I'm trying to create a table whose name is the value of what is stored inside the variable $name. I have tried numerous different methods but none seem to work for me. Here is the code I am using currently:
mysql_connect("localhost", "peltdyou_admin", "123456") or die(mysql_error());
mysql_select_db("peltdyou_orders") or die(mysql_error());
mysql_query("CREATE TABLE '" .$_POST['name']. "' ( name VARCHAR(30), age INT, car VARCHAR(30))");
I know it is something to do with '" .$_POST['name']. "' but I can't work out what.
I have tried '$name' in its place which gets it's value from further up in the code.
Any help would be great!
Use backticks around table name, not quotes. And escape the input! Also, while this works on localhost, make sure that the user running on your production server has the privilege to CREATE tables (usually it's not, AFAIK, on shared hostings of course).
A word of warning: are you really sure you want to create a table on a user input?? how many tables are you going to create in this way? Can't you just redesign the whole thing so that you insert values instead?
$name = mysql_real_escape_string($_POST['name']);
mysql_query("CREATE TABLE `".$name."` ( name VARCHAR(30), age INT, car VARCHAR(30))");
Put it in another variable and it will work, there's a conflict with the "'" character in the POST variable and in the mysql_query.
<?php
mysql_connect("localhost", "peltdyou_admin", "123456") or die(mysql_error());
mysql_select_db("peltdyou_orders") or die(mysql_error());
$name = mysql_real_escape_string($_POST['name']);
mysql_query("CREATE TABLE '$name' ( name VARCHAR(30), age INT, car VARCHAR(30))");
?>
I posted this code to help you in your code but you should not use the mysql_* functions you should use the mysqli_* functions.
You can read more about them here:
http://php.net/manual/en/book.mysqli.php
You should really be using PDO or MySQLi instead of mysql_* functions. mysql_* functions are in the process of being deprecated and they are full of security holes.
With that said you don't need to quote your table name and instead should use nothing or backticks.
Using the newest Mysqli connector, you can do something like this:
1. Create a variable from the user's input like so $variable=$_POST['name']
2. Use the variable in your query as shown in the complete code below here
$variable=$_POST['name'];
mysqli_connect("localhost", "peltdyou_admin", "123456") or die(mysql_error());
mysqli_select_db("peltdyou_orders") or die(mysqli_connect_error());
mysqli_query("CREATE TABLE $variable ( name VARCHAR(30), age INT, car VARCHAR(30))");
$query = "CREATE TABLE $name" . '(
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
age INT,
name varchar(30),
car VARCHAR(30)
)';
CREATE TABLE IF NOT EXISTS `products` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(128) NOT NULL,
`description` text NOT NULL,
`price` double NOT NULL,
`created` datetime NOT NULL,
`modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=9 ;
Related
I have to use the $id variable as table name but it is not working.
$sql1="CREATE TABLE $id(
amt_to_be_paid INT(6),
no_of_days_req INT(2),
proposal TEXT NOT NULL,
channel_link VARCHAR(100) NOT NULL,
)";
Be sure that you have the full control on the $id variable and is not coming from user input.
You need to concatenate your $id variable to the query string, as following:
$sql1="CREATE TABLE " . $id . "(
amt_to_be_paid INT(6),
no_of_days_req INT(2),
proposal TEXT NOT NULL,
channel_link VARCHAR(100) NOT NULL,
)";
Take a look at this answer for a detailed review of how to achieve this : How to include a PHP variable inside a MySQL statement
I am working on a project, and I have to use sql. The variable $file_name needs to be the table name, but when i try this:
$sqlTableCreate = "CREATE TABLE ". $file_name . "(
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP
)";
The table does not create. I checked by using this:
if ($sqlConnection->query($sqlTableCreate) === TRUE) {
echo 'Created Sucessfully';
} else {
echo 'Table does not create.';
}
I get 'Table does not create' when trying to use this. Help would be greatly appreciated. Thanks in advance!
Your filename contains a extension, but I suspect you just want to use the name without the extension as the name of the table. You can use the basename function to remove the extension.
$sqlTableCreate = "CREATE TABLE ". basename($file_name, ".csv") . "(
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP
)";
If there can be different extensions, and you want to remove them more generally, see
How to remove extension from string (only real extension!)
I don't see any issue with your posted query but couple things may be wrong
Make sure that there is no table exists with that same name. You can use IF NOT EXISTS marker to be sure like
CREATE TABLE IF NOT EXISTS". $file_name . "(
make sure that the variable $file_name is not empty. Else, you are passing a null identifier in CREATE TABLE statement; which will not succeed.
Per your comment: you have $file_name = 'currentScan.csv';
That's the problem here. You are trying to create a table named currentScan.csv which your DB engine thinking that currentscan is the DB name and .csv is the table name which obviously doesn't exits and so the error.
first check your database connection and change your query with given below :
$sqlTableCreate = "CREATE TABLE ". $file_name . " (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP
)";
global $wpdb;
$table_name = $wpdb->prefix . "product_order";
$sql = "CREATE TABLE $table_name (
id mediumint(9) NOT NULL AUTO_INCREMENT,
range VARCHAR(255),
category VARCHAR(255),
order mediumint(9),
relation mediumint(9),
UNIQUE KEY id (id)
);";
$wpdb->query($sql);
That doesn't seem to create a table... any reasons why? I tried dbdelta too.
For the sake of an answer, surround the column names in back ticks as range and order are reserved words in MySQL:
$sql = "CREATE TABLE $table_name (
`id` mediumint(9) NOT NULL AUTO_INCREMENT,
`range` VARCHAR(255),
`category` VARCHAR(255),
`order` mediumint(9),
`relation` mediumint(9),
UNIQUE KEY id (id)
);";
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
As a side note, if you want to make sure you don't conflict with other tables should this schema be shared with other wordpress instances or become a multisite, consider using {$wpdb->prefix}$table_name instead of just $table_name to use the database prefix defined in wp-config.php.
I am passing a query variable in PHP. I would like to make it the table name, but I know there is probably a SQL syntax error. When I print the statement, the variable is passed meaning it works, but the database simply isn't created.
Here is my code for the creation of the database:
$DBName = "database_name";
$sql = "CREATE TABLE '$DBName'.'$login' (
ClientID int NOT NULL AUTO_INCREMENT,
AgentClients varchar(15),
ClientTotal int
)";
mysql_query($sql,$link);
where `$login = $_POST['login'];
Also, I'm not worried about security breaches at the moment, so don't worry about that.
Any insight would be greatly appreciated.
You must use backticks for your tablename, and not quotes:
$sql = "CREATE TABLE `$DBName`.`$login` (
ClientID int NOT NULL AUTO_INCREMENT,
AgentClients varchar(15),
ClientTotal int,
PRIMARY KEY (`ClientID`)
)";
I have set up four additional tables for my plugin to use what I am trying to do is take a name and assign it a ID then use this data to populate drop down menus with a name and the same for class and position I am unsure as to how to do this correctly this is what i have so far.
$sql = "CREATE TABLE $tableName (
recordID int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(recordID),
driverID int,
driverName varchar(30),
classID int,
driverClass varchar(20),
posID,
driverPosition varchar(6),
trackName varchar(30),
raceDate date
);";
$sql = "CREATE TABLE $driverTableName (
driverID int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(driverID),
driverName varchar(30)
);";
$sql = "CREATE TABLE $classTableName (
classID int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(classID),
className varchar (20)
);";
$sql = "CREATE TABLE $posTableName (
posID int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(posID),
posName varchar(6)
);";
The bottom three tables will store the data I want to populate the drop down boxes to create a record with I am unsure as to how to link them to the top table where this record will be stored.
This is pretty much a indexing issue. If you are going to access the database separately to the standard calls that Wordpress provides, you should at the very least use http://codex.wordpress.org/Class_Reference/wpdb as it will save you some coding time.
The rest of it is a MySQL question. (Assuming you are using MySQL) In how to properly index the data together and then parsing the data as it comes in.