I don't know what is wrong.
$result = $db->query("INSERT INTO post_items(`post_id`,`content`,`date`,`user_id`,`category_id`)
VALUES ('".$postid.", '".$content."', '".$date."', '".$user_id."', '".$category_id."')");
if($result) {
echo "hey";
}
How can I use mysqli_error function to check the cause of error? The syntax of PHP is just fine I think. I guess it has problem with my database.
You have a problem with single quotes. You have a ' just before your $postid, but not one after. This means that the SQL query will be seeing '$postid, ' as your first variable and then being confused about the remained.
Try changing your SQL to read:
$result = $db->query("INSERT INTO post_items(`post_id`,`content`,`date`,`user_id`,`category_id`)
VALUES ('".$postid."', '".$content."', '".$date."', '".$user_id."', '".$category_id."')");
Hope that helps.
Related
it says success but it doesnt really insert the values to Database. idk whats going on.
if($_POST['submit']){
$registerQuery = 'INSERT INTO `user`(firstname`, `lastname`, `email_address`, `password`, `mobile_number`,`location`) VALUES (
"'.$firstname.'",
"'.md5($password).'",
"'.$lastname.'",
"'.$emailaddress.'",
"'.$password.'",
"'.$mobile_number.'",
"'.$location.'");';
echo 'Success';
}
$qry = mysql_query($registerQuery);
Your echo statement is not wrapped in a conditional, and runs before the query is executed. As a result "Success" will be echoed no matter what.
Instead, you want to check the response of mysql_query to see whether it executed successfully, then take action (like echoing 'Success') based on that result.
mysql_query() always returns false on error, so you can check $qry to see if it is false:
if ($qry === false) {
echo "Query failed";
// take action as needed
}
else {
echo "Success";
// take action as needed
}
To see the exact error that caused the failure, use mysql_error(). You can execute this in the 'failed' section of code, above.
In this case, the failure was caused by two errors in your query:
Syntax
There is a missing backtick before 'firstname':
'INSERT INTO `user`(firstname`,
should be
'INSERT INTO `user`(`firstname`,
Column/Value Count Mismatch
Your query specifies that six columns will be filled:
(`firstname`, `lastname`, `email_address`, `password`, `mobile_number`,`location`)
but seven values were provided:
"'.$firstname.'",
"'.md5($password).'",
"'.$lastname.'",
"'.$emailaddress.'",
"'.$password.'",
"'.$mobile_number.'",
"'.$location.'");'
Deprecation Warning
Note: The mysql_* functions are deprecated; they have been replaced by PDO. Consider for safety and stability, consider modifying your code to use PDO.
It doesn't work because there are 7 values and 6 columns and you miss a backtick around the firstname column. The number of values and columns must be the same. You always echo Success because you don't check if $qry is false (it returns false on error). Finally, you should not use mysql_* functions because they are officially deprecated as of PHP 5.5. Use either PDO or MySQLi.
you are also missing a back-tick surrounding firstname...
should be:
$registerQuery = 'INSERT INTO `user`(`firstname`, `lastname`
I am using the following script to enter data into my database from a form. I have echo'd each of the values declared at the beginning and they are all coming across just fine.
include("connectmysqli.php");
echo '<link rel="stylesheet" href="http://towerroadacademy.co.uk/templates/rt_reflex_j16/css/template.css">';
if (isset($_GET['questionnaireID'])) {$questionnaireID = $_GET['questionnaireID'];}else {$questionnaireID = '';}
if (isset($_POST['newquestionnumber'])) {$questionnumber = $_POST['newquestionnumber'];}
if (isset($_POST['questionID'])) {$questionID = $_POST['questionID'];}else {$questionID = '';}
if (isset($_POST['question'])) {$question = $_POST['question'];}else {$question = '';}
if (isset($_POST['lowerlabel'])) {$lowerlabel = $_POST['lowerlabel'];}else {$lowerlabel = '';}
if (isset($_POST['middlelabel'])) {$middlelabel = $_POST['middlelabel'];}else {$middlelabel = '';}
if (isset($_POST['upperlabel'])) {$upperlabel = $_POST['upperlabel'];}else {$upperlabel = '';}
$stmt = $db->prepare("INSERT INTO `QuestionnaireQuestions` (`questionnaireID`, `questionnumber`, `questionID`, `question`, `lowerlabel`, `middlelabel`, `upperlabel`) VALUES ($questionnaireID', '$questionnumber', '$questionID', '$question', '$lowerlabel', '$middlelabel', '$upperlabel') WHERE questionnaireID='$questionnaireID';");
if (!$stmt) trigger_error($db->error);
$stmt->execute();
I keep getting the following error though and cant seem to trace what is causing it.
Notice: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', '3', '1947679104', 'questonofngdfngodfngo', 'lower', 'midddle', 'upper') WHER' at line 1 in /home2/towerroa/public_html/questionnaires/addanotherquestionsubmit.php on line 16 Fatal error: Call to a member function execute() on a non-object in /home2/towerroa/public_html/questionnaires/addanotherquestionsubmit.php on line 17
The table QuestionnaireQuestions looks like this :
id questionnaireID questionnumber questionID question lowerlabel middlelabel upperlabel
You're missing a quote on $questionnaireID:
INSERT INTO `QuestionnaireQuestions` (`questionnaireID`, `questionnumber`, `questionID`, `question`, `lowerlabel`, `middlelabel`, `upperlabel`) VALUES ('$questionnaireID', '$questionnumber', '$questionID', '$question', '$lowerlabel', '$middlelabel', '$upperlabel')
Also remove the WHERE clause.
UPDATE statements can use the WHERE statement to update existing database records based upon a condition. Granted INSERT SELECT statements can contain a WHERE, INSERT statements by themselves do not.
INSERT will not work with the WHERE condition,if only you want to UPDATE the row then you can use WHERE condition and replace this
VALUES ($questionnaireID',......
with
VALUES ('$questionnaireID',
You have missed a single quote and remove ';' from the end also.Now the query will be
$stmt = $db->prepare("INSERT INTO `QuestionnaireQuestions` (`questionnaireID`,
`questionnumber`, `questionID`, `question`, `lowerlabel`,
`middlelabel`, `upperlabel`) VALUES ('$questionnaireID',
'$questionnumber', '$questionID', '$question', '$lowerlabel',
'$middlelabel', '$upperlabel')");
But I must appreciate that you are using PDO statements instead of mysql_* deprecated functions
($questionnaireID'
should be
('$questionnaireID'
but you should really try working with prepared statements
Dreamweaver is reporting an error in the 3rd line of the following code:
if (isset($_POST['sitename']))
{
$query = "INSERT INTO dllist (name, url, pr) VALUES ( "$_REQUEST['sitename'], $_REQUEST['siteurl'], $_REQUEST['pagerank']" )";
$result = mysql_query($query)
or die("Query Failed".mysql_error());
echo "<br />Website Has been added<br />";
}
Also, when running the code in my browser the following error is reported
Parse error: syntax error, unexpected '$_REQUEST' (T_VARIABLE)
Can anybody tell me where the mistake is? I shall really be grateful.
The commas (and the fact your missing the containers around your values (e.g. single quotes)), it should be:
$query = "INSERT INTO dllist (name, url, pr) VALUES ('".$_REQUEST['sitename']."', '".$_REQUEST['siteurl']."', '".$_REQUEST['pagerank']."')";
Although this is still bad practice, and it has no SQL Injection protection.
You need to concatenate the string. Change VALUES (" to VALUES (" .
the values you put in insert query need to be single quoted individually like this:
$query = "INSERT INTO dllist (name, url, pr) VALUES ( '$_REQUEST['sitename']', '$_REQUEST['siteurl']', '$_REQUEST['pagerank']' )";
I'm having problems inserting a form $_POST variable to MySQL!
I know it's a single quote problem but simply cannot resolve it.
Code is:
$naziv_db = $_POST["naziv"];
$naziv_db = mysql_real_escape_string($naziv_db);
$query = "INSERT INTO items (title) VALUES ('$naziv_db')";
$stmt = mysql_query($query) or die("MySQL error: " . mysql_error());
If I enter a value containing " it inserts correctly, but if it contains ' then the error appears!
For example if my input is Milky's
error is: MySQL error: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version
for the right syntax to use near 's
If my input is "Milkys" everything goes well...
I'm new here, so can't post an answer to my own question so i have to edit!
Christian's solution was the right one!
I have changed the code:
$query = "INSERT INTO items (title) VALUES ('$naziv_db')";
to:
$query = 'INSERT INTO `items` (`title`) VALUES ("'.$naziv_db.'")';
and now it accepts both " and ' without error!
Thank you guys, you're the best :D
To avoid this entirely, you'd be best using a prepared statement.
There's a good example in the answer to this question.
Converted for your case, you get:
$db = new mysqli("host","user","pw","database");
$stmt = $db->prepare("INSERT INTO items (title) VALUES (?)");
$stmt->bind_param('s', $_POST["naziv"]);
$stmt->execute();
$stmt->close();
It's quite impossible to get such an error from your code.
Most likely there is a typo somewhere in it.
May be you're escaping wrong variable or it's another query producing this error
Are you sure you posted the code you actually running? is it exact code or some sketch?
change your mysql_query string to this one
mysql_query($query) or trigger_error(mysql_error()." ".$sql);
and paste it's output please.
or, even change whole code:
ini_set('display_errors',1);
error_reporting(E_ALL);
$naziv_db = $_POST["naziv"];
$naziv_db = mysql_real_escape_string($naziv_db);
$query = "INSERT INTO items (title) VALUES ('$naziv_db')";
var_dump($_POST["naziv"]);
echo "<br>\n";
var_dump($naziv_db);
echo "<br>\n";
var_dump($query);
echo "<br>\n";
mysql_query($query) or trigger_error(mysql_error()." ".$sql);
this is called "debugging" and usually helps.
Try addslashes - it's made for parsing strings into database-friendly content.
Hey guys, I'm using smarty and php I am trying to make this function work
{foreach $rows as $row}
<input type="checkbox" name="likes[]" value="{$row.ID}">{$row.Interests}<br>
{/foreach}
That there is the html/template for checkboxes, it grabs data from a table in my database
Now I am trying to store data into my database
// $likes = mysql_escape_string($likes);
$connection = mysql_open();
$insert = "insert into Users " .
"values (null, '$firstName', '$lastName', '$UserName', '$email', from_unixtime('$DOB'), '$join', '$gender')";
$result = # mysql_query ($insert, $connection)
or showerror();
$id = mysql_insert_id();
//echo $id; testing what it gets.
mysql_close($connection);
$connection = mysql_open();
foreach($likes as $like)
{
$insert3 = "insert into ProfileInterests " .
"values ('$id', '$like', null)";
$result3 = # mysql_query ($insert3, $connection)
or showerror();
}
mysql_close($connection)
or showerror();
}
That there is the script I am using to enter data into my database...there is more above which is just cleaning the user input really.
mysql_open() is my own function, so don't worry too much about that.
$likes = #$_POST['likes'];
that is what I am using to get the likes....I feel that this is wrong. I am not sure what to do....
I get this error at the moment. Invalid argument supplied for foreach()
I think this is completely to do with the variable $likes, I think it's not being treated like an array...any idea on what I should do.. I am quite a newbie.
The following line :
$likes = join(",",$likes);
is transforming your $likes array to a $likes string, containing the values and separating them by commas.
So, later, when you try to loop over $likes, its no longer an array : it's a string -- which explains the Invalid argument supplied for foreach().
Edit after the comment : when calling the following line :
$likes = mysql_escape_string($likes);
If your $likes is an array, you'll get some trouble, as mysql_escape_string works on a string.
Instead of trying to escape the whole array at once, you should use mysql_escape_string on each item, while looping over the array -- a bit like that :
foreach($likes as $like)
{
// escape the current item :
$escaped_like = mysql_real_escape_string($like);
$insert3 = "insert into ProfileInterests values ('$id', '$escaped_like', null)";
$result3 = # mysql_query ($insert3, $connection) or showerror();
}
As a sidenote : you should use var_dump() on your variables, while developing, to see what they contain ;-) It'll help you understand what your code is doing.