New to php/mysql so please bear with me.
The code below is fed data by a form in the previous sheet. I do not get any error messages when inserting the records but when I check the table, the last character of the empno and buntg fields are missing. For empno, 0001 is displayed on screen but the value inserted in the table is 000. For buntg, 14000101 is displayed but 1400010 is inserted. No problem with opr tho.
<?php
$wopr = $_POST['operations'];
$empno = $_POST['empno2'];
$btg = $_POST['buntag2'];
echo $empno . "<br/>" . $btg . "<br/>" . $wopr . "<br/>";
$loaddat = "INSERT INTO ticket_data (empno,buntg,opr) VALUES ('$empno', '$btg', '$wopr')";
mysql_connect("localhost", "root", "") or die (mysql_error());
mysql_select_db("test_database") or die (mysql_error());
mysql_query($loaddat) or die (mysql_error());
echo "Ticket Submitted. <br/> Ref. No: " . mysql_insert_id() . "<br/> Thank You.";
mysql_close();
?>
In ticket_data table, empno is varchar(4), buntg is varchar(8), opr is text. Collation is utf8_unicode_ci. When I dont use the variables and hardcode the values on $loaddat, they insert correctly, so I'm not sure if this has something to do with collation.
I am using XAMPP v.3.2.1 on windows 7. Thanks in advance.
Edit: Question was partially answered by the comments below. However, I still don't understand why I have to use different varchar lengths to insert the same data, but using different methods. Perhaps someone can enlighten me on this. Cheers!
Edit #2: I found that changing the varchar length works in inserting the data, but my validation methods now do not work. After changing the data type in all related tables, the query below now returns all occurrences of opr, regardless of the 'NOT IN' condition.
SELECT style_ops.opr FROM style_ops WHERE style_ops.style='$sty' AND style_ops.opr NOT IN (SELECT ticket_data.opr FROM ticket_data WHERE ticket_data.buntg='$btg')
When they were in varchar 4 and 8, everything works, except for the insert. Im reverting back to 4 and 8 and hoping that someone can address my original problem. Thanks again!
Edit#3: Problem solved. Thanks to a comment below, I looked at my input fields and found leading and trailing spaces on the form html code. Took them out and now its working sweet. Took note of SQLI and modified code accordingly.
Thanks.
Related
I've been fighting with a bit of code for a week now, not seeing what the heck is wrong...
I have a gaming site I'm trying to build new character sheets for, the form is all done, the action pointing to another page that is strictly the sql for inserting the information into the database. We have good connection, but it is hanging at the second insert statement. The code was working previously, but we had to delete the database and rebuild it, resulting in a rebuild of the insert sql lines.
The first portion of the insert code is:
if($_POST['Submit']=="Submit")
{
$sql="INSERT INTO accounts (log_name,owner,account_type,date_joined) VALUES (\"$_POST[char_name]\",\"$_SESSION[logname]\",\"$_POST[account_type]\",NOW())";
$result = mysql_query($sql)
or die("<p>Couldn't add character.<br/>".mysql_error()." in accounts.<br/>Please send this exact message to <a href='mailto:savvannis#houston-by-night.com'>Savvannis</a> with your character's name.</p>");
echo $result;
echo $_SESSION['logname'];
$sql="INSERT INTO topdata (log_name,char_venue,sub_venue,species,char_name,create_date,gender,age,appage,nature,demeanor,concept,description,web_site,view_pword,sfa) VALUES (\"$_SESSION[logname]\",\"$_POST[char_venue]\",\"$_POST[sub_venue]\",\"$_POST[species]\",\"$_POST[char_name]\",NOW(),\"$_POST[gender]\",\"$_POST[age]\",\"$_POST[appage]\",\"$_POST[nature]\",\"$_POST[demeanor]\",\"$_POST[concept]\",\"$_POST[description]\",\"$_POST[web_site]\"\"$_POST[viewpw]\",\"$_POST[sfa]\")";
$result=mysql_query($sql)
or die ("<p>Could not create character.<br/>".mysql_error()." in topdata.<br/>Please send this exact message to <a href='mailto:savvannis#houston-by-night.com'>Savvannis</a> with your character's name.</p>");
echo $result;
When the information is entered into the form and submit is hit, I get the following:
1
Could not create character.
Column count doesn't match value count at row 1 in topdata.
Please send this exact message to Savvannis with your character's name.
I look at the database and the information is entered into the accounts table, so that statement is working, but it is hanging up on the topdata table. It's not echoing the $_SESSION['logname'] and looking at the database, it's not saving the owner, which should be $_SESSION['logname'], so I'm wondering if that statement is now somehow incorrect??
I can't figure out what the heck is wrong. Any and all help would be greatly appreciated.
You have missed a comma here: \"$_POST[web_site]\"\"$_POST[viewpw]\" in your second insert SQL.
It should be \"$_POST[web_site]\", \"$_POST[viewpw]\"
First off the error message is telling you that there is an unequal number of columns and values in your SQL
Lets have a look at that
INSERT INTO topdata (
log_name,
char_venue,
sub_venue,
species,
char_name,
create_date,
gender,
age,
appage,
nature,
demeanor,
concept,
description,
web_site,
view_pword,
sfa
) VALUES (
\"$_SESSION[logname]\",
\"$_POST[char_venue]\",
\"$_POST[sub_venue]\",
\"$_POST[species]\",
\"$_POST[char_name]\",
NOW(),
\"$_POST[gender]\",
\"$_POST[age]\",
\"$_POST[appage]\",
\"$_POST[nature]\",
\"$_POST[demeanor]\",
\"$_POST[concept]\",
\"$_POST[description]\",
\"$_POST[web_site]\"\"$_POST[viewpw]\",
\"$_POST[sfa]\"
)";
Now by formatting your SQL (which is vulnerable to sql injection) I've noticed a missing comma between web_site and viewpw values
I'm still kinda new to PHP and MySQL and I've tried so many times to do this and I just can't figure out how.
I have a query that returns the results I want in PHPMyAdmin as a straight MySQL query but I'm trying to get this to generate on a webpage using a PHP $query and I just can't get the syntax right.
this is the working MySQL query:
SELECT fk_toon_no, fk_actor_no, actor_no, actor FROM cartoon_characters,
characters WHERE fk_toon_no=50 HAVING fk_actor_no=actor_no;
The kicker is that I also want to have a variable $new_toon_id as the = for the WHERE statement, so, something like: (but only displaying the row as I will eventually plug this into a table and know how to do that fine)
WHERE fk_toon_no=$new_toon_id
fk_actor_no is the foreign key of the cartoon_characters table to the primary key actor_no in the characters table.
I'm trying to get it so that I can print out every character associated with a particular cartoon so it would look something like
(toon id) (character id #) (character name)
($fk_toon_no) (actor_no) (actor)
3 5 Eisenhower
3 9 Nixon
3 12 Uncle Sam
Any help would be greatly appreciated. I think I've included all the relevant information but if I forgot anything please ask.
I'm in desperate need of help. Thanks!!
$query=<<<HERE
SELECT fk_toon_no, fk_actor_no, actor_no, actor FROM cartoon_characters,
characters WHERE fk_toon_no='50' HAVING fk_actor_no=actor_no;
HERE;
$send=mysql_qyery($query);
while($row = mysql_fetch_assoc($send))
{
echo $row["fk_toon_no"];
echo "<br />"
echo $row[fk_actor_no];
}
This should do the trick.
i might be doing some idiot mistake, but i could not figure that out. i have some values coming from html and wanna insert into mysql db. problem is, the very same query does not work in regular php file (that includes other queries), but when i try on an independent php file, it does. here is a sample of the code:
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15);
as i mentioned, the very same code works when i just copy this snippet to a new php file, and it works smoothly.. as you see, there are 20+ insert with the same php, because there are 25+ tables, but data is not much. first 14 query and following 7 queries do work by the way.
do you have any ideas?
There are some things to check and do.
Sanitize user input:
"('$article_id', '".mysql_real_escape_string($_POST['Article_Title'])."')";
You might also want to check if the value is what you expect.
Is your $article_id correct for column Article_ID?
Are your table and column names correct?
Check for errors:
$res = mysql_query($sql15);
if (!$res)
echo mysql_errno($link) . ": " . mysql_error($link);
Show us you complete query:
echo $sql15;
First of all i would suggest you to write your insert query like below
$sql15="insert into body SET Article_ID = '$article_id', Article_Title = '".$_POST['Article_Title']."'";
echo $sql15;
mysql_query($sql15);
so that each time when you add new column to database it would be easy for u to change insert query. echo your query and see it in browser. in it seems to o.k then copy it and paste it in SQL section under your phpmyadmin (see you are choosing proper database) and run it. if one row inserted successfully then your query is alright.
I hope this would help you a little.
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15) or die(mysql_error());
use like this u will be get the error. then u will be find the issue
I think using mysql_real_escape_string may solve your problem.I also recommend you to store your form data in a string.
$article_title= mysql_real_escape_string($_POST['Article_Title']);
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '$article_title') ";
mysql_query($sql15) or die(mysql_error());
I have made a script to send messages. But the problem is it fails to insert into table when i type a bit longer message though i have set "mail" as VARCHAR and length 30005 .
I am using this query ..
mysql_query("INSERT INTO `mailbox` (`id` ,`receiver` ,`mail` ,`sender` ,`time` ,`date` ,`reply-from` ,`read-status` ,`sd` ,`rd`) VALUES ('', '$receiver_username', '$mail', '$sender_username', '$gmt_time', '$gmt_date', '$from_mail', '1', '', '')") or die("Couldnt Insert Data");
when type small message it is ok. otherwise it shows Couldnt Insert Data .
So please help me.
Recently i have checked its hapening bcz this two syntax ' and " . Now how two insert them i dont want to encode the texts
Length 30005 for a varchar field? that's impossible, varchar's max length is 255 characters. Try making the mail field a TEXT datatype.
You need to look on couple of things here.
1: You should save data data in database in text column rather varchar 30005
2: Look at all followings in PHP.ini file
upload_max_filesize:50M
max_execution_time:NONE
memory_limit:60M
post_max_size:55M
3: More help could be provided after you show actuall error by mysql_error()
Perhaps the long text you are trying to insert has singles quotes ' or other special characters in it.
To fix that, and also for security reasons, you must use mysql_escape_string on your text before trying to insert it into the table.
I am trying to teach myself MySQL/PHP from the very beginning. The following code was lifted from various tutorial sites. I'm using phpMyAdmin provided by my webhost.
I made a table with an auto-incrementing field called "ID" and another field called "first" (varchar, limit 30, not null). Then I made a simple form with one text field named "first" and a Submit button. I type my name into the box and click Submit. This does create a row in the database with an ID, but the "first" field is always blank.
I tried replacing '$_POST[first]' with some straight-up words, and that worked - the words appeared in the table with an ID number just fine. That's how I know it is indeed managing to talk to the database, it's just not picking up the text field
After the INSERT statement runs, I have it display all the records in the table. It shows all of the ID numbers and then blank where "first" should be.
I also have it echo the INSERT statement. This is what the echo displays:
INSERT INTO tblHurray(ID, first) VALUES ('','')
When I substitute words for '$_POST[first]', the echo looks like this:
INSERT INTO tblHurray(ID, first) VALUES ('','words')
This is my first question so please let me know if I've left out any pertinent information! And thanks in advance for your help.
This is the form:
<form action="run_input.php" method="post">
Name: <input type="text" name="first">
<input type="Submit">
</form>
This is what runs when "Submit" is clicked:
<?
include("run_connect.php"); // this connects to the database, this works
$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','$_POST[first]')";
mysql_query($step1);
echo "$step1";
echo "<b><center>Database Output</center></b><br><br>";
$step2=mysql_query("SELECT * FROM tblHurray");
$num=mysql_numrows($step2);
$i=0;
while ($i < $num) {
$firstname=mysql_result($step2,$i,"first");
$ID=mysql_result($step2,$i,"ID");
echo "$ID: $firstname<br />";
$i++;
}
?>
Try
$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','".$_POST['first']."')";
Although, if you're really going learn it, then start with
PHP PDO. It will save you ALOT of trouble in the long run, especially with parametrized queries.
This line
$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','$_POST[first]')";
needs to look like this:
$step1 = "INSERT INTO tblHurray(ID, first) VALUES ('','" . mysql_escape_string($_POST['first']) . "')";
It's a good habit to always quote your array keys (['first'] rather than [first]).
Plus it's good to get used to always escaping user input before inserting into the database to prevent SQL injection.
Also double-check to make sure the name of the input on your HTML form matches your PHP code.
$_POST['first']
is not the same as
$_POST['First']
Mark Biek nailed it, but as a fractional tweak, the mysql_real_escape_string function is better than mysql_escape_string as it factors in the character set associated with the connection.