I have some data in PHP arrays/variables ready to insert into a PostgreSQL table via an INSERT statement.
For a simple example say I have the following information:
$name= 'someName';
$time = array(1,2,3);
$elevation = array(100,200,300);
(In my real application these are double precision and potentially 1,000+ values)
I also have my postgresql table with columns "name","time","elevation"
I want to insert these in a single INSERT statement, and have been given multiple different ways to do this.
Loop and insert one data point (row) at a time.
Use unnest() on the arrays and do a single insert (fastest)
My question is can I pass a single variable name, and the un-nested arrays and have name repeated every row (ever array element), or do I need to construct a repeated array for name the equivalent count() as the other arrays?
An example statement:
*cr_query is a custom PHP pg_query wrapper we use
cr_query($conn,"INSERT INTO sometable (name,time,elevation) VALUES ({$name},{unnest($time)},{unnest($elevation)}););
This would insert into sometable:
ID name time elevation
1 someName 1 100
2 someName 2 200
3 someName 3 300
Am I correct here or do I need to do something else?
EDIT:
Lets say I also have another variable "surface". Surface can be a double value or can be NULL. So I want to insert into the table to look like so:
ID name time elevation surface
1 someName 1 100 50
2 someName 2 200 NULL
3 someName 3 300 100
In PHP, using the method perscribed by klin below an array for surface in the unnest statement would become unnest(array[50,,100]); This throws an error like so:
(Error from my real data)
ERROR: syntax error at or near "," LINE 3: ...-6,5.75E-6,5.75E-6,5.75E-6,5.75E-6]),unnest(array[,,,,,,,,,]... ^
EDIT 2:
Now that all of the "encoding" is working a new problem has popped up. Say the example column "surface" above is type double precision.
Say I am inserting an array, but for this set all of the data is null.
The essential piece is:
unnest(array[null,null,null,null,null,null,null,null,null,null])
However, this array is of type string. Add a single value to it and it becomes the type of that numeric value, but I need to be able to handle this.
My question is: How do I insert an unnested array of all null values into a double precision column? (I tried to cast ::double precision) but it's not possible.
Assuming your cr_query() function is not doing any magic things, your code is going to raise postgres syntax error. You can use unnest but you must prepare proper query text.
Try your code:
$name= 'someName';
$time = array(1,2,3);
$elevation = array(100,200,300);
echo "INSERT INTO sometable (name,time,elevation) VALUES ".
"({$name},{unnest($time)},{unnest($elevation)})"
echo: INSERT INTO sometable (name,time,elevation) VALUES (someName,{unnest(Array)},{unnest(Array)})
Obviously it is not what we want to send to postgres. How to repair this?
$name= 'someName';
$time = array(1,2,3);
$elevation = array(100,200,300);
$timestr = 'array['. implode(',', $time). ']';
$elevstr = 'array['. implode(',', $elevation). ']';
echo "INSERT INTO sometable (name,time,elevation) ".
"VALUES ('$name',unnest($timestr),unnest($elevstr));"
echo: INSERT INTO sometable (name,time,elevation) VALUES ('someName',unnest(array[1,2,3]),unnest(array[100,200,300]));
I think this is correct query. Note that I enclosed text variable '$name' in single quotes.
If you have nulls in your arrays you have to replace all empty strings to 'null' in prepared text for query.
Probably the simplest way to do it is to use str_replace().
As the conversion is getting more complicated it is handy to write a function (say "pgstr()") for that purpose.
function pgstr($array) {
$str =
str_replace('[,', '[null,',
str_replace(',]', ',null]',
'array['. implode(',', $array). ']'));
while (strpos($str, ',,') > 0) $str = str_replace(',,', ',null,', $str);
return $str;
}
$name= 'someName';
$time = array(1,2,3,4);
$elevation = array(100,null,300,null);
$surface = array(null,null,3.24,null);
$timestr = pgstr($time);
$elevstr = pgstr($elevation);
$surfstr = pgstr($surface);
echo
"INSERT INTO sometable (name,time,elevation,surface) ".
"VALUES ('$name',unnest($timestr),unnest($elevstr),unnest($surfstr));";
Related
I have an array in php containing strings, which I want to use in a query with Red Bean MySQL in the following manner:
$someString = '\'abc\',\'def\',\'ghi\'';
R::getAll("select * from table where name not in (:list)", array(':list'=> $someString));
The problem is that the list is not being evaluated correctly no matter how I set the values in the array string, and the names abc, def, ghi are returned in the result. I've tried the following:
$someString = '\'abc\',\'def\',\'ghi\''
$someString = 'abc\',\'def\',\'ghi'
$someString = 'abc,def,ghi'
running the query in the SQL server manually works and I don't get those values returned, but running it within the php code with redbean is not working, and it seems that the list is not being interpreted correctly syntax-wise.
Can anyone shed some light on the matter?
Thanks to RyanVincent's comment I managed to solve the issue using positional parameters in the query, or more specifically, the R::genSlots function.
replaced the following:
$someString = '\'abc\',\'def\',\'ghi\'';
R::getAll("select * from table where name not in (:list)", array(':list'=> $someString));
with:
$someArray = array('abc', 'def', 'ghi');
R::getAll("select * from table where name not in (". R::genSlots($someArray) .")", $someArray);
This creates a $someArray length positions for parameters in the query, which are then filled with the values in the second parameter passed to the getAll function.
Notice that in this case I used a set content array (3 variables) but it will work dynamically with any length array you will use.
Furthermore, this can also work for multiple positions in the query, for example:
$surnameArray = array('smith');
$arr1 = array('john', 'pete');
$arr2 = array('lucy', 'debra');
$mergedVarsArray = array_merge($surnameArray,$arr1);
$mergedVarsArray = array_merge($mergedVarsArray,$arr2);
R::getAll("select * from table where surname != ? and name in (." R::genSlots($arr1).") and name not in (". R::genSlots($arr2) .")", $mergedVarsArray);
This code will effectively be translated to:
select * from table where surname != 'smith' and name in ('john','pete') and name not in ('lucy', 'debra')
Each '?' placed in the query (or generated dynamically by genSlots() ) will be replaced by the correlating positioned item in the array passed as parameter to the query.
Hope this clarifies the usage to some people as I had no idea how to do this prior to the help I got here.
for some odd reason php statement work fine when i only have on item in the array but everytime i add a second one i get an error "Column count doesn't match value count at row 1" I clearly have the correct column count. please help
$form_array=implode(",",array("james","brown"));
$db_array=implode(",",array('firstname','lastname'));
$query="INSERT INTO application ($db_array)
Value('$array')";
$dbquery=mysql_query($query);
if(!$dbquery){
echo mysql_error();
}
Your values are not quoted correctly. (and you're using $array instead of $form_array).
Note $form_array after imploding = 'james,brown'.
Putting that (and $db_array) into your query string, you end up with:
$query = "INSERT INTO application (firstname, lastname) VALUE ('james,brown');
Notice "james" and "brown" are quoted together in a single string - hence column count not matching value count.
You really should use a query string escaping function on your inputs - e.g. mysql_real_escape_string:
Wrote this off the top of my head so might have a minor syntax error somewhere, but the below example should push you in the right direction:
$form_array = implode(',', array_map('mysql_real_escape_string', array('james', 'brown')));
$db_array = implode(',', array('firstname','lastname'));
$query = "INSERT INTO application ($db_array) VALUES ($form_array)";
Note you should also take some more precautions if your $db_array is provided by user input in some way.
I have stored procedure that takes an id and a string and stores the pair in a cross reference table. If my PHP receives 6 sets if id and string pairs, the PHP for-loop will execute this stored procedure six times.
If I have millions of users running this stored procedure, Is this an unnecessarily large load on my servers?
Should I instead concatenate the six strings into one delimited string and pass that larger string as one value to the stored procedure which will then split the string and enter each separate row into my table?
Sounds like you might want something like this:
$pairs = array(
42=>"Hello",
93=>"World",
// ... insert more ID => string pairs
);
// now convert to a query:
$sql = "INSERT INTO `tablename` (`id`,`string`) VALUES ";
$rows = array();
foreach($pairs as $id=>$string) {
$rows[] = "(".intval($id).",'".appropriate_escaping_function($string)."')";
}
$sql .= implode(", ",$rows);
execute_mysql_query_function($sql);
This requires only a single query to be run, regardless of how many key/value pairs you have.
Following is my code showing some error in mysql query:
<?php
$con=mysql_connect('localhost','root','');
$str=$_GET["message"];
$stor=explode(" ",$str);// converting message into array
mysql_select_db('words',$con);
for($j=0;$j<=30; $j++)
{
mysql_query($con,"UPDATE blacklist SET $stor=1 where $stor=0");//if column name=element in array then make it as 1 in database
}
mysql_close($con);
?>
Your code is vulnerable to SQL Injection. Read up on prepared statements and use PDO/MySQLi.
$stor is an array object and cant be used directly in the query. If you want to use it, try using
IN('.implode(",", $stor).')
the code above does the following:
implode() - takes an array and turns it into a comma separated string.
IN() - compares the given comma separated values and returns true if at least one of them exists.
Example (implode):
implode(",", array(1,2,3)) IS EQUAL TO "1,2,3"
Example (IN):
TestID IN (1,2,3) IS SAME AS (TestID = 1 OR TestID = 2 OR TestID = 3)
You're probably getting a mysql error because your query ends up looking like this
UPDATE blacklist SET Array=1 where Array=0;
If you're just echoing out a full array, you get Array instead, you'll need to specify an array element ($stor[1] for example).
What you'll want to do is replace your for loop with a foreach so that you can just throw out the elements one at a time.
Also, your arguments are backwards.
foreach($stor as $word)
{
mysql_query("UPDATE blacklist SET $word=1 where $word=0", $con);
}
I am trying to insert an unknown number of rows into MySQL using PHP. This is how it should work:
Javascript parses HTML DOM to create a multi-dimensional array based on a css class. The array will have a certain number of rows(or sub-arrays) corresponding to the number of elements that have that class. (This could be any integer 0 or greater... obviously).
Then, on a JavaScript event, the array is sent to a PHP script.
The PHP script will INSERT data from the array into MySQL.
My problem is that I don't know how to tell my PHP script how many values are in the array. And I don't know how to write the mysql_query() without knowing the number of values (or rows) that should be inserted.
You can insert more than one row at a time to MySQL:
INSERT INTO table1 (column1, column2, ...) VALUES (value_col1, value_col2), (value2_col1, value2_col2), ...;
In PHP, you can build your query by looping through rows and adding them to the SQL string:
$sql = "INSERT INTO table1 (col1, col2) VALUES ";
foreach($rows as $i=>$row) {
if ($i>0) {
$sql .= sprintf(",(%s,%s)", $row["col1_value"], $row["col2_value"]);
} else {
$sql .= sprintf("(%s,%s)", $row["col1_value"], $row["col2_value"]);
}
}
mysql_query($sql);
You have to be sure to properly escape your values depending upon what you're actually inserting.
Why don't you prepare a two dimensional array while searching with the css class identifier like this?
//This is jquery code - you can write javascript to do the same
$(`.class`).each(function(i,e){resultsArray.push($(this).val());});
This will save you from the headache of traversing a multidimensional array in the backend and you can simply do a count() in you PHP code and the following query preparation.
Query preparation
Assuming you have a two dimensional array you can use a bulk insert query like this:-
INSERT INTO tablename (a,b)
VALUES
('1', 'one'),
('2', 'two'),
('3', 'three')
And prepare the query dynamically using PHP like this -
$counter = 0;
$valuesPart = NULL;
foreach($_POST as $each)
{
if($counter > 0)
$appendComma = ",";
else
$appendComma ="";
$valuesPart .= $appendComma."(".$each['key1'].",".$each['key2'].")";
$counter++;
}
if(!empty($valuesPart))
$mysql_query = "INSERT INTO tablename (a,b) VALUES ".$valuesPart;
So, you don't need to know how many results are to be actually inserted.
If you stay with the multidimensional array, you will probably need to code or search for a code to traverse the multidimensional array which will probably involve recursion and a lot of complex code. There will be many chances of errors and it will be a slower (may be little but a finite amount which is not necessary).
So I assume the array is getting to PHP successfully, through $_POST or whatever? If you aren't sure then do a var_dump or echo_r so we can see.
EDIT - wow I put explode where I meant implode several times. fixed.
Assuming that it is, and that each 'sub' array is an associative array in form
[0]
'id' => 1
'name' => 'Billy'
'DOB' => .....
[1]
etc.
And the code to build a single query inserting all rows, like this INSERT INTO table ('f1','f2',f3') VALUES ('v11', 'v22', 'v33'), ('v21', 'v22', 'v23'), ......
$escapeAndQuote = function($x) {return "'".mysql_real_escape_string($x)."'";};
$rowwise = function($x) {return '('. implode(', ', array_map($escapeAndQuote, $x)) .')';
$fieldString = $rowwise(array_keys($arr[0]));
$valString = implode(', ', array_map($rowwise, $arr));
$sql = "INSERT INTO table $fieldString VALUES $valString";
mysql_query($sql, $conn);
Use a foreach loop to cycle through the array.
// Example:
foreach($submitted_array as $insert_array)
{
//php and mysql insert query here
}
Perhaps prepared statements would assist you in your endeavors. Essentially you will declare a generic insert statement and then "bind" values to each input. Read more on PHP PDO Prepared Statements.