checkorder.php
<?php include("koneksi.php");mysql_select_db("project2");
$code = $_POST['code'];
$name = $sql = "Select name from 'orders' where 'code' = '<?php $_POST['code'] ?>' ";
$amount = $_POST['amount'];
$nameorder = $_POST['nameorder'];
$email = $_POST['email'];
$address= $_POST['address'];
$price = $sql= "Select price from 'orders' where 'code' = '<?php $_POST['code'] ?>' ";
$totalprice = $price * $_POST['amount'];
$sql = " INSERT INTO orders (idorder, date, nameorder, email, code, name, amount, price, total price)
VALUES
(default, NOW(), '$code', 'name','$amount','$nameorder','$email','$address')";
mysql_query($sql) ; ?>
I want to insert data using php.
code,name,price get from table product, is it possible using this way?
Because when I try to input data it always show error in $name.
Use query select at first then fetch what u want out
$code = $_POST['code'];
$query = "Select * from `orders` where `code` = '$code' ";
$result = mysql_query($query);
$name = mysql_fetch_assoc($result)['name']; //get the name
$amount = $_POST['amount'];
$nameorder = $_POST['nameorder'];
$email = $_POST['email'];
$address= $_POST['address'];.....................
Related
I'm having This error while trying to save data to mysql and i cant see any error here
$cons_no = $_POST['cons_no'];
$ship_name = $_POST['ship_name'];
$ship_location = $_POST['ship_location'];
$phone = $_POST['phone'];
$s_add = $_POST['s_add'];
$r_name = $_POST['r_name'];
$r_phone = $_POST['r_phone'];
$r_add = $_POST['r_add'];
$type = $_POST['type'];
$weight = $_POST['weight'];
$invoice_no = $_POST['invoice_no'];
$qty = $_POST['qty'];
$book_mode = $_POST['book_mode'];
$freight = $_POST['freight'];
$mode = $_POST['mode'];
$pick_date = $_POST['pick_date'];
$pick_time = $_POST['pick_time'];
$status = $_POST['status'];
$comments = $_POST['comments'];
$r_country = $_POST['r_country'];
The only this not in the code is the cid which is auto increment
$sql = "INSERT INTO tbl_courier (cons_no, ship_name, ship_location, phone, s_add, r_name, r_phone, r_add, type, weight, invoice_no, qty, book_mode, freight, mode, pick_date, pick_time, status, comments, r_country)
VALUES('$cons_no', '$ship_name', '$ship_location', '$phone', '$s_add', '$r_name', '$r_phone', '$r_add', '$type', '$weight', $invoice_no, '$qty', '$freight', '$mode', '$pick_date', '$pick_time', '$status', '$comments', '$r_country')";
I don't know your builded SQL string, but I can assume you have empty values.. to prevent that you can add additional check before assign a value.
$status = isset($_POST['status'])?$_POST['status']:0; // default 0 if don't exists
Edit:
I see your query, the answer is: the field book_mode is missing in values sentence
When I try to add an entry into my SQL Database from a form I get the following Error:
Column count doesn't match value count at row 1
My Sql Code is as follows:
$name = $_POST['input4'];
$date = $_POST['date'];
$projectnumber = $_POST['input1'];
$area = $_POST['input2'];
$donebefore = $_POST['radio9'];
$changesmade = $_POST['radio8'];
$safeaccess = $_POST['radio11'];
$electrical = $_POST['radio5'];
$machineguarding = $_POST['radio6'];
$correctequipment = $_POST['radio4'];
$sds = $_POST['radio3'];
$controltoxic = $_POST['radio1'];
$ppe = $_POST['radio2'];
$hazard = $_POST['checkbox[]'];
$otherhazards = $_POST['input3'];
$controlofhazards = $_POST['checkbox1[]'];
$monitor = $_POST['radio12'];
$comments = $_POST['input'];
$sql = "INSERT INTO hira (Name, TodayDate, ProjectNumber, Area,
DoneBefore, HaveChangesMade, SafeAccess,
ElectricalEquipment, MachineGuarding, CorrectEquipment,
SDS, ControlToxic, PPE, Hazard,
OtherHazard, ControlHazard, MonitorProcess, AdditionalComments)
VALUES ('$name', '$date','$projectnumber','$area',
'$donebefore','$changesmade','$safeaccess',
'$electrical','$machineguarding','$correctequipment',
'$sds','$controltoxic','$ppe',''$hazard',
$otherhazards','$controlofhazards','$monitor','$comments')";
Is there something I overlooked?
Thanks in advance
'$ppe',''$hazard',$otherhazards','$controlofhazards','$monitor','$comments')";
see this is the issue before $hazard you have two single quotes
I want to update a mysql database. That has become a common practice for me, but for some reason with no error, it just doesn't work. The only thing I have never done is compare against 2 variables(in this case, ID && Name)
$name = $_POST['name'];
$duty = $_POST['duty'];
$number = $_POST['number'];
$url = $_POST['url'];
$insert = "UPDATE vendors SET name = '$_POST[name]', duty = '$_POST[duty]', number = '$_POST[number]', url = '$_POST[url]' WHERE id = '$id' && name = '$name'";
$result=mysql_query($insert) or die(mysql_error());
if ($result) {
header("location:**HIDDEN**");
Any help would be appreciated.
Instead of &&, you should use AND to add another where-condition.
Write this instead:
$name = $_POST['name'];
$duty = $_POST['duty'];
$number = $_POST['number'];
$url = $_POST['url'];
$insert = "UPDATE `vendors` SET `name` = '{$_POST['name']}', `duty` = '{$_POST['duty']}', `number` = '{$_POST['number']}', `url` = '{$_POST['url']}' WHERE (`id` = '$id' AND `name` = '$name')";
$result = #mysql_query($insert) or die(mysql_error());
header("location:**HIDDEN**");
It should now work. Notify me if there still is a problem.
replace && with AND and you should be good
Your Query is wrong. Following is the correct one.
The way you have used the variables is wrong.
You had not written any code for $id. What is that?
$insert = "UPDATE vendors SET name = '".$_POST['name']."', duty = '".$_POST['duty']."', number = '".$_POST['number']."', url = '".$_POST['url']."' WHERE id = '$id' AND name = '$name'";
My code is getting the ID from another, after I get that ID I will insert it to another table. The thing is it's not working, any idea why?
<?php
session_start();
include("Connection.php");
if (isset($_POST['submit'])){
$name = $_POST['customerName'];
mysql_query("INSERT INTO `starbucks`.`orders` (
`ID` ,
`NAME` ,
`TOTAL_PRICE` ,
`TOTAL_ITEMS` ,
`TIME`
)
VALUES (
'' , '$name', '', '',NOW())");
$_SESSION['user'] = $name;
}
$dTime = time();
$myValue = isset($_REQUEST['dValue']) ?$_REQUEST['dValue'] : '';
echo "The time is: {$dTime}<br/>
The choice is {$myValue} ";
$sql = "Select * from product where NAME = '{$myValue}'";
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)){
$price = $row['PRICE'];
$id = $row['ID'];
echo $id;
$sql2 ="INSERT INTO starbucks`.order_details (ID, ORDER_ID, PRODUCT_ID, QTY) VALUES ('', '', '$id', '1')";
$result2 = mysql_query($sql2);
}
?>
extra back tick in the INSERT, either add another or remove
I'm trying to display info from a mysql row on this page. I'm using $_GET, because the id is included in the link to the page: www.example.com/page.php?id=1 but it returns this error:
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '1'' at line 1
Does anyone know how to fix this?
code below:
<?php
$username="xxx";
$password="xxx";
$database="xxx";
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
include 'library/config.php';
include 'library/opendb.php';
if(isset($_GET['id']))
{
$query = "SELECT id, title, content, contactname, contactemail, contactnumber ".
"FROM vacancies".
"WHERE id = '{$_GET['id']}'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $title, $content, $contactname, $contactemail, $contactnumber) = mysql_fetch_array($result, MYSQL_NUM);
$content = htmlspecialchars($content);
}
if(isset($_POST['update']))
{
$id = $_POST['id'];
$title = $_POST['title'];
$content = $_POST['content'];
$contactname = $_POST['contactname'];
$contactemail = $_POST['contactemail'];
$contactnumber = $_POST['contactnumber'];
if(!get_magic_quotes_gpc())
{
$title = addslashes($title);
$content = addslashes($content);
$contactname = addslashes($contactname);
$contactemail = addslashes($contactemail);
$contactnumber = addslashes($contactnumber);
}
// update the article in the database
$query = "UPDATE vacancies
SET title = '$title', content = '$content', contactname = '$contactname', contactemail = '$contactemail', contactnumber = '$contactnumber'".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
#unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
#unlink($cacheDir . 'index.html');
echo "<b>Job Entry: '$title' updated</b>";
// now we will display $title & content
// so strip out any slashes
$title = stripslashes($title);
$content = stripslashes($content);
$contactname = stripslashes($contactname);
$contactemail = stripslashes($contactemail);
$contactnumber = stripslashes($contactnumber);
}
include 'library/closedb.php';
?>
Check out http://us2.php.net/manual/en/function.mysql-query.php
The problem is that you are using too many single quotes here:
"WHERE id = '{$_GET['id']}'";
and your query is not acting as expected. use mysql_real_escape_string() instead.
Try this:
$query = "SELECT id, title, content, contactname, contactemail, contactnumber ".
"FROM vacancies ".
"WHERE id = '".$_GET['id']."'";
I always try to leave the variables out of my strings, just add them in with periods, I find it eliminates a lot of confusion.
One problem:
$query = "UPDATE vacancies
SET title = '$title', content = '$content', contactname = '$contactname', contactemail = '$contactemail', contactnumber = '$contactnumber'".
"WHERE id = '$id'";
results in no space between the last column and the WHERE clause. Change it to:
$query = "UPDATE vacancies
SET title = '$title', content = '$content', contactname = '$contactname', contactemail = '$contactemail', contactnumber = '$contactnumber' ".
"WHERE id = '$id'";
or my preferred format:
$query = <<<END
UPDATE vacancies
SET title = '$title',
content = '$content',
contactname = '$contactname',
contactemail = '$contactemail',
contactnumber = '$contactnumber'
WHERE id = '$id'
END;
Note: You should really escape the fields using mysql_real_escape_string().
Remove the quotes around
{$_GET['id']}
and
$id
in all your queries.
Your id is of type integer I assume, which can't take a quoted version or it tries to match the integer key to the string "1"
--
Change this line
$result = mysql_query($query) or die('Error : ' . mysql_error());
to
$result = mysql_query($query) or die('Error : ' . mysql_error() . "\n\n" . $query);
Then you can see exactly what query is going into the DB. Which you can then post here for us to see.
Also please post a
describe <tablename>;