This may be an easy questions but i am wondering if an "insert" sql statement can be writen with equals signs.
Example: Right now my sql looks like this and works fine:
$query = "INSERT INTO people (
id,
name,
) VALUES (
{$id},
'{$name}',
)
So i was wondering if i can write the sql statement like this or something similar to this using = signs:
$query = "INSERT INTO people
id = {$id},
name = '{$site_url}',
Thank you for any help. I am just looking for an easier way to write this code especially when i have a lot of form fields. Thanks.
Yes.
You have to use SET
$query = "INSERT INTO people
SET id = {$id},
name = '{$site_url}'";
INSERT INTO people SET id={$id}.....
http://dev.mysql.com/doc/refman/5.5/en/insert.html
Please refer to the second syntax.
For your example, I think it would look like:
$query = "INSERT INTO people
SET id={$id},
name={$name},
etc"
Related
I try to update a row in a database, but I can't do that. Here is my sql:
$sql = "UPDATE `voting_nomination_counter`
SET `quantity`=quantity+1
WHERE `nid` = '$nid'
AND nominee = '$nominee'";
I suspect the problem is here - AND nominee = '$nominee'"; because when I remove this from the query all works and updates fine. Help, please.
Try this:
$sql = "UPDATE voting_nomination_counter SET quantity=quantity+1 WHERE nid = '$nid' AND nominee = '$nominee'";
I solve this problem, if I want to update WHERE string = string I just need to use this statement UPDATE table SET field = REPLACE(field, 'string', 'anothervalue') WHERE field LIKE '%string%';, thanks guys!)
#excluded_once Looks like you were able to solve your issue. So in future do not ever use variable names directly into SQL string. Always use db_query or db_select and then always bind the variables into SQL, it will help you prevent from SQL injections and other attacks.
I'm trying to write a search function and am using multiple drop-down lists for search criteria.
i have a sql statement like
SELECT * FROM TABLE WHERE OFFICE='$office', NAME='$name', DEPARTMENT='$department';
Sometime I want to search with specific 'name' but without talking about 'department' and 'office'. But when I pass Blank '' to '$office' and '$department' it only return the person with no office and department. Is there anyway around to overcome it?
I tried to use '%' instead of blank but it didn't work as well.
I'm coding with php and MSSQL.
Thanks in Advance
If you want to work with wildcards, you dont need =, but LIKE. Unsure if this query works, but try it:
SELECT * FROM TABLE WHERE OFFICE LIKE '$office', NAME LIKE '$name', DEPARTMENT LIKE '$department';
Now you just have to check if the field is blank, if yes, replace it with a %. As i said, im unsure. I dont have a database availible at the moment for testing this.
for achieving this you have to write some php code like
$sql = "SELECT * FROM TABLE WHERE";
if(isset($office)){
$sql .= "OFFICE='$office',";
}
if(isset($name)){
$sql .= " NAME='$name',";
}
if(isset($department)){
$sql .= " DEPARTMENT='$department'";
}
You can easily do this as follow:
if(isset($office) && isset($department)){
$sql = "SELECT * FROM TABLE WHERE OFFICE='$office', NAME='$name', DEPARTMENT='$department'";
}
else{
$sql = "SELECT * FROM TABLE WHERE NAME LIKE '$name'";
}
mysql_query($connection, $sql);
I'm trying to retrieve a filename from a database from table HORSE and column HORSE_IMAGE
$path = "horse_images/".$row["HORSE_IMAGE"];
$query = "DELETE FROM HORSE WHERE HORSE_ID=".$_GET["horseno"]." AND HORSE_IMAGE=".$row["HORSE_IMAGE"];
Currently HORSE_IMAGE returns nothing, but if I change it to HORSE_ID or HORSE_NAME, it works.
i.e. If i echo $row["HORSE_NAME"] it returns "You Beauty".
If I look up the row in the database I can see the filename shop-1.jpg is there.
Any ideas?
If you want to change a single column of a row, use an UPDATE statement. DELETE is for removing complete rows only. And yes, escape anything before using it in your query.
"UPDATE HORSE SET HORSE_IMAGE = NULL WHERE HORSE_ID=".(int)$_GET["horseno"];
As far as I understood the question, ToBe's answer might be correct, but you really should consider using PDO for MySql queries, in order to prevent Sql injection.
Try:
<?php
$query = "UPDATE HORSE SET HORSE_IMAGE = NULL WHERE HORSE_ID = ?";
$db = new PDO(dsn, username, password);
$prep = $db->prepare($query);
$res = $prep->execute(array((int)$_GET["horseno"]));
?>
Take a look at the documentation: http://php.net/manual/de/book.pdo.php
I need to create a small piece of code to allow me to filter my events database based on category types users have selected.
I currently have it working for users who have only one category selected...
$user_qstring = "SELECT types FROM tbl_users WHERE user_id='".$_SESSION['id']."'";
$user_result = mysql_query($user_qstring);
$user_row = mysql_fetch_array($user_result);
$type_filter = $user_row['types'];
if(isset($type_filter) && $type_filter !="") {
$day_events = "SELECT COUNT(*) FROM tbl_events WHERE day='".$day_id."' AND
type='".$type_filter."'";
}else{
$day_events = "SELECT COUNT(*) FROM tbl_events WHERE day='".$day_id."'";
}
I need to alter this code so that if $type_filter is set and contains multiple categories in the following format.
Festivals,Sports,Education
And have the query automatically add...
OR type='".$type_filter[2]."' OR type='".$type_filter[3]."' OR ect...
I have been able to solve the problem using multiple...
elseif(){
}
Statements, but need a solution that is scalable to unlimited types.
I know I need to start by changing $type_filter to a list using explode...
$type_filter = explode(",", $user_row['types']);
But I'm still having trouble putting it all together for a short elegant solution.
You will need to confirm that $type_filter does not contain single quotes first otherwise you're an easy target for sql injection attacks.
$day_events = "SELECT COUNT(*) FROM tbl_events WHERE day='".$day_id."' AND type IN ('" . implode("','", explode(',', $type_filter)) . "')";
try something like the follwing sql
select * from ... where type in ('one', 'two', ...) ...
and as a remark - always escape get/post data using mysql_real_escape_string or you are vulnerable to injection attacks.
There is probably a simple solution to this question, but if i have the function below and $events contains an unknown number of integers, how would I use the $events variable in a query like this?
function remove_events($events)
{
$sql = "delete from events where event_id in $events";
$query = $this->db->query($sql);
}
if $event is a single value then you must use
$sql = "delete from events where event_id = $events";
Or if it is an array
$sql = "delete from events where event_id in (".implode(',', $events).") ";
the following sql syntax should help you to resolve your queries .
delete FROM events WHERE event_id IN ('2','3');
In the above example (2,3) should be a codeigniter array.
hope that you have the contents in $events as like 1,2,3... . if so no problem, else if you have spaces between the numbers , use like this format.
implode(',',explode(' ',$events));
give it a try and let me know.
Let Active Record make the job:
$this->db->where_in('id', $events)->delete('events');
All values are escaped automatically producing safer queries.