I'm new to php. I have a dropdown option. I want to put an if statement that if one of the options is selected e.g. 'Completed' then I would like it to get the entire record from the MySQL table and move it to another table with the same table structure.
This is what i have so far:
<?php
if( $_GET['status'] = 'Completed' ):
$stmt = $con->prepare("INSERT INTO second_table select * from first_table where id = id;
status = ?,
day_id = ?,
eta = ?,
c_notes = ?
WHERE booking_id = ?");
$stmt->bind_param('sissi',
$_GET['status'],
$_GET['day_id'],
$_GET['eta'],
$_GET['notes'],
$_GET['id']
);
$stmt->execute();
$stmt->close();
?>
If the two tables have the same structures I think your query should be
$stmt = $con->prepare("INSERT INTO second_table VALUES (SELECT * FROM first_table WHERE id = ?");
$stmt->bind_param('i', $_GET['id'] );
Let me know if this didn't work.
Related
$sql = "INSERT into x (y,z,t)
VALUES ((SELECT userID FROM users WHERE username ='".$usersql."'),"
."'"."(SELECT itemID from items WHERE category ='".$category."'),"
."'".$amountdays."')";
Thank you for your time.
You should use PDO or mysqli with prepared statements. Then you can define variables for your values and set them after the query. That makes it more readable and you prevent sql injections in your code.
https://www.php.net/manual/de/pdo.prepared-statements.php
$stmt = $dbh->prepare("INSERT into x (y,z,t)
VALUES (
SELECT userID FROM users WHERE username = :username,
SELECT itemID FROM items WHERE category = :category,
:amountdays
)";
$stmt->bindParam(':username', $username);
$stmt->bindParam(':category', $category);
$stmt->bindParam(':amountdays', $amountdays);
Something like that.
A little bit of formatting will go a long way:
$sql = "INSERT into x
(
y,
z,
t
) VALUES (
(SELECT userID FROM users WHERE username = ?),
(SELECT itemID from items WHERE category = ?),
?
);
";
How do i add multiples columns in pdo for update? this is what I am trying to do but I need to update multiple $_POSTS['VARS];
$consulta = $conexao_pdo->prepare('UPDATE user SET nome = ? WHERE id = ?');
$consulta->bindParam(1, $variavel_com_nome);
$consulta->bindParam(2, $id);
if ($consulta->execute()) {
echo 'UPDATED';
}
What is it that is not working in your code? If you need to update multiple columns, you just need to include them in your update statement: update table1 set col1 = ?, col2 = ?, col3 = ? where id = ?; then assign parameter values for each one.
This is how I solved it
$sql = "UPDATE user SET name = :name,
surname = :surname
WHERE username = :username";
//db column and value
$stmt = $conexao_pdo->prepare($sql);
//where clause
$stmt->bindParam(':username', $username);
//add vars to db
$stmt->bindParam(':name', $var);
$stmt->bindParam(':surname', $var);
$stmt->execute();
I can't input the data into my MySQL table using this script:
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL);
session_start();
include '../scripts/test_ses.php';
include 'connection.php';
$date = date("Y-m-d");
/* Set our params */
$id = $_POST['id'];
$status = $_POST['status'];
$active = 1;
$sql = "INSERT INTO TBL_Holiday (Status, Active, DateOfChange) VALUES (?, ?, ?) WHERE idRequest =$id";
$stmt = $conn->prepare($sql);
/* Bind our params */
$stmt->bind_param('iisi', $status, $active, $date, $id);
/* Execute the prepared Statement */
$stmt->execute();
/* Close the statement */
$stmt->close();
?>
The data of the variables $id, $status is set by a form is there any way to display the php error of the script by alerting it on the form page over ajax ?
remove the $id and WHERE they are used for update or delete a row, in your case insert use below query
$sql = "INSERT INTO TBL_Holiday
(Status, Active, DateOfChange) VALUES
(?, ?, ?)";
or if you wanted to update you need to use below query
$sql = "UPDATE TBL_Holiday SET
Status= ?,
Active= ?,
DateOfChange= ?
WHERE idRequest = ?";
/* Bind our params */
$stmt->bind_param('iisi', $status, $active, $date, $id);
by having its id.. make the update operation..
$sql = "UPDATE TBL_Holiday SET Status='$status', Active='$active', DateOfChange='$date' WHERE idRequest =$id";
otherwise.. make insert by ..
$sql = "INSERT INTO TBL_Holiday (Status, Active, DateOfChange) VALUES ('$status', '$active', '$date')";
Instead of using insert you need to use Update query if you need to use condition while. So your condition will be something like this,
$sql = "UPDATE TBL_Holiday SET Status= ?,Active= ?,DateOfChange=? WHERE idRequest =$id";
You're mixing an INSERT statement with an UPDATE statement
An insert statement is on the form:
INSERT INTO table_name (column1, column2, column3, ...)
VALUES (value1, value2, value3,...);
Where you're creating a new record which is not associated with any other existing rows using a where clause, i.e. you're suppose to skip that part.
Meanwhile an update statement is on the form:
UPDATE table_name
SET column1=value1, column2=value2,...
WHERE some_column=some_value;
Where you do indeed wish to associate your update with some specific row by using a where clause, to indicate which row is to be updated.
Not my favorite sources but you can take a look at insert and update.
This is the working code:
<?php
/* Set our params */
$date = date("Y-m-d");
$id = $_POST['id'];
$status = $_POST['status'];
$active = 1;
/*Create executed SQL*/
$sql = "UPDATE TBL_Holiday SET
Status= ?,
Active =?,
DateOfChange =?
WHERE idRequest = ?";
/*Prepare SQL connection*/
$stmt = $conn->prepare($sql);
/* Bind our params */
$stmt->bind_param('iisi', $status, $active, $date, $id);
/* Execute the prepared Statement */
$stmt->execute();
/* Close the statement */
$stmt->close();
?>
I am wondering if I need to do this.
To make it more secure, all the things inserted into database is selected from another table with specific clause that is posted from the user.
I use the id for the identity:
$identity = $_POST['id'];
$stmt = $mysqli->prepare ("INSERT into table_one (col_1, col_2, col_3)
VALUES (?,?,?)");
//This is what I use to do
$stmt >bind_param ("sss", $valua, $valueb, $valuec);
//But now I want to that like this
$stmt >bind_param ("sss", SELECT valuea, valueb, valuec FROM ANOTHERtable WHERE id = $identity);
$list->execute();
$list->close();
Is it possible? And how is the correct way to do this?
You dont need to bind the values from your other table. You just need to prepare those for the values that the user provides. You can safely use the existing values.
$stmt = $mysqli->prepare ("INSERT into table_one (col_1, col_2, col_3)
SELECT valuea, valueb, valuec FROM ANOTHERtable WHERE id = ?");
$stmt >bind_param ("i", $identity);
$stmt->execute();
I have a select that doesn't work.
$person = mysql_query ("Select personID from persons order by personID desc Limit 0,1");
$query_string = 'INSERT INTO topics (topic,
description,
abstract,
personID)
VALUES (?, ?, ?, ?)';
$query = $db->prepare($query_string);
$query->execute(array($_POST['topic'],
$_POST['description'],
$_POST['abstract'],
$person));
I dont understand where is the problem
$person is a mysql result, not any kind of value.
Try this:
list($person) = mysql_fetch_row(mysql_query("select personID from ....."));
Here is the problem...
$person = mysql_query ("Select personID from persons order by personID desc Limit 0,1");
Do this...
$result = mysql_query ("Select personID from persons order by personID desc Limit 0,1");
$row = mysql_fetch_array($result);
$person = $row['personID'];
you are mixing to fetch mysql inside mysqli try this.
$person = $db->prepare("Select personID from persons order by personID desc Limit 0,1");
$person->execute();
$person->store_result();
$person->bind_result( $personID ) ; // to bind the result as variable to use it later
$person->fetch();
$query_string = 'INSERT INTO topics (topic,
description,
abstract,
personID)
VALUES (?, ?, ?, ?)';
$query = $db->prepare($query_string);
$query->execute(array($_POST['topic'],
$_POST['description'],
$_POST['abstract'],
$personID));
$dbh = new PDO('mysql:host='.$server.';dbname='.$db, $user, $pass);
$st=$dbh->prepare('Select personID from persons order by personID desc Limit 0,1');
$st->execute();
$result=$st->fetchAll();
//FOR TEST PURPOSE TO MAKE IT EASY.
echo "<pre>";
print_r($result);
echo "</pre>";
//END TEST
echo $result[0]['personID'];
Try this PDO code to select and use data.PDO is a prefererred way. and also instead of mysql use mysqli.
we are unclear about your concern. it would be better if you copy paste the error message or make us clear by editing you post, saying what actually you want and what you are unable to do. hope my help works!!