Heres the story,
I am uploading a list of part numbers on text file via gzip, the reading is successful.
The format is:
"DATE"|"TYPE"|"ID"|"FPN"|"PN"|"IOC"|"FIELD"|"OVAL"|"NVAL"
Sample Value :
"2013-09-10 19:19:08"|"DU"|"10161000001354"|""|"ANTX100P001B24003"|""|"Sub-Category 1"|"Metal Antenna"|"PCB Antenna"
Now the scenario is, I loop on each entry to insert it to database and set notifications for users to see an update about that certain part number and get their email to conduct a mailing later in other page.
the loop code is here :
for($x=1;$x<=count($lines)-1;$x++){
$cur_row = trim(str_replace('"','',$lines[$x]));
$cols = preg_split('/\|/',$cur_row);
$query = sprintf('INSERT INTO `notification_details`(`NDATE`, `NTYP`,`NPID`,`NFPN`,`NPN`,`NIOC`, `NFILD`, `NOV`, `NNV`) VALUES(\'%s\',\'%s\',%s,\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',\'%s\')',$cols[0],$cols[1],$cols[2],$cols[3],$cols[4],$cols[5],$cols[6],$cols[7],$cols[8]);
mysql_query($query);
$query = 'SELECT DISTINCT `id` FROM `project_details` WHERE `prod_id` = \''.$cols[2].'\';';
$result = mysql_query($query);
$count = mysql_num_rows($result);
if($count>0){
$query = 'SELECT MAX(`NID`) FROM `notification_details`';
$result = mysql_query($query);
$row=mysql_fetch_array($result);
$NID = $row[0];
$query = sprintf('INSERT INTO `read_details`(`NID`, `PID`,`ISREAD`) VALUES(%s,%s,1);',$NID,$row['id']);
mysql_query($query);
}
echo $cols[2].".... Done!<br />";
flush();ob_flush();
}
//EMAIL LISTING BLOCK
echo "Listing E-mails...<br />";
$query = 'SELECT B.`proj_user`, C.`email` '
.'FROM `read_details` A, `project_details` B, `login_details` C'
.'WHERE A.`ISREAD` = 1 '
.'AND A.`PID` = B.`id` AND B.`proj_user` = C.`username` '
.'GROUP BY B.`proj_user`';
$result = mysql_query($query);
while($row=mysql_fetch_array($result)){
mysql_query('INSERT INTO `email_details`(`email`,`user`) VALUES(\''.$row[1].'\',\''.$row[0].'\')');
echo $row[1].".... Added!<br />";
}
Heres some runs I did:
Product (193 lines) + full run of the code above = Internal Server Error + the whole site become under Internal Server Error whenever trying to access other page
Product (193 lines) + less the Email Block = Successfull
Product (18,000 lines) + full run of the code above = Internal Server Error + the whole site become under Internal Server Error whenever trying to access other page.
Product (18,000 lines) + less the Email Block = Internal Server Error + the whole site become under Internal Server Error whenever trying to access other page.
I don't know if it just me or what, but even the server returns internal server error, the products are keep adding on the database (I look at it and try to query a count and it increments) and stops at random point, that point the site is become accessible again. But sometime it doesnt do that.
Any ideas? Thanks in advance.
EDIT :
NID & PID is BIGINT, ISREAD is BOOLEAN, the rest are LONGTEXT
Plus while running, the page is /uploadpcn.php, this code is under /do_upload_pcn.php
so the scenario is that, the whole process is in loading while on /uploadpcn.php and when the process ends, the browser will go to /do_upload_pcn.php showing all echos OR shows internal server errors anytime in the process.
Try to log the loop with each record and you may come to know which particular record is causing the error. You may also apply some try-catch logic. I presume this could be a parsing error.
Another thing to notice is that your first INSERT query does not contains single-quotes around the string data. This could be another issue leading to the error.
Edit:
This query in the code in the question $query = sprintf('INSERT INTOread_details(NID,PID,ISREAD) VALUES(%s,%s,1);',$NID,$row['id']); should be like:
$query = sprintf('INSERT INTO `read_details` (`NID`, `PID`, `ISREAD`) VALUES (\'%s\', \'%s\', 1);', $NID, $row['id']);
I would suggest to use double quotes for constructing queries so that you may easily use single quotes for parameters.
Related
My problem is simple. On my website I'm loading several results from MySQL tables inside a while loop in PHP and for some reason the execution time varies from reasonably short (0.13s) or to confusingly long (11s) and I have no idea why. Here is a short version of the code:
<?php
$sql =
"SELECT * FROM test_users, image_uploads
WHERE test_users.APPROVAL = 'granted'
AND test_users.NAME = image_uploads.OWNER
".$checkmember."
".$checkselected."
ORDER BY " . $sortingstring . " LIMIT 0, 27
";
$result = mysqli_query($mysqli, $sql);
$data = "";
$c = 0;
$start = microtime(true);
while($value = mysqli_fetch_array($result)) {
$files_key = $value["KEY"];
$file_hidden = "no";
$inner_query = "SELECT * FROM my_table WHERE KEY = '".$files_key."' AND HIDDEN = '".$file_hidden."'";
$inner_result = mysqli_query($mysqli, $inner_query);
while ($row = mysqli_fetch_array($inner_result)) {
// getting all variables with row[n]
}
$sql = "SELECT * FROM some_other_table WHERE THM=? AND MEMBER=?";
$fstmt = $mysqli->prepare($sql);
$fstmt->bind_param("ss", $value['THM'], 'username');
$fstmt->execute();
$fstmt->store_result();
if($fstmt->num_rows > 0) {
$part0 = 'some elaborate string';
} else {
$part0 = 'some different string';
}
$fstmt->close();
// generate a document using the gathered data
include "../data.php"; // produces $partsMerged
// save to data string
$data .= $partsMerged;
$c++;
}
$time_elapsed_secs = substr(microtime(true) - $start, 0, 5);
// takes sometimes only 0.13 seconds
// and other times up to 11 seconds and more
?>
I was wondering where the problem could be.
Does it have to do with my db connection or is my code flawed? I haven't had this problem at the beginning when I first implemented it but since a few months it's behaving strangely. Sometimes it loads very fast other times as I said it takes 11 seconds or even more.
How can I fix this?
There's a few ways to debug this.
Firstly, any dynamic variables that form part of your query (e.g. $checkmember) - we have no way of knowing here whether these are the same or different each time you're executing the query. If they're different then each time you are executing a different query! So it goes without saying it may take longer depending on what query is being run.
Regardless of the answer, try running the SQL through the MySQL command line and see how long that query takes.
If it's similar (i.e. not an 11 second range) then the answer is it's nothing to do with the actual query itself.
You need to say whether the environment you're running this in is a web server, e.g. accessing the PHP script via a browser, or executing the script via a command line.
There isn't enough information to answer your question. But you need to at least establish some of these things first.
The rule of thumb is that if your raw SQL executes on a MySQL command line in a similar amount of time on subsequent attempts, the problem area is elsewhere (e.g. connection to a web server via a browser). This can be monitored in the Network tab of your browser.
I have a page that brings up a users information and the fields can be modified and updated through a form. Except I'm having some issues with having my form update the database. When I change the update query by hardcoding it works perfectly fine. Except when I pass the value through POST it doesn't work at all.
if (isset($_POST['new']))
{
$result1 = pg_query($db,
"UPDATE supplies.user SET
id = '$_POST[id_updated]',
name = '$_POST[name_updated]',
department = '$_POST[department_updated]',
email = '$_POST[email_updated]',
access = '$_POST[access_updated]'
where id = '$_POST[id_updated]'");
if (!$result1)
{
echo "Update failed!!";
} else
{
echo "Update successful;";
}
I did a vardump as an example early to see the values coming through and got the appropriate values but I'm surprised that I get an error that the update fails since technically the values are the same just not being hardcoded..
UPDATE supplies.user SET name = 'Drake Bell', department = 'bobdole',
email = 'blah#blah.com', access = 'N' where id = 1
I also based the form on this link here for guidance since I couldn't find much about PostGres Online
Guide
Try dumping the query after the interpolation should have happened and see what query you're sending to postgres.
Better yet, use a prepared statement and you don't have to do variable interpolation at all!
Do not EVER use data coming from external sources to build an SQL query without proper escaping and/or checking. You're opening the door to SQL injections.
You should use PDO, or at the very least pg_query_params instead of pg_query (did you not see the big red box in the manual page of pg_query?):
$result1 = pg_query($db,
"UPDATE supplies.user SET
id = $1,
name = $2,
department = $3,
email = $4,
access = $5
WHERE id = $6",
array(
$_POST[id_updated],
$_POST[name_updated],
$_POST[department_updated],
$_POST[email_updated],
$_POST[access_updated],
$_POST[id_updated]));
Also, when something goes wrong, log the error (pg_last_error()).
By the way, UPDATE whatever SET id = some_id WHERE id = some_id is either not really useful or not what you want to do.
I have a two step registration, one with vital data, like email username and password, and a second optional one with personal info, like bio, eye color, etc.. i have 2 exec files for these, the first ofc writes the data in the first part of the database, leaving like 30 columns of personal data blank. The second one does another row, but with the vital data empty now.. I would like to append, or join these two rows, so all the info is in one row..
Here is the 2nd one
$qry = "UPDATE `performers` SET `Bemutatkozas` = '$bemuatkozas', `Feldob` = '$feldob', `Lehangol` = '$lehangol', `Szorzet` = '$szorzet', `Jatekszerek` = '$jatek', `Kukkolas` = '$kukkolas', `Flort` ='$flort', `Szeretek` = '$szeretek', `Utalok` = '$utalok', `Fantaziak` = '$fantaziak', `Titkosvagyak` = '$titkos_vagyak, `Suly` = '$suly', `Magassag` = '$magassag', `Szemszin` = '$szemszin', `Hajszin` = '$hajszin', `Hajhossz` = '$hajhossz', `Mellboseg` ='$mellboseg', `Orarend` = '$orarend', `Beallitottsag` = '$szexualis_beallitottsag', `Pozicio` = '$pozicio', `Dohanyzas` = '$cigi', `Testekszer` = '$pc', `Tetovalas` ='$tetko', `Szilikon` ='$szilikon', `Fetish1` = '$pisiszex', `Fetish2` = '$kakiszex', `Fetish3` = '$domina', `Testekszerhely` = '$pchely', `Tetovalashely` = '$tetkohely', `Csillagjegy` = '$csillagjegy', `Parral` = '$par', `Virag` = '$virag' WHERE `Username` ='" . $_POST['username']. "'";
$result = #mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: perf_register_success.php");
exit();
I'm not sure if $_POST works here. I have the form, then the exec of that form, which works, then this form, and this is the exec of that.. Anyway I always get "query failed" message, which is in the else statement of the 'if' i'm using. What am i doing wrong?
Thanks!
The correct syntax for UPDATE is as follows:
UPDATE table SET columnA=valueA, columnB=valueB WHERE condition=value
(documentation here)
Thus, your query should look like the following:
$qry = "UPDATE performers SET Bemutatkozas = $bemuatkozas, Feldob = $feldob, Lehangol = $lehangol [...] WHERE Username ='" . $_POST['username']. "'
You'll have to replace [...] with all your values (that's gonna take some time) but hopefully you get the pattern.
Other than that there are a number of things you should improve/change in your code but I'll just point you to jeroen answer in this question since he pretty much covers it all.
You want UPDATE instead of INSERT for your second query.
Apart from that you really need to fix that sql injection error, preferably by switching to PDO or mysqli in combination with prepared statements. The mysql_* functions are deprecated.
And whatever solution you take, you need to add proper error handling, suppressing errors is wrong, especially when you try to fix a problem but even in a production site, errors need to be logged, not ignored.
I have a this code:
$sql = "SELECT * FROM news order by id DESC LIMIT 10";
$data = array();
$query = mysql_query($sql);
if(!$query) {
echo "Error: " . mysql_error();
exit;
}
while($row = mysql_fetch_object($query)) {
$data[] = $row;
}
return $data;
When I run code, result OK, But when I repair limit from 10 to limit 15 or more is error is unterminated string literal
$sql = "SELECT * FROM news order by id DESC LIMIT 15"; // limit 15, 20 or more
Really? I don't mean to sound condescending but are you absolutely sure that you're not overwriting the " when you change that 10 to a 15?
Because there nothing in that code that indicates unbalanced quotes. Failing that, there may be a problem earlier on in the code (though, of course, we can't see it).
I would suggest you cut and paste the exact code that's causing the problems.
This the type of error you need to separate from your main code base.
create a simple test php script that connects to the database and executes the query.
does that work? if not, create a small sample database and test on that.
if that fails, then post the create table statement along with insert statements. also post your code. odds are you're doing something else in the main code base that is causing the error.
if your sample code does work and your main codebase does, then you have to trace through your main code base and find out what you're doing wrong.
I am having trouble with an SQL query that I have inserted into a piece of PHP code to retrieve some data. The query itself works perfectly within SQL, but when I use it within my PHP script it says "Error in Query" then recites the entire SQL statement. If I copy and paste the SQL statement from the error message directly into MySQL it runs with no errors.
From my research I believe I am missing an apostrophe somewhere, so PHP may be confusing the clauses, but I am not experienced enough to know where to insert them.
The query is using a variable called $userid which is specified earlier in the PHP script.
$sql= <<<END
SELECT sum(final_price)
FROM (
SELECT Table_A.rated_user_id, Table_B.seller, Table_B.final_price
FROM Table_A
INNER JOIN Table_B ON Table_A.id=Table_B.id
) AS total_bought
WHERE seller != $userid
AND rated_user_id = $userid
UNION ALL
SELECT sum(final_price)
FROM (
SELECT Table_A.rated_user_id, Table_C.seller, Table_C.final_price
FROM Table_A
INNER JOIN Table_C ON Table_A.id=Table_C.id
) AS total_bought
WHERE seller != $userid
AND rated_user_id = $userid
END;
After this section the script then goes on to define the output and echo the necessary pieces as per usual. I'm happy with the last part of the code as it works elsewhere, but the problem I am having appears to be within the section above.
Can anyone spot the error?
Edited to add the following additional information:
All of the fields are numerical values, none are text. I have tried putting '$userid' but this only makes the error display the ' ' around this value within the error results. The issue remains the same. Adding parenthasis has also not helped. I had done a bit of trial and erorr before posting my question.
If it helps, the last part of the code bieng used is as follows:
$result = mysql_query($sql);
if (!$res) {
die('Error: ' . mysql_error() . ' in query ' . $sql);
}
$total_bought = 0;
while ($row = mysql_fetch_array($result)) {
$total_bought += $row[0];
}
$total_bought = number_format($total_bought, 0);
echo '<b>Your purchases: ' . $total_bought . '</b>';
echo "<b> gold</b>";
You're checking !$res, it should be !$result:
$result = mysql_query($sql);
if (!$result) {
die('Error: ' . mysql_error() . ' in query ' . $sql);
}
I suppose, you're echo()ing the query somewhere and copy-pasting it from the browser. Could it be that the $userid contains xml tags? They wouldn't be displayed in the browser, you would have to view the page source to spot them.
you should test with $userid quoted, and parentheses around the two statements.
I'm assuming that rated_user_id is a numeric field, but what type is seller? If it's a character field, then $userid would have to be quoted as streetpc suggests.
Another thing to check is that you have at least one space after the end of your lines for each line of the query. That has tripped me up before. Sometimes when going from your editor/IDE to the database tool those problems are silently taken care of.