I can't input the data into my MySQL table using this script:
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL);
session_start();
include '../scripts/test_ses.php';
include 'connection.php';
$date = date("Y-m-d");
/* Set our params */
$id = $_POST['id'];
$status = $_POST['status'];
$active = 1;
$sql = "INSERT INTO TBL_Holiday (Status, Active, DateOfChange) VALUES (?, ?, ?) WHERE idRequest =$id";
$stmt = $conn->prepare($sql);
/* Bind our params */
$stmt->bind_param('iisi', $status, $active, $date, $id);
/* Execute the prepared Statement */
$stmt->execute();
/* Close the statement */
$stmt->close();
?>
The data of the variables $id, $status is set by a form is there any way to display the php error of the script by alerting it on the form page over ajax ?
remove the $id and WHERE they are used for update or delete a row, in your case insert use below query
$sql = "INSERT INTO TBL_Holiday
(Status, Active, DateOfChange) VALUES
(?, ?, ?)";
or if you wanted to update you need to use below query
$sql = "UPDATE TBL_Holiday SET
Status= ?,
Active= ?,
DateOfChange= ?
WHERE idRequest = ?";
/* Bind our params */
$stmt->bind_param('iisi', $status, $active, $date, $id);
by having its id.. make the update operation..
$sql = "UPDATE TBL_Holiday SET Status='$status', Active='$active', DateOfChange='$date' WHERE idRequest =$id";
otherwise.. make insert by ..
$sql = "INSERT INTO TBL_Holiday (Status, Active, DateOfChange) VALUES ('$status', '$active', '$date')";
Instead of using insert you need to use Update query if you need to use condition while. So your condition will be something like this,
$sql = "UPDATE TBL_Holiday SET Status= ?,Active= ?,DateOfChange=? WHERE idRequest =$id";
You're mixing an INSERT statement with an UPDATE statement
An insert statement is on the form:
INSERT INTO table_name (column1, column2, column3, ...)
VALUES (value1, value2, value3,...);
Where you're creating a new record which is not associated with any other existing rows using a where clause, i.e. you're suppose to skip that part.
Meanwhile an update statement is on the form:
UPDATE table_name
SET column1=value1, column2=value2,...
WHERE some_column=some_value;
Where you do indeed wish to associate your update with some specific row by using a where clause, to indicate which row is to be updated.
Not my favorite sources but you can take a look at insert and update.
This is the working code:
<?php
/* Set our params */
$date = date("Y-m-d");
$id = $_POST['id'];
$status = $_POST['status'];
$active = 1;
/*Create executed SQL*/
$sql = "UPDATE TBL_Holiday SET
Status= ?,
Active =?,
DateOfChange =?
WHERE idRequest = ?";
/*Prepare SQL connection*/
$stmt = $conn->prepare($sql);
/* Bind our params */
$stmt->bind_param('iisi', $status, $active, $date, $id);
/* Execute the prepared Statement */
$stmt->execute();
/* Close the statement */
$stmt->close();
?>
Related
I want to use the INSERT statement to insert values that come from the SELECT statements in PHP
the table of student is not get the data
$sql = "INSERT INTO student(academic_major, promo, user_id) VALUES (?, ?, (?));";
$stmtt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmtt, $sql)){
header("Location: add_student_forum.php?error=sqlerrorstudent");
exit();
}else{
$id = "SELECT id FROM user WHERE email = '$email'";
mysqli_stmt_bind_param($stmtt, "sss", $academic_major, $promo, $id);
mysqli_stmt_execute($stmtt);
header("Location: add_student_forum.php?signup=success".$id);
exit();
}
when i execute it shows me this header header("Location: add_student_forum.php?signup=success".$id); in the url
and i dont know why the table is empty after
You don't bind SQL as a parameter. Bind the data as parameter and put the SELECT SQL in the prepared statement SQL
$sql = "INSERT INTO student(academic_major, promo, user_id) VALUES (?, ?, SELECT id FROM user WHERE email = ?);";
$stmtt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmtt, $sql);
mysqli_stmt_bind_param($stmtt, "sss", $academic_major, $promo, $email);
mysqli_stmt_execute($stmtt);
header("Location: add_student_forum.php?signup=success".$id);
exit();
Make sure you have mysqli error reporting enabled. How to get the error message in MySQLi?
How do i add multiples columns in pdo for update? this is what I am trying to do but I need to update multiple $_POSTS['VARS];
$consulta = $conexao_pdo->prepare('UPDATE user SET nome = ? WHERE id = ?');
$consulta->bindParam(1, $variavel_com_nome);
$consulta->bindParam(2, $id);
if ($consulta->execute()) {
echo 'UPDATED';
}
What is it that is not working in your code? If you need to update multiple columns, you just need to include them in your update statement: update table1 set col1 = ?, col2 = ?, col3 = ? where id = ?; then assign parameter values for each one.
This is how I solved it
$sql = "UPDATE user SET name = :name,
surname = :surname
WHERE username = :username";
//db column and value
$stmt = $conexao_pdo->prepare($sql);
//where clause
$stmt->bindParam(':username', $username);
//add vars to db
$stmt->bindParam(':name', $var);
$stmt->bindParam(':surname', $var);
$stmt->execute();
I am trying to insert data into a database after the user clicks on a link from file one.php. So file two.php contains the following code:
$retrieve = "SELECT * FROM catalog WHERE id = '$_GET[id]'";
$results = mysqli_query($cnx, $retrieve);
$row = mysqli_fetch_assoc($results);
$count = mysqli_num_rows($results);
So the query above will get the information from the database using $_GET[id] as a reference.
After this is performed, I want to insert the information retrieved in a different table using this code:
$id = $row['id'];
$title = $row['title'];
$price = $row['price'];
$session = session_id();
if($count > 0) {
$insert = "INSERT INTO table2 (id, title, price, session_id)
VALUES('$id', '$title', '$price', '$session');";
}
The first query $retrieve is working but the second $insert is not. Do you have an idea why this is happening? PS: I know I will need to sanitize and use PDO and prepared statements, but I want to test this first and it's not working and I have no idea why. Thanks for your help
You're not executing the query:
$insert = "INSERT INTO table2 (id, title, price, session_id)
VALUES('$id', '$title', '$price', '$session');";
}
it needs to use mysqli_query() with the db connection just as you did for the SELECT and make sure you started the session using session_start(); seeing you're using sessions.
$insert = "INSERT INTO table2 (id, title, price, session_id)
VALUES('$id', '$title', '$price', '$session');";
}
$results_insert = mysqli_query($cnx, $insert);
basically.
Plus...
Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements.
If that still doesn't work, then MySQL may be complaining about something, so you will need to escape your data and check for errors.
http://php.net/manual/en/mysqli.error.php
Sidenote:
Use mysqli_affected_rows() to check if the INSERT was truly successful.
http://php.net/manual/en/mysqli.affected-rows.php
Here's an example of your query in PDO if you'req planning to use PDO in future.
$sql = $pdo->prepare("INSERT INTO table2 (id, title, price, session_id) VALUES(?, ?, ?, ?");
$sql->bindParam(1, $id);
$sql->bindParam(2, $title);
$sql->bindParam(3, $price);
$sql->bindParam(4, $session_id);
$sql->execute();
That's how we are more safe.
Is it possible to have a "mixed" SQL Insert like the following?
I want to be able to get one value from another table (that needs a param) and then enter in 2 more params.
$sql = "INSERT INTO tblquestions (userID, questionText, questionAnswer) VALUES (
Select userID FROM tblusers WHERE userEmail = (?),?,?)";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'sss', $userEmail, $question, $answer);
$result = mysqli_stmt_execute($stmt);
if (!$result) {
throw new Exception($conn->error);
}
It is unnecessary. Just use insert . . . select:
INSERT INTO tblquestions(userID, questionText, questionAnswer)
Select userID, ?, ?
FROM tblusers
WHERE userEmail = (?);
Can some onw please explain what is wrong with this ... this worked completely fine with procedural php
function foo(){
$incomingtime = date('Y-m-d H:i:s', time());
$stmt = $db->stmt_init();
$id = "Abc123" ;
$u_id = 1;
$c_id = 1;
$query = "INSERT INTO table (indate, myid, uniqueid, commonid)
VALUES (?, ?, ?, ?)";
$stmt = $db->prepare($query);
$stmt->bind_param('ssii', $incomingtime, $id, $u_id, $c_id);
$stmt->execute();
printf("Affected rows (UPDATE): %d\n", $db->affected_rows); // Always return 1
$stmt->close();
}
But nothing goes in the database.
Datatype in mysql db for indate is datetime
There's several issues with this code.
$stmt_4 is used before it's defined.
$u_id and $c_id are both defined then not used.
Trying to execute $stmt without supplying parameters.
$db is not defined.
$id is not defined.
If you are trying to convert working code to a function make sure that either the function gets these passed in as an argument, they are marked as global or the function creates/ retrieves them.
Check changing:
$query = "INSERT INTO table (indate, myid, uniqueid, commonid)
VALUES (?, ?, ?, ?)";
$stmt = $db->prepare($query);
$stmt->bind_param('ssii', $incomingtime, $id, $u_id, $c_id);
$u_id = 1;
$c_id = 1;
$stmt->execute();
to:
$u_id = 1;
$c_id = 1;
$query = "INSERT INTO table (indate, myid, uniqueid, commonid)
VALUES (CURRENT_TIMESTAMP, ?, ?, ?)"
$stmt = $db->prepare($query);
$stmt->execute(array($id, $u_id, $c_id));
NOTE: I deleted the parameter ssii because it's not considered in the query. It only expects 4 parameters.