My function, need to check i the email in use. if the email not registered yet.
the code will check if the username at use. if its not registered before.
its need to start the proccesing of the INSERT Mysqli_query.
than the problem starts, its not show any prob & its check the email & username rightly,
only the mysqli_query command, doesn't work.
1)Why its not work?
2)How to make it more secure?
My code:
if(empty($error)){
$sqlcon = mysqli_connect("localhost","baruch","","developers");
$checkemail = mysqli_query($sqlcon,"SELECT `email` FROM `users` WHERE email='$email'");
if(mysqli_num_rows($checkemail)){echo "האימייל".$email.".בשימוש בחרו באימייל אחר.";}else{
$checkusername = mysqli_query($sqlcon,"SELECT `username` FROM `users` WHERE username='$username'");
if(mysqli_num_rows($checkusername)){echo "שם המשתמש: <strong>".$username."</strong> ,נמצא בשימוש ביחרו שם משתמש אחר.";}else{
mysqli_query($sqlcon, "INSERT INTO `users` (`ID`, `fullname`, `username`, `password`, `email`, `birthday`, `tags`, `gold`, `activation`, `avatarurl`) VALUES ('', '$fullname', '$username', MD5('$password'), '$email', '$birthday', '$tags', '0', '0', MD5('".rand()."'), '')");
echo $fullname." נרשמת בהצלחה לאתר, בשם המשתמש:".$username;
}
}
mysqli_close($sqlcon);
}
You have column mismatch error,
Try this,
mysqli_query($sqlcon, "INSERT INTO `users` (`ID`, `fullname`, `username`, `password`, `email`, `birthday`, `tags`, `gold`, `activation`, `avatarurl`)
VALUES ('', '$fullname', '$username', MD5('$password'), '$email', '$birthday', '$tags', '0', '0', '')");
mysqli_real_escape_string() all these $variables: ('', '$fullname', '$username', MD5('$password'), '$email', '$birthday', '$tags', '0', '0', MD5('".rand()."'), '').
Like: $fullname = mysqli_real_escape_string($connection, $fullname); and such...
Or use a prepared statement to take care of things for you.
Related
Sample code:
echo $mylinks;
Outputted echo:
http://www.google1.com|http://www.google2.com
I want to insert each of these into a database table.
Here's what I was trying to use:
INSERT INTO `backlinks` (`id`, `link`, `apikey`, `date`) VALUES (NULL, '".$mylinks."', '11bebe13ae7fe257d9ddba22a9d1eea3', CURRENT_TIMESTAMP);
The problem is, it's inserting into the database like this basically:
INSERT INTO `backlinks` (`id`, `link`, `apikey`, `date`) VALUES (NULL, 'http://www.google1.com|http://www.google2.com', '11bebe13ae7fe257d9ddba22a9d1eea3', CURRENT_TIMESTAMP);
Whereas I want each URL to be entered into its own row like this:
INSERT INTO `backlinks` (`id`, `link`, `apikey`, `date`) VALUES (NULL, 'http://www.google1.com', '11bebe13ae7fe257d9ddba22a9d1eea3', CURRENT_TIMESTAMP);
INSERT INTO `backlinks` (`id`, `link`, `apikey`, `date`) VALUES (NULL, 'http://www.google2.com', '11bebe13ae7fe257d9ddba22a9d1eea3', CURRENT_TIMESTAMP);
URLs are separated by a pipe (|) - there's normally more than one URL that's submitted, but sometimes there's only a single URL - in case that makes a difference.
So how do I submit the URLs into my database so each is on a separate row?
mysql will not split that for you, you need to split it yourself.
$stmt = $pdo->prepare("INSERT INTO `backlinks` (`id`, `link`, `apikey`, `date`) VALUES (NULL,:link, '11bebe13ae7fe257d9ddba22a9d1eea3', CURRENT_TIMESTAMP)");
foreach (explode("|", $mylinks) as $link) {
$stmt->execute(array(":link" => $link))
}
You can convert this string to an array with php explode function and after that insert data like this:
$array = explode('|', $mylinks);
foreach($array as $key => $value)
//Insert $value into table
This question already has answers here:
php/mysql with multiple queries
(3 answers)
Closed 7 years ago.
This is what i want to do but with lots of records. When i try this i get this kind of error:the error message i get
this is my currant php and when i submit it no record is added.
$sql = "INSERT INTO `people` (`id`, `firstname`, `lastname`, `email`, `reg_date`) VALUES (NULL, 'firstnameA', 'surnameA', 'example1#email.com', CURRENT_TIMESTAMP);
INSERT INTO `people` (`id`, `firstname`, `lastname`, `email`, `reg_date`) VALUES (NULL, 'firstnameB', 'surnameB', 'example#email.com', CURRENT_TIMESTAMP);
" ;
However this code works but i am only adding one record
$sql = "INSERT INTO `people` (`id`, `firstname`, `lastname`, `email`, `reg_date`) VALUES (NULL, 'tom', 'walker', 'tom#walker.com', CURRENT_TIMESTAMP);
"
You just need to duplicate the values portion, like this:
$sql = "INSERT INTO `people` (`id`, `firstname`, `lastname`, `email`, `reg_date`)
VALUES (NULL, 'tom', 'walker', 'tom#walker.com', CURRENT_TIMESTAMP),
(NULL, 'bob', 'jones', 'bob#jones', CURRENT_TIMESTAMP)";
Use mysqli_multi_query check out:
http://php.net/manual/en/mysqli.multi-query.php
$query = "INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')" or die(mysqli_error($con));
mysqli_query($con, $query);
I wrote this code... I don't have anything in my base after inputing
$query = "INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')" or die(mysqli_error($con));
mysqli_query($con, $query);
Replace with:
$query = "INSERT INTO `users` (name, lname, uname, email, pass) VALUES ('$name', '$lname', '$uname', '$email1', '$pass1')" or die(mysqli_error($con));
mysqli_query($con, $query);
No need to put your column names in quotes.
Also, if your ID is auto_increment, you don't need to add it in your insert query.
An or die(mysqli_error($con)); makes no sense as part of setting a string literal. So try recoding like this so that you are looking for errors from the right place.
$query = "INSERT INTO `users`
(`id`, `name`, `lname`, `uname`, `email`, `pass`)
VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')" ;
$result = mysqli_query($con, $query);
if ( $result === FALSE ) {
echo mysqli_error($con);
exit;
}
I have a table in hte same database similar to this that has no difference in syntax or format. Yet I get the above mentioned error? I have done everything I know to fix it, but not sure what I have done wrong. I have an image of the structure as well.
$sql = "INSERT INTO `FormInfo` (`first_name`,
`last_name`,
`company`,
`address`,
`province`,
`postal`,
`telephone`,
`fax`,
`email`,
`comment`)
VALUES ('$good_data[first_name]',
'$good_data[last_name]',
'$good_data[company]',
'$good_data[address]',
'$good_data[province]',
'$good_data[postal]',
'$good_data[telephone]',
'$good_data[email]',
'$good_data[comment]')";
mysqli_query($cxn, $sql) or die ("Couldn't insert into Database: " . mysqli_error($cxn));
What am I missing here?
You are missing your $good_data[fax] argument
EDIT: Also, please consider the way you are calling your objects in your array is bad practice. See this for more information
try to change,
$sql = "INSERT INTO `FormInfo` (`first_name`, `last_name`, `company`, `address`, `province`, `postal`, `telephone`, `fax`, `email` ,`comment`) VALUES ('$good_data[first_name]', '$good_data[last_name]', '$good_data[company]', '$good_data[address]', '$good_data[province]', '$good_data[postal]', '$good_data[telephone]', '$good_data[email]', '$good_data[comment]')";
to
$sql = "INSERT INTO `FormInfo` (`first_name`, `last_name`, `company`, `address`, `province`, `postal`, `telephone`, `fax`, `email` ,`comment`) VALUES ('$good_data[first_name]', '$good_data[last_name]', '$good_data[company]', '$good_data[address]', '$good_data[province]', '$good_data[postal]', '$good_data[telephone]', '$good_data[email]', '$good_data[comment]', '$good_data[fax]')";
You are missing insert value for fax column:
$SQL = "INSERT INTO `FormInfo`
(`first_name`,
`last_name`,
`company`,
`address`,
`province`,
`postal`,
`telephone`,
`fax`,
`email`,
`comment`
)
VALUES (
'$good_data[first_name]',
'$good_data[last_name]',
'$good_data[company]',
'$good_data[address]',
'$good_data[province]',
'$good_data[postal]',
'$good_data[telephone]',
'$good_data[fax]',
'$good_data[email]',
'$good_data[comment]'
)";
I am in a process of converting my Existing MySQL to mysqli
But I can't get this piece of code correct
mysql_query("INSERT INTO `sendmsg`(`sendname`, `recievename`, `subject`, `body` , `mdate`, `mtime`) VALUES ('$sendname','$recievename','$subject','$body','$msgdate','$msgtime')");
$new_id = mysql_insert_id();
mysql_query("INSERT INTO `recievemsg`(`msgid`, `sendname`, `recievename`, `subject`, `body`, `mdate`, `mtime`, `status`) VALUES ($new_id,'$sendname','$recievename','$subject','$body','$msgdate','$msgtime','UNREAD')");
What I tried is given below but didn't work
$mysqli->query("INSERT INTO `sendmsg`(`sendname`, `recievename`, `subject`, `body` , `mdate`, `mtime`) VALUES ('$sendname','$recievename','$subject','$body','$msgdate','$msgtime')");
$new_id = mysqli_insert_id();
$mysqli->query("INSERT INTO `recievemsg`(`msgid`, `sendname`, `recievename`, `subject`, `body`, `mdate`, `mtime`, `status`) VALUES ($new_id,'$sendname','$recievename','$subject','$body','$msgdate','$msgtime','UNREAD')");
The Problem is with the $new_id = mysqli_insert_id(); statement bcoz the first query is executing
For mysqli Object oriented style to get the last inserted id use this
$mysqli->insert_id ;
http://www.php.net/manual/en/mysqli.insert-id.php
So your queries will be as
$mysqli->query("INSERT INTO `sendmsg`(`sendname`, `recievename`, `subject`, `body` , `mdate`, `mtime`) VALUES ('$sendname','$recievename','$subject','$body','$msgdate','$msgtime')");
$new_id = $mysqli->insert_id;
$mysqli->query("INSERT INTO `recievemsg`(`msgid`, `sendname`, `recievename`, `subject`, `body`, `mdate`, `mtime`, `status`) VALUES ($new_id,'$sendname','$recievename','$subject','$body','$msgdate','$msgtime','UNREAD')");