I'm trying to update the database using the ajax, but getting some error below error if if see in the console.
INSERT INTO customers(customerName,contactLastName,contactFirstName, phone, addressLine1,addressLine2, city, state, postalCode,country,salesRepEmployeeNumber,creditLimit) VALUES (,,,, ,,,,,,,)
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,, ,,,,,,,)' at line 1
I have hilighted the JS code which contains the prototype ajax code and then the php code which contains the insert details
can you guys help me out in this issue
My site link
http://localhost/fashionsite/customer.php
my js codeenter code here
$('submit_btn').observe('click', function(ev) {
$('customerdetails').request({
method: 'get',
onFailure: function() {
alert("failed");
},
onComplete: function(details){
console.log(details.responseText);
//alert("inserted success fully");
//$("content_updated").update(details.responseText);
}
});
ev.preventDefault();
});
my php code
<?php
include 'config.php';
include 'opendb.php';
//$sNO = $_POST["sNO"];
//$customerNumber = $_POST["customerNumber"];
$customerNames = $_POST["customerName"];
$contactLastName = $_POST["contactLastName"];
$contactFirstName = $_POST["contactFirstName"];
$phone = $_POST["phone"];
$addressLine1 = $_POST["addressLine1"];
$addressLine2 = $_POST["addressLine2"];
$city = $_POST["city"];
$state = $_POST["state"];
$postalCode = $_POST["postalCode"];
$country = $_POST["countryText"];
$salesRepEmployeeNumber = $_POST["salesRepEmployeeNumber"];
$creditLimit = $_POST["creditLimit"];
/*echo $customerNumber .'<br/>'. $customerName .'<br/>'. $contactLastName .'<br/>'. $contactFirstName .'<br/>'. $phone .'<br/>'. $addressLine1 .'<br/>'. $addressLine2 .'<br/>'. $city .'<br/>'. $state .'<br/>'. $postalCode .'<br/>'. $country .'<br/>'. $salesRepEmployeeNumber .'<br/>'. $creditLimit;*/
$sql = "INSERT INTO customers(customerName,contactLastName,contactFirstName, phone, addressLine1,addressLine2, city, state, postalCode,country,salesRepEmployeeNumber,creditLimit) VALUES ($customerNames,$contactLastName,$contactFirstName,$phone, $addressLine1,$addressLine2,$city,$state,$postalCode,$country,$salesRepEmployeeNumber,$creditLimit)";
print $sql;
//echo $sql .'<br/><br/><br/><br/>';
if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
?>
I have hilighted the JS code which contains the prototype ajax code and then the php code which contains the insert details
You send GET request, but try in php get values from $_POST array. So then in sql you get 'VALUES (,,,, ,,,,,,,)' and it is cause of error.
Related
Hi i am getting the problem of adding the record in to the database.when i insert the record into the database. message display record insert failed. i double checked the coding and programming syntax all were fine.but i didn't get any errors while was running what was the problem. can some one fix the problem do get the error. exception handing also i have put but unfortunate it doens't help for me to display the error.
<?php
if (isset($_POST['submit'])) {
$bassname = $_POST['bassname'];
$cat = $_POST['cat'];
$p_img1 = $_FILES['p_img1']['name'];
$p_img2 = $_FILES['p_img2']['name'];
$p_img3 = $_FILES['p_img3']['name'];
$temp_name1 = $_FILES['p_img1']['tmp_name'];
$temp_name2 = $_FILES['p_img2']['tmp_name'];
$temp_name3 = $_FILES['p_img3']['tmp_name'];
move_uploaded_file($temp_name1, "product_images/$p_img1");
move_uploaded_file($temp_name2, "product_images/$p_img2");
move_uploaded_file($temp_name3, "product_images/$p_img3");
$mobile = $_POST['mobile'];
$address = $_POST['address'];
$job_desc = $_POST['job_desc'];
$work_video = $_POST['work_video'];
$insert_product = "insert into
bass_registation(
bassname,
category,
job_image1,
job_image2,
job_image3,
mobile,
address,
job_des,
video
) values (
'$bassname',
'$cat',
'$p_img1',
'$p_img2',
'$p_img3',
'$mobile',
'$address',
'$job_desc',
'$work_video'
)";
$run_product = mysqli_query($con, $insert_product);
try {
if ($run_product) {
echo "<script>alert('Data has been inserted successfully')</script>";
} else {
echo "<script>alert('Data has been Failed')</script>";
}
}
catch (Exception $e) {
echo 'Message: ' . $e->getMessage();
}
}
?>
I have a query to insert but idk how to insert function and session into my database.
Thanks for helping!!
<?php
if (isset($_POST['submit'])){
$address = $_POST['address'];
$poscode = $_POST['poscode'];
$city = $_POST['city'];
$state = $_POST['state'];
$tel_no = $_POST['tel_no'];
$recipient = $_POST['recipient'];
$date = $_POST['date'];
$image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
move_uploaded_file($image_tmp,"receipt/$image");
$insert_order = "insert into user_order(user_email,total_payment,address,poscode,city,state,tel_no,recipient,payment_status,image,date) values ('{$_SESSION['user_email']}','".total_price()."','$address','$poscode','$city','$state','$tel_no','$recipient','pending','$image','$date')";
$insert_order = mysqli_query($con, $insert_order);
if($insert_order){
echo "<script>alert('Order has been placed!')</script>";
echo "<script>window.open('user/my_account.php','_self')</script>";
}}
?>
Please add the this line after the php tag opening.
session_start();
Without starting the session you cant use the session variables in php.
This is works in my case. Please have a try.
I'm trying to make this information insert into my table in mysql database with this script I wrote.
<?php
require("../includes/db.php");
$nme = $_POST["nme"];
$email = $_POST["email"];
$address = $_POST["address"];
$city = $_POST["city"];
$state = $_POST["state"];
$zip = $_POST["zip"];
$phone = $_POST["phone"];
$options = implode($_POST["options"],", ");
$query = mysql_query("insert into peeps (name, email, address, city, zip, phone, type) values ('$nme','$email','$address','$city','$state','$zip','$phone','$options')");
if($query)
print "yes";
else
print "no";
?>
The output of this code is no.
If mysql_query() returns false, it means the query failed.
Try this:
if (false === $query) // make sure it's actually boolean false
print mysql_error(); // print a nice plain-english description of the problem.
else
print "Yes";
This should give you a good idea of where the problem is.
If you modify this part of your code you can see the exact error you get.
if($query)
{
print "yes";
}
else
{
print mysql_error(); ;
}
However the way you have written may generate errors if you do not have enabled Magic Quotes. If you have that kind of error you better use mysql_escape_string
I have attempted to use $_SESSION in a form input I am creating however I cannot get it to work and do not know what I am doing wrong, it works with my previous part of the form when carrying data over to the next page - however the code does not seem to work for the main part of the form.
<?php
//This includes the variables, adjusted within the 'config.php file' and the functions from the 'functions.php' - the config variables are adjusted prior to anything else.
require('configs/config.php');
require('configs/functions.php');
//Check to see if the form has been submited, if it has we continue with the script.
if(isset($_POST['confirmation']) && isset($_POST['name']) && isset($_POST['email']) && isset($_POST['address1']) && isset($_POST['city']) && isset($_POST['postcode']) and $_POST['confirmation']=='true')
{
//Slashes are removed, depending on whether magic_quotes_gpc is on.
if(get_magic_quotes_gpc())
{
$_POST['name'] = stripslashes($_POST['name']);
$_POST['email'] = stripslashes($_POST['email']);
$_POST['address1'] = stripslashes($_POST['address1']);
$_POST['address2'] = stripslashes($_POST['address2']);
$_POST['city'] = stripslashes($_POST['city']);
$_POST['postcode'] = stripslashes($_POST['postcode']);
$_POST['phonenum'] = stripslashes($_POST['phonenum']);
}
//Create the future reference number of the repair.
$maxid = mysql_fetch_array(mysql_query('select max(id) as id from repairs'));
$id = intval($maxid['id'])+1;
//Create the future reference number of the repair.
$maxref = mysql_fetch_array(mysql_query('select max(reference) as reference from repairs'));
$reference = intval($maxref['reference'])+8;
//Here the session variables are converted back into standard variables.
$model = $_SESSION['model'];
$problem = $_SESSION['problem'];
$info = $_SESSION['info'];
$device = $_SESSION['device'];
$price = $_SESSION['price'];
$image = $_SESSION['image'];
//Here the variables are protected using mysql_real_escape_string.
$name = mysql_real_escape_string(substr($_POST['name'],0,150));
$email = mysql_real_escape_string(substr($_POST['email'],0,255));
$address1 = mysql_real_escape_string(substr($_POST['address1'],0,255));
$address2 = mysql_real_escape_string(substr($_POST['address2'],0,255));
$city = mysql_real_escape_string(substr($_POST['city'],0,100));
$postcode = mysql_real_escape_string(substr($_POST['postcode'],0,9));
$phonenum = mysql_real_escape_string(substr($_POST['phonenum'],0,11));
$date = date("r");
//Here the variables are protected using trim.
$name = trim($name);
$email = trim($email);
$address1 = trim($address1);
$address2 = trim($address2);
$city = trim($city);
$postcode = trim($postcode);
$phonenum = trim($phonenum);
//Here the variables are protected using htmlspecialchars.
$name = htmlspecialchars($name);
$email = htmlspecialchars($email);
$address1 = htmlspecialchars($address1);
$address2 = htmlspecialchars($address2);
$city = htmlspecialchars($city);
$postcode = htmlspecialchars($postcode);
$phonenum = htmlspecialchars($phonenum);
//Here the variables are protected using strip_tags.
$name = strip_tags($name);
$email = strip_tags($email);
$address1 = strip_tags($address1);
$address2 = strip_tags($address2);
$city = strip_tags($city);
$postcode = strip_tags($postcode);
$phonenum = strip_tags($phonenum);
//The details about the repair are entered into the database
$query = mysql_query("insert into repairs (id, model, problem, info, name, email, address1, address2, city, postcode, phonenum, price, date, reference) values ('$id', '$model', '$problem', '$info', '$name', '$email', '$address1', '$address2', '$city', '$postcode', '$phonenum', '$price', '$date', '$reference')") or die(header('Location: 404.php'));
?>
Some HTML is here.
<?
}
else {
header('Location: 404.php');
}
?>
Can anyone help me to get this to work?
You have to initiate your session in the beginning of your script with session_start()
set your error logging to the most verbose level. If your Paste is exact, you have some spaces in the beginning which cause, that you cant send headers anymore and so you cant initiate the session.
UPDATE: NOW RESOLVED - Thanks everyone!
Fix: I had a column named "referred_by" and in my code it's called "referred_by_id" - so it was trying to INSERT to a column that didn't exist -- once I fixed this, it decided to work!
I have limited time left to work on this project. The clock is ticking.
I'm trying to INSERT $php_variables into a TABLE called "clients".
I've been trying for hours to get this script to work, and I got it to work once, but then I realized I forgot a field, so I had to add another column to the TABLE and when I updated the script it stopped working. I reverted by but now it's still not working and I'm just frustrating myself too much.
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
if (!isset($_COOKIE["user"]))
{
header ("Location: ./login.php");
}
else
{
include ("./source.php");
echo $doctype;
}
$birthday = $birth_year . "-" . $birth_month . "-" . $birth_day;
$join_date = date("Y-m-d");
$error_type = 0;
$link = mysql_connect("SERVER", "USERNAME", "PASSWORD");
if (!$link)
{
$error = "Cannot connect to MySQL.";
$error_type = 1;
}
$select_db = mysql_select_db("DATABASE", $link);
if (!$select_db)
{
$error = "Cannot connect to Database.";
$error_type = 2;
}
if ($referred_by != "")
{
$result = mysql_query("
SELECT id FROM clients WHERE referral_code = $referred_by
");
if (!$result)
{
$error = "Cannot find referral.";
$error_type = 3;
}
while ($row = mysql_fetch_array($result))
{
$referred_by_id = $row['id'];
}
}
else
{
$referred_by_id = 0;
}
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']);
$birth_month = mysql_real_escape_string($_POST['birth_month']);
$birth_day = mysql_real_escape_string($_POST['birth_day']);
$birth_year = mysql_real_escape_string($_POST['birth_year']);
$email = mysql_real_escape_string($_POST['email']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip_code = mysql_real_escape_string($_POST['zip_code']);
$phone_home = mysql_real_escape_string($_POST['phone_home']);
$phone_cell = mysql_real_escape_string($_POST['phone_cell']);
$referral_code = mysql_real_escape_string($_POST['referral_code']);
$referred_by = mysql_real_escape_string($_POST['referred_by']);
$organization = mysql_real_escape_string($_POST['organization']);
$gov_type = mysql_real_escape_string($_POST['gov_type']);
$gov_code = mysql_real_escape_string($_POST['gov_code']);
$test_query = mysql_query
("
INSERT INTO clients (first_name, last_name, birthday, join_date, email, address, city, state, zip_code,
phone_home, phone_cell, referral_code, referred_by_id, organization, gov_type, gov_code)
VALUES ('".$first_name."', '".$last_name."', '".$birthday."', '".$join_date."', '".$email."', '".$address."', '".$city."', '".$state."', '".$zip_code."',
'".$phone_home."', '".$phone_cell."', '".$referral_code."', '".$referred_by_id."', '".$organization."', '".$gov_type."', '".$gov_code."')
");
if (!$test_query)
{
die(mysql_error($link));
}
if ($error_type > 0)
{
$title_name = "Error";
}
if ($error_type == 0)
{
$title_name = "Success";
}
?>
<html>
<head>
<title><?php echo $title . " - " . $title_name; ?></title>
<?php echo $meta; ?>
<?php echo $style; ?>
</head>
<body>
<?php echo $logo; ?>
<?php echo $sublogo; ?>
<?php echo $nav; ?>
<div id="content">
<div id="main">
<span class="event_title"><?php echo $title_name; ?></span><br><br>
<?php
if ($error_type == 0)
{
echo "Client was added to the database successfully.";
}
else
{
echo $error;
}
?>
</div>
<?php echo $copyright ?>
</div>
</body>
</html>
Definitely not working as is. Looks you have a 500 error, since you have an else with a missing if:
else
{
$referred_by_id = 0;
}
Otherwise, you'll need to post your DB schema.
Also, note that you're really taking the long way around with this code, which makes it difficult to read & maintain. You're also missing any sort of checks for SQL injection... you really need to pass things through mysql_real_escape_string (and really, you should use mysqli, since the mysql interface was basically deprecated years ago).
$keys = array('first_name',
'last_name',
'birthday',
'join_date',
'email',
'address',
'city',
'state',
'zip_code',
'phone_home',
'phone_cell',
'referral_code',
'referred_by_id',
'organization',
'gov_type',
'gov_code');
$_REQUEST['birthdate'] = $_REQUEST['birth_year'].'-'.$_REQUEST['birth_month'].'-'.$_REQUEST['birth_day'];
$_REQUEST['join_date'] = date('Y-m-d',time());
$params = array();
foreach ($keys as $key)
{
$params[] = mysql_real_escape_string($request[$key]);
}
$sql = 'INSERT INTO clients ('.implode(',', $keys).') ';
$sql .= ' VALUES (\''.implode('\',\'', $params).'\') ';
You've an error on line 81:
else
{
$referred_by_id = 0;
}
I don't see an IF construct before that, make the appropriate correction and run the script again.
Without looking at the table structure to make sure all the fields are there, I'm going to assume it's something with the data.
Any quotes in the data will lead to problems (including SQL injection security holes). You should wrap each $_POST[] with mysql_real_escape_string(), such as:
$first_name = mysql_real_escape_string($_POST['first_name']);
EDIT: Further debugging...
As someone suggested (sorry, can't find the comment), try:
$sql = "
INSERT INTO clients (first_name, last_name, birthday, join_date, email, address, city, state, zip_code,
phone_home, phone_cell, referral_code, referred_by_id, organization, gov_type, gov_code)
VALUES ('".$first_name."', '".$last_name."', '".$birthday."', '".$join_date."', '".$email."', '".$address."', '".$city."', '".$state."', '".$zip_code."',
'".$phone_home."', '".$phone_cell."', '".$referral_code."', '".$referred_by_id."', '".$organization."', '".$gov_type."', '".$gov_code."'
)";
// Debug:
print "<pre>". $sql ."</pre>";
mysql_query($sql);
The SQL statement should be printed out when submitting the form. Take that SQL statement and try to execute it directly in MySQL to see if it works, or if it generates an error.