Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Any rewrite....debugs? nothing is happening
This is the php code for the import but still i when i upload the CSV...it doesnt at all...what could be the error!....any expertise?
<form enctype="multipart/form-data" action="" method="POST"> CSV:
<input name="file" type="file" /> <input type="submit" value="Upload
File" /></p> </form>
<?php
$connection = mysql_connect("51.63.225.22","mape","Leftie1982#")
or die ("Couldn't connect to server");
$db = mysql_select_db("mapsyracuse", $connection)
or die ("Couldn't select database");
if(isset($_POST['submit']))
{
$file = $_FILES['file']['tmp_name'];
$handle = fopen($file,"r");
while(($fileop = fgetcsv($handle,1000,",")) !== false)
{
$ID = $fileop[0];
$Teritory = $fileop[1];
$First_Name = $fileop[2];
$Last_Name = $fileop[3];
$Type = $fileop[4];
$Activity_Description = $fileop[5];
$Start_Date = $fileop[6];
$End_Date = $fileop[7];
$Duration = $fileop[8];
$Status = $fileop[9];
$sql = mysql_query("INSERT INTO account_manager(
ID,
Teritory,
First_Name,
Last_Name,
Type,
Activity_Description,
Start_Date,
End_Date,
Duration,
Status
)
VALUES(
'$ID',
'$Teritory',
'$First_Name',
'$Last_Name',
'$Type',
'$Activity_Description',
'$Start_Date',
'$End_Date',
'$Duration',
'$Status')");
}
if($sql)
{
echo 'CSV file successfully imported.';
}
}
?>
which code do i add now???????
You've got a number of problems in your code, which you should fix before you proceed:
Possible SQL injection via the uploaded file - you are not escaping your user inputs. Do a search-engine search for "PHP mysql_real_escape_string" and read what the PHP manual has to say here
Using a deprecated database library. If you fix this, you can use parameterisation, which fixes the first problem too
No check made as to whether your database connection or query has succeeded
Unclear and inconsistent indentation
Closing paragraph tag (</p>) with no corresponding opening tag
Once you have fixed those issues, I suggest you then use echo and exit to debug this code - the problem could be any number of things.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I am new to php and have written the following php script to write from a FORM. However, the database is not updating. I know that the database connection is okay. Any help would be appreciated.
$name = $_POST["name"];
$lastName = $_POST["last_name"];
$email = $_POST["email"];
$location = $_POST["location"];
$timestamp = date("Y-m-d H:i:s");
$sql = "INSERT INTO club.users (name, last_name, email, location, created_at) VALUES ('$name', '$lastName', '$email', '$location', '$timestamp')";
Try this
You have to use the SQL injection for security something like this
$conn->real_escape_string($_POST['name']);
Check your table name.I haven't use table name club.users before because it will display the error like table does't exist. Just use the table name club or users
Time to learn the PHP
https://www.w3schools.com/php/php_mysql_insert.asp
index.php
I hope your HTML code looks like this
<form action="register.php" method="POST" name="register">
<input type="text" name="name" placeholder="Name">
<input type="text" name="lastname" placeholder="Lastname">
<input type="email" name="email" placeholder="Email">
<input type="text" name="location" placeholder="Location">
<input type="submit" name="submit" value="Register">
</form>
Connection.php
If you are working on the local server the used root as username and password should be blank.
$servername = "localhost";
$username = "root";//if you are working on local server
$password = ""; //set blank if you are working on local server
$dbname = "myDB";//your database name
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
register.php
<?php
include('connection.php');// added the connection here
if (isset($_POST['submit'])) {
$name = $conn->real_escape_string($_POST["name"]);
$lastName = $conn->real_escape_string($_POST["lastname"]);
$email =$conn->real_escape_string($_POST["email"]);
$location = $conn->real_escape_string($_POST["location"]);
$timestamp = date("Y-m-d H:i:s");
$sql = "INSERT INTO club (name, lastname, email, location, created_at) VALUES ('$name', '$lastName', '$email', '$location', '$timestamp')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
First of all define the db server connection in same php page or you may include the connection. Php file for this purpose.
Secondly it you wish to use MySQL db simple use musql_query($sql, $con) then write below lines of after inserting results.
Sorry I posted it from my mobile if you need I can post you entire code sample from my PC.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 7 years ago.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Improve this question
I have tried rewrite the code, i have looked on previously succesful codings i have made and i really cant find the problem.. i am going crazy.
I am trying to post some data from a form to a database.
The database i setup correctly as far as i can tell, but something is making the script fail every time.
IMAGE OF DATABASE: http://imgur.com/F93A9ot
(sry for the language being in danish.)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<?php
// defining database information
define("HOSTNAME", "localhost");
define("MYSQLUSER", "admin");
define("MYSQLPASS", "admin");
define("MYSQLDB", "lynx");
// establishing database connection
if(isset($_POST['submit'])){
$connection = new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);
$name = mysqli_real_escape_string($connection, $_POST['name']);
$price = mysqli_real_escape_string($connection, $_POST['price']);
$desc = mysqli_real_escape_string($connection, $_POST['desc']);
$insert = "INSERT into products (id, name, price, desc) VALUES (NULL, '$name', '$price', '$desc')";
if($connection->query($insert)) {
echo "Succes";
} else {
echo "Something went wrong";
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="name">
<input type="text" name="price">
<input type="text" name="desc">
<input type="submit" name="submit">
</form>
</body>
</html>
Can you see what i am doing wrong?
products (id, name, price, desc)
Tried reading the manual as well? desc is a reserved word.
If you didnt have this useless piece of code
else {
echo "Something went wrong";
}
and had
else {
echo $connection-error;
}
You would find that out yourself
desc is reverse keyword of mysql you can use it using backtick
$insert = "INSERT into products (`id`, `name`, `price`, `desc`) VALUES (NULL, '$name', '$price', '$desc')";
This is with your field 'desc' . this is not allowed by MYSQL because it is reserved. So please rename it. It will solve your issue.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
help me with this code i am new to php
<?php
$conn=mysql_connect("localhost","root","","test");
if(isset($_POST['submit']))
{
$sql="INSERT INTO registration(fname,designation,emailid,
address,phonenumber)VALUES('".$_POST['fname']."','".$_POST['designation']."','".$_POST['ema
lid']."', '".$_POST['address']."','".$_POST['phonenumber']."')";
echo $sql;
$result=mysql_query($conn,$sql);
echo $result;
}
else{
echo "Error";
}
?>
its a registration page getting values and inserting it in the table...
You have the parameters around the wrong way here:
$result=mysql_query($conn,$sql);
Try
$result=mysql_query($sql, $conn) or die(mysql_error($conn));
Side notes:
Don't use mysql_*() functions: they're deprecated. Use mysqli_*() versions instead.
You should escape your user inputs with mysql_real_escape_string() to protect against SQL Injection attacks. Consider using prepared statements with mysqli_() instead.
Take a look at this link which is a good tutorial for inserting data (from a form etc.) to a mysql database.
Also: be aware of sql-injection and prevent it. here is a tutorial on how to do this: link
If you want to have readable code, set the $_POST[] values to a variable, and then pass them to the query, it's not different in fact but this is more easy and clean.:
<?php
$conn=mysql_connect("localhost","root","","test");
if(isset($_POST['submit']))
{
$fname = $_POST['fname'];
$designation = $_POST['designation'];
$emailid = $_POST['emailid'];
$address = $_POST['address'];
$phonenumber = $_POST['phonenumber'];
$sql="INSERT INTO registration(fname,designation,emailid,address,phonenumber)";
$sql .="VALUES('$fname', '$designation', '$emailid', '$address', '$phonenumber')";
echo $sql;
$result=mysql_query($conn,$sql);
echo $result;
}
else{
echo "Error";
}
?>
you hade a typing mistake in $_POST['emailid']...
and you can select your database with this:
mysql_select_db('your db name');
put this line after your connection variable means $conn
and this is wrong:
$result = mysql_query ($conn, $sql)
you have to set the query first:
$result = mysql_query($sql, $conn)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I'm sorry this is probably a stupid question, but I'm new to this and I couldn't find an answer on google. This code is giving me two errors:
Warning: mysql_query() expects parameter 2 to be resource, boolean given in C:\xampp\htdocs\Music Collection\submitmusic.php on line 27
Warning: mysql_error() expects parameter 1 to be resource, string given in C:\xampp\htdocs\Music Collection\submitmusic.php on line 29
Not sure how to fix this please help me.
<html>
<head>
<title> Music Collection </title>
</head>
<body>
<?php
$con = "mysql_connect ('localhost','root','','music')";
// Check Connection
if (mysql_errno())
{
echo "Failed to connect: " . mysql_error();
}
else
{
$title = $_POST['title'];
$artist = $_POST['artist'];
$album = $_POST['album'];
$location = $_POST['location'];
$media = $_POST['media'];
$sql = mysql_query("INSERT INTO entries (Title, Artist, Album, Location, Media) VALUES ('$title','$artist','$album','$location','$media')");
if (!mysql_query($con,$sql))
{
die ('Error: ' . mysql_error($con));
}
else
{
echo "record added!";
}
}
mysql_close($con);
?>
</body>
</html>
Remove the double quotes around:
$con = "mysql_connect ('localhost','root','','music')";
only use mysqli_. mysql_ is deprecated and will probably removed from php soon
your connect is false. Should look like this:
$con = mysql_connect("localhost","root","","music");
You are also calling mysql_query twice, unless you want two inserts you probably want to do something like this:
$sql = mysql_query("INSERT INTO entries (Title, Artist, Album, Location, Media) VALUES ('$title','$artist','$album','$location','$media')");
if (!sql)
...
change your statment to
$sql = mysql_query("INSERT INTO entries (Title, Artist, Album, Location, Media) VALUES ('$title','$artist','$album','$location','$media')",$con);
First remove double quote around:
$con = "mysql_connect ('localhost','root','','music')";
i.e
$con = mysql_connect ('localhost','root','','music');
And then change the following line
if (!mysql_query($con,$sql))
to
if (!mysql_query($sql,$con))
because mysql_query's first parameter needs to be sql query and second database identifier.
rest of the code is fine
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I'm trying to create a self-submitting page that will create a form for a user to fill out. The information will be stored in a MySQL database. The form seems to be working, but I can't insert the information from the form into a database for some reason. Here's what I have:
<!DOCTYPE html>
<html>
<head>
<title>MySQL Test</title>
</head>
<body>
<h1>MySQL Test</h1>
<?php
if($_SERVER["REQUEST_METHOD"] == "GET") {
?>
<form action="" method="post">
<input type="text" name="name" placeholder="Name" /><br />
<input type="submit" value="Send" />
</form>
<?php
} else if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST["name"];
$server = new PDO("mysql:dbname=test;host=localhost", "root", "root");
$server->execute("INSERT INTO test ('name') VALUES $name;");
}
?>
</body>
</html>
What should I change?
your insert should look as follows:
$name = $_POST["name"];
$server = new PDO("mysql:dbname=test;host=localhost", "root", "root");
$stmt = $server->prepare("INSERT INTO test (name) VALUES (:name)");
$stmt->bindParam(':name', $name);
$stmt->execute();
Please do your insert like this:
$name = "john";
$query = "INSERT INTO test(col) VALUES(:name);";
$statement = $server->prepare($query);
$statement->execute(array(":name" => $name));
This is called using prepared statements, it's very easy and will avoid sql-injection. You can execute multiple variables on multiple cols on your query by separating with commas after each ":col" => $colVal, but that's not needed here, just a tip.
You can do it for updates aswell.
Remember to check if your being-inserted value is empty or not.