I have a few string variables I am trying to insert them into my DB but I am having trouble because nothing is being inserted into the DB. I know the variables are populated. Since all variables are string I'm converting some of them to integers because those fields in the db table are type integer. I tried assigning the mysql_query to a variable and then check to return an error but it didn't display anything. I'm a bit new at PHP so I'm not sure what's wrong with my code below. I appreciate the help.
$connect = mysql_connect("localhost", "user", "pass");
if (!$connect) { die("Could not connect: ". mysql_error()); }
mysql_select_db("dbname");
mysql_query($connect,"INSERT INTO table1 (id, AU, TI, JO, VL, ISS, PB, SN, UR, DO, SP, EP, PY) VALUES ('NULL', '".$authors."', '".$title."', '".$journal."', '".(int)$volume."', '".(int)$issue."', '".$publisher."', '".$serial."', '".$url."', '".$doi."', '".(int)$startpage."', '".(int)$endpage."', '".(int)$year."')");
mysql_close($connect);
Try to debug your code, adding some more useful checks.
$link = mysql_connect("localhost", "user", "pass");
if (!$link) {
die("Could not connect: ". mysql_error());
}
$dbSelected = mysql_select_db("dbname", $link);
if (!$dbSelected) {
die ("Can't select db: " . mysql_error());
}
$result = mysql_query("YOUR_QUERY", $link);
if (!$result) {
die("Invalid query: " . mysql_error());
}
ps: you may want to use mysqly::query, just because mysql_query is deprecated
ps2: you should google about SQL Injection, since your statement doesn't look secure (unless those values are escaped somewhere)
NOTE: I just noticed that you are using a wrong order for the parameters on mysql_query($query, $link). You have put $link as first parameter.
Related
This is my PHP code written for website. When I executed this, the query doesn't execute and doesn't show any error. I also checked data types of values that are to be inserted.
The database username and password and all credentials are correct. What could be the problem?
<?php
$password ='abcdef';
$host="localhost"; // Host name
$username="futureti_dsatya"; // Mysql username
$password="D2e3e4v1i"; // Mysql password
$db_name="futureti_db"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password,$db_name);
if(!$con)
{
die('Could not connect: '. mysql_error());
}
else
{
$res = mysqli_query($con,"insert into users values(55555623,'saran1','satya_saran',$password)");
if($res){
print("i am ok");
}
else{
print("bad");
}
}
?>
Wrap $pass in quotes (55555623,'saran1','satya_saran','$pass') as shown below with an explanation about "$password", and change mysql_error()); to mysqli_error()); those two functions don't mix and that is why you did not get the proper error messages to show up.
As already stated, you're using $password twice; change one of the variables to something else.
What you're presently doing is overwriting your $password variable.
I am assuming you want to enter abcdef into your DB. If so, then do this instead:
<?php
$pass ='abcdef';
$host = "localhost"; // Host name
$username = "futureti_dsatya"; // Mysql username
$password = "D2e3e4v1i"; // Mysql password
$db_name = "futureti_db"; // Database name
$tbl_name = "users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password,$db_name);
if ( !$con ) {
die('Could not connect: '. mysqli_error());
} else {
$res = mysqli_query($con, "insert into users values (55555623,'saran1','satya_saran','$pass' )");
if( $res ) {
print("i am ok");
} else {
print("bad");
}
}
?>
Also, inserting data into a table without telling it which columns to use is not a recommended method.
Use something to the effect of:
($con, "insert into users (column1, column2, column3, column4) values (55555623,'saran1','satya_saran','$pass' )
Sidenote: If the column for your first value isn't an (int) you will need to wrap that in quotes as well.
Also, if your first column is an AUTO_INCREMENT, you will need to remove the AUTO_INCREMENT from the column's type.
you dont get any error because you are making using mysql. not mysqli.
your code is wroking just wrap password . i guess the connection is not connecting.
replace this:
die('Could not connect: '. mysql_error());
to
die('Could not connect: '. mysqli_error()); //to see the error
I have two databases on the same MYSQL server.
I want to be able to query one table on one database, and use the results for an insert into the other table (on the other data base). I've tried moving the mysql_select_db lines around to no avail. Please note this is a one off internal script so security is not a concern (Don't want to us mysqli)
<?php
// Connecting, selecting database
$link1 = mysql_connect('127.0.0.1', 'username', 'password', true)
or die('Could not connect: ' . mysql_error());
$link2 = mysql_connect('127.0.0.1', 'username', 'password', true)
or die('Could not connect: ' . mysql_error());
mysql_select_db('db1', $link1) or die('Could not select database');
mysql_select_db('db2', $link2) or die('Could not select database');
// Performing SQL query
$query = "select fields from table";
$result = mysql_query($query,$link1) or die('Query failed: ' . mysql_error());
while ($row = mysql_fetch_array($result)){
$querynew = "insert into table (blah,blah) values ('$row['name']',$row['name2']')";
mysql_query($querynew, $link2);
}
You can use plain SQL for this to minimize traffic across the wire:
INSERT INTO `db2.tbl1` (`field1`,`field2`)
SELECT `field1`, `field2` FROM `db1.tbl2` WHERE `someCondition`='IsMet'
.I don't know if it's syntax or what. I've tried a variety of ways this is the simplest I thought would work.
I send info to the userData.php using:
http://mydomain.com/adverts/userStats.php?name=001EC946C2F4&adNum=1&playClick=1
On the userData.php I have:
<?php
$db = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error());
$db_selected = mysql_select_db('databaseName', $db) or die('Could not select database');
if (!$db_selected)
{
die ("Can\'t use test_db : " . mysql_error());
}
$name = mysql_real_escape_string($_GET['name']);
$date = date("d/m/Y");
$adClick = mysql_real_escape_string($_GET['adNum]);
$playN = mysql_real_escape_string($_GET['playClick']);
$query = mysql_query("INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')");
$result = mysql_query($query) or die('Query failed: ' . mysql_error()));
mysql_close($db);
?>
I manually added 2 records to the table from phpMyAdmin, and I can display or update them just fine but adding a new record isn't working. I simply want to start a new record each time the link is called from another program, and store the mac address, date, adNum, and playClick.
EDIT2:: echo $query; for
http://simplehotkey.com/adverts/userStats.php?name=001EC946C2F4&adNum=1&playClick=1
outputs:
INSERT INTO playerData(mac,date,AdClick,PlayNum) VALUES ('001EC946C2F4', '26/07/2012','1','1')
Which is what I want it's just not adding it to the DB.
Correct syntax is --
mysql_select_db("databaseName", $db);
And its better if u use something like this for connection errors--
$db_selected= mysql_select_db("databaseName", $db);
if (!$db_selected)
{
die ("Can\'t use test_db : " . mysql_error());
}
EDIT
You are writing all wrong :(
$query = mysql_query("INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')");
$result = mysql_query($query) <--------------WRONG
Try Something like this----
$query = "INSERT INTO playerData(CORRECT_COL_NAMES) VALUES ('$name', '$date','$adClick','$playN')";
$results = mysql_query($query, $connection);
NEW EDIT
AREA OF ERROR---- WRONG DATATYPE
','1','1' <--- this is passing as string while u have have this as an int in your db structure ..now run the same query as it is to figure out the error..also u can figure out using $result = mysql_query($query) or die(mysql_error());
It's pretty easy to see what's wrong here, especially with syntax highlighting.
$adClick = mysql_real_escape_string($_GET['adNum]);
This line is missing a single quote mark; it should be:
$adClick = mysql_real_escape_string($_GET['adNum']);
This is a syntax error that ruins everything else.
Not to mention that your database selection is missing your database handler, ie:
mysql_select_db('databasename',$db);
As pointed out by #swapnesh, and as noted here.
Edit
I have been unable to reproduce your lack of an error, what I have gotten however, are errors. Firstly, you have an extra ) at line 12:
$result = mysql_query($query) or die('Query failed: ' . mysql_error()));
Should be:
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
Lastly, you actually improperly execute your query twice, so the second time, the query is empty. What you have:
$query = mysql_query("INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')");
$result = mysql_query($query) or die('Query failed: ' . mysql_error()));
Should instead be:
$query = "INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
Instead of using the insert statement the way you do add the fields that will receive entries explicitly. The database table might have more fields and the insert statement does not explcitly state which fields will receive data.
$query = mysql_query("INSERT INTO playerData (Name,Date,AdClick,PlayN) VALUES ('$name', '$date','$adClick','$playN')");
You have the syntax error on this line
Wrong :
$adClick = mysql_real_escape_string($_GET['adNum]);
Correct :
$adClick = mysql_real_escape_string($_GET['adNum']);
I have been able to manually insert values in my table using phpmyadmin, and even if i end up using the same php code i get from php my admin to call the query it STILL won't add the value to the table. here is the code:
<?php
$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_select_db('sc2broating1', $link);
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES (\'hello11\')";
mysql_query($sql);
mysql_close($link);
?>
Don't escape value.
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES ('hello11')";
I would also consider using bound parameters, as seen in mysqli::prepare, if Mysqli is an option.
What is the best way to save a URL or symbols into a MYSQL database.
I'v seen this being used "{$htmlOutputArray[1]}"
and then else where this "$htmlOutputArray[1]"
and some other places do what i'v done below... but which is the best?
So far I have: (example code)
$html = "034251\nhttp://stackoverflow.com/questions/ask"
$htmlOutputArray = explode("\n", "$html");
$htmlOutput = $htmlOutputArray[0];
$postIDOutput = $htmlOutputArray[1];
$con = mysql_connect('localhost', 'user', 'pass') or die('Could not connect: ' . mysql_error());
#echo 'Connected successfully';
mysql_select_db("dbName", $con);
mysql_query("UPDATE tableName SET PostidINT='$postIDOutput', URLofPostTXT='$htmlOutput' WHERE id='$unID'");
mysql_close($con);
First of all you should look into the dangers of SQL injection and how you can prevent it.
Here's both a way you can do this and the safer version.
mysql_select_db("dbName", $con);
$sql = sprintf("UPDATE tableName SET PostidINT=%d, URLofPostTXT='%s' WHERE id=%d",
mysql_real_escape_string($htmlOutputArray[1]),
mysql_real_escape_string($htmlOutputArray[0]),
mysql_real_escape_string($unID));
mysql_query($sql);
mysql_close($con);
What mysql_real_escape_string() is doing is preventing unsafe characters from being entered into your database.
What sprintf() is doing is formatting your string, so for example, only numbers will be entered in the PostidINT and id variables.
I'd vote for prepared statements (and mysqli):
$connection = new mysqli("localhost", "user", "pass", "db");
$statement = $connection->prepare("UPDATE tableName SET PostidINT=?, URLofPostTXT=? WHERE id=?");
$statement->bind_param("i", $postIDOutput);
$statement->bind_param("s", $htmlOutput);
$statement->bind_param("i", $unID);
$statement->execute();