I have part of the code below:
while($array = $result->fetch_assoc() ){
$second_query = "INSERT INTO".TBL_USERSDONTPAY."VALUES ($array[\"username\"], $array[\"password\"], '0',$array[\"userid|\"], )";
$second_result = $database->query($second_query);
}
The query doesn't seem to work. Any clues? I think it's a problem with the quotes or something. How can actually pass array elements?
here is my whole code i want to move one row to another table
$q = "SELECT * FROM ".TBL_USERS." WHERE username = '$subuser'";
$result = $database->query($q);
if($result && $result->num_rows == 1){
while($array = $result->fetch_assoc() ){
$second_query = "INSERT INTO" . TBL_USERSDONTPAY . "VALUES ('" . $array['username'] . "', '" . $array['password'] . "', '0', '" . $array['userid'] ."')";
$second_result = $database->query($second_query);
if($second_result){
// it worked!
$q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
$database->query($q);
}
}
}
You need to clean that query up and remove the final comma.
$second_query = "INSERT INTO " . TBL_USERSDONTPAY . " VALUES ('" . $array['username'] . "', '" . $array['password'] . "', '0', '" . $array['userid'] . "')";
I see several issues with your query code
escaping of the array indexes in your string:
you can either end the string and concatenate the parts together:
$second_query = "INSERT INTO " . TBL_USERSDONTPAY .
" VALUES ('" . $array['username'] . "', '" . $array['password'] . "', '0', '" . $array['userid'] . "')";
or use the {$var} syntax:
$second_query = "INSERT INTO " . TBL_USERSDONTPAY .
" VALUES ('{$array['username']}', '{$array['password']}', '0', '{$array['userid']}')";
missing spaces (see example code above .. you were missing the spaces before and after the table name)
missing field names. your query may work without if you specify all fields in the right order, but will fail misteriously when you alter the table later (e.g. add a field to the table)
$second_query = "INSERT INTO " . TBL_USERSDONTPAY .
" (username, password, foo, user_id)".
" VALUES ('{$array['username']}', '{$array['password']}', '0', '{$array['userid']}')";
please note you should actually insert the correct field names in the second line of my example above. You can find more information on this in the MySQL docs for INSERT
Related
I am looking to update one of the table. After I update, all the duplicate data is getting inserted again. Especially, the cloneSQL part of the code. I tried using DISTINCT, NOT EXISTS but no luck.
if(DB_num_rows($checkResult) > 0){
$cloneSQL = "UPDATE DISTINCT pricematrixdiscount SET
discount='" . $vals[3] . "'
WHERE debtorno='" . $_POST['cloneTo'] . "',
product_line='" . $vals[1] . "',
salestype='" . $vals[2] . "' ";
}
else {
$cloneSQL = "INSERT into pricematrixdiscount
(debtorno,
product_line,
salestype,
discount) VALUES
('" . $_POST['cloneTo'] . "',
'" . $vals[1] . "',
'" . $vals[2] . "',
'" . $vals[3] . "')";
How can I insert only distinct values on the pricematricdiscount table without the duplicates being inserted?
i can't make this insert into work. can someone tell me where i'm doing wrong?
$id_application = 1;
foreach ($array_account as $rows) {
$e_mail = $rows["EMAIL"];
$pwd = $rows["PWD"];
$salt = $rows["SALT"];
$values = "(" . $e_mail . ", " .$pwd . ", " .$salt . ", " . $id_application . ")";
$query = "INSERT INTO DBNAME..ACCOUNT (EMAIL, PWD, SALT, ID_APPLICATION) "
. " VALUES " . $values;
$result = sybase_query($query);
}
these are the errors that iget:
Column names are illegal. (severity 15, procedure N/A
The identifier that starts with '...' is too long. Maximum length is 30
The name '...' is illegal in this context. Only constants, constant expressions, or variables
allowed here
i'm able to insert a single row in sybase central like:
insert into DBNAME..ACCOUNT (EMAIL, PWD, SALT, ID_APPLICATION)
select EMAIL, PWD, SALT, 3 from ACCOUNT where ID = 10 go
Do this $values = "('" . $e_mail . "', '" .$pwd . "', '" .$salt . "', '" . $id_application . "')";
I need to save a color code to my color_codes table but I also want to save the name of who saved it. I have a users_table with the information on it.
<?php
include("db_connect.php");
$color = $_POST['color'];
$colorName = $_POST['colorName'];
$sql = "INSERT INTO color_codes (color_code, color_name) VALUES ('" . $color . "', '" . $colorName . "')";
if ($conn->query($sql) === TRUE) {
} else {
}
?>
1) add another column as user_id in the 'color_codes' table.
2) get the current user id from the SESSION or from the users_table.
3) change your query to this
$sql = "INSERT INTO color_codes (color_code, color_name, user_id) VALUES ('" . $color . "', '" . $colorName . "', '" . $user_id . "')";
I am stuck with this.
Here is the code:
This is how I call the function,
$res = DataManager::agregarPropiedad($_POST);
here is the function that generate the query and send it,
public static function agregarPropiedad($datos){
$sql = "INSERT INTO propiedades (id_propiedad, nombre, tipopropiedad, descripcion, dormitorios, baños, direccion, localidad, provincia, fecha_alta, sup_cubierta, sup_total)
VALUES (null, '" . $datos['nombre'] . "', '" . $datos['tipo'] . "', '" . $datos['descripcion'] . "', '" . $datos['dormitorios'] . "', '" . $datos['baños'] . "', '" . $datos['direccion'] . "', '" . $datos['localidad'] . "', '" . $datos['provincia'] . "', CURRENT_TIMESTAMP, '" . $datos['supcubierta'] . "', '" . $datos['suptotal'] . "')";
//$sql = "insert into prueba values(null,'".$datos['nombre']."')";
echo $sql;
return DataManager::consulta($sql);
}
When I copy the echo$sql and paste in phpMyAdmin works fine, but when I try to send my function is not inserting anything, but I have no errors. mysql_erros() its empty too.
U can see that, there is a commented $sql. I use that just for test with another table which is much simpler and query the function "consulta" which works fine too.
This is maybe the 40 function that insert things in mysql database, but the first with which I have problems, and I don't know why =(
helppppp...
From personal experience, MySQL queries that work when dumped / copied / pasted into PhPMyAdmin that don't work in code are caused by:
autoincrement / unique field issues
unexpected characters in unprocessed form data
duplicate POST values ( like an array )
mismatched field count
encoding / character set issues
It may well be that if you address the second issue the problem might fix itself. In any case at a minimum you should process you POST(ed) data with strip_tags and add_slashes, but for MySQL mysql_real_escape_string() is strongly recommended.
http://php.net/manual/en/function.mysql-real-escape-string.php
http://www.adminsehow.com/2010/03/prevent-mysql-injection-in-php
There is a problem with your quotes inside the VALUES() and its vulnerable.
<?php
public static function agregarPropiedad($datos)
{
$tipo = mysql_real_escape_string($datos['tipo']);
$nomber = mysql_real_escape_string($datos['nombre']);
$dormitorios = mysql_real_escape_string($datos['descripcion']);
$baños = mysql_real_escape_string($datos['baños']);
$direccion = mysql_real_escape_string($datos['direccion']);
$localidad = mysql_real_escape_string($datos['localidad']);
$provincia = mysql_real_escape_string($datos['provincia']);
$supcubierta = mysql_real_escape_string($datos['supcubierta']);
$suptotal = mysql_real_escape_string($datos['suptotal']);
$sql = "INSERT INTO propiedades (id_propiedad, nombre, tipopropiedad, descripcion, dormitorios, baños, direccion, localidad, provincia, fecha_alta, sup_cubierta, sup_total)";
$sql .= "VALUES (null,'$tipo','$nomber ','$dormitorios ','$baños ','$direccion ','$localidad','$provincia ',CURRENT_TIMESTAMP,'$supcubierta','$suptotal')";
if(mysql_query($sql))
{
return TRUE;
}else{ return FALSE; }
}
?>
Despite reading quite many posts i cannot solve this error-
Unknown column 'alt.atheism1111' in 'field list'
the fields filename,category may have . in the middle of numbers or words,
im using phpmyadmin for database
function insert_rec($cat,$file,$wordid,$synsetid,$seqno)
{
$cat=mysql_real_escape_string($cat);
$file=mysql_real_escape_string($file);
$wordid=mysql_real_escape_string($wordid);
$synsetid=mysql_real_escape_string($synsetid);
$seqno=mysql_real_escape_string($seqno);
echo $cat." ". $file ." ". $wordid." " . $synsetid." " . $seqno;
$sql="INSERT INTO `wordnet50`.`table` (`category`,`filename`,`wordid`,`synsetid`,`seqno`) VALUES (`" . $cat . "`,`" . $file. "`,`" . $wordid. " `,`" . $synsetid . "`,`" .$seqno . "`)";
$result=mysql_query($sql);
if(!$result)
{
die(mysql_error());
}
}
$sql="INSERT INTO `wordnet50`.`table` (`category`,`filename`,`wordid`,`synsetid`,`seqno`) VALUES (`" . $cat . "`,`" . $file. "`,`" . $wordid. " `,`" . $synsetid . "`,`" .$seqno . "`)";
You need to remove "`" from the above query in the values only and replace it with " ' " (single quote)
Use backticks for field names and single quotes for the values.
$sql = "INSERT INTO `wordnet50`.`table` (`category`,`filename`,`wordid`,`synsetid`,`seqno`)
VALUES ('$cat', '$file', '$wordid', '$synsetid', '$seqno')";
It should be wrapped with single quotes not with back tick.
$sql = "INSERT INTO `wordnet50`.`table` (`category`,`filename`,`wordid`,`synsetid`,`seqno`) VALUES ('" . $cat . "','" . $file. "','" . $wordid. "','" . $synsetid . "','" .$seqno . "')";
BackTick escapes MYSQL Reserved WORDS.
if u can post ur db schema than it will be easy to check, as of now it look like u have a field as alt.atheism1111 which can be the show stopper
or use this:
$sql = "INSERT INTO `wordnet50`.`table` (`category`,`filename`,`wordid`,`synsetid`,`seqno`)
VALUES ('$cat', '$file', '$wordid', '$synsetid', '$seqno')";