We Keep Coding

PHP insert into not inserting and not giving errors, but will insert into when using remote SQL [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I'm creating a small project that scrapes specific webshops and gives an alert when the price changed.
When I try to insert a new record (if price is up/down) it won't insert the record. A connection with the database is in place as I check if the last known price went up or down.
$sql = "INSERT INTO `product_prices` (`productId`, `shopId`, `url`, `originalPrice`, `lowestPrice`, `dateChanged`) VALUES ($productId, $shopId, '".$url."', '".$originalPrice."', '".$lowestPrice."', '".$dateChanged."')";
When I echo $sql it generates this:
INSERT INTO `product_prices` (`productId`, `shopId`, `url`, `originalPrice`, `lowestPrice`, `dateChanged`) VALUES ('1', '1', 'https://www.webshop.com/', '999,99', '800', '2020-07-28 15:04:30')
When I use a remote SQL client (like Sequal Pro) and paste the output of above line it will insert the record. What am I doing wrong?

Problem found, I wasn't using $mysqli->query($sql); after inserting. Now I will dive into SQL injection. Thanks #nico for the heads-up.

SQL Command Syntax Error? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I definitely regret asking such a simple question, but it's been driving me off the wall, and I'm not sure if it's because of an update or anything. But can anyone tell me what the error with the following SQL statement is?
$iname = mysql_query("SELECT * FROM calendarevents WHERE 'EventMonth'="January" AND 'EventDay'="1"")
or die(mysql_error());

This should work better, using correct quotes and backticks, please have a look at the query
$iname = mysql_query("SELECT * FROM calendarevents WHERE `EventMonth`= 'January' AND `EventDay`= 1 ")
SIDENOTE:
Please consider using PDO or mysqli_ instead of mysql_* functions.
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.

Use the following:
$iname = mysql_query("SELECT * FROM calendarevents WHEREEventMonth='January' ANDEventDay='1'")
or die(mysql_error());
The way that you have used double quotes (") is the first and the biggest of issues, and you should use backticks(`) instead of single quotes(') for escaping table and column names in mysql.

you cannot use double quotes ["] inside of a sql statement.
january and 1 need to be in single quotes instead of double.
You also don't need quotes around the field names.
"SELECT * FROM calendarevents WHERE 'EventMonth'="January" AND 'EventDay'="1""
should be
"SELECT * FROM calendarevents WHERE EventMonth='Januay' AND EventDay='1'"

$iname = mysql_query("SELECT * FROM `calendarevents` WHERE `EventMonth`="January" AND `EventDay`=1")
or die(mysql_error());

Try this:
$query = "SELECT * FROM calendarevents WHERE EventMonth='January' AND EventDay = '1'";
$iname = mysql_query($query);

Cant order by in PHP via SQL Database? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Im trying to order By "ItemLevel" in shops in a game I'm currently developing. it should be correct as because this code
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT)
Displays no errors.
Heres the ORDER BY ItemLevel line.
$item = mysql_query("SELECT * FROM knightG_{$shop["ItemCategory"]}s WHERE
ItemId='{$shop["ItemId"]}' ORDER BY ItemLevel ASC") or die (mysql_error());
I can give anyone more information if requested.
Thanks.

It should be
$item = mysql_query("SELECT * FROM knightG_{$shop['ItemCategory']}s WHERE
ItemId='{$shop['ItemId']}' ORDER BY ItemLevel ASC") or die (mysql_error());
instead. Inside of double string variable interpolation you must obmit the quotes around array indexes.
This is not valid if using braces surrounding arrays within strings allows constants, so you've got to use single quotes in your case. It may seem odd, but it's valid.
Better would be to move from the deprecated mysql_* functions to PDO or mysqli and use prepared statements with placeholders to bind inut values to. This will not take care of the problem of input parameters in identifiers for the names of columns or tables (the first input substitution here).

$sql = "SELECT * FROM knightG_{$shop['ItemCategory']}s";
$sql.= " WHERE ItemId='".$shop["ItemId"]."'";
$sql.= " ORDER BY ItemLevel ASC";
$item = mysql_query($sql) or die (mysql_error());
You should make sure though that your variables are safe from mysql injections.
Also I would advice to use PDO instead of the mysql extension. It is deprecated.

INSERT into sql database [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I've inserted into databases before but never used the 'where' feature. For some reason, it is not inserting, but dieing instead.
<?php
$member=$_SESSION['member'];
$SQL = "INSERT into members where name='$member'(money) VALUES ('100')";
mysql_query($SQL) or die("Could not insert money");
print "Money successfully inserted";
?>

This is not valid SQL:
INSERT into members where name='$member'(money) VALUES ('100')
I would assume something like this:
update `members` set `money`=100 where `name`='$member';
Rationale: (money) is a field and 100 is the value for money (since those 2 make the most sense from a INSERT INTO members (field) VALUES (value) syntax point of view).

Never die() with a fixed error message, especially when you can output the actual reason: ... or die(mysql_error()).
But yes, your problem is a syntax error. INSERT queries do NOT have a WHERE clause - where is used to filter records already in the database table. This makes no sense for a new record, because it's not IN the table to filtered in the first place.
You query should basically be just
INSERT into members (name, money) VALUES ('$member', '100')
And note that you are vulnerable to SQL injection attacks, and are using a deprecated/obsolete database interface.

If you want to change existing data, use the update command instead of insert.

You can't use WHERE clause with INSERT command
http://dev.mysql.com/doc/refman/5.0/en/insert.html
You have to do an update
<?php
$member=$_SESSION['member'];
$SQL = "UPDATE `members` SET `money`='100' WHERE `name`='$member'; ";
mysql_query($SQL) or die("Could not insert money");
print "Money successfully inserted";
?>

For inserting :
$SQL = "INSERT INTO members(money) VALUES ('100')";
MySQL INSERT Syntax does not support the WHERE clause. MySQL.com Insert Info
Are you actually trying to insert a new row, or update an existing 'member'? If update, then try:
UPDATE members SET money = 100, WHERE name='$member';

What is wrong with my code for creating a table in a MYSQL database? [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
$sql = "CREATE TABLE Persons(FirstName VARCHAR(30),
Lastname VARCHAR(30), AGE INT)PRIMARY KEY (Firstname)";
mysql_select_db('strsmi_database');
$query = "(mysql_query($sql, $con)";
if (! $query)
{
echo ("Could Not Create Table: " . Smysqli_error());
}
else
{
echo ("Table Created");
}
mysql_close($con);
?>
My output said that it had created the table but when I went into PHP Myadmin no table had been created.

Your closing paren after int should be a comma and the closing paren should go at the end.
CREATE TABLE Persons (
FirstName VARCHAR(30),
Lastname VARCHAR(30),
AGE INT,
PRIMARY KEY (Firstname)
);
EDIT:
You can see this work on SQL Fiddle here.

if (!$query) will evaluate as false since $query is a string.
its the same as if (!isset($query))
remove the quotes and outer parenthesis from $query = "(mysql_query($sql, $con)";
Also I recommend against using mysql_ functions. they're depreciated and will be removed in future versions.
you should use mysqli_ or pdo (my preference due to prepared statements)