We Keep Coding

MySQL Query not working with PHP Variable? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 1 year ago.
Improve this question
Why is this working:
$sql_query = "SELECT * FROM Content WHERE id IN (1,5,7,9)";
But this isn't:
$array_values = "1,5,7,9";
$sql_query = "SELECT * FROM Content WHERE id IN ('$array_values')";
I want to select data from the database based on the integers in the $array_values string.
How can I do it?

because there are ` s in your code here
$sql_query = "SELECT * FROM Content WHERE id IN ('$array_values')";
use :
$sql_query = "SELECT * FROM Content WHERE id IN ( $array_values )";
or
$sql_query = "SELECT * FROM Content WHERE id IN (".$array_values.")";

mysqli Prepared statements with multiple joins keeps returning false [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I am supposed to design an exam server system and I keep getting errors while I am trying to prepare the statement using mysqli's prepare function. I am using php to connect to sql represented by the $conn variable(it does connect to the DB), and I have tried the same exact statements in mysql workbench and it works fine. Here is the code I have written:
$stmtTempTable = $conn->prepare("CREATE TEMPORARY TABLE front_action_temp
SELECT * FROM front_action
WHERE time_offset > 0");
$stmt = $conn->prepare("SELECT event_name, status, day_of_week, week_of_year, event_year, start_time, time(start_time +
time_offset) as end_time, machine_group
FROM front_weekly
LEFT JOIN front_event ON front_weekly.event_id=front_event.event_id
LEFT JOIN front_daily ON front_event.event_id=front_daily.event_id
LEFT JOIN front_group ON front_daily.group_id=front_group.group_id
LEFT JOIN front_action_temp ON front_action_temp.event_id=front_event.event_id
WHERE day_of_week=? and week_of_year=? and event_year=?");
if ($stmt === false){
die('Unable to execute');
} else {
$stmt->bind_param('sss', $dayOfWeek, $weekNumber, $year);
$stmt->execute();
}
I keep getting false for $stmt. Any ideas why?

You are only prepare()ing the CREATE TEMPORARY TABLE... but not execute()ing it. The second statement fails because the table does not exist.

Why isn't `INSERT ROW` working? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have an SQL piece of code that every time a user inserts a name creates a new column with the name (and this part works fine). I also want it to add a row to that column with the respective comment given by the user. I don't see why this add row statement won't work.
$value = mysql_real_escape_string($_POST['name']);
$comment = mysql_real_escape_string($_POST['comment']);
$add = mysql_query("ALTER TABLE Names ADD $value Text NOT NULL");
$sql = mysql_query("INSERT INTO Names VALUES $comment");

Try with
$sql = mysql_query("INSERT INTO Names (`$value`) VALUES ('$comment')") or die(mysql_error());
You need to specify the column list.
Ideally you should start using PDO or an ORM to be able to work and debug easier

Try this:
$value = mysqli_real_escape_string($db, $_POST['name']);
$comment = mysqli_real_escape_string($db, $_POST['comment']);
$add = mysqli_query($db, "ALTER TABLE Names ADD '{$value}' Text NOT NULL");
$sql = mysqli_query($db, "INSERT INTO Names({$value}) VALUES('{$comment}')");

In place edit update text [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I'm trying to do in-place editing way in my site.
Now I set up all the things I need.
When the user clicks Submit, it will send the id of the div element (what kind of content) and the new value to update.
Here's my code:
if($pedit = $mysqli->prepare("UPDATE `accounts` SET ? = ? WHERE `id`= ? ")){
$pedit->bind_param("sss", $id, $value, $_SESSION["user_id"]);
$pedit->execute();
$pedit->free_result();
$pedit->close();
}
I don't know why it doesn't update the information.
$id = the row that change: description, fullname, email etc.
$value = the new information about $id. User can update his profile information.
The code doesn't show me any kind of error but still doesn't update.

You can't specify a column name as a parameter in a prepared statement. You'll instead have to substitute column names into the statement before preparing it. Don't forget to whitelist editable column names to make sure no unwanted SQL gets executed.
<?php
$accounts_editable_cols = array(
'name'=>true, 'street'=>true, 'city'=>true,
'region'=>true, 'postal'=>true, 'phone'=>true
);
// prevent SQL injection by whitelisting column names
if (!array_key_exists($id, $accounts_editable_cols)) return false;
$pedit = $mysqli->prepare("UPDATE `accounts` SET $id = ? WHERE `id`= ? ")
if ($pedit) {
$pedit->bind_param("ss", $value, $_SESSION["user_id"]);
$pedit->execute();
$pedit->free_result();
$pedit->close();
}

INSERT INTO with php [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm trying myself in mysql now, but there is a problem. I can't insert values to my table.
Can you help me ?
Here is my code:
$con=mysql_connect('127.0.0.1','root','','taxon');
$query='INSERT INTO order (phone, pointA, pointB)
VALUES ("43532", "daram", "pampam")';
$result= mysql_query($query, $con);
echo $result;
database: taxon
table name : order
table values: id(A_I), phone, pointA, pointB

You're missing quotes around your string values in your query, plus order is a reserved word which need to be wrapped in backticks:
$query='INSERT INTO `order` (phone, pointA, pointB)
VALUES (43532, hye, moe)';
should be
$query="INSERT INTO `order` (phone, pointA, pointB)
VALUES (43532, 'hye', 'moe')";
This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

try this:
$con = mysql_connect("127.0.0.1", "root", "");
mysql_select_db("taxon");
..
mysql_close($con);