I'm using the p4a application framework, i need to insert rows into my database via fields that i have made previously, when the user presses submit, the database should update and thus other new rows should be able to to made etc.
I'm struggling to find how to input the data into the database, i can easily do it through putting the values into the sql statement but this is completely alien to me,
The code is:
public function submit()
{
$location = $this->location->getNewValue();
$date = $this->date->getNewValue();
$merono = $this->merono->getNewValue();
$sql = $db->query("INSERT INTO 'meetingrooms'(location, date, merono)
VALUES
($location, $date, $merono)");
p4a_db::singleton()->newRow($sql, array($location));
$this->load();
location, date and merono are all set in the fields i have created before this function and it should work as i have previously done the same for a login page, so i know the first section should be getting the variables. and as i have accessed the db previously i know that it is connecting, so it must be to do with the MySQL statement.
Thanks,
Steve.
on your query, i found out that you are enclosing the table name with single quote, if you want to escape tableName or columnName use backtick instead,
INSERT INTO `meetingrooms`(location, date, merono)
VALUES ($location, $date, $merono)
but since your tableName is not a reserved word or contains any invalid characters, you can get rid of the backtick.
If you are inserting values on the table which are not numeric, wrap it with single quotes,
INSERT INTO meetingrooms (location, date, merono)
VALUES ('$location', '$date', '$merono')
I finally managed to figure it out (even though this question was only active for a few mins XD)
the SQL statement was wrong for a start (Thanks to John Woo for the help (y)) now the statement goes:
query("INSERT INTO meetingrooms(location, date, merono)
VALUES
('$location', '$date', '$merono')");
this successful statement allows for the variables placed into $location $date and $merono to be inserted into the table plus the extra addition to the start of the statement
goes as:
p4a_db::singleton()->
this calls the P4A database extension which in this pop-up class i have made, is not accessible,
so the full function now goes:-
public function submit()
{
$location = $this->AreaName->getNewValue();
$date = $this->date->getNewValue();
$merono = $this->merono->getNewValue();
p4a_db::singleton()->query("INSERT INTO meetingrooms(location, date, merono)
VALUES
('$location', '$date', '$merono')");
Thanks for the help,
Steve.
Related
Code below adds date in correct format but hours/minutes/seconds are inserted as 00:00:00.
$timestamp[] = 'date("2017-12-31 21:01:50")';
$i because I have this inside a a loop.
$sql = "INSERT INTO posts (post_id, username, content, timestamp, likes)
VALUES ('$post_id[$i]', '$username[$i]', '$content[$i]', $timestamp[$i],
'$likes[$i]')";
Result:
MySQL's date function returns a date without a time portion, which is why it's getting truncated to midnight.
You should be able to ignore the call to date entirely, and just pass the raw string - it's already in a format that MySQL will understand:
$timestamp[] = '2017-12-31 21:01:50';
$sql = "INSERT INTO posts (post_id, username, content, timestamp, likes)
VALUES ('$post_id[$i]', '$username[$i]', '$content[$i]', '$timestamp[$i]', '$likes[$i]')";
(Note the added quotes around the $timestamp variable)
You should also look into using prepared statements, rather than building up your SQL string manually. It'd be both a security and readability benefit.
I've been fighting with a bit of code for a week now, not seeing what the heck is wrong...
I have a gaming site I'm trying to build new character sheets for, the form is all done, the action pointing to another page that is strictly the sql for inserting the information into the database. We have good connection, but it is hanging at the second insert statement. The code was working previously, but we had to delete the database and rebuild it, resulting in a rebuild of the insert sql lines.
The first portion of the insert code is:
if($_POST['Submit']=="Submit")
{
$sql="INSERT INTO accounts (log_name,owner,account_type,date_joined) VALUES (\"$_POST[char_name]\",\"$_SESSION[logname]\",\"$_POST[account_type]\",NOW())";
$result = mysql_query($sql)
or die("<p>Couldn't add character.<br/>".mysql_error()." in accounts.<br/>Please send this exact message to <a href='mailto:savvannis#houston-by-night.com'>Savvannis</a> with your character's name.</p>");
echo $result;
echo $_SESSION['logname'];
$sql="INSERT INTO topdata (log_name,char_venue,sub_venue,species,char_name,create_date,gender,age,appage,nature,demeanor,concept,description,web_site,view_pword,sfa) VALUES (\"$_SESSION[logname]\",\"$_POST[char_venue]\",\"$_POST[sub_venue]\",\"$_POST[species]\",\"$_POST[char_name]\",NOW(),\"$_POST[gender]\",\"$_POST[age]\",\"$_POST[appage]\",\"$_POST[nature]\",\"$_POST[demeanor]\",\"$_POST[concept]\",\"$_POST[description]\",\"$_POST[web_site]\"\"$_POST[viewpw]\",\"$_POST[sfa]\")";
$result=mysql_query($sql)
or die ("<p>Could not create character.<br/>".mysql_error()." in topdata.<br/>Please send this exact message to <a href='mailto:savvannis#houston-by-night.com'>Savvannis</a> with your character's name.</p>");
echo $result;
When the information is entered into the form and submit is hit, I get the following:
1
Could not create character.
Column count doesn't match value count at row 1 in topdata.
Please send this exact message to Savvannis with your character's name.
I look at the database and the information is entered into the accounts table, so that statement is working, but it is hanging up on the topdata table. It's not echoing the $_SESSION['logname'] and looking at the database, it's not saving the owner, which should be $_SESSION['logname'], so I'm wondering if that statement is now somehow incorrect??
I can't figure out what the heck is wrong. Any and all help would be greatly appreciated.
You have missed a comma here: \"$_POST[web_site]\"\"$_POST[viewpw]\" in your second insert SQL.
It should be \"$_POST[web_site]\", \"$_POST[viewpw]\"
First off the error message is telling you that there is an unequal number of columns and values in your SQL
Lets have a look at that
INSERT INTO topdata (
log_name,
char_venue,
sub_venue,
species,
char_name,
create_date,
gender,
age,
appage,
nature,
demeanor,
concept,
description,
web_site,
view_pword,
sfa
) VALUES (
\"$_SESSION[logname]\",
\"$_POST[char_venue]\",
\"$_POST[sub_venue]\",
\"$_POST[species]\",
\"$_POST[char_name]\",
NOW(),
\"$_POST[gender]\",
\"$_POST[age]\",
\"$_POST[appage]\",
\"$_POST[nature]\",
\"$_POST[demeanor]\",
\"$_POST[concept]\",
\"$_POST[description]\",
\"$_POST[web_site]\"\"$_POST[viewpw]\",
\"$_POST[sfa]\"
)";
Now by formatting your SQL (which is vulnerable to sql injection) I've noticed a missing comma between web_site and viewpw values
I want to insert the data into postgresql database which includes radio button and dropdwn box. I tried 3 different insert queries.
1)
$query = sprintf("INSERT INTO onf VALUES('%s','%s','%s','%s','%s','%s','%d')",$_REQUEST['title'],$_REQUEST['name'],$_REQUEST['district'],$_REQUEST['rurban'],$_REQUEST['taluk'],$_REQUEST['village'],$_REQUEST['wardno']);
2)
$qry="INSERT INTO onf(title, name, district,rurban,taluk,village,wardno) VALUES ('$tile', '$name', '$district','$rurban','$taluk','$village','$wardno')";
3)
$qy="INSERT INTO onf(title, name, district,rurban,taluk,village,wardno) VALUES (('$_POST[title]','gen','$_POST[gen]),'$_POST[name]','$_POST[district]','$_POST[rurban]','$_POST[taluk]','$_POST[village]','$_POST[wardno]')";
$res = pg_query($db,$qy);
My problem is in 1st query oly name alone gets inserted and in 2nd , 3rd no record gets inserted. Y dropdown nd radio button is not inserting into database?
Tanx in advance..
May just be because neither of those 3 is proper PHP code.
Query 1:
Don't use $_REQUEST. Use $_POST.
Query 2:
Unless you have register_globals turned on, which I SERIOUSLY hope you don't, your vars ($tile, $name, etc.) will not contain the information submitted by the form. Again, you want to use $_POST.
Query 3:
Your variables aren't properly escaped. Generally, I recommend not embedding variables into double-quoted strings if you don't quite have a grasp on string concatenation in PHP. Use single-quoted strings and build them by breaking the string and concatenating with ..
Now, I feel like your second query is the closest to what you want, so try this:
$qry = '
INSERT INTO onf (
title,
name,
district,
rurban,
taluk,
village,
wardno
) VALUES (
"'.$_POST['tile'].'",
"'.$_POST['name'].'",
"'.$_POST['district'].'",
"'.$_POST['rurban'].'",
"'.$_POST['taluk'].'",
"'.$_POST['village'].'",
"'.$_POST['wardno'].'"
);
';
I have a form where the user can insert up to five line items for an invoice. The easiest way for me to do this is to just do five inserts and do a isset check before each query. However, the problem is if I try to run the two queries one after another only the first one inserts the data. I know I can combine them into one PDO query (and that does in fact work), but it does not suit my needs. The second query does not insert.
// Connect to the database
$conn = new PDO("mysql:host=$DB_HOST;dbname=$DB_DATABASE",$DB_USER,$DB_PASSWORD);
//Set all the data here
$receiptid = $_POST['receiptid'];
// .. the rest of the POST data gets set here.
//Insert first line item
$sql = "INSERT INTO lineitems (receiptid, service, description, quantity, unitprice, linetotal)
VALUES (:receiptid, :service, :description, :quantity, :unitprice, :linetotal)";
$q = $conn->prepare($sql);
$q->execute(array(':receiptid'=>$receiptid,
':service'=>$service,
':description'=>$description,
':quantity'=>$quantity,
':unitprice'=>$unitprice,
':linetotal'=>$linetotal));
//Insert second line item
$sql = "INSERT INTO lineitems (receiptid, service2, description2, quantity2, unitprice2, linetotal2)
VALUES (:receiptid, :service2, :description2, :quantity2, :unitprice2, :linetotal2)";
$q = $conn->prepare($sql);
$q->execute(array(':receiptid'=>$receiptid,
':service2'=>$service2,
':description2'=>$description2,
':quantity2'=>$quantity2,
':unitprice2'=>$unitprice2,
':linetotal2'=>$linetotal2));
Does your table really have different columns for each entered lineitem number (i.e. service2, descriptions2, etc.)?
Perhaps you need to change the field names in your second insert to match those in the first.
If you were handling cases where you did not get expected query result properly (i.e. checking your execution results and looking at the errors if something fails, You would be able to get to the source of the problem in a hurry.)
I am having a very strange problem inserting values into my mysql database, using php, so i was running a test, the simplest of the simple insert; the following doesnt work:
<?php
include("config.php"); // put the *FULL* path to the file.
mysql_query("INSERT INTO 'lms'.'test2' ('trn') VALUES ('17')");
?>
However the following works:(Note the difference in single quotes)
<?php
include("config.php"); // put the *FULL* path to the file.
mysql_query("INSERT INTO `lms`.`test2` (`trn`) VALUES ('17')");
?>
I really can't see what the problem is could I get sum assistance please
You don't need to encapsulate tables within a query unless they have space or they are reserved words.
INSERT INTO 'lms'.'test2' ('trn') VALUES ('17')
// This makes no real sense to the db. It should be:
INSERT INTO lms.test2 (trn) VALUES ('17')
If the column trn accepts numbers, it really should be:
INSERT INTO lms.test2 (trn) VALUES (17)
With MySQL, you can use the tilted quote character to encapsulate names, but not strings. To enter a string in the query you will have to use normal quotes like '.
You can to this:
select `someTable`.`someColumn` from `someTable`
but not this:
select someTable.someColumn from someTable where myName=`Tommy`;
The correct use would be:
select someTable.someColumn from someTable where myName='Tommy';