This is going to be an easy one for you but I'm a noob so I need help.
Here is my code, for whatever reason the else statement isn't executing. If I change the NULL value for a $variable = NULL it works, but enters an empty string into my database rather than the NULL value. Can anyone help with why?
if (isset($_POST['agreeto']))
{
$enter_feedback = "INSERT INTO feedback" . //(initial, surname, country_id, date, friend_score, return_score, service_score, comments)
" VALUES('" . $initial. "', '" . $lastname . "', '" . $country_id . "', NOW(), '" . $friend . "', '" . $return . "', '" . $service . "', '" . $_POST['comments'] . "')";
}else
{
$enter_feedback = "INSERT INTO feedback" . //(initial, surname, country_id, date, friend_score, return_score, service_score, comments)
" VALUES('" . $initial. "', '" . $lastname . "', '" . $country_id . "', NOW(), '" . $friend . "', '" . $return . "', '" . $service . "', " . NULL . ")" or die("couldn't execute my query");
}
MySQL requires the string=NULL and you are passing it the value of the php NULL constant.
if (isset($_POST['agreeto']))
{
$enter_feedback = "INSERT INTO feedback" . //(initial, surname, country_id, date, friend_score, return_score, service_score, comments)
" VALUES('" . $initial. "', '" . $lastname . "', '" . $country_id . "', NOW(), '" . $friend . "', '" . $return . "', '" . $service . "', '" . $_POST['comments'] . "')";
}else
{
$enter_feedback = "INSERT INTO feedback" . //(initial, surname, country_id, date, friend_score, return_score, service_score, comments)
" VALUES('" . $initial. "', '" . $lastname . "', '" . $country_id . "', NOW(), '" . $friend . "', '" . $return . "', '" . $service . "',NULL)" or die("couldn't execute my query");
}
This should work as expected.
Try set the column to int, if this does not work.
INSERT INTO table (val1, val2) VALUES('String Value', NULL);
or set default column value to NULL.
A NULL value can not be enclosed in 'apostrophes'
Think about how you will get the SQL:
INSERT INTO table_name VALUES ('null','');?
The database may understand as a string
Just replace the 'NULL' value with NULL without the quotes.
$enter_feedback = "INSERT INTO feedback" . //(initial, surname, country_id, date, friend_score, return_score, service_score, comments)
" VALUES('" . $initial. "', '" . $lastname . "', '" . $country_id . "', NOW(), '" . $friend . "', '" . $return . "', '" . $service . "', NULL) " or die("couldn't execute my query");
Once you do that and save the record you will see NULL in the database column for that field when you browse via PHPMYADMIN. Please make sure that the field in question "comments" allows NULL.
Related
$query = "Insert Into dbo_dailyline (Entry_date, Work_Center, Shift_Length, Number_Sewers, Deduct_Hours, Garment_Type, Other, Quantity, Notes)
values ('" .$Entry_Date. "', '" . $Shift_Length . "', '" .$Coats . "', '" . $Number_Sewers . "', '" . $Deduct_Hours . "', '" . $Garment_Type . "' , '" . $Garment_Type . "', '" . $Other . "', '" . $Quantity . "', '" . $Notes . "')";
error Column count doesn't match value count at row 1
You have two time $Garment_Type remove one
$query = "Insert Into dbo_dailyline (
Entry_date
, Work_Center
, Shift_Length
, Number_Sewers
, Deduct_Hours
, Garment_Type
, Other
, Quantity
, Notes)
values ('" .
$Entry_Date. "', '" .
$Shift_Length . "', '" .
$Coats . "', '" .
$Number_Sewers . "', '" .
$Deduct_Hours . "', '" .
$Garment_Type . "' , '" .
$Other . "', '" .
$Quantity . "', '" .
$Notes . "')";
$sql = "INSERT INTO `employee_master` ( em_first_name, em_middle_name, em_last_name, em_gender, em_DOB, em_DOJ, em_mobile_no, em_alternate_mobile_no, em_landline_no, em_permanent_address, em_corresponding_address, em_email_id ) VALUES(
'" . $params["txtFirstName"] . "',
'" . $params["txtMiddleName"] . "',
'" . $params["txtLastName"] . "',
'" . $params["selGender"] . "',
'" . $params["txtDOB"] . "',
'" . $params["txtDOJ"] . "',
'" . $params["txtMobileNo"] . "',
'" . $params["txtAlternateMobileNo"] . "',
'" . $params["txtLandlineNo"] . "',
'" . $params["txtPermanentAddressTextarea"] . "',
'" . $params["txtCorrespondingAddressTextarea"] . "',
'" . $params["txtEmailID"] . "'); ";
//echo $sql;
echo $result = mysqli_query($this->conn, $sql) or die("Error to insert User.");
}
($('#selReligion').val() == -1 ) ? " " : $('#selReligion').val(),
Here I want to use Conditional operator.
Right Now..if selGender is null that It inserts -1
but i want to insert 0 or null
Use the ternary operator. It will insert the 0 instead of -1, as you require.
if $params["selGender"] will not be null then it will insert the value otherwise 0. and you can change the condition in that according to your need.
'" . (!empty($params["selGender"])) ? $params["selGender"] : 0 . "',
EDITED:
Other way to achieve this is:
Take a variable:
$selGender = '0';
if(!empty($params["selGender"]))
$selGender = $params["selGender"];
And then use this variable:
'" . $selGender . "',
I've got a syntax error in the following code, but I can't find it:
$tableSelect = $_POST["tableSelect"];
$companyName = $_POST["companyName"];
$telephone = $_POST["telephone"];
$fax = $_POST["fax"];
$email = $_POST["email"];
$address = $_POST["address"];
$postcode = $_POST["postcode"];
$category = $_POST["category"];
$contact = $_POST["contact"];
$contactTel = $_POST["contactTel"];
$contactEmail = $_POST["contactEmail"];
$sql = "INSERT INTO '" . $tableSelect . "' ('" . $companyName . "', '" . $telephone . "', '"
. $fax . "', '" . $email . "', '" . $address . "','" . $postcode . "', '" . $category . "',
'" . $contact . "', '" . $contactTel . "', '" . $contactEmail . "')";
mysqli_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
Cheers!
EDIT: I have modified the code to this:
$sql = "INSERT INTO `" . $tableSelect . "` (name, telephone, fax, email, address, postcode, category,
contact, contactTel, contactEmail) VALUES (`" . $companyName . "`, `" . $telephone . "`, `"
. $fax . "`, `" . $email . "`, `" . $address . "`,`" . $postcode . "`, `" . $category . "`,
`" . $contact . "`, `" . $contactTel . "`, `" . $contactEmail . "`)";
and now have the error "Error: Unknown column [companyName] in 'field list'", where [companyName] is the value submitted through the form. But surely I've defined the column as "name"?
Edit 2: Thanks, I'm now aware of the injection issue. I'd like to get it working, then I'll change it to using prepared statements.
You need either a values statement or a select statement:
"INSERT INTO '" . $tableSelect . "' VALUES ('" . $companyName . "', '" . $telephone . "', '"
. $fax . "', '" . $email . "', '" . $address . "','" . $postcode . "', '" . $category . "',
'" . $contact . "', '" . $contactTel . "', '" . $contactEmail . "')";
However, I would also recommend that you include the column names in the insert statement:
"INSERT INTO '" . $tableSelect ."(companyname, telephone, fax, email, address, postcode, category, contact, contactTel, contactEmail) ".
"' VALUES ('" . $companyName . "', '" . $telephone . "', '"
. $fax . "', '" . $email . "', '" . $address . "','" . $postcode . "', '" . $category . "',
'" . $contact . "', '" . $contactTel . "', '" . $contactEmail . "')";
I'm not sure if those are the correct names.
Ignoring injection issues...
$sql = "
INSERT INTO $tableSelect
(name
,telephone
,fax
,email
,address
,postcode
,category
,contact
,contactTel
,contactEmail
) VALUES
('$companyName'
,'$telephone'
,'$fax'
,'$email'
,'$address'
,'$postcode'
,'$category'
,'$contact'
,'$contactTel'
,'$contactEmail'
);
";
Incidentally, in my (limited) experience, the practice of calling the variable (e.g. '$companyName') and the column (e.g. name) two (slightly) different things can get very confusing.
Use backquotes: ` instead of straight quotes when quoting table names:
instead of:
'" . $companyName . "'
this:
`" . $companyName . "`
Use prepared statements instead of putting the variables into the query directly. And check, that the tables names are correct, cause now you are open to SQL injection.
How can I prevent SQL injection in PHP?
please check insert query syntax
you are missing values in your program:
Follow the below Syntax:
INSERT INTO table_name (column1, column2, column3,...)
VALUES (value1, value2, value3,...)
try query like this
$query="insert into abc (a,b,c) values ('a','b','c')
and first check your all variables using isset()
Please try below query:
$sql = "INSERT INTO $tableSelect ('" . $companyName."', '".$telephone."',
'".$fax."', '".$email."', '".$address."', '".$postcode."', '".$category."',
'".$contact."', '".$contactTel."', '".$contactEmail."')";
If still getting error, then you should use mysql_real_escape_string() function.
Data may contain special characters.
Can you tell me what is wrong with this query? I just can't find the error, this is driving me insane.
<?php
$query = "INSERT INTO atable (fortlaufend, vorname, nachname, land, email, caption1, caption2, caption3, caption4, caption5, datum)
VALUES (NULL,
" . mysql_real_escape_string($_POST[vorname]) . ",
" . mysql_real_escape_string($_POST[nachname]) . ",
" . mysql_real_escape_string($_POST[land]) . ",
" . mysql_real_escape_string($_POST[email]) . ",
" . mysql_real_escape_string($_POST[caption1]) . ",
" . mysql_real_escape_string($_POST[caption2]) . ",
" . mysql_real_escape_string($_POST[caption3]) . ",
" . mysql_real_escape_string($_POST[caption4]) . ",
" . mysql_real_escape_string($_POST[caption5]) . ",
CURRENT_TIMESTAMP)";
?>
'fortlaufend' is the primary index with AUTO_INCREMENT. The mysql_error is
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name, last name, country, email, What makes this photo special to you?, Wha' at line 3
Thank you!
You need single quotes for non-integer values.
<?php
$query = "INSERT INTO atable (fortlaufend, vorname, nachname, land, email, caption1, caption2, caption3, caption4, caption5, datum)
VALUES (NULL,
'" . mysql_real_escape_string($_POST[vorname]) . "',
'" . mysql_real_escape_string($_POST[nachname]) . "',
'" . mysql_real_escape_string($_POST[land]) . "',
'" . mysql_real_escape_string($_POST[email]) . "',
'" . mysql_real_escape_string($_POST[caption1]) . "',
'" . mysql_real_escape_string($_POST[caption2]) . "',
'" . mysql_real_escape_string($_POST[caption3]) . "',
'" . mysql_real_escape_string($_POST[caption4]) . "',
'" . mysql_real_escape_string($_POST[caption5]) . "',
CURRENT_TIMESTAMP)";
?>
You havent use quotes in your query.
<?php
$query = "INSERT INTO atable (fortlaufend, vorname, nachname, land, email, caption1, caption2, caption3, caption4, caption5, datum)
VALUES (NULL,
'" . mysql_real_escape_string($_POST[vorname]) . "',
'" . mysql_real_escape_string($_POST[nachname]) . "',
'" . mysql_real_escape_string($_POST[land]) . "',
'" . mysql_real_escape_string($_POST[email]) . "',
'" . mysql_real_escape_string($_POST[caption1]) . "',
'" . mysql_real_escape_string($_POST[caption2]) . "',
'" . mysql_real_escape_string($_POST[caption3]) . "',
'" . mysql_real_escape_string($_POST[caption4]) . "',
'" . mysql_real_escape_string($_POST[caption5]) . "',
CURRENT_TIMESTAMP)";
?>
I am able to retrieve data from a website(Nestoria) and store into my PostGIS database. However not every individual result that is returned have latitude and longitude values and as such they are not stored into the database. I tried using (pg_escape_string) so that it can return null values as double quotes(") but it didn't work. The field type of my lat and long columns in the database is "double precision".
This is a sample output of the error: ("Warning: pg_query() [function.pg-query]: Query failed: ERROR: invalid input syntax for type double precision: "" LINE 1: ...droom garden flat set in a period building with...', '', '') ^ in C:\XAMMP...\database.php on line 12")
Please see the code below for retrieving the data:
<?php
$url = ("http://api.nestoria.co.uk/api?action=search_listings¢re_point=51.5424,-0.1734,2km&listing_type=rent&property_type=all&price_min=min&price_max=max&bedroom_min=0&bedroom_max=0&number_of_results=50&has_photo=1&page=4");
$xml = simplexml_load_file($url);
foreach ($xml->response->listings as $entry) {
echo $entry->attributes()->title;
echo $entry->attributes()->bathroom_number;
echo $entry->attributes()->bedroom_number;
echo $entry->attributes()->datasource_name;
echo $entry->attributes()->guid;
echo $entry->attributes()->img_url;
echo $entry->attributes()->keywords;
echo $entry->attributes()->lister_name;
echo $entry->attributes()->listing_type;
echo $entry->attributes()->price;
echo $entry->attributes()->price_type;
echo $entry->attributes()->property_type;
echo $entry->attributes()->summary;
echo $entry->attributes()->latitude;
echo $entry->attributes()->longitude;
// Process XML file
}
?>
Find below the code to store values into database:
<?php
require 'nestoriauk.php';
// Opens a connection to a PostgresSQL server
$connection = pg_connect("dbname=postgis user=postgres password=xxxx");
// Execute query
foreach ($xml->response->listings as $entry) {
$query = "INSERT INTO nestoriaphp(title, bathroom, bedroom, datasource, guid, image, keywords, lister, listype, price, pricetype, property_type, summary, latitude, longitude) VALUES ('" . pg_escape_string($entry->attributes()->title) . "', '" . pg_escape_string($entry->attributes()->bathroom_number) . "', '" . pg_escape_string($entry->attributes()->bedroom_number) . "', '" . pg_escape_string($entry->attributes()->datasource_name) . "', '" . pg_escape_string($entry->attributes()->guid) ."', '" . pg_escape_string($entry->attributes()->img_url) . "', '" . pg_escape_string($entry->attributes()->keywords) . "', '" . pg_escape_string($entry->attributes()->lister_name) . "', '" . pg_escape_string($entry->attributes()->listing_type) . "', '" . pg_escape_string($entry->attributes()->price) . "', '" . pg_escape_string($entry->attributes()->price_type) . "', '" . pg_escape_string($entry->attributes()->property_type) ."', '" . pg_escape_string($entry->attributes()->summary) . "', '" . pg_escape_string($entry->attributes()->latitude) . "', '" . pg_escape_string($entry->attributes()->longitude) . "')";
$result = pg_query($query);
printf ("These values are inserted into the database - %s %s %s", $entry->attributes()->title, $entry->attributes()->bathroom_number, $entry->attributes()->bedroom_number, $entry->attributes()->datasource_name, $entry->attributes()->guid, $entry->attributes()->img_url, $entry->attributes()->keywords, $entry->attributes()->lister_name, $entry->attributes()->listing_type, $entry->attributes()->price, $entry->attributes()->price_type, $entry->attributes()->property_type, $entry->attributes()->summary, $entry->attributes()->latitude, $entry->attributes()->longitude);
}
pg_close();
?>
Yemi
If a POI has no lat-lon, which value it has? empty string?
assuming that an empty string is returned when there is no lat-lon.
$lon = "NULL";
if($entry->attributes()->longitude != "")
$lon = "'".$entry->attributes()->longitude."'";
$lat = "NULL";
if($entry->attributes()->latitude != "")
$lat = "'".$entry->attributes()->latitude."'";
so query looks like this:
$query = "INSERT INTO nestoriaphp(title, bathroom, bedroom, datasource, guid, image, keywords, lister, listype, price, pricetype, property_type, summary, latitude, longitude) VALUES ('" . pg_escape_string($entry->attributes()->title) . "', '" . pg_escape_string($entry->attributes()->bathroom_number) . "', '" . pg_escape_string($entry->attributes()->bedroom_number) . "', '" . pg_escape_string($entry->attributes()->datasource_name) . "', '" . pg_escape_string($entry->attributes()->guid) ."', '" . pg_escape_string($entry->attributes()->img_url) . "', '" . pg_escape_string($entry->attributes()->keywords) . "', '" . pg_escape_string($entry->attributes()->lister_name) . "', '" . pg_escape_string($entry->attributes()->listing_type) . "', '" . pg_escape_string($entry->attributes()->price) . "', '" . pg_escape_string($entry->attributes()->price_type) . "', '" . pg_escape_string($entry->attributes()->property_type) ."', '" . pg_escape_string($entry->attributes()->summary) . "', " . $lat . ", " . $lon . ")";
Note that the NULL value has no '' in sql.