I have a pre-constructed array created from some test data as I have not yet set up a post form. The array looks like this:
$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => 'email#email.com', 'developer_or_client' => 'developer', 'email' => 'email#email.com');
foreach ($ud as $key => $value) {
$value = mysql_real_escape_string($value);
}
From this array, I then try to insert the data via a MySQL query into my database:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());
However, it dies with the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#email.com, username, password, london, mobile, developer, hello, email#email.com)' at line 1
Please can you tell me where I am going wrong?
You need quotes around each value in parenthases
Two things:
As Jeff notes, you need to put quotes around the strings.
Before putting quotes around them, you need to pass each string through mysql_real_escape_sring().
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
try it:)
From the sounds of the column names those are varchar column types so you need to wrap your values with quotes:
$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());
Also if the values are coming from user input you should run each value through mysql_real_escape_string to help prevent against SQL injection attacks
See this:
VALUES (" . $ud['name'] . ",
Nedd that:
VALUES ('" . $ud['name'] . "',
And for other columns too (if is not numberic)
Related
This question already has answers here:
How can I make PHP display the error instead of giving me 500 Internal Server Error [duplicate]
(7 answers)
Closed 5 years ago.
$result = $db->execute("
INSERT INTO arrowchat_chatroom_rooms (author_id, name, description, welcome_message, image, type,password, length, max_users, session_time, limit_message_num, limit_seconds_num)
VALUES ('" . $db->escape_string($userid) . "',
'" . $_POST["add_chatroom_name"] . "',
'" . $_POST["add_chatroom_desc"] . "',
'" . $_POST["add_chatroom_welcome_msg" . "',
'" . $db->escape_string($icon_filename) ."',
'". $_POST["add_chatroom_type"] . "',
'" . $_POST["add_chatroom_password"] . "',
'" . $_POST["add_chatroom_length"] . "',
'" . $_POST["chatroom_max_users"] . "',
'" . time() . "',
'" . $_POST["limit_message_num"] . "',
'" . *_POST["limit_seconds_num"] . "')"
);
return http 500 x_x
you are missing the closing ] for
$_POST["add_chatroom_welcome_msg"
and * in the start of
*_POST["limit_seconds_num"]
in your query, and that is the most probable cause of your 500 error try enabling the display_errors = On from the php.ini
I am looking to update one of the table. After I update, all the duplicate data is getting inserted again. Especially, the cloneSQL part of the code. I tried using DISTINCT, NOT EXISTS but no luck.
if(DB_num_rows($checkResult) > 0){
$cloneSQL = "UPDATE DISTINCT pricematrixdiscount SET
discount='" . $vals[3] . "'
WHERE debtorno='" . $_POST['cloneTo'] . "',
product_line='" . $vals[1] . "',
salestype='" . $vals[2] . "' ";
}
else {
$cloneSQL = "INSERT into pricematrixdiscount
(debtorno,
product_line,
salestype,
discount) VALUES
('" . $_POST['cloneTo'] . "',
'" . $vals[1] . "',
'" . $vals[2] . "',
'" . $vals[3] . "')";
How can I insert only distinct values on the pricematricdiscount table without the duplicates being inserted?
Here is my code:
$result = mysql_query("INSERT INTO clients (client_id, name, surname, tel1,tel2,id_num,address)
VALUES ('" .$updating_id . "','" .$updatedName1 . "','" .$updatedName1 . "', '" .$updatedSurname1
. "', '" . $updatedTel1 . "', '" .$updatedTel2 . ", '" .$updatedId_num1. "', '" .$updatedAddress1.
") ON DUPLICATE KEY UPDATE name='" . $updatedName1 . "', surname='" . $updatedSurname1 . "',
tel1='" . $updatedTel1 . "', tel2='" . $updatedTel2 . "', id_num='" . $updatedId_num1 . "',
address='" .$updatedAddress1 . "'");
if(mysql_query($result))
{ echo $updatedName1," ", $updatedSurname1, " updated successfully ";
}
else {
echo mysql_error();}
}
I am noticing that the first quote on the mysql_query("INSERT INTO...
is closing with the first quote of the VALUES ('" .$updating_id . "'... statement and yet the way I quoted is the one in my examples, I have assessed.
Use if($result) instead of if(mysql_query($result)). thx #Vinie
And you miss two simple quotes in your VALUES statement:
$updatedTel2 . "'
$updatedAddress1."'
And you need to have a look at mysql_real_escape_string(); or at least use PDO :)
I have a problem with the condition 'where'.
I want one more condition in this code:
$sql="UPDATE
coursegrade
SET
FirstExam='" . mysql_real_escape_string($_POST['FirstExam']) . "',
SecondExam='" . mysql_real_escape_string($_POST['SecondExam']) . "',
ThirdExam='" . mysql_real_escape_string($_POST['ThirdExam']) . "',
Assignments='" . mysql_real_escape_string($_POST['Assignments']) . "',
FinalExam='" . mysql_real_escape_string($_POST['FinalExam']) . "'
WHERE
SID=" . mysql_real_escape_string($_POST['SID']) ;
Tell now I have no problem .. but the problem is that I don't know how to set the second condition.
CourseID=" . mysql_real_escape_string($_POST['CourseID'])
I want the condition to be something like...
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
How could I do it?
Unless you use heredoc syntax php will parse strings on a single line.
ie the rendered clause is:
"WHERE SID=19AND CourseID=45"
Basically you missed a space before
"AND CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or you could put quotes around the values
"SID='" . mysql_real_escape_string($_POST['SID']) . "'
AND CourseID='" . mysql_real_escape_string($_POST['CourseID'])."'"
This is may help
WHERE
SID=" . mysql_real_escape_string($_POST['SID'])
OR CourseID=" . mysql_real_escape_string($_POST['CourseID'])
or
WHERE
SID in (
mysql_real_escape_string($_POST['SID']),
mysql_real_escape_string($_POST['CourseID'])
)
its will work for INT value of SID and CourseID
You can try this, and let me know if there is error message
$sql="UPDATE coursegrade
SET
FirstExam = '" . mysql_real_escape_string($_POST[' FirstExam ']) . "',
SecondExam = '" . mysql_real_escape_string($_POST[' SecondExam ']) . "',
ThirdExam = '" . mysql_real_escape_string($_POST[' ThirdExam ']) . "',
Assignments = '" . mysql_real_escape_string($_POST[' Assignments ']) . "',
FinalExam = '" . mysql_real_escape_string($_POST[' FinalExam ']) . "'
WHERE
SID = ". mysql_real_escape_string($_POST['SID'])."
AND
CourseID = " . mysql_real_escape_string($_POST['CourseID']) .";
I am trying to insert the current date into MySQL database in this format: (12/31/2013 10:26:12 PM). I've tried to make a simple code to change the format, but all I get is a syntax error
$sql = "INSERT INTO Students
VALUES
('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "',
'" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "',
'" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA']
"TO_CHAR(SYSDATE(),'dd/mm/yyyy')";
Tell me please what shall I do with it.
Just try this
$sql = "INSERT INTO Students VALUES ('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "', '" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "', '" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] . gmdate('m/d/Y g:i:s A').")";
or try this one
$sql = "INSERT INTO Students VALUES ('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "', '" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "', '" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] ."', '" . gmdate('m/d/Y g:i:s A').")";
You can also change gmdate with date
Have A nice day
USE
DATE_FORMAT(NOW(),'%m/%d/%Y %h:%i:%s %p') ;
i think some error in query also check:
$sql = "INSERT INTO Students
VALUES
('','" . $info[$i]['firstname'] . "', '" . $info[$i]['lastname'] . "',
'" . $info[$i]['sex'] . "', '" . $info[$i]['major'] . "','" . $info[$i]['favorite'] . "', '" . $info[$i]['GPA'] ."',DATE_FORMAT(NOW(),'%m/%d/%Y %h:%i:%s %p') )";
it should work.
check link:
http://www.w3schools.com/sql/func_date_format.asp