Incorrect integer value for a column

Incorrect integer value for a column - php

When I submit null in center_id (not an auto increment column) in single quotes it give me the
error incorrect integer value for column center_id and when I write only the variable like this
center_id = $center_id
it gives a mysql error.
Please tell me what I am doing wrong with it or suggest something.
Below is my query.
Insert into parent_details set center_id='$center_id',name='$name',pin='$pin'
Thanks in advance.

Numbers and nulls should not be quoted, strings should. Additionally, your syntax for inserting is wrong:
INSERT INTO parent_details (center_id, name, pin)
VALUES ($center_id, '$name', $pin)

If you're using prepared statements you shouldn't have this problem in the first place:
$stmt = $db->prepare('Insert into parent_details
set center_id=:center, name=:name, pin=:pin');
$stmt->execute([
':center' => null,
':name' => 'foo',
':pin' => 'bar',
]);

field center_id data type is int but you may inserted string or special characters because of that is giving above error use below code try to insert integer to center_id column
insert into parent_details (center_id,name,pin) VALUES ($center_id, $name, $pin)

Related

Using WHERE IN (...) with PDO doesn't work when the string is bound

I have a query that looks like this:
UPDATE table SET column = UNIX_TIMESTAMP()
WHERE id IN (:idString)
Where idString is a string of comma separated ids and is passed to execute() in an array. To my surprise, when this query is executed, only the row with the first id in idString is updated.
After banging my head against the wall for a while, I finally decided to try it like this:
UPDATE table SET column = UNIX_TIMESTAMP()
WHERE id IN (' . $idString . ')
The second query works as expected.
Why won't the query work when I bind the string of ids using PDO?

In SQL, the string
'1,2,3,5,12'
Is a single value, and casting it in a numeric context, it will just have the value of the leading digits, so just the value 1.
This is much different from the set of multiple values:
'1', '2', '3', '5', '12'
Any time you use bound parameters, whatever you pass as the parameter value becomes just one single value, even if you pass a string of comma-separated values.
If you want to pass a set of multiple values to parameters in your SQL query, you must have multiple parameter placeholders:
UPDATE table SET column = UNIX_TIMESTAMP()
WHERE id IN (:id1, :id2, :id3, :id4, :id5)
Then explode your string of values and pass them as an array:
$idlist = array('id1' => 1, 'id2' => 2, 'id3' => 3, 'id4' => 5, 'id5' => 12);
$pdoStmt->execute($idlist);
For cases like this, I would recommend using positional parameters instead of named parameters, because you can pass a simple array instead of an associative array:
$pdoStmt = $pdo->prepare("UPDATE table SET column = UNIX_TIMESTAMP()
WHERE id IN (?, ?, ?, ?, ?)");
$idlist = explode(",", "1,2,3,5,12");
$pdoStmt->execute($idlist);
#mario adds a comment that you can use FIND_IN_SET(). That query would look allow you to pass one string formatted as a comma-separated string of values:
$pdoStmt = $pdo->prepare("UPDATE table SET column = UNIX_TIMESTAMP()
WHERE FIND_IN_SET(id, :idString)");
$pdoStmt->execute(["idString" => "1,2,3,5,12"]);
However, I usually don't recommend that function because it spoils any chance of using an index to narrow down the search. It will literally have to examine every row in the table, and during an UPDATE that means it has to lock every row in the table.

Your working solution is not good as it's subject to SQL INJECTION.
The reason it's not working is because you are allocating an array, instead of plain comma separated values.
You have to use implode to separate the values of the array, and then assign the comma separated values to a variable wich can be used by pdo.
Otherwise you can use instead of : $idString, ? in the select statement, and executing the prepared statement from and array which holds the $idString.
$query=$db->prepare("Select a From table where b =? order by 1;");
$query->execute(array($idString));

You are trying to pass a string as a set to a prepared statement. MySQL is trying to execute the query
-- assuming idString is "1,2,3,4,5"
UPDATE table SET column = UNIX_TIMESTAMP() WHERE id IN ("1,2,3,4,5");
instead of
UPDATE table SET column = UNIX_TIMESTAMP() WHERE id IN (1,2,3,4,5);
you'll have to either use the statement
UPDATE table SET column = UNIX_TIMESTAMP() WHERE id == ?
and execute it for however many id's you have or prepare the statement by injecting id string into the query

When binding, PDO expects a single value. Something like this will work, given your $idString above (though if you have the source array, even better!):
$ids = explode(',', $idString);
$placeholders = implode(', id', array_keys($ids));
if($placeholders) {
$placeholders = 'id' . $placeholders;
$sql = "UPDATE table SET column = UNIX_TIMESTAMP()
WHERE id IN ({$placeholders})";
// prepare your statement, yielding "$st", a \PDOStatement
$st = $pdo->prepare($sql);
// bind every placeholder
foreach($ids as $key => $id) {
$st->bindValue("id{$key}", $id);
}
// execute
$st->execute();
}

MySQL error when submitting '' in an array

I have a PHP loop that's auto-generating an array to INSERT into a table. But I get this error:
Database query failed: Incorrect integer value: '' for column 'id' at row 1
Last SQL query: INSERT INTO users(id, email, password, first_name, last_name) VALUES ('', 'test#user.com', 'fljhdsfsd', 'John', 'Doe')
I've tried setting the id field as No Null and Null, but that didn't help.
Any ideas? Thanks in advance for your help.

If your id field is an auto-incremented column then you can simply omit it from the INSERT query.
INSERT INTO users(email, password, first_name, last_name)
VALUES ('test#user.com', 'fljhdsfsd', 'John', 'Doe');
An id will be generated automatically.

Your Mysql is running in the strict mode. You have to pass the NULL if you have no value for that column, if the column is auto increment you can keep out this column from query.
Once try the below query, I believe this will work.
INSERT INTO users(id, email, password, first_name, last_name)
VALUES (NULL, 'test#user.com', 'fljhdsfsd', 'John', 'Doe')

If id field is auto incremented you can skip that field. If not then read error, it says "Incorrect integer value" and you are giving '' witch is string. In this case before every insert you should fetch max id from database and increment it, or use any other ID generation.

This is happened because your id field in database now contains only integer value. and blanck is not a integer value. Just change the data type on your database.
Just change your datatype id "integer" to "varchar", tick out the "auto increment" and put a length like "250" field in database, then run your query.

Setting variable's database value to NULL instead of empty string

In my SQL database there're many fields like this:
Field Type:Text Null:Yes Default:NULL
My INSERT looks like this:
INSERT INTO tbl (col,col,col,...) VALUES ('val','val','val',...)
Now, those quotes in my INSERT statement's values are inserting '' (empty string) in to the database when what I really want is nothing (NULL).
So I tried
if (isset($_POST['title'])) {$newTitle = mysql_real_escape_string(trim($_POST['title']));} else {$newTitle = NULL;}
and that just inserts 'NULL' - the string containing the word NULL.
What can I do to be certain my NULL values are inserted properly?

What you have is fine, but you need to combine it with a prepared statement...
// prepare the statement
$stmt = $mysqli->prepare("INSERT INTO tbl (title, x,y,z) values (?,?,?,?)");
$stmt->bind_param($newTitle, $x,$y,$z);
$x = 'hello, world';
// execute prepared statement
$stmt->execute();
If x or newTitle are NULL, they will be NULL in the DB

You can try by adding a NULL without the quotes example below:
INSERT INTO tbl (col,col,col,...) VALUES (NULL,'val','val',...)
Also make sure the column that you want to have a pure null must have the allowed NULL ticked.

Don't specify the field in INSERT INTO or provide a value.
If you have 3 fields, f1 f2 f3
And you
INSERT INTO tbl (f1, f3) VALUES ('something', 'something')
Then f2 will not be inserted and default to null.

I use '0' instead of null. When you use if statements you can run queries like
if($row['f2'] == 0){...
Rather than null :)

Having trouble with SQL query

I'm using this query (I changed it):
// SQL query
$squl = "INSERT INTO 'messages' ('id','name' ,'email' ,'subject' ,'content','userid') VALUES ( null,'".$name."', '".$mail."', '".$subject."', '".$content."','');";
// mysql query
$query = mysql_query($squl) or die("message query problem: ". mysql_error());
I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''messages' ('id','name' ,'email' ,'subject' ,'content','userid' )VALUES ( null,'' at line 1
What is causing this?

.``) You used a period here instead of a comma so the function is only receiving 5 columns when it needs 6.
Update:
As the commenter below points out, you've replaced the backticks with quotation marks.
$squl="INSERT INTO `messages` (`id`,`name` ,`email` ,`subject` ,`content`,`userid` )VALUES ( null,'$name', '$mail', '$subject', '$content','');";

(id,name ,email ,subject ,content,userid )
( NULL,".$name.", ".$mail.", ".$subject.", ".$content."**.**``);
you are using '.' instead of ,

Well, that's about the clearest message you get from SQL. You try to insert 5 values into 6 columns.
The problem that there's no comma between the last two values. Instead there's a . which makes the parser think it's only one value.

You are trying to insert into 6 columns:
id
name
email
subject
content
userid
But have only specified 5 values:
NULL
$name
$mail
$subject
$content

You've got a dot where you should have a comma:
".$subject."`, `".$content."`.``);";
Change that last dot to a comma and you should be golden

You've got 6 fields in your fields list, but are inserting only 5 values in your values list. Looks like you've got a . instead of a ,:
`, `".$subject."`, `".$content."`.``
^--- here
As well, there is NO reason to use repeated string concatenation as you are. PHP can insert variables into double-quoted strings quiet easily:
$sql = "INSERT INTO .... (...) VALUES (NULL, '$name', '$mail', '$subject', '$content', '')";
Note that the 'null' value is not quoted. Backticks are there to escape reserved words. If you intend to insert a real database null, then use the bare word null. If you want a literal string 'null' to go in, then quote it normally: 'null'.

You have six fields listed the first set of parentheses and only five fields in VALUES. That's what column count means.

PHP/MySQL Insert null values

I'm struggling with some PHP/MySQL code. I am reading from 1 table, changing some fields then writing to another table, nothing happens if inserting and one of the array values is null when I would like it to insert null in the database (null values are allowed for the field). It looks a bit like this:
$results = mysql_query("select * from mytable");
while ($row = mysql_fetch_assoc($results) {
mysql_query("insert into table2 (f1, f2) values ('{$row['string_field']}', {$row['null_field']});
}
Not every row has a null value and in my query there are more fields and 2 columns which may or may not be null

This is one example where using prepared statements really saves you some trouble.
In MySQL, in order to insert a null value, you must specify it at INSERT time or leave the field out which requires additional branching:
INSERT INTO table2 (f1, f2)
VALUES ('String Value', NULL);
However, if you want to insert a value in that field, you must now branch your code to add the single quotes:
INSERT INTO table2 (f1, f2)
VALUES ('String Value', 'String Value');
Prepared statements automatically do that for you. They know the difference between string(0) "" and null and write your query appropriately:
$stmt = $mysqli->prepare("INSERT INTO table2 (f1, f2) VALUES (?, ?)");
$stmt->bind_param('ss', $field1, $field2);
$field1 = "String Value";
$field2 = null;
$stmt->execute();
It escapes your fields for you, makes sure that you don't forget to bind a parameter. There is no reason to stay with the mysql extension. Use mysqli and it's prepared statements instead. You'll save yourself a world of pain.

I think you need quotes around your {$row['null_field']}, so '{$row['null_field']}'
If you don't have the quotes, you'll occasionally end up with an insert statement that looks like this: insert into table2 (f1, f2) values ('val1',) which is a syntax error.
If that is a numeric field, you will have to do some testing above it, and if there is no value in null_field, explicitly set it to null..

For fields where NULL is acceptable, you could use var_export($var, true) to output the string, integer, or NULL literal. Note that you would not surround the output with quotes because they will be automatically added or omitted.
For example:
mysql_query("insert into table2 (f1, f2) values ('{$row['string_field']}', ".var_export($row['null_field'], true).")");

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Incorrect integer value for a column - php

Numbers and nulls should not be quoted, strings should. Additionally, your syntax for inserting is wrong: INSERT INTO parent_details (center_id, name, pin) VALUES ($center_id, '$name', $pin)

If you're using prepared statements you shouldn't have this problem in the first place: $stmt = $db->prepare('Insert into parent_details set center_id=:center, name=:name, pin=:pin'); $stmt->execute([ ':center' => null, ':name' => 'foo', ':pin' => 'bar', ]);

field center_id data type is int but you may inserted string or special characters because of that is giving above error use below code try to insert integer to center_id column insert into parent_details (center_id,name,pin) VALUES ($center_id, $name, $pin)

Related

Using WHERE IN (...) with PDO doesn't work when the string is bound

MySQL error when submitting '' in an array

Setting variable's database value to NULL instead of empty string

Having trouble with SQL query

PHP/MySQL Insert null values

Categories

Resources