ('".$db->getEscaped($lists)."', 'First Name'
, '".$db->getEscaped($first_name)."', '".$db->getEscaped($idu)."'), ('".$db->getEscaped($lists)."', 'Last Name'
, '".$db->getEscaped($last_name)."', '".$db->getEscaped($idu)."')");
To answer your SQL question:
INSERT INTO `table` (foo, bar)
VALUES (1, 2),
(3, 4),
(5, 6),
(7, 8)
In regards to your PHP code, burn it and start over. It reeks of security issues and bad practices.