I am having trouble getting one of my variable to be successfully inserted into my mySQL query. Here is the query string:
$strShipMethodInfo = "SELECT BAMMDD, BAYY, BAXXX, ORDNUM, SHPNUM, \"SHIPMENT METHOD\", \"SHIPMENT STATUS\" FROM SHPPMTHD WHERE BAMMDD = " . $BAMMDD . " AND BAYY = " . $BAYY . " AND BAXXX = " . $BAXXX . " AND SHPNUM = " . $arrShippingInfo[$x]['SHPNUM'] . " AND ORDNUM = '" . $ORDNUM . "' ORDER BY SHPNUM";
I am using $arrShippingInfo[$x]['SHPNUM'] in another query that is very similar, and it is putting the variable in that one. However, when I do it with this query, it comes back as blank. All the other values (BAMMDD, BAYY, BAXXX, etc.) are successfully put in, but the variable for SHPNUM does not get put in.
I have tried everything I can think of, thinking that it might be a quote in the wrong place, but I have been unsuccessful. Could anyone please help me figure this out? Thanks.
EDIT: I did a print_r on the string, and it printed twice... once with the SHPNUM correctly inserted and once with it blank. Turns out it was a logic error in the for loop I was using (I needed to run the query for each shipment in the order). < somehow got changed to <= so once I changed that it worked. Thank you everyone for your responses.
I would say there is something wrong with how you are accessing that array value, either with the $x variable, or in how you are passing in the raw array value to the string (hard to say without the rest of your code: try assigning it to $SHPNUM and putting $SHPNUM into the statement?).
Within your code try running an:
echo $x; echo $arrShippingInfo[$x]['SHPNUM'];
var_dump($arrShippingInfo);
and you should be able to find the issue.
Using dummy data with your statement and running that code through on my end as:
<?php
$BAMMDD = 'bamddd';
$BAYY = 'BAYY';
$BAXXX = 'BAXXX';
$arrShippingInfo[0]['SHPNUM'] = '54';
$ORDNUM = 555;
$x = 0;
$strShipMethodInfo = "SELECT BAMMDD, BAYY, BAXXX, ORDNUM, SHPNUM, \"SHIPMENT METHOD\", \"SHIPMENT STATUS\" FROM SHPPMTHD WHERE BAMMDD = " . $BAMMDD . " AND BAYY = " . $BAYY . " AND BAXXX = " . $BAXXX . " AND SHPNUM = " . $arrShippingInfo[$x]['SHPNUM'] . " AND ORDNUM = '" . $ORDNUM . "' ORDER BY SHPNUM";
echo "<pre>$strShipMethodInfo</pre>";
?>
Produces:
SELECT BAMMDD, BAYY, BAXXX, ORDNUM, SHPNUM, "SHIPMENT METHOD",
"SHIPMENT STATUS" FROM SHPPMTHD WHERE BAMMDD = bamddd AND BAYY = BAYY
AND BAXXX = BAXXX AND SHPNUM = 54 AND ORDNUM = '555' ORDER BY SHPNUM
$strShipMethodInfo = "SELECT BAMMDD, BAYY, BAXXX, ORDNUM, SHPNUM, \"SHIPMENT METHOD\", \"SHIPMENT STATUS\" FROM SHPPMTHD WHERE BAMMDD = '" . $BAMMDD . "' AND BAYY = '" . $BAYY . "' AND BAXXX = '" . $BAXXX . "' AND SHPNUM = '" . $arrShippingInfo[$x]['SHPNUM'] . "' AND ORDNUM = '" . $ORDNUM . "' ORDER BY SHPNUM";
Added quotes(') in the where condtion
Related
I am looking to insert a single selection into a field for multiple users. I have the following code, when the selection is made and submit is entered. I do not get an error, I get the next page with the message posted 5 times, which is how many users are not it the weekpicks table. But nothing is inserted into the DB.
<?
// This code is to use to place info into the MySQL
$sTeam1 = $_POST['sTeam1'];
// (WHERE username FROM authorize WHERE username not in ( SELECT username FROM weekpicks WHERE whatweek='$totalnoOfWeek' )" .
//$nMemberID = (integer) Query
$sql_events = mysql_query("SELECT username FROM authorize WHERE username not in ( SELECT username FROM weekpicks WHERE whatweek='$totalnoOfWeek' )") or die(mysql_error());
while ($row = mysql_fetch_array($sql_events)) {
$username = $row["username"];
("INSERT INTO weekpicks SET " . "username = '" . ($username) . "'," . "date_create = NOW(), " . "whatweek = '" . ($totalnoOfWeek) . "'," . "team = '" . addslashes($sTeam1) . "'" . 'INSERT');
echo "<HTML>
<BODY>
<h2>Your pick of " . ($sTeam1) . ", for week " . ($totalnoOfWeek) . ", has been added.</h2>
<P align=left>Return to main page</p>
</BODY>
</HTML>";
}
?>
You are creating the string for insert but you are not running it.
Fixing your code it'd be:
while ($row = mysql_fetch_array($sql_events)) {
$username = $row["username"];
mysql_query("INSERT INTO weekpicks SET " . "username = '" . ($username) . "'," . "date_create = NOW(), " . "whatweek = '" . ($totalnoOfWeek) . "'," . "team = '" . addslashes($sTeam1) . "'");
//echo ...
}
Fixing the string syntax you could do this, which looks nicer. Also using mysql_real_escape_string() instead of addslashes(), since addslashes is not as safe as mysql's native function for php.
$sTeam1 = mysql_real_escape_string($sTeam1);
mysql_query("INSERT INTO weekpicks SET username = '$username', date_create = NOW(), whatweek = '$totalnoOfWeek', team = '$sTeam1');
Another thing I must tell you:
Stop using mysql_*, use mysqli_* instead.
mysql_ was removed from PHP7 and deprecated after PHP 5.5
It's not as safe as mysqli_, so consider improving your code to the new model.
Follow this guide in order to change your code properly.
I have the following script that retrieve numbers from 2 tables, make a sum, and the value is updated into a 3th table.
$query = "SELECT (SELECT SUM(net_amount) FROM fin_costos WHERE month='1' AND group_of_costos='general' AND year_analysis='2014' ) +
(SELECT SUM(net_amount) FROM em2_fin_costs WHERE month='1' AND group_of_costos='general' AND year_analysis='2014') AS total";
$result = mysqli_query($mysqli,$query);
while($row = mysqli_fetch_array($result)){$valor_final = $row['total']; }
$query_update="UPDATE fusion_analysis SET jan='$valor_final' WHERE year_for_analysis='2014' AND item_for_analysis='general' AND category='general'";
$result = mysqli_query($mysqli,$query_update);
I need to run the same script for each month of the year. Everything is exaclty the same except the variable 'month' that changes from 1 to 12 and the SET in UPDATE where the value is uploaded for each month ('jan','feb', 'mar'...etc)
I'm currently just copying and pasting the same script changing this few parameters but I believe there is a smarter way to do this in less lines of code I have
See date function of PHP:
$query = "SELECT (SELECT SUM(net_amount)"
. " FROM fin_costos"
. " WHERE month='".date('n')."'"
." AND group_of_costos='general' AND year_analysis='".date("Y")."' ) +"
."(SELECT SUM(net_amount) FROM em2_fin_costs WHERE month='".date('n')."'"
. " AND group_of_costos='general' AND year_analysis='".date("Y")."') AS total";
$query_update="UPDATE fusion_analysis"
. " SET `". strtolower(date('M'))."`='$valor_final'"
. " WHERE year_for_analysis='".date("Y")."'"
. " AND item_for_analysis='general'"
. " AND category='general'";
NOTE:
Y - A full numeric representation of a year, 4 digits like 2014
n - Numeric representation of a month, without leading zeros 1 - 12
M - A short textual representation of a month, three letters Jan through Dec
For month as short textual I've used the strtolower function to make it lowercase.
UPDATE
Based on OP comment:
for ($i = 1; $i <= 12; $i++) {
$query = "SELECT (SELECT SUM(net_amount)"
. " FROM fin_costos"
. " WHERE month='" . $i . "'"
. " AND group_of_costos='general' AND year_analysis='" . date("Y") . "' ) +"
. "(SELECT SUM(net_amount) FROM em2_fin_costs WHERE month='" . $i . "'"
. " AND group_of_costos='general' AND year_analysis='" . date("Y") . "') AS total";
$result = mysqli_query($mysqli, $query);
$row = mysqli_fetch_assoc($result);
$valor_final = $row['total'];
$monthName = strtolower(date('M', strtotime(date("Y") . "-" . str_pad($month,2, "0", STR_PAD_LEFT) . "-" . date("01") )));
$query_update = "UPDATE fusion_analysis"
. " SET `" . $monthName . "`=' " . $valor_final . "'"
. " WHERE year_for_analysis='" . date("Y") . "'"
. " AND item_for_analysis='general'"
. " AND category='general'";
mysqli_query($mysqli, $query_update);
}
I have a problem with the condition 'where'.
I want one more condition in this code:
$sql="UPDATE
coursegrade
SET
FirstExam='" . mysql_real_escape_string($_POST['FirstExam']) . "',
SecondExam='" . mysql_real_escape_string($_POST['SecondExam']) . "',
ThirdExam='" . mysql_real_escape_string($_POST['ThirdExam']) . "',
Assignments='" . mysql_real_escape_string($_POST['Assignments']) . "',
FinalExam='" . mysql_real_escape_string($_POST['FinalExam']) . "'
WHERE
SID=" . mysql_real_escape_string($_POST['SID']) ;
Tell now I have no problem .. but the problem is that I don't know how to set the second condition.
CourseID=" . mysql_real_escape_string($_POST['CourseID'])
I want the condition to be something like...
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
How could I do it?
Unless you use heredoc syntax php will parse strings on a single line.
ie the rendered clause is:
"WHERE SID=19AND CourseID=45"
Basically you missed a space before
"AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or you could put quotes around the values
"SID='" . mysql_real_escape_string($_POST['SID']) . "'
AND CourseID='" . mysql_real_escape_string($_POST['CourseID'])."'"
This is may help
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
OR CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or
WHERE
SID in (
mysql_real_escape_string($_POST['SID']),
mysql_real_escape_string($_POST['CourseID'])
)
its will work for INT value of SID and CourseID
You can try this, and let me know if there is error message
$sql="UPDATE coursegrade
SET
FirstExam = '" . mysql_real_escape_string($_POST[' FirstExam ']) . "',
SecondExam = '" . mysql_real_escape_string($_POST[' SecondExam ']) . "',
ThirdExam = '" . mysql_real_escape_string($_POST[' ThirdExam ']) . "',
Assignments = '" . mysql_real_escape_string($_POST[' Assignments ']) . "',
FinalExam = '" . mysql_real_escape_string($_POST[' FinalExam ']) . "'
WHERE
SID = ". mysql_real_escape_string($_POST['SID'])."
AND
CourseID = " . mysql_real_escape_string($_POST['CourseID']) .";
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating SET NumberOfSeats = " . $removeSeatingNumber . " WHERE DATE = " . $revertToStandardDate);
In the code above I am trying to update the value within the MYSQL table.
When I echo the variables they show the data I am expecting, however the database is not being updated.
There is no error being returned either.
What are other possibilities for the sql not to update properly??
This will work:
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating
SET NumberOfSeats = '" . $removeSeatingNumber . "'
WHERE DATE = '" . $revertToStandardDate . "'");
Long form:
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating SET NumberOfSeats = '" . $removeSeatingNumber . "' WHERE DATE = '" . $revertToStandardDate . "'");
The variables need to be inside double quotes including single quotes
I.e.: '" . $removeSeatingNumber . "' WHERE DATE = '" . $revertToStandardDate . "'
-------^ --------------------------------------------^ -----------------------^ ----------------------------------------------^
Add apostrophes around your column values.
I'm trying to update two rows in my database using a query (which is going to be run from a PHP script) and there is just one Condition (WHERE). What I've tried is:
$sql = 'UPDATE ' . CANNED_MESSAGES . "
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "'" ;
$db->sql_query($sql);
Can you tell me whats wrong with my query? :)
This may be due to Quotes mismatch. Please use this
$sql = "UPDATE '" . CANNED_MESSAGES ."'
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "' " ;
I highly doubt that two rows can have the same id column. Do they? If not, how could you update 2 rows by specifying a condition on a column with such a constraint?