I've been searching around for a solution, but each one I've found seems to not be helpful, I'm not actually sure whats causing the issue.
If I run the below mysql, this inserts a record into the database.
INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)
What my program is currently doing is creating the above statement using parameters from page 1, then posting the mysql to page 2. On page 2 my code is simple.
$mysqli = $_POST['sqli'];
echo $mysqli; #this echo's out the above SQL insert line.
$result = mysqli_query($conn, $mysqli);
$updated = mysqli_affected_rows($conn);
$message = "You have inserted $updated row to the 'cust_v_lists' table.";
echo $message;
if (!mysqli_query($conn, $mysqli))
{
echo("Error description: " . mysqli_error($conn));
}
If I hard code the below:
$sqli = ;INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)';
This works fine, but when I post it I get the error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('w' at line 1
I first thought this was a post limit or something to 40 chars, but when I echo out the mysqli posted it seems ok, I changed the limits in php.ini just in case but this didn't help. I then updated this to a string using $mysqli = (string)$mysqli but this also didn't help. Has anyone seen this before? I don't want to hard code this, I need the query to be completely dynamic and readable from $_POST.
$sqli = ;INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)';
needs to be
$sqli = "INSERT INTO cust_v_lists (Customer_name, Customer_ref) VALUES ('wouldja', 133)";
Try this insert statement
$sqli = "INSERT INTO cust_v_lists (Customer_name, Customer_ref)
VALUES ('wouldja',133)";
Related
PHP won't let me insert my username field into the database for some reason:
$username = "<a href='user.php?user=".$_SESSION['username']."'>#".$_SESSION['username']."<a>";
/* Query database to save user's post */
/* If field "repostid==0", then the post is not a repost; if the field "repostid>0", then the post is a repost with the field "repostid" linking to the id of the post to be reposted */
$result = mysqli_query($connection, "INSERT INTO posts (user, content, repostid, date) VALUES ('$username', '$final_repostinfo', '$_GET[postid]', '$date_string')");
if (!$result)
{
die('Cannot query. Error: ' . mysqli_error($connection));
}
The returned PHP syntax error:
Cannot query. Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'user.php?user=shawn619'>#shawn619', 'fifth', '8', '01/12/2013 21:38:56')' at line 1
You can solve it by separating the html markup.
I had a similar problem when trying to insert html markup into a database.
Leave $username as being just $_SESSION['username'], then when you need to retrieve the value from the database THAT'S when you add the html markup.
For example, I was trying to cut corners by having the markup entered into the database, rather than putting it where it needs to be used.
I had the following PHP code:
$image = "<img src='".$_FILES['image']['name']."' />";
$query = mysql_query("INSERT INTO news VALUES (CURRENT_DATE,'$image')");
Then in the page I was using to retrieve data from the database:
echo $row['images'];
I discovered that what I SHOULD be doing is PHP code:
$image = $_FILES['image']['name'];
$query = mysql_query("INSERT INTO news VALUES (CURRENT_DATE,'$image')");
and put the markup in its proper place:
echo "<img src='";
echo $row['images'];
echo "' />";
I think you can implement a similar strategy to your code to fix the problem.
NOTE: mySQL is now depreciated, but you can use this technique with it's successors, mySQLi and PDO.
It's because of the single quotes. Try:
$result = mysqli_query($connection, "INSERT INTO posts (user, content, repostid, date) VALUES ('".mysql_real_escape_string($username)."', '$final_repostinfo', '$_GET[postid]', '$date_string')");
Or
$result = mysqli_query($connection, "INSERT INTO posts (user, content, repostid, date) VALUES ('".add_slashes($username)."', '$final_repostinfo', '$_GET[postid]', '$date_string')");
I'm getting a mysql error saying "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near..."
Here's the basics of my code:
First I'm populating the select menu options with rows from the categories table. This is working fine:
<select id="dropdown-select" name="Name">
<option value="" id="dropdown-option">Please select a category.</option>
<?php
$query_categories = "SELECT * FROM categories";
$result_categories = mysql_query($query_categories) or die(mysql_error());
while($categories_row = mysql_fetch_array($result_categories)) {
echo '<option id="dropdown-option" value="' . $categories_row['cat_name'] . '">' . $categories_row['cat_name'] . '</option>';
}
?>
</select>
Later, when I go submit the form to the transactions table (the above table I pulled data from was the categories table, could this be a problem?) is when I get the error. I think its related to the above code bc if I remove this element from my form submission, it writes the rest of the values to the database without any errors.
if(!isset($_POST['Name'])) {
die('You must select an income or expense from the drop down menu.');
} else {
$Name = $_POST['Name'];
}
//create query
$query = "INSERT INTO transaction (month, trans_name, budgeted, actual) VALUES ('$Month', '$Name', $Budgeted', '$Actual')";
$result = mysql_query($query) or die("Error in query: $query. " . mysql_error());
Thanks for any help you can provide.
You are missing a single quote in your insert statement before $Budgeted
INSERT INTO transaction (month, trans_name, budgeted, actual) VALUES ('$Month', '$Name', '$Budgeted', '$Actual')"
If you have some fields which are defined in Database as VARCHAR, CHAR.
Also, if you are inserting a string value in Database from a PHP script, you need to add an enclosing single quote (') around it.
In your case, you are inserting a string without semicolons, so, it showing error in MySQL.
Your statement should be corrected by adding a single quote around $budget as:
$query = "INSERT INTO transaction (month, trans_name, budgeted, actual) VALUES ('$Month',
'$Name', '$Budgeted', '$Actual')";
------^
The error "You have an error in your SQL syntax" is exactly correct!
$query = "INSERT INTO transaction (month, trans_name, budgeted, actual)
VALUES ('$Month', '$Name', $Budgeted', '$Actual')";
Look here, you missed something ----^
There is a ' missing from your statement causing the syntax error. Put the single quote in and you should be good to go!
EDIT:
Im trying to submit a form with a title and body but i want the title to go to one table and body to go to another table, this in itself i can do but i need the ID generated from the title being inserted into its table to then be inserted into a field in the table the body is inserted so as to keep them linked.
What i have so far: I know its not pretty and its not safe, i will be reworking them once i learn how to do it properly.
if (#$_POST['post'])
{
$body = #$_POST['body'];
$title = #$_POST['title'];
$BoardID = #$_POST['BoardID'];
$MemberID = #$_POST['MemberID'];
$date = date("Y-m-d H:i:s");
include ('connect.php');
$insert = mysql_query("INSERT INTO threads VALUES ('','$BoardID','$title','$date','$MemberID','','')");
if($insert) {
header("location: ?p=posts&thread=$Thread_ID");
exit();
}
}
I need to somehow get $Thread_ID which has been generated in the insert and add that to a second insert for adding body to the post table, if that makes sense.
I tried getting the latest $Thread_ID and adding +1 but if multiple threads are posted at once they might get crossed over.
How would i go about fixing this?
The PHP manual tell us:
This extension Mysql is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used.
(see ref.)
You must use mysqli or PDO, to make a connection between PHP and a MySQL database.
mysqli
If you want the id of the inserted row, you can use $mysqli->insert_id (ref)
Example:
$query = "INSERT INTO myCity VALUES (NULL, 'Stuttgart', 'DEU', 'Stuttgart', 617000)";
$mysqli->query($query);
printf ("New Record has id %d.\n", $mysqli->insert_id);
PDO
If you want the id of the inserted row, you can use $dbh->lastInsertId(); (ref)
And don't forget to sanatize all your inputs.
You need to execute both insert queries separately.
$insert = "INSERT INTO threads VALUES ('','$BoardID','$title','$date','$MemberID','','')";
$result = #mysql_query($insert);
$Thread_ID=#mysql_insert_id();
$insert = "INSERT INTO posts VALUES ('','$BoardID',$Thread_ID','$body','$date','$MemberID')";
$result = #mysql_query($insert);
Thanks,
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if($username&&$password)
{
$connect = mysql_connect("CiniCraftData.db.55555555.hostedresource.com", "CiniCraftData", "*********") or die("Couldn't Connect");
mysql_select_db("CiniCraftData") or die ("Couldn't Find Database");
$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('$username')";
$result = mysql_query($query) or die("Error occurred.");
}
else die("Please enter a username and password.");
?>
For this part of the code:
$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('$username')";
The VALUES seem to not be working properly, I need whatever the string value of $username is to be inserted into my CiniUsers database. What do I need to do to make the code above work? I'm very new to php and sql syntax and the guides I'm finding online are all completely different from each other as if they keep updating php.
Try reviewing this part:
$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('$username')";
The syntax is:
$query = "INSERT INTO table (column) VALUES ('$strvar')";
What is the column name you wanted to insert into?
If it is username.CINIDAT then try removing the qoutes.
Like this:
$query = "INSERT INTO CiniUsers (username.CINIDAT) VALUES ('$username')";
or maybe your column is named username so:
$query = "INSERT INTO CiniUsers (username) VALUES ('$username')";
UPDATE
The query from your comment, change it to this:
$query = "INSERT INTO CiniUsers (username.CINIDAT) VALUES ('$username')";
The format for the SQL statement is as so:
INSERT INTO nameOfTable (column1, column2, column3, etc) VALUES ('column1', 'column2', 'column3', 'etc')
You MUST make sure that you are using the field names exactly as they are stored in MySQL.
Your SQL could appear like so:
$query = "INSERT INTO CiniUsers (username) VALUES('$username')";
OR
$query = "INSERT INTO CiniUsers (username) VALUES('{$username}')";
Another thing that may help is that your die() statement is not very helpful. Yes, it is a bummer when your php program quits early, but it will save you a lot of time and frustration if you know why it quit. Although you may still be learning PHP and MySQL and may not know what the errors mean, they will start to make sense the more you see them and can tell you whether your query was bad, the connection failed or many more things. Change to something like this:
$connect = mysql_connect("CiniCraftData.db.55555555.hostedresource.com", "CiniCraftData", "*********") or die("Couldn't Connect: mysql_error()");
mysql_select_db("CiniCraftData") or die ("Couldn't Find Database: mysql_error()");
...
$result = mysql_query($query) or die("Some kind of error occurred...Query failed: mysql_error()");
You find that seeing the mysql_error() will help you solve problems like this much faster.
USE phpMyAdmin to test your query out, your query may be working perfectly. It is really the only way to know for sure. Use the suggested SQL and replace the PHP variable with some dummy data like "testUsername_1". If the query works, you will have manually added the username to the db, if not, the problem lies in SQL statement.
Here is some documentation on SQL INSERT INTO statements if you need more details:
http://www.w3schools.com/sql/sql_insert.asp
I think you should use mysqli or pdo. This liberary you are using is deprecated.
That said, what is username.CINIDAT? I think this is where your problem is. It should be something like this
$query = "INSERT INTO CiniUsers (username) VALUES('$username')";
I am assuming that CiniUsers is the table name and username is the column name.
The simplest way is to build the query by concatenating the statement with the value.
$query = "INSERT INTO CiniUsers ('username.CINIDAT') VALUES('".$username."')";
Without validation, this is not a very good idea, or something like this is very easy.
This is the SQL:
TRUNCATE TABLE `dc_path`;
INSERT INTO dc_path (coords) VALUES('(40.64406436923055, -8.638539251709062)');
INSERT INTO dc_path (coords) VALUES('(40.62791121610622, -8.615193304443437)');
INSERT INTO dc_path (coords) VALUES('(40.62895347295352, -8.6625718444825)');
If I try to execute that query on phpmyadmin it works just fine, but through php it gives me this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO dc_path (coords) VALUES('(40.64406436923055, -8.638539251709062)');I' at line 1
I tried many things and I can't work it out!
Thanks in advance.
Edit:
PHP
function insertPath($coords){
$conn = connectDB();
$coords = explode(";",$coords);
$sql = "";
$sql = "TRUNCATE TABLE `dc_path`; ";
for($i=0;$i<count($coords)-1;$i++){
$sql .= "INSERT INTO dc_path (coords) VALUES('".$coords[$i]."');";
}
echo $sql;
$query = mysql_query($sql, $conn) or die(mysql_error());
closeDB($conn);
return true;
}
the $coords variable contains something like these values:
(40.638854101691635, -8.6515855163575);(40.629474595277166, -8.63235944213875);
You cannot perform several queries in one mysql_query() call.
So split that string to 4 separated queries (without ; in the end) and everything will work
Don't use the old mysql_connect API, use mysqli - which supports multiple statements in one.
Read more about the different PHP - mySQL apis here: http://www.php.net/manual/en/mysqlinfo.api.choosing.php
There it says that the old mysql API is not recommended for new projects, and that long term deprecation has been announced.
What function are you using to run this? If you're using mysql_query then you can only do one query at a time, however you can merge the insert statements into one like
INSERT INTO dc_path (coords) VALUES
('(40.64406436923055, -8.638539251709062)'),
('(40.62791121610622, -8.615193304443437)'),
('(40.62895347295352, -8.6625718444825)');
function insertPath($coords){
$conn = connectDB();
$coords = explode(";",$coords);
mysql_query("TRUNCATE TABLE `dc_path`", $conn);
for($i=0;$i<count($coords)-1;$i++){
mysql_query("INSERT INTO dc_path (coords) VALUES('".$coords[$i]."')", $conn);
}
closeDB($conn);
return true;
}
You cannot query more than one statement using mysql_query().
Query like this
for($i=0;$i<count($coords)-1;$i++){
$sql = "INSERT INTO dc_path (coords) VALUES('".$coords[$i]."');";
$query = mysql_query($sql, $conn) or die(mysql_error());
}