When a web page on my website loads, it creates a list of content in < li > format, I'm trying to save this list to MySQL database after page loaded. Each < li > should be treated as one record; and only text should be saved in database. Example of < li > is:
<?php $keywords =
"<ul>
<li>Keyword_1</li>
<li>Keyword_2</li>
</ul>";
?>
My code is:
<?php
$dbhost = 'localhost';
$dbuser = 'username';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = "INSERT INTO wp_keywords (keyword) VALUES ($keywords)";
mysql_select_db('database');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>
Here:
wp_keywords is a table
keyword is a table field
$keywords is a variable carrying the values
Error occurring is:
Could not enter data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
Well your code is at least wrong in 2 places. (If this is the code you are using and not just a part of it.)
Your sql query will result in the following:
INSERT INTO table (column_name) VALUES
I suspect column_name is not a column name. And ($keywords) is empty so there are no values to put into the table.
Related
I am using PHP 7 and the latest mysql on ubuntu 16.10. This is the current code I have
<?php
$dbhost = 'localhost:3036';
$dbuser = 'root';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
$sql = "DELETE FROM databasetable WHERE columnA LIKE '%Test7%'" ;
mysql_select_db('jdbdev');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
?>
Should change to below query
DELETE FROM databasetable WHERE columnA like '%Test7%'
There is difference between = and like operator
It's not very clear for me what you are trying to accomplish using this:
WHERE columnA = '%Test7%'" ;
Is the percent sign a literal that should match just like that? As you probably know, percentage sign is a wildcard in mysql and it should be use with LIKE rather than equal.
In this case, your condition will be:
WHERE columnA LIKE '%Test7%'`
If you want to use wildcard % then you have to use LIKE instead of =, so change your sql to:
"DELETE FROM databasetable WHERE columnA LIKE '%Test7%'"
Also, mysql functions are vulnerable to sql injection, you should use mysqli or even better PDO to manage your database.
Try:
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$db_name = 'jdbdev';
$conn = mysqli($dbhost, $dbuser, $dbpass, $db_name);
try{
if($conn->connect_error){
echo 'Could not establish connection to database because '.$conn->connect_error;
}
}catch(Exception $ex){
echo $ex->getMessage();
exit;
}
$sql = "DELETE FROM databasetable WHERE databasetable.columnA LIKE '%Test7%'";
$retval = $conn->query($sql);
if($retval === FALSE) {
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
?>
Sometimes, you have to reference the database table in front of the column
$sql = "DELETE FROM databasetable WHERE columnA = '%Test7%'" ;
should be columnA like '%test7%'
$sql = "DELETE FROM databasetable WHERE columnA like '%test7%'
Like and = both are different.
Assuming you're trying to delete all the rows where columnA contains the test "Test7", you need to use the like operator, not the = operator:
DELETE FROM databasetable WHERE columnA LIKE '%Test7%'
-- Here --------------------------------^
Currently, I have a table column that has a text limit of 255 (Varchar[255]), I would like the number of characters increased to 4000 or more. What would the code be, if ran through a PHP page, to make this modification?
Note* - I have modified a column with a varchar(100) to varchar(255), it seems that my columns cannot exceed a varchar of 255.
So far I have used this - alas, it doesn't work:
<?php
$dbhost = 's036';
$dbuser = 'rost';
$dbpass = 'rosword';
$conn=mssql_connect('smtscom','sTrsr','Rsa');
mssql_select_db('Gsa',$conn);
if(! $conn )
{
die('Could not connect: ' . mssql_get_last_message());
}
echo 'Connected successfully';
$sql = "ALTER TABLE new_tders2 ALTER
COLUMN description varchar(4000)";
mssql_select_db('Gsa');
$retval = mssql_query( $sql, $conn );
if(! $retval )
{
die('Could not create table:');
}
echo "Table column modified successfully\n";
mssql_close($conn);
?>
When I run the PHP page (the code above), it says "Table column modified successfully", but I still can only input 255 characters into the column.
I figured it out - instead of using VARCHAR(4000), use TEXT. It will exceed 4000 characters, and allow up to 64 Kb, 2 bytes overhead. However, this is fine in my case, as more than 4000 characters is fine for this part of the website.
Here is the new (working) code:
<?php
$dbhost = 's036';
$dbuser = 'rost';
$dbpass = 'rosword';
$conn=mssql_connect('smtscom','sTrsr','Rsa');
mssql_select_db('Gsa',$conn);
if(! $conn )
{
die('Could not connect: ' . mssql_get_last_message());
}
echo 'Connected successfully';
$sql = "ALTER TABLE new_tders2 ALTER
COLUMN description TEXT";
mssql_select_db('Gsa');
$retval = mssql_query( $sql, $conn );
if(! $retval )
{
die('Could not create table:');
}
echo "Table column modified successfully\n";
mssql_close($conn);
?>
Thank you to all those that tried to answer.
I wrote this simple code to delete a blog from the sql table. But its giving an error
Could not delete data: Unknown column '$qid' in 'where clause'
Cant understand why. $qid is the variable while just qid is the column name and its giving me this error.
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db('trial1');
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
function check_login(){
return 12;
}
$return_array = array();
if( check_login()!=NULL){
$qid =1;
$sql='DELETE FROM blog_post WHERE qid = $qid';
$retval = mysql_query($sql, $conn);
if (!$retval){
die('Could not delete data: ' . mysql_error());
$return_array["success"] = 0; //If deletion unsuccessful
echo json_encode($return_array);
}
else{
$return_array["success"]=1; //If deletion successful
echo json_encode($return_array);
}
}
?>
Variables will not be parsed under single quotes. Enclose the SQL query under double quotes ".
$sql="DELETE FROM `blog_post` WHERE `qid` = $qid"; //<-- Like this.
This (mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, Prepared Statements of MySQLi or PDO_MySQL extension should be used to ward off SQL Injection attacks !
You should wrap your input in the sql with single quotes :
$sql="DELETE FROM `blog_post` WHERE `qid` = '$qid'";
Very first you need to make sure you have a column name qid in table.
Then try:
$sql='DELETE FROM blog_post WHERE qid ='.$qid;
This is my PHP code written for website. When I executed this, the query doesn't execute and doesn't show any error. I also checked data types of values that are to be inserted.
The database username and password and all credentials are correct. What could be the problem?
<?php
$password ='abcdef';
$host="localhost"; // Host name
$username="futureti_dsatya"; // Mysql username
$password="D2e3e4v1i"; // Mysql password
$db_name="futureti_db"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password,$db_name);
if(!$con)
{
die('Could not connect: '. mysql_error());
}
else
{
$res = mysqli_query($con,"insert into users values(55555623,'saran1','satya_saran',$password)");
if($res){
print("i am ok");
}
else{
print("bad");
}
}
?>
Wrap $pass in quotes (55555623,'saran1','satya_saran','$pass') as shown below with an explanation about "$password", and change mysql_error()); to mysqli_error()); those two functions don't mix and that is why you did not get the proper error messages to show up.
As already stated, you're using $password twice; change one of the variables to something else.
What you're presently doing is overwriting your $password variable.
I am assuming you want to enter abcdef into your DB. If so, then do this instead:
<?php
$pass ='abcdef';
$host = "localhost"; // Host name
$username = "futureti_dsatya"; // Mysql username
$password = "D2e3e4v1i"; // Mysql password
$db_name = "futureti_db"; // Database name
$tbl_name = "users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password,$db_name);
if ( !$con ) {
die('Could not connect: '. mysqli_error());
} else {
$res = mysqli_query($con, "insert into users values (55555623,'saran1','satya_saran','$pass' )");
if( $res ) {
print("i am ok");
} else {
print("bad");
}
}
?>
Also, inserting data into a table without telling it which columns to use is not a recommended method.
Use something to the effect of:
($con, "insert into users (column1, column2, column3, column4) values (55555623,'saran1','satya_saran','$pass' )
Sidenote: If the column for your first value isn't an (int) you will need to wrap that in quotes as well.
Also, if your first column is an AUTO_INCREMENT, you will need to remove the AUTO_INCREMENT from the column's type.
you dont get any error because you are making using mysql. not mysqli.
your code is wroking just wrap password . i guess the connection is not connecting.
replace this:
die('Could not connect: '. mysql_error());
to
die('Could not connect: '. mysqli_error()); //to see the error
I'm trying to update a record in my database using the code below. I'm trying to change the product name but I am getting the following error:
Could not update data: Unknown column 'Earrings' in 'field list'
Code:
<?php
if(isset($_POST['update']))
{
$dbhost = 'databasehost';
$dbuser = 'username';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$ProductsID = $_POST['ProductsID'];
$ProductsName = $_POST['ProductsName'];
$sql = "UPDATE Products ".
"SET ProductsName = $ProductsName ".
"WHERE ProductsID = $ProductsID" ;
mysql_select_db('databasename');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
The query should be
$sql = "UPDATE Products ".
"SET ProductsName = '$ProductsName' ".
"WHERE ProductsID = $ProductsID" ;
You forgot to wrap $ProductName with quotations. Don't forget to do so when dealing with string values.
You want something like this:
ProductsName = '$ProductsName'
Also, be sure to escape that input, else you'll be subjected to SQL injections.
Your are trying to set the ProductsName to an existing column, add quotes to let sql interpret a value:
$sql = "UPDATE Products ".
"SET ProductsName = '$ProductsName' ".
"WHERE ProductsID = $ProductsID" ;
You are not sanitizing your data, so there is a good chance that your query could break depending on the value submitted, not to mention it leaves your database wide open for an attacker to manipulate via SQL Injection.
Please do not use mysql_ functions, as they are depricated. You should be using prepared statements, please see PDO and mysqli.
As for your answer, you need to put 'quotes' around the $variable