I have following lines:
$sql = "INSERT INTO news (title, content) VALUES :title, :content";
$pre = $this->prepare($sql);
$pre->bindValue(":title", "xxx");
$pre->bindValue(":content", "yyy");
$pre->execute();
I get no error, but the query is also not executed (i checked the query log).
I tried following changes desperately:
$t="xxx" and $pre->bindValue(":title", $t); (the same also for y)
$sql = "INSERT INTO `news` (`title`, `content`) VALUES :title, :content";
$sql = "INSERT INTO `news` (`title`, `content`) VALUES ':title', ':content'";
Nothing changes. Funny thing is i get no response, no warning, no error just nothing.
But the query is not executed.
I found similar posts but non of them solved my problem.
(about $this ... The code is in a class extended from PDO class.)
try this, your values should be wrapped inside the values()
"INSERT INTO news (title, content) VALUES (:title, :content)";
instead of
"INSERT INTO news (title, content) VALUES :title, :content";
Try: "INSERT INTO news (title, content) VALUES (:title, :content)";
You must surround the insert values with parentheses.
Related
I am working on my website and I can't access myPhpAdmin right now, so I tried making a script for inserting values for a search thing. However, when I visit the link, website.com/search/create.php?l=link&d=description&t=title, I get an error. This one
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'link, description, title)' at line 1
Here's what my script looks like.
$link = "https://website.com";
$description = "The homepage of the site";
$title = "Home";
// sql to create table
$sql = "INSERT INTO search (link, description, title) VALUES (".$link.", ".$description.", ".$title.")";
if (mysqli_query($conn, $sql)) {
echo "it's working";
} else {
echo "it's not working?" . mysqli_error($conn);
}
replace
$sql = "INSERT INTO search (link, description, title) VALUES ('".$link."', '".$description."', '".$title."')";
instead of :
$sql = "INSERT INTO search (link, description, title) VALUES (".$link.", ".$description.", ".$title.")";
you are trying to insert a string without '
it seems you are missing single quotation in SQL query, try the following:-
$sql = "INSERT INTO search (link, description, title) VALUES ('".$link.", '".$description."', '".$title."')";
Just Change the Query syntax in your code and check it ... Hope your error should be resolve.
// sql to create table
$sql = "INSERT INTO search (link, description, title) VALUES ('$link', '$description', '$title')";
Your code for inserting data into database table is wrong (assuming you already executed database connection query ($conn) and have 'search' table on database).
$sql = "INSERT INTO search (link, description, title) VALUES ('$link', '$description', '$title')";
You don't have to put concatenate operator ('.') inside your SQL query as you are not concatenating PHP and markup texts.
I am really new to php and I am trying to use simple insert to my mysql database from the form.
I know that this mysql connection/insertion is dangerous and not used anymore. so can anyone please help me with this simple thing? I tried to google, but nothing is working so far :/
<?
$text=$_POST['name'];
$text=$_POST['surename'];
mysql_connect("localhost", "db_name", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$result = mysql_query("INSERT INTO `table` (name, surename)
VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
Maybe change
$text=$_POST['name'];
$text=$_POST['surename'];
to
$name = $_POST['name'];
$surename = $_POST['surename'];
PS: And also your column names don't match your values. Your query, after inserting params
"INSERT INTO `table` (name, surename) VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')"
will probably look like this
INSERT INTO `table` (name, surename) VALUES (NOW(), 'Jhon', 'Wick')
As you can see there's name, surename (which probably should be surname) and (NOW(), 'Jhon', 'Wick'). So either add a column (if you have that column in your database):
INSERT INTO `table` (created_at, name, surename) VALUES (NOW(), 'Jhon', 'Wick')
or remove NOW() from your values
INSERT INTO `table` (name, surename) VALUES ('Jhon', 'Wick')
I want insert data by GET in my sql but I can not insert data
<?php
include("config.php");
$f=$_GET["first_name"];
$l=$_GET["last_name"];
$e=$_GET["email"];
$m=$_GET["mobile"];
$b=$_GET["birthday"];
$g=$_GET["gender"];
$insert="INSERT INTO user ( `first_name`, `last_name`, `email`, `mobile`, `birthday`, `gender`)
VALUES ('$f', '$l', '$e', '$m', '$b', '$g')";
mysqli_query($insert);
?>
I try insert data by this link :
http://localhost:8888/restfull/insert.php?f=hayoo
It's been a long time since I have used mysqli the code below should most likely run though. As others have mentioned never bind unsanitized data (Even if you think you trust the data it's safe to use prepared statements still).
<?php
//Create you db connection
$conn = new mysqli('server', 'user', 'password', 'databasename');
//Create insert statement. Never concat un-sanitized data in statements
$insert="INSERT INTO user ( `first_name`, `last_name`, `email`, `mobile`, `birthday`, `gender`)
VALUES (?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
//Values corespond to ? except the first param which represents format of expected data. "s" stands for string
$stmt->bind_param(
'ssssss',
$_GET["first_name"],
$_GET["last_name"],
$_GET["email"],
$_GET["mobile"],
$_GET["birthday"],
$_GET["gender"]
);
$stmt->execute();
Your url would look like this:
http://localhost:8888/restfull/insert.php?first_name=john&last_name=Doe&email=test#test.com&mobile=0&birthday=May&gender=male
Make sure if you are putting the url above in some type of form you correctly url encode values (I notice many of the values you are collecting will like require it slashes etc).
I'm probably just too tired, and looking over a small error, but this code will not input any information into my database.
$sql = "INSERT INTO TABLE_NAME (UPC, Description, Make, Model, SNLocation, IMEI_MEID, Resetting, Notes, Image)
VALUES ($UPC, $Desc, $Make, $Model, $SNLocation, $IMEI_MEID, $Resetting, $Notes, $Image)";
mysqli_query($con, $sql) or die(mysqli_error($sql));
Could someone help me check if this has syntax issues or something?
Its because you had an error
$sql = "INSERT INTO TABLE_NAME (UPC, Description, Make, Model, SNLocation, IMEI_MEID, Resetting, Notes, Image)
VALUES ('$UPC', '$Desc', '$Make', '$Model', '$SNLocation', '$IMEI_MEID', '$Resetting', '$Notes', '$Image')";
removed ] from Notes, Image)] <----- and values need to be quoted
You need to remove ] and enclose string values with single quotes(') :
$sql = "INSERT INTO TABLE_NAME
(UPC, Description, Make, Model,
SNLocation, IMEI_MEID, Resetting, Notes, Image)] <-- Here -->
VALUES ($UPC, $Desc, $Make, $Model, $SNLocation, $IMEI_MEID, $Resetting, $Notes, $Image)";
mysqli_query($con, $sql) or die(mysqli_error($sql));
"INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date) VALUES (".$category_id.", '$poster_id', '$topic_title', '$message', NOW()";
mysql_error() says that there is a problem with the syntax, however it might be something else. I'm gonna post the variables just so you know where they come from.
$message = $_POST['topic_message'];
$topic_title = $_POST['topic_title'];
$category_id = $_GET['id'];
EDIT
Changed it to
$topic_sql = "INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date) VALUES (".$category_id.", '$poster_id', '$username', '$topic_title', '$message', NOW())";
However it still doesn't work...
You're missing the closing paren for VALUES:
... NOW())";
There are other issues:
The parameter count is incorrect
Your query is vulnerable to injection since you are not using parameterized queries with PDO/mysqli
Maybe you list 6 columns but only give data for 5? And missing closing ).
Looks like you're missing a closing parenthesis and only inserting 5 values into 6 columns...
INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date)
VALUES (".$category_id.", '$poster_id', '$username', '$topic_title', '$message', NOW())
You missing the user name?