Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
My question is how to include $value inside a MySQL statement. For example,
$value="1"
$sql="insert into table (value1) value ('value_');
I want to add the $value after value_. Is it possible for me to do that? If possible, could you show me the way please?
Thanks a lot...
Sure, you just wrap the variable name with curly braces:
$sql="insert into table (value1) values ('value_{$value}');
But on this stage of learning you should learn and get used to PDO prepared statements to avoid the risk of mysql injections.
$sql="insert into table (value1) value ('value_".$value."')";
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
It is observed that SQL statements can be executed using methods pg_query(), pg_prepare(), pg_query_params(), pg_execute().
Please guide me when to use which method.
When you need to execute a single database operation with manually escaped/prepared variables or just literals and get returned values: pg_query, when you want a reusable statement which is executed often with different variables' values + optimized by the driver go for pg_prepare together with pg_execute (pg_execute runs the query prepared by pg_prepare with actual variables' values), to execute and return values of a single query with variables escaped/prepared by the driver you have pg_query_params
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
i have send one extra colum but my table has 7 elements why my sql want 1 extra?? as u can see i have send $na 2 times
$sqlQ="insert into users values ('".$na."','".$na."','".$num."','".$gender."','".$user."','".$email."','".$pass."')";
$result= mysqli_query($mysqli,$sqlQ);
actually this is not good practice to insert the value in the database.
i recommend always use something like this.
$sqlQ="insert into users (tableField,tableField1) values ('$value','$value1')";
Note:never put auto increment field name OR value in the query.and always use prepared statements to avoid sql injection attack.given code is also vulnerable.if you do not know about prepared statement raise question or google it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to create a form that should have a textarea as bulk input, then every row of that textarea can be store able as separate value in table via PHP.
What should I do?
The key piece of code is:
$values = explode("\n", $_POST['textarea_name']);
Don't forget to sanitize your inserts :)
I use this code
$values = explode("\n", $_POST['textarea_name']);
mysqli_query($con,"INSERT INTO `table` (`col`) VALUES ($values)");
data should be string.
How I can convert it to string? I want to make each row to a record! make my code compelet!
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I was curious if it was bad practice to, instead of having a separate ADD and UPDATE function, simply have an INSERT and UPDATE on DUPLICATE KEY function. This would work for me because I can UPDATE the same columns that I would ADD. I just wonder if this short cut is a bad idea for any reason.
Thank you.
If you need to insert some Data and you don't know, if it already exist, it is a good idea.
If you already know that this Data is availible or not (Because you need this in your Software), you should do a simple UPDATE or INSERT.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
What is the equivalent of the below in SQL?
PHP function for MySQL:
mysqli_real_escape_string($POST['password']);
Escaping is done to prepare a SQL statement correctly. There is no equivalent in MySQL because by the time it hits that layer it should have been escaped in the first place.
Using mysqli_real_escape_string is also a sign you're doing something incorrectly as you should be using the bind_param method instead of this kind of super low-level call.