Check if a primary key exists - php

I think this has already been asked, but none of the answers made sense to me. My code is...
if ($current_string == "") {
$new_entry_query = 'INSERT INTO house (id, string) VALUES ("' . $userid . '", "' . $new_home_entry . '")';
mysql_query($new_entry_query);
Header('Location: landing.php?pho=');
} else {
$entry_update_string = $current_string . $new_home_entry;
$new_entry_query = 'UPDATE house SET string="' . $entry_update_string . '" WHERE id="' . $userid . '";';
mysql_query($new_entry_query);
Header('Location: landing.php?pho=');
}
My table has two columns. "id", which is primary, and "string" which is not. If you notice, in the first if-statement I'm checking if the query for "string" came up empty, when I asked the database to check at my "id."
I've run into a problem. There is another function on my site which deletes everything from the "string" column. If that function runs, then I run this script I will end up getting an error.
I need to check if the "id" is already there, so that I know if I should create an entirely new row, or just append "string." How would I do that? Thanks.


You should use one query:
INSERT INTO house (`id`, `string`)
VALUES ("' . $userid . '", "' . $new_home_entry . '")
ON DUPLICATE KEY UPDATE `string` = VALUES(`string`)

Related

PHP - MySQLi INSERT not working

I must to send an INSERT query to MySQL database, assuming all the variables are correctly setted, I'm using this code:
$check_alrd_sent = $mysqli -> query("SELECT * FROM reviews WHERE id_prod =" . $id_prod . " AND id_user = " . $current_usr . " LIMIT 1");
$check = mysqli_fetch_all($check_alrd_sent);
if ($check != NULL) {
$check_err = 1;
} else {
$ins_rev = $mysqli -> query("INSERT INTO `reviews` (`ID` ,`ID_prod` ,`ID_user` ,`review` ,`stars`) VALUES (NULL , " . $id_prod .", " . $current_usr . ", " . $review . ", " . $rating . ");");
$ins_result = 1;
}
mysqli_free_result($check_alrd_sent);
The $ins_result variable is correcly set as result, as I can see using var_dump() but now rows are insert in database.
The strange thing is that if I call the MySQL error log can clearly see that the insert is sent to the database correctly as:
42 Query INSERT INTO `reviews` (`ID` ,`ID_prod` ,`ID_user` ,`review` ,`stars`) VALUES (NULL , 11, 1, asd, 4)
But it doesn't appear in the table.
Any suggestions? Thanks

You have two issues in your INSERT Statement:
Value of review column is a string so you need to use quotes around review VALUE.
I think ID is an AUTO INCREMENT NOT NULL field. So no need to use in INSERT Query.
Modified query:
INSERT INTO `reviews`
( `ID_prod`, `ID_user` ,`review` ,`stars`)
VALUES (11, 1, "asd", 4)

varchar fields must be in 2 quota, so review field must be in 2 ':
$ins_rev = $mysqli -> query("INSERT INTO `reviews` (`ID` ,`ID_prod` ,`ID_user`
,`review` ,`stars`) VALUES (NULL , '" . $id_prod ."', ' " . $current_usr . "', '" .
$review . "', '" . $rating . "');");

In your output, "asd" is not in single quotes. That would be invalid SQL. Should also think about converting to non-deprecated SQL functions such as PDO.

mysql replace into with SET-syntax overrides all fields

I have the following query:
REPLACE INTO `oxarticles`
SET
OXID = '10-1010',
oxartnum = '10-1010',
oxtitle = 'Dummy',
oxprice = '10.000000',
oxstock = '100',
importstatus = 1"
This works so far as expected, but the fields I do not specifiy, are just overwritten with ' ' / empty string. From what I read, should this syntax work identically like the UPDATE-command.
Am I missing something? How can I prevent that fields are replaced with '' ?
Edit 1
Just to clarify, I can't just use UPDATE. I am setting a flag (importstatus) to 0 before every run and during the import to 1. After the import finishes, I delete all articles, which are still on status 0.
// Just for the compeletion, here is the PHP-snippet:
while (!feof($this->handle))
{
$row = fgetcsv($this->handle, 0, ";");
$sSql = "REPLACE INTO oxarticles SET "
. " OXID = '" . $row[0] . "', "
. " oxartnum = '" . $row[0] . "', "
. " oxtitle = '" . $row[1] . "', "
. " oxprice = '" . str_replace(",", ".", $row[4]) . "', "
. " oxstock = '" . str_replace(",", ".", $row[5]) . "', "
. " importstatus = 1";
// $sSql = "UPDATE oxarticles SET oxtitle ='" . $row[1] . "', oxprice='" . $row[4] . "', oxstock='" . $row[5] . "' WHERE oxartnum ='".$row[0]."'";
$this->db->execute($sSql);
}

From the mysql documentation:
REPLACE works exactly like INSERT, except that if an old row in the
table has the same value as a new row for a PRIMARY KEY or a UNIQUE
index, the old row is deleted before the new row is inserted. See
Section 13.2.5, “INSERT Syntax”.
In other words, the row is being deleted and then inserted, hence your old values aren't staying intact. Perhaps you could select the original row first, and feed those values back in where appropriate.

You query will replace old data into new data if you do not provide data for a field it will set to null . If you do not want to loose your data just want to update field use on duplicate key update.
If did't found any match it will insert new row
If found it will replace data if provide
INSERT INTO table (id,a,b,c,d,e,f,g) VALUES (1,2,3,4,5,6,7,8) ON
DUPLICATE KEY
UPDATE a=a, b=b, c=c, d=d, e=e, f=f, g=g;

check column if empty then do update

guys i have a large database so when i want to fully update my some column i have timeout error (i attempt some method to increase timeout and fail) But my question is i want to bypass this problem i want to update my empty column in some table. so i want to use this query code but i have blank page with no error can some one tell me what problem with that or if possible pleas tell me a good method.
$sql = 'SELECT topic_first_poster_avatar FROM ' . TOPICS_TABLE . ' WHERE topic_poster = ' . (int) $row['user_id'] . 'IF topic_first_poster_avatar = ""
SET topic_first_poster_avatar = \'' . $db->sql_escape($avatar_info);
$db->sql_query($sql);

As plalx said in the comments, you don't need a SELECT or IF, you can specify WHERE for the update statement and have multiple contraints with AND/OR.
$sql = "UPDATE ". TOPICS_TABLE ."
SET topic_first_poster_avatar = '" . $db->sql_escape($avatar_info) ."'
WHERE topic_poster = " . (int) $row['user_id'] . " AND topic_first_poster_avatar = ''";

Using mysql_fetch_array in INSERT statement

I am trying to use the result of one mysql query in another mysql query, but I'm obviously doing something wrong. This is what I have:
<?php
$result = mysql_query('SELECT panel_product_no
FROM panelProduct
WHERE length_mm = "' . ($_POST["p_length_mm"]) . '"
AND width_mm = "' . ($_POST["p_width_mm"]) . '"
AND veneer_type = "' . ($_POST["p_veneer"]) . '"
AND lipping = "' . ($_POST["p_lipping"]) . '"');
$panel = mysql_fetch_array($result);
?>
And then I want to use that in this bit:
<?php
if(!empty($_POST[p_length_mm]) && !empty($_POST[p_width_mm]) && !empty($_POST[p_aperture]))
{
$sql3="INSERT INTO estimateDescribesPanelProduct (estimate_no, panel_product_no, quantity)
VALUES ('$_GET[estimate_no]','$panel','$_POST[p_quantity]')";
if (!mysql_query($sql3,$con))
{
die('Error: ' . mysql_error());
}
}
?>
The query is basically working in that it is inserting the posted estimate_no and quantity into the DB, but not the correct panel_product_no (it just inserts '0'). How can I get it to insert the $result value?
P.S. I know that I should not be using mysql functions and I will not be in future, however I am so nearly finished with this project that at this point I am not in a position change.

Your are basicly copying content from one table to another.
Wy not use the MySQL INSERT .. SELECT syntax?

as #Dmitry Makovetskiyd wrote, mysql_fetch_array() returns a resource, not manipulatable results.
For example:
$result = mysql_query('SELECT panel_product_no
FROM panelProduct
WHERE length_mm = "' . ($_POST["p_length_mm"]) . '"
AND width_mm = "' . ($_POST["p_width_mm"]) . '"
AND veneer_type = "' . ($_POST["p_veneer"]) . '"
AND lipping = "' . ($_POST["p_lipping"]) . '"');
$resource = mysql_fetch_object($result);
You need to add in:
$panel = $resource->'panel_product_no';
You can then continue with your second query.
Note the change from mysql_fetch_array() to mysql_fetch_object() - as your query suggests you are only retrieving a singular value from the table (assuming there is only a singular panel with the specified length, width, veneer type and lipping), the object method will work fine.

sql query works in phpmyadmin but not with mysql_query

I am stuck with this.
Here is the code:
This is how I call the function,
$res = DataManager::agregarPropiedad($_POST);
here is the function that generate the query and send it,
public static function agregarPropiedad($datos){
$sql = "INSERT INTO propiedades (id_propiedad, nombre, tipopropiedad, descripcion, dormitorios, baños, direccion, localidad, provincia, fecha_alta, sup_cubierta, sup_total)
VALUES (null, '" . $datos['nombre'] . "', '" . $datos['tipo'] . "', '" . $datos['descripcion'] . "', '" . $datos['dormitorios'] . "', '" . $datos['baños'] . "', '" . $datos['direccion'] . "', '" . $datos['localidad'] . "', '" . $datos['provincia'] . "', CURRENT_TIMESTAMP, '" . $datos['supcubierta'] . "', '" . $datos['suptotal'] . "')";
//$sql = "insert into prueba values(null,'".$datos['nombre']."')";
echo $sql;
return DataManager::consulta($sql);
}
When I copy the echo$sql and paste in phpMyAdmin works fine, but when I try to send my function is not inserting anything, but I have no errors. mysql_erros() its empty too.
U can see that, there is a commented $sql. I use that just for test with another table which is much simpler and query the function "consulta" which works fine too.
This is maybe the 40 function that insert things in mysql database, but the first with which I have problems, and I don't know why =(
helppppp...

From personal experience, MySQL queries that work when dumped / copied / pasted into PhPMyAdmin that don't work in code are caused by:
autoincrement / unique field issues
unexpected characters in unprocessed form data
duplicate POST values ( like an array )
mismatched field count
encoding / character set issues
It may well be that if you address the second issue the problem might fix itself. In any case at a minimum you should process you POST(ed) data with strip_tags and add_slashes, but for MySQL mysql_real_escape_string() is strongly recommended.
http://php.net/manual/en/function.mysql-real-escape-string.php
http://www.adminsehow.com/2010/03/prevent-mysql-injection-in-php

There is a problem with your quotes inside the VALUES() and its vulnerable.
<?php
public static function agregarPropiedad($datos)
{
$tipo = mysql_real_escape_string($datos['tipo']);
$nomber = mysql_real_escape_string($datos['nombre']);
$dormitorios = mysql_real_escape_string($datos['descripcion']);
$baños = mysql_real_escape_string($datos['baños']);
$direccion = mysql_real_escape_string($datos['direccion']);
$localidad = mysql_real_escape_string($datos['localidad']);
$provincia = mysql_real_escape_string($datos['provincia']);
$supcubierta = mysql_real_escape_string($datos['supcubierta']);
$suptotal = mysql_real_escape_string($datos['suptotal']);
$sql = "INSERT INTO propiedades (id_propiedad, nombre, tipopropiedad, descripcion, dormitorios, baños, direccion, localidad, provincia, fecha_alta, sup_cubierta, sup_total)";
$sql .= "VALUES (null,'$tipo','$nomber ','$dormitorios ','$baños ','$direccion ','$localidad','$provincia ',CURRENT_TIMESTAMP,'$supcubierta','$suptotal')";
if(mysql_query($sql))
{
return TRUE;
}else{ return FALSE; }
}
?>

Categories