I am inserting some data through PHP in MySql database, but unfortunately i am getting this error:
Error: Column count doesn't match value count at row 1
From the following code:
<?php
if($_POST)
{
include_once('dbconn.php');
$profile_created_by = $_POST['profile_created_by'];
$name = $_POST['name'];
$gender = $_POST['gender'];
$dd = $_POST['dd'];
$mm = $_POST['mm'];
$yyyy = $_POST['yyyy'];
$dob = $dd.'-'.$mm.'-'.$yyyy;
$marital_status = $_POST['marital_status'];
$religion = $_POST['religion'];
$mother_tongue = $_POST['mother_tongue'];
$country = $_POST['country'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$password = $_POST['password'];
$sql="INSERT INTO user VALUES ('$profile_created_by', '$name', '$gender', '$dob', '$marital_status', '$religion', '$mother_tongue', '$country', '$mobile', '$email', '$password')";
if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "Entered data successfully";
mysql_close($conn);
}
?>
Can anybody help me out with this error?
If you have more columns in user table which are not mentioned here (e.g ID), You have to specify which data is for which column.
$sql="INSERT INTO user (profile_created_by,name,gender,dob,marital_status,religion,mother_tongue,country,mobile,email,password) VALUES ('$profile_created_by', '$name', '$gender', '$dob', '$marital_status', '$religion', '$mother_tongue', '$country', '$mobile', '$email', '$password')";
You are getting this error bcoz number of columns in the table user doesn't match with number of values supplied. So try using this type of format:
INSERT INTO user(columnNames,...)
VALUES(respective_values,....);
Related
I am trying to INSERT data into a table and I am using mysqli API executing query.
$insert = "INSERT INTO pdhp_patient
(username, password, email, first_name,
last_name, dob, gender, s_s_n, i_n)
VALUES ('$username', '$password', '$email', '$first_name',
'$last_name', '$dob', '$gender', '$s_s_n', '$i_n');";
This is the query I am trying to execute.
mysqli_query($connection, $insert);
The previous line of code is for executing the query. This time the query returns false. I am unable to understand what the mistake is I Have even tried without the single quotes in the query. This however does not work.
Editted:
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$dob = $_POST['dob'];
$dob = date("m-d-Y", strtotime($dob));
$gender = $_POST['gender'];
$cid = $_POST['country'];
$sid = $_POST['city'];
$s_s_n = $_POST['s_s_n'];
$i_n = $_POST['i_n'];
global $connection;
if(isset($_POST['type']) && $_POST['type']==="patient"){
$insert = "INSERT INTO pdhp_patient (username, password, email, first_name, last_name, dob, gender, s_s_n, i_n) VALUES ('$username', '$password', '$email', '$first_name', '$last_name', '$dob', '$gender', '$s_s_n', '$i_n');";
$insert = mysql_prep($insert);
$result = mysqli_query($connection, $insert);
if ( $result === false ) {
echo mysqli_error($connection);
exit;
}
if($val){
echo "This must be working";
}else{
echo "This was not working";
}
}elseif(isset($_POST['type']) && $_POST['type']==="doctor"){
$insert = "INSERT INTO pdhp_doctor (username, password, email, first_name, last_name, dob, gender, s_s_n, i_n) VALUES ($username, $password, $email, $first_name, $last_name, $dob, $gender, $s_s_n, $i_n);";
$insert = mysql_prep($insert);
mysqli_query($connection, $insert);
}elseif(isset($_POST['environment_radio']) && $_POST['type']==="environment"){
$insert = "INSERT INTO pdhp_environmentalist (username, password, email, first_name, last_name, dob, gender, s_s_n, i_n) VALUES ($username, $password, $email, $first_name, $last_name, $dob, $gender, $s_s_n, $i_n);";
$insert = mysql_prep($insert);
mysqli_query($connection, $insert);
}
Some more code for proper info. This code chunk is what I wanna achieve. this is the full code.
Thanks.
Give a man a fish, he eats today. Teach a man to fish, he eats everyday
Add some error checking
$insert = "INSERT INTO pdhp_patient
(username, password, email, first_name,
last_name, dob, gender, s_s_n, i_n)
VALUES ('$username', '$password', '$email', '$first_name',
'$last_name', '$dob', '$gender', '$s_s_n', '$i_n');";
$result = mysqli_query($connection, $insert);
if ( $result === false ) {
echo mysqli_error($connection);
exit;
}
Then you can probably fix your own errors
Per your update and comment your issue is that you are escaping the whole query, and not the values that you are passing in. That is not how escaping works, with escaping you escape the values going in incase they contain 's which would break the SQL encapsulation. So instead do..
$username = mysqli_real_escape_string($connection, $_POST['username']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$dob = mysqli_real_escape_string($connection, $_POST['dob']);
$dob = mysqli_real_escape_string($connection, date("m-d-Y", strtotime($dob)));
$gender = mysqli_real_escape_string($connection, $_POST['gender']);
$cid = mysqli_real_escape_string($connection, $_POST['country']);
$sid = mysqli_real_escape_string($connection, $_POST['city']);
$s_s_n = mysqli_real_escape_string($connection, $_POST['s_s_n']);
$i_n = mysqli_real_escape_string($connection, $_POST['i_n']);
and get rid of mysql_prep. You should probably read up a bit more on SQL injections:
http://php.net/manual/en/security.database.sql-injection.php
https://www.owasp.org/index.php/SQL_Injection
The more secure approach is using parameterized queries with prepared statements.
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
I've created a simple login form. I'm not able to store user input values at the back-end. Here's the full code for your reference:
dp.php
<?php
$dbc = mysqli_connect('localhost', 'root', '', 'list') or trigger_error(mysqli_error());
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$email = $_POST['email_id'];
$password = $_POST['password'];
$query = "INSERT INTO login_list (first_name, last_name, email,password) VALUES ('$first_name', '$last_name', '$email','$password')";
mysqli_query($dbc, $query) or trigger_error(mysqli_error($dbc));
echo 'login created';
mysqli_close($dbc);
?>
remove single quote from php variable
$query = "INSERT INTO login_list (first_name, last_name, email,password) VALUES
($first_name, $last_name, $email,$password)";
if your data contain string that will put in "" or ''
$query = "INSERT INTO login_list (first_name, last_name, email,password) VALUES
('".$first_name."','".$last_name."', '".$email."','".$password."')";
i hope this will solve your problem if $_POST get correct data . you have to concat string at that time
I have a table name "User" writen in MySQL with the fields: UserID, UserName, Password, eMail, DisplayName, Score, timeStamp. The field UserID is int AUTO_INCREMENT and time stamp is dateTime. I'm trying to insert values into the table using php file. This is my php file:
mysql_connect("mysql.1freehosting.com","u948577195_uname","p7CraCuRAw");
mysql_select_db("u948577195_dbnam");
$uName = $_GET['uname'];
$pass = $_GET['password'];
$mail = $_GET['email'];
$disName = $_GET['disnam'];
$date = $_GET['dt'];
$sql=mysql_query("INSERT INTO User
VALUES ('$uName', '$pass', '$mail', '$disName', 0, '$date')");
while($row=mysql_fetch_assoc($sql))
$output[]=$row;
print(json_encode($output));
mysql_close();
?>
I activate the file using this connection string:
http://pickupfriend.fulba.com/android_project/query3.php?uname=Test&password=p1&email=ml&disnam=Test&dt=21:12:30 2014-07-07
I have a space between the seconds and the year in the date, is it OK? After I run the connection string I receive this error:
Parse error: syntax error, unexpected T_STRING in /home/u948577195/public_html/android_project/query3.php on line 13
What am I doing wrong? How to correct my connection string?
Thank you in advance!
Your link shows that you are getting the parameters wrong in the $_GET part.
Hence you must delete this line as it's not php
INSERT INTO [USER]
VALUES ('$uName', '$pass', '$mail', '$disName', 0, '$date')
Change your code as as below.
mysql_connect("mysql.1freehosting.com","u948577195_uname","p7CraCuRAw");
mysql_select_db("u948577195_dbnam");
$uName = $_GET['uname'];
$pass = $_GET['pass'];
$mail = $_GET['mail'];
$disName = $_GET['disName'];
$date = $_GET['date'];
$sql = mysql_query("INSERT INTO User VALUES ('$uName', '$pass', '$mail', '$disName', 0, '$date')");
if (!$sql) {
$message = 'Invalid query: ' . mysql_error() . "\n";
die($message);
}
mysql_close();
And your are not fetching anything within your query, if your aim is to see all add this before mysql_close()
$query = mysql_query('SELECT * FROM User');
if (!$query) {
$message = 'Invalid query: ' . mysql_error() . "\n";
die($message);
}
$output = array();
while ($row = mysql_fetch_assoc($query) !== false) {
$output[] = $row;
}
echo json_encode($output);
And what do you expect to happen?
INSERT INTO [USER]
VALUES ('$uName', '$pass', '$mail', '$disName', 0, '$date')
That is NOT php! You forgot to use it in a query or something.
I hope this isn't a repeat question. I have searched all over to find an answer to no avail.
I want to insert into a row of a table. It sounds simple enough, but if the table is empty, it will not work. I can't figure out why. As long as there is one row in the table, it works fine. Any help is appreciated. Thanks.
My code:
<?php
$fname = $_POST['fname'];
$mi = $_POST['mi'];
$lname = $_POST['lname'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$add1 = $_POST['add1'];
$add2 = $_POST['add2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$con = mysqli_connect("localhost","database_username","database_password","database");
$sql1 = "INSERT INTO employee (fname, mi, lname, phone, email, add1, add2, city, state, zip) VALUES ('$fname', '$mi', '$lname', '$phone', '$email', '$add1', '$add2', '$city', '$state', '$zip')";
mysqli_query($con,$sql1);
mysqli_close($con);
?>
Your code is correct but it may some times data have some special characters such as \ / ? etc. thus suggest you to change all variable of the code from
$fname = $_POST['fname'];
to
$fname = addslashes($_POST['fname']);
then try it it will be done
You are not escaping the values. If any value contains an apostrophe, your query will faile. Since they come from post you must use mysqli_real_escape_string.
use following execute to insert a row
mysqli_query($con,$sql1);
musqli_execute($sql1);
I made it work after many hours of trying everything I could think of to do... Ultimately, I ended up checking for an empty table first, and then re-creating the table if it was empty.
I'm not sure why this works, but this is my code... it's a bit inelegant, but I could find no better solution. I know that I have not escaped my values. I will later. For now, I simply wanted to solve this problem that I have been wracking my brain about for days.
<?php
$fname = $_POST['fname'];
$mi = $_POST['mi'];
$lname = $_POST['lname'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$add1 = $_POST['add1'];
$add2 = $_POST['add2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$con = mysqli_connect("localhost","username","password","database");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$sql = 'CREATE TABLE employee'
. ' ('
. ' fname text,'
. ' mi varchar(1),'
. ' lname text,'
. ' email varchar(100),'
. ' phone varchar(15)'
. ' add1 varchar(100),'
. ' add2 varchar(100),'
. ' city varchar(100),'
. ' state varchar(25)'
. ' zip varchar(10),'
. ' );';
$sql1 = "INSERT INTO employee (fname, mi, lname, phone, email, add1, add2, city, state, zip,) VALUES ('$fname', '$mi', '$lname', '$phone', '$email','$add1', '$add2', '$city', '$state', '$zip')";
$sql2 = "SELECT * FROM employee";
$sql3 = mysqli_query($con,"SELECT count(*) FROM employee");
if ($sql3 == FALSE) {
trigger_error(mysql_error()." in ".$sql3);
exit();
}
else
{
$result = mysqli_fetch_array($sql3);
}
if($result[0] != 0)
{
mysqli_query($con,$sql1);
}
else
{
mysqli_query($con,$sql);
mysqli_query($con,$sql1);
}
mysqli_close($con);
?>
if variable is a string use '".$fname."' foreach variable in query
II created a form for inserting a new company and also on this page it is the PHP script which insert the data into the database.
I don`t know where it is the mistake in this code.
<?php
if (isset($_POST['submit']))
{
// Form has been submitted.
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}',
'{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}',
'{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}',
'{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')");
$result = mysql_query($query, $connection);
if (!$result) {
echo "The company was not created.";
} else {
echo "The company was successfully created.";
}
}
?>
rewrite your code and remove those {} from the variables like that
VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...
1- be sure to escape them before you send them to database .
2-dont use mysql , use pdo or mysqli
to escape them do like that:
$name = mysql_real_escape_string($_POST['name']) ;
and then pass it to ur query like that
VALUES ('$name', .... <-- same with other columns
EDIT-
Try this
if (isset($_POST['submit'])) { // Form has been submitted.
$name = mysql_real_escape_string($_POST['name']) ;
$subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ;
$subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ;
$subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ;
$position = mysql_real_escape_string($_POST['position']) ;
$country = mysql_real_escape_string($_POST['country']) ;
$city = mysql_real_escape_string($_POST['city']) ;
$district = mysql_real_escape_string($_POST['district']) ;
$contact = mysql_real_escape_string($_POST['contact']) ;
$set_up_date = mysql_real_escape_string($_POST['setdate']) ;
$address = mysql_real_escape_string($_POST['address']) ;
$phone = mysql_real_escape_string($_POST['phone']) ;
$areacode = mysql_real_escape_string($_POST['areacode']) ;
$website = mysql_real_escape_string($_POST['website']) ;
$fax = mysql_real_escape_string($_POST['fax']) ;
$email = mysql_real_escape_string($_POST['email']) ;
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('$_POST['name']', '$subdomain0', '$subdomain1',
'$subdomain2', '$position', '$country', '$city',
'$district', '$contact', '$set_up_date', '$address', '$phone',
'$areacode, '$website', '$fax', '$email')");
echo "The company was successfully created.";
else {
echo "The company was not created.";
}
}
?>
you have to be careful with sql injections. you can go through the link to know of other options to mysql_* functions, as it is deprecated.
also its always better to try to find out the error by using mysql_error function to print out the error. (check the link for alternatives as this too is getting deprecated)
INSERT INTO companies
SET name = $name,
subdomain0 = $domain,
subdomain1 = $doamin1
so on