I am trying to duplicate my MySQL record using the following function. It says I have an error in my SQL, which I cannot see. I added a few echo's at the bottom to help diagnose. Also, is there any easier way that naming each row individually? (row[$x])?
The function is basically reading whichever ID is posted to it, then writing it back into the DB as if the user was simply entering it themselves without pressing the duplicate button.
I have tried other code on stack and I thought I'd write one I actually understood so here it is!
EDIT: It seems that my second query is the problematic one as well.
Thank you!
function procDupRec(){
$id = mysql_real_escape_string($_GET['duplicate']);
$query = "SELECT * FROM contacts WHERE id=$id";
$result = mysql_query($query);
while($row = mysql_fetch_row($result)){
$category = $row[1];
$dateEntered = $row[2];
$account = $row[3];
$firstName = $row[4];
$lastName = $row[5];
$company = $row[6];
$titlePos = $row[7];
$officeNum = $row[8];
$phoneExt = $row[9];
$homeNum = $row[10];
$mobileNum = $row[11];
$pagerNum = $row[12];
$faxNum = $row[13];
$address1 = $row[14];
$address2 = $row[15];
$city = $row[16];
$state = $row[17];
$zip = $row[18];
$email = $row[19];
$website = $row[20];
$notes = $row[21];
$editBit = $row[22];
$protection = $row[23];
$lastIP = $_SERVER['REMOTE_ADDR'];
}
$query2 = mysql_query("INSERT INTO contacts (category, dateEntered, account, firstName, lastName, company, titlePos, officeNum, phoneExt, homeNum, mobileNum, pagerNum, faxNum, address1, address2, city, state, zip, email, website, notes, editBit, protection, lastIP) VALUES ('$category', '$dateEntered', '$account', '$firstName', '$lastName', '$company', '$titlePos', '$officeNum', '$phoneExt', '$homeNum', '$mobileNum', '$pagerNum', '$faxNum', '$address1', '$address2', '$city', '$state', '$zip', '$email', '$website', '$notes', '$editBit', '$protection', '$lastIP')");
$result2 = mysql_query($query2);
echo $query2;
echo mysql_error();
}
Echoing a query will not work after you executed the query. That will only contain a result.
You should store the query before executing it, like this
$query2 ="INSERT INTO contacts (category, dateEntered, account, firstName, lastName, company, titlePos, officeNum, phoneExt, homeNum, mobileNum, pagerNum, faxNum, address1, address2, city, state, zip, email, website, notes, editBit, protection, lastIP) VALUES ('$category', '$dateEntered', '$account', '$firstName', '$lastName', '$company', '$titlePos', '$officeNum', '$phoneExt', '$homeNum', '$mobileNum', '$pagerNum', '$faxNum', '$address1', '$address2', '$city', '$state', '$zip', '$email', '$website', '$notes', '$editBit', '$protection', '$lastIP')";
mysql_query($query2);
With this you can examine the query with echo $query2
Another option to duplicate:
$query = "INSERT INTO contacts
(category, dateEntered, account, firstName, lastName, company, titlePos, officeNum, phoneExt, homeNum, mobileNum, pagerNum, faxNum, address1, address2, city, state, zip, email, website, notes, editBit, protection, lastIP)
(SELECT category, dateEntered, account, firstName, lastName, company, titlePos, officeNum, phoneExt, homeNum, mobileNum, pagerNum, faxNum, address1, address2, city, state, zip, email, website, notes, editBit, protection, lastIP FROM contacts WHERE id=$id)"
mysql_query($query);
Related
ERROR: Could not able to execute
INSERT INTO applications (title, surname, maiden_name, first_name, marital_status, gender, country, date_of_birth, address, email, home_numbers, work_numbers, cell_phone, application_results, next_of_kin_name, next_of_kin_relationship, next_of_kin_number, chronic_disease)
VALUES ('Mr', 'McLaren', '', 'Richard', 'Single', 'Male', 'England', '', 'Room 67 14 Tottenham Court Road London England W1T 1JY', 'mclaren.richard#gmail.com', '020 7946 0072', '020 7946 0549', '020 7946 0760', 'Elizabeth', 'Mother', '020 7946 0831', 'No') ).
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB
server version for the right syntax to use near ')' at line 6
The php code is:
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "root", "", "cas");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$title = mysqli_real_escape_string($link, $_REQUEST['title']);
$surname = mysqli_real_escape_string($link, $_REQUEST['surname']);
$maiden_name = mysqli_real_escape_string($link, $_REQUEST['maiden_name']);
$first_name = mysqli_real_escape_string($link, $_REQUEST['first_name']);
$marital_status = mysqli_real_escape_string($link, $_REQUEST['marital_status']);
$gender = mysqli_real_escape_string($link, $_REQUEST['gender']);
$country = mysqli_real_escape_string($link, $_REQUEST['country']);
$date_of_birth = mysqli_real_escape_string($link, $_REQUEST['date_of_birth']);
$address = mysqli_real_escape_string($link, $_REQUEST['address']);
$email = mysqli_real_escape_string($link, $_REQUEST['email']);
$home_number = mysqli_real_escape_string($link, $_REQUEST['home_number']);
$work_number = mysqli_real_escape_string($link, $_REQUEST['work_number']);
$cell_phone = mysqli_real_escape_string($link, $_REQUEST['cell_phone']);
$next_of_kin_name = mysqli_real_escape_string($link, $_REQUEST['next_of_kin_name']);
$next_of_kin_relationship = mysqli_real_escape_string($link, $_REQUEST['next_of_kin_relationship']);
$next_of_kin_number = mysqli_real_escape_string($link, $_REQUEST['next_of_kin_number']);
$chronic_disease = mysqli_real_escape_string($link, $_REQUEST['chronic_disease']);
// attempt insert query execution
$sql = "INSERT INTO applications (title, surname, maiden_name, first_name, marital_status,
gender, country, date_of_birth, address, email, home_numbers, work_numbers, cell_phone,
application_results, next_of_kin_name, next_of_kin_relationship, next_of_kin_number, chronic_disease)
VALUES ('$title', '$surname', '$maiden_name', '$first_name', '$marital_status',
'$gender', '$country', '$date_of_birth', '$address', '$email', '$home_number', '$work_number', '$cell_phone',
'$next_of_kin_name', '$next_of_kin_relationship', '$next_of_kin_number', '$chronic_disease') )";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
Your INSERT statement had an extra bracket at the end of sentence.
INSERT INTO .... '$chronic_disease') >)< ';
INSERT syntax
INSERT INTO table(columns) VALUES(values)
$sql = "INSERT INTO applications (title, surname, maiden_name, first_name, marital_status,
gender, country, date_of_birth, address, email, home_numbers, work_numbers, cell_phone,
application_results, next_of_kin_name, next_of_kin_relationship, next_of_kin_number, chronic_disease)
VALUES ('$title', '$surname', '$maiden_name', '$first_name', '$marital_status',
'$gender', '$country', '$date_of_birth', '$address', '$email', '$home_number', '$work_number', '$cell_phone',
'$next_of_kin_name', '$next_of_kin_relationship', '$next_of_kin_number', '$chronic_disease')";
You had a extra ) at the end of the above statement.
I'm developing a web platform. I'm using PHP and MySQL. I want to insert data to db. My code below.
<?php
session_start();
require_once('../../system/database.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$ownerid = (int)$_SESSION['id'];
$record_time = date('H:i:s');
$record_date = date('Y-m-d');
// form_data
$name = strip_tags($_POST['name']);
$surname = strip_tags($_POST['surname']);
$phone1 = strip_tags($_POST['phone1']);
$birthday = strip_tags(trim($_POST['birthday']));
$gender = strip_tags(trim($_POST['gender']));
$company = strip_tags(trim($_POST['company']));
$address1 = strip_tags(trim($_POST['address1']));
$address2 = strip_tags(trim($_POST['address2']));
$phone2 = strip_tags(trim($_POST['phone2']));
$mail1 = strip_tags(trim($_POST['mail1']));
$mail2 = strip_tags(trim($_POST['mail2']));
$about = strip_tags(trim($_POST['about']));
$type_of = strip_tags(trim($_POST['type_of']));
$visible = strip_tags(trim($_POST['visible']));
$query = "INSERT INTO contact (ownerid, name, surname, birthday, gender, address1, address2, phone1, phone2, mail1, mail2, about, type_of, visible, time, date) VALUES('$ownerid', '$name', '$surname', '$birthday', '$gender', '$address1', '$address2', '$phone1', '$phone2', '$mail1', '$mail2', '$mail1', '$mail2', '$about', '$type_of', '$visible', '$record_time', '$record_date')";
$result = mysqli_query($connection, $query);
mysqli_error($connection);
} else {
header('Location: ../new_contact.php');
}
But my MySQL code does not work and write any error message!
wrong number of column in values clause (you repeat two time mail1 and mail2 ) try
$query = "INSERT INTO contact
(ownerid, name, surname, birthday, gender, address1, address2, phone1,
phone2, mail1, mail2, about, type_of, visible, time, date)
VALUES('$ownerid', '$name', '$surname', '$birthday', '$gender', '$address1', '$address2', '$phone1',
'$phone2', '$mail1', '$mail2', '$about', '$type_of', '$visible', '$record_time', '$record_date')";
Edit insert variables to be like this
$query = "INSERT INTO contact (ownerid, name, surname, birthday, gender, address1, address2, phone1, phone2, mail1, mail2, about, type_of, visible, time, date) VALUES(".$ownerid.", '".$name."', '".$surname."', '".$birthday."', '".$gender."', '".$address1."', '".$address2."', '".$phone1."', '".$phone2."', '".$mail1."', '".$mail2."', '".$about."', '".$type_of."', '".$visible."', '".$record_time."', '".$record_date."')";
You need to concate PHP variable properly and also need correct query format. Try this
$query = "INSERT INTO `contact` (ownerid, name, surname, birthday, gender, address1, address2, phone1, phone2, mail1, mail2, about, type_of, visible, time, date) VALUES('".$ownerid."','".$name."', '".$surname."', '".$birthday."','".$gender."', '".$address1."', '".$address2."', '".$phone1."','".$phone2."', '".$mail1."','".$mail2."', '".$about."', '".$type_of."', '".$visible."', '".$record_time."', '".$record_date."')";
If you have access to PHPMyAdmin, place the query in the SQL section and test it. Sometimes it can give you clues as where to look for issues.
As ScaisEdge says, you have 16 entries as keys, but 18 entries as values into your insert. It can be helpful to use coding software when using PHP that highlights like words (notepad++ is free and does this) Eclipse is another. Also, place your query into PHPMyAdmin "SQL" and test your query to see if it gives you any results or throws an error. It will point where in the string to start looking for your error.
$id = $_SESSION['id'];
i have the table name stored in the $id variable.
when i use the variable name with sql query it doesn't work
$sql = "INSERT INTO karthick.$id (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('$name', '$tin', '$address', '$product', '$invoice', '$transport', '$cutting', '$amount', '$vat')";
when i replace the karthick.$id as karthick.ford it works fine. but i want to use the variable stored in $id as my table name. how do i do it.
Edit---------------------------
my php code
<?php
session_start();
$id = $_SESSION['id'];
require 'database.php';
/*$sql = "CREATE TABLE karthick.details (id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50) NOT NULL)";
if($conn->query($sql)===TRUE){
echo "table created";
}else{
echo "table not created";
}*/
$name = mysqli_real_escape_string($conn, $_POST["cname"]);
$tin = mysqli_real_escape_string($conn, $_POST["tin"]);
$address = mysqli_real_escape_string($conn, $_POST["address"]);
$product = mysqli_real_escape_string($conn, $_POST["product"]);
$ddate = mysqli_real_escape_string($conn, $_POST["date"]);
$invoice = mysqli_real_escape_string($conn, $_POST["invoice"]);
$transport = mysqli_real_escape_string($conn, $_POST["transport"]);
$cutting = mysqli_real_escape_string($conn, $_POST["date"]);
$amount = mysqli_real_escape_string($conn, $_POST["amount"]);
$vat = mysqli_real_escape_string($conn, $_POST["vat"]);
$val = 'karthick'.$id;
echo $val;
$sql = "INSERT INTO $val (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('$name', '$tin', '$address', '$product', '$invoice', '$transport', '$cutting', '$amount', '$vat')";
if($conn->query($sql)===TRUE){
echo "record inserted";
}else{
echo "not inserted".$conn->error;
}
$conn->close();
?>
Try this one.
$val = 'karthick'.$id;
$sql = "INSERT INTO $val (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('$name', '$tin', '$address', '$product', '$invoice', '$transport', '$cutting', '$amount', '$vat')";
Try using "INSERT INTO karthick.".$id." (name, tin, address, product, invoice, transport
Place the $id in braces{} like karthick.{$id}. The query should be like below.
$sql = "INSERT INTO karthick.{$id} (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('$name', '$tin', '$address', '$product', '$invoice', '$transport', '$cutting', '$amount', '$vat')";
$val = 'karthick'.$id;
$val = str_replace(" ","",$val);
$sql = "INSERT INTO $val (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('$name', '$tin', '$address', '$product', '$invoice', '$transport', '$cutting', '$amount', '$vat')";
Try
$sql = "INSERT INTO karthick.{$id} (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('{$name}', '{$tin}', '{$address}', '{$product}', '{$invoice}', '{$transport}', '{$cutting}', '{$amount}', '{$vat}')";
You are creating karthick.details table instead of karthick.session_id
First method :
Try putting the PHP variables inside curly braces {}
Like:
$sql = "INSERT INTO karthick.{$id} (name, tin, address, product, invoice, transport, cutting, amount, vat) VALUES ('{$name}', '{$tin}', '{$address}', '{$product}', '{$invoice}', '{$transport}', '{$cutting}', '{$amount}', '{$vat}')";
Second method :
Use PHP variables outside quotes
Like:
$sql = " INSERT INTO karthick.".$id." (name, tin, address .....
Update
try using `` to enclose your table like,
$val = "`karthick`.`".$id."`";
My Code.
<?php //data.php
require_once 'db.php';
// Get values from form
$Fname = $_POST['first_name'];
$Lname = $_POST['last_name'];
$web = $_POST['web'];
$email = $_POST['email'];
$date = $_POST['date'];
// Insert data into mysql
$sql="INSERT INTO users (first_name, last_name, web, email, date)
VALUES ('$Fname', '$Lname', '$web', '$email', '$date', NOW())";
$result = mysql_query($sql);
$sql="SELECT DATE_ADD('$date', INTERVAL 30 day)";
$result = mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
header('Location: ../index.php');
}
else {
echo "ERROR";
}
// close mysql
mysql_close();
?>
My problem, i want to add those 30 days to the date column in database when form execute`s this file and inserts fname in fname, web in web, and date in date + 30 interval.
Thank you.
$sql="INSERT INTO users (first_name, last_name, web, email, date)
VALUES ('$Fname', '$Lname', '$web', '$email', '$date', NOW())";
$result = mysql_query($sql);
***$sql="SELECT DATE_ADD('$date', INTERVAL 30 day)";
$result = mysql_query($sql);***
Use the following query :
$sql="INSERT INTO users (first_name, last_name, web, email, date)
VALUES ('$Fname', '$Lname', '$web', '$email',DATE_ADD('$date', INTERVAL 30 day) , NOW())";
Do like this...
$sql="INSERT INTO `users` (`first_name`, `last_name`, `web`, `email`, `date`)
VALUES ('$Fname', '$Lname', '$web', '$email', DATE_ADD('$date', INTERVAL 30 DAY))";
Try this:
$sql="INSERT INTO users (first_name, last_name, web, email, date)
VALUES ('$Fname', '$Lname', '$web', '$email', '$date', DATE_ADD(NOW(), INTERVAL 30 DAY))";
$result = mysql_query($sql);
>> you are adding date after query executes, but do the same when query executes.
Thanks
Here is the part you need to change
$sql="INSERT INTO users (first_name, last_name, web, email, date)
VALUES ('$Fname', '$Lname', '$web', '$email', '$date', NOW() + INTERVAL 30 DAY)";
Below is the code that I've tried but I can't seem to make the right tweaks to get the script to run properly.
$sql = 'INSERT INTO clients (first_name, last_name, email) VALUES('.$_POST['first_name'].', '.$_POST['last_name'].', '.$_POST['email'].')
INSERT INTO client_data (client_id, phone, zip, note) VALUES(LAST_INSERT_ID(), '.$_POST['phone'].', '.$_POST['zip'].', '.$_POST['message'].')';
mysql_query($sql) or die (mysql_error());
Any help is much appreciated.
You cannot execute two sql statements with mysql_query();
Use something like this:
$sql = 'INSERT INTO clients (first_name, last_name, email) VALUES('.$_POST['first_name'].', '.$_POST['last_name'].', '.$_POST['email'].')';
mysql_query($sql);
$clientId = mysql_insert_id();
$sql = 'INSERT INTO client_data (client_id, phone, zip, note) VALUES('.$clientId.', '.$_POST['phone'].', '.$_POST['zip'].', '.$_POST['message'].')';
mysql_query($sql) or die (mysql_error());
But please read up on SQL injections and how to prevent them.
Just make 2 queries:
$sql_insert_clients = "INSERT INTO clients (first_name, last_name, email) VALUES(".$_POST['first_name'].", ".$_POST['last_name'].", ".$_POST['email'].")";
mysql_query($sql_insert_clients) or die (mysql_error());
$sql_insert_client_data = "INSERT INTO client_data (client_id, phone, zip, note) VALUES(".mysql_insert_id().", ".$_POST['phone'].", ".$_POST['zip'].", ".$_POST['message'].")";
mysql_query($sql_insert_client_data) or die (mysql_error());
You should break it up into two separate mysql_query calls and use the mysql_insert_id function:
$firstName = mysql_real_escape_string($_POST["first_name"]);
$lastName = mysql_real_escape_string($_POST["last_name"]);
$email = mysql_real_escape_string($_POST["email"]);
$phone = mysql_real_escape_string($_POST["phone"]);
$zip = mysql_real_escape_string($_POST["zip"]);
$message = mysql_real_escape_string($_POST["message"]);
mysql_query("INSERT INTO clients (first_name, last_name, email) VALUES ('{$firstName}', '{$lastName}', '{$email}')") or die(mysql_error());
mysql_query("INSERT INTO client_data (client_id, phone, zip, note) VALUES ('". mysql_insert_id() ."', '{$phone}', '{$zip}', '{$message}')") or die(mysql_error());
Your just missing the semi-colon to split the Insert's
$sql = 'INSERT INTO clients (first_name, last_name, email)
VALUES('.$_POST['first_name'].', '.$_POST['last_name'].', '.$_POST['email'].')'."; ".' INSERT INTO client_data (client_id, phone, zip, note) VALUES(LAST_INSERT_ID(), '.$_POST['phone'].', '.$_POST['zip'].', '.$_POST['message'].')';
mysqli_multi_query($sql) or die (mysql_error());
the SQL query it should be running (with dummy content) is
INSERT INTO clients (first_name, last_name, email) VALUES('test', 'surname', email); INSERT INTO client_data (client_id, phone, zip, note) VALUES(LAST_INSERT_ID(), 'phone', 'zip', 'message');