I would like to use two different insert statements with two different tables such as
<?
mysql_query("INSERT INTO Customer (ID,Name,Subject, OrderDate) VALUES ('$ID', '$name', '$status', '$ODate')");
mysql_query("INSERT INTO Order (ID,Subject, Department, Status, OrderDate, Receive, Notes) VALUES ('$ID', '$status', 'Financial', 'Financial Department', '$ODate', 'NO', 'Notes')");
?>
It just works with the first table and does not work with the second table.
Can some one help solving this problem?
Thanks
You need to check for errors:
<?php
$query1 = "INSERT INTO Customer (ID,Name,Subject, OrderDate) VALUES ('$ID', '$name', '$status', '$ODate')";
if(!mysql_query($query1)) {
throw new Exception(mysql_error());
}
$query2 = "INSERT INTO Order (ID,Subject, Department, Status, OrderDate, Receive, Notes) VALUES ('$ID', '$status', 'Financial', 'Financial Department', '$ODate', 'NO', 'Notes')";
if(!mysql_query($query2)) {
throw new Exception(mysql_error());
}
I'm guessing you are getting an error because Order is a reserved word in MySQL and should be escaped accordingly:
$query2 = "INSERT INTO `Order` (ID,Subject, Department, Status, OrderDate, Receive, Notes) VALUES ('$ID', '$status', 'Financial', 'Financial Department', '$ODate', 'NO', 'Notes')";
It also seems to me like you're inserting a fixed value as a primary key - are you sure that's what you want?
As I said in the comments, you should stop using mysql_ functions completely and use MySQLi or PDO instead.
First of all thanks to DCoder who helped me to solve the problem and advised me to use PDO and MySQLi.
The problem was with the tabel name Order, when I replaced it with a new name, it works fine.
I thought the problem with using two mysql_query but it is not. The table name that I used is a reserved word in MySQL.
Thanks
Related
I have this SQL:
$sql = "INSERT INTO orders (ID, Order_ID, Status, FName, LName, Email,
Phone)VALUES ($UID, $orderID, 'Pending', '$fname', '$lname', '$email',
'$phone');
INSERT INTO orders_inventory (Order_invID, Item_ID, Order_ID, Quantity)
VALUES
(NULL, $item_ID, $orderID, 1);";
This is how I connect it:
if(mysqli_query($db, $sql)){
echo "three";
}
I did an echo on the $sql and this is what I got:
INSERT INTO orders (ID, Order_ID, Status, FName, LName, Email, Phone)
VALUES (92, 625015841, 'Pending', '1', '1', '1#1', '1');
INSERT INTO orders_inventory (Order_invID, Item_ID, Order_ID, Quantity)
VALUES (NULL, 1, 625015841, 1);
The SQL works when I paste it into the database manually, but the database crashes when I use the website PHP. The $DB is to connect to the database and it works because I tested it, and I have also been using it throughout the whole website.
I then did an error check using mysqli_error(db) and I get this error:
"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'INSERT INTO orders_inventory (Order_invID, Item_ID, Order_ID, Quantity) VALUES (' at line 2"
Help would be greatly appreciated as I'm very stuck and don't know how to get around this or fix this problem
You're attempting to run two queries at once, which mysqli_query will not do. However you can use mysqli_multi_query instead:
if(mysqli_multi_query($db, $sql)){
echo "three";
}
I am really new to php and I am trying to use simple insert to my mysql database from the form.
I know that this mysql connection/insertion is dangerous and not used anymore. so can anyone please help me with this simple thing? I tried to google, but nothing is working so far :/
<?
$text=$_POST['name'];
$text=$_POST['surename'];
mysql_connect("localhost", "db_name", "pass") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$result = mysql_query("INSERT INTO `table` (name, surename)
VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')");
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
Maybe change
$text=$_POST['name'];
$text=$_POST['surename'];
to
$name = $_POST['name'];
$surename = $_POST['surename'];
PS: And also your column names don't match your values. Your query, after inserting params
"INSERT INTO `table` (name, surename) VALUES (NOW(), '".mysql_real_escape_string($name)."', '".mysql_real_escape_string($surename)."')"
will probably look like this
INSERT INTO `table` (name, surename) VALUES (NOW(), 'Jhon', 'Wick')
As you can see there's name, surename (which probably should be surname) and (NOW(), 'Jhon', 'Wick'). So either add a column (if you have that column in your database):
INSERT INTO `table` (created_at, name, surename) VALUES (NOW(), 'Jhon', 'Wick')
or remove NOW() from your values
INSERT INTO `table` (name, surename) VALUES ('Jhon', 'Wick')
"INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date) VALUES (".$category_id.", '$poster_id', '$topic_title', '$message', NOW()";
mysql_error() says that there is a problem with the syntax, however it might be something else. I'm gonna post the variables just so you know where they come from.
$message = $_POST['topic_message'];
$topic_title = $_POST['topic_title'];
$category_id = $_GET['id'];
EDIT
Changed it to
$topic_sql = "INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date) VALUES (".$category_id.", '$poster_id', '$username', '$topic_title', '$message', NOW())";
However it still doesn't work...
You're missing the closing paren for VALUES:
... NOW())";
There are other issues:
The parameter count is incorrect
Your query is vulnerable to injection since you are not using parameterized queries with PDO/mysqli
Maybe you list 6 columns but only give data for 5? And missing closing ).
Looks like you're missing a closing parenthesis and only inserting 5 values into 6 columns...
INSERT INTO forum_topics (category_id, poster_id, poster_username, topic_title, topic_content, date)
VALUES (".$category_id.", '$poster_id', '$username', '$topic_title', '$message', NOW())
You missing the user name?
I am working on building an employee database but seem to have run into an interesting issue.
When I run my query to add a new user/employee, I get the error:
Column count doesn't match value count at row 1
From what I have researched, this seems to be an error with inserting more/less values than what is declared in the first part of an insert statement example:
INSERT INTO table (col1, col2) VALUES (val1, val2, val3)
The thing is though, I have looked over my query and the columns and values match perfectly (count wise). I have even looked for things in my query such as missing quotes, commas, etc.
Here is my code (query):
$db->query("INSERT INTO userdata (
Username,
Email,
Phone,
Password,
FirstName,
LastName,
Address,
City,
State,
Zip,
JobTitle,
UserGroup,
JobStatus,
Points,
Status,
BirthDate,
HireDate,
HourlyRate,
DateAdded,
SSN
) VALUES (
'$Username',
'$Email',
'$Phone',
'$Password',
'$FirstName',
'$LastName',
'$Address',
'$City',
'$State',
'$Zip',
'$JobTitle',
'$Group',
'$JobStatus',
0,
'$Status',
'$BirthDate',
'$HireDate',
'$HourlyRate'
'$TodaysDate',
'$SSN'
)") or die(mysqli_error($db));
Some things to note:
This not all of the columns in the table have data inserted here (I think its possible to do this and things such as auto incrementing ID's will fill themselves in and others will be left blank)
From the variable dumps I have done, all of these variables are valid.
I am really confused about this and any help would be appreciated.
Check the following portion again:
INSERT INTO userdata(...,
JobStatus,
UserGroup,
Points,
UserGroup,
Status,
.....
,)VALUES(...,
$JobStatus',
0,
'$Group',
'$Status',
......
)
In values(, ?, ?, ?), after jobstatus, there should be UserGroup and then Points. And UserGroup appeared twice.
This question already has answers here:
MySQL, safely using reserved word in query [duplicate]
(2 answers)
Closed 9 years ago.
I am building a small Twitter clone for personal use, and I have so trouble with it.
Fist, I want to show you my SQL structure of the table "poke_history":
http://puu.sh/3Sci0.png
This is the command I use to insert the values into a table (in PHP):
$insert = "INSERT INTO poke_history (id, from, time, reason) VALUES ('".$to_id."', '".$from_id."', '".$time."', '".$reason."')";
mysql_query($insert) or die(mysql_error());
This is the annoying error that I am getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, time, reason) VALUES ( '1'' at line 3.
Let me clarify some things.
$to_id is a number.
$from_id is a number.
$time is a number (coming from PHP's time()).
$reason is a text string.
I am using MySQL and PHP5.
Try to quote your column identifiers like
INSERT INTO poke_history (`id`, `from`, `time`, `reason`) ...
Everything inside `` is considered to be a "identifier" not a language keyword. From the SQL-syntax it should be clear that after INSERT INTO tablename cannot come a FROM, but the MySQL sometimes needs this kind of guidance (and other sql parsers, too).
credit to mario as well:
from is a reserved keyword. Use backticks to escape them.
for example
`from`
INSERT INTO table (`from`) ....
So your code would like this:
$insert = "INSERT INTO poke_history (`id`, `from`, `time`, `reason`) VALUES ('".$to_id."', '".$from_id."', '".$time."', '".$reason."')";
mysql_query($insert) or die(mysql_error());
$insert = "INSERT INTO poke_history (`id`, `from`, `time`, `reason`) VALUES (".$to_id.", ".$from_id.", ".$time.", '".$reason."')";
mysql_query($insert) or die(mysql_error());
Numbers don't need to be quoted. Only strings.
Also don't use mysql, it's deprecated. Better use PDO, with prepared statements, to avoid issues like this.
You should try to use prepared statements to prevent SQL injection.
$query = "
INSERT INTO
poke_history (`id`, `from`, `time`, `reason`)
VALUES
(:id, :from, :time, :reason)";
$db = new PDO("mssql:host=sqlserver;dbname=database", "username", "password");
$statement = $db->prepare($query);
$parameters = array(
":id" => $name,
":from" => $from,
":time" => $time,
":reason" => $reason
);
$statement->execute($parameters);
I think that you forgot to add * in between INSERT and INTO, here is the fixed script:
$insert = "INSERT * INTO poke_history (id, from, time, reason) VALUES ('".$to_id."', '".$from_id."', '".$time."', '".$reason."')";
mysql_query($insert) or die(mysql_error());
The reason why you are getting the error is because you are trying to use a built in function name for one of your columns. Say you have the following CREATE TABLE...
CREATE TABLE customers
(
name varchar(80),
streetAddr varchar(160),
"from" varchar(60),
);
Notice that to create the table I had to put the column from in quotes. Now if you wanted to insert a row into this table, your insert statement should look like the following:
INSERT INTO ShoppingFun.dbo.customers
(
name,
streetAddr,
"from"
)
VALUES
(
'MRBubbleGum',
'1061 SW BubbleGumVillage St',
'yourmom'
)