Unable to update database using php

Unable to update database using php - php

I have a the following code for inputing data in a database..i specifically echoed the values to see whether they have correct values or not...they have correct values but the values i get in the database are totally different.
Here is my code
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("sm_sample");
$source=$_POST['source'];
$username=$_POST['username'];
$location=$_POST['location'];
$category=$_POST['category'];
$complaint=$_POST['complaint'];
$status=$_POST['status'];
$date=$_POST['date'];
echo $source.$username.$location.$category.$complaint.$status.$date;
$sql="INSERT INTO sample VALUES(ID=NULL,source='$source',username=
'$username', location='$location', category='$category',complaint=
'$complaint',date='$date',status='$status')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
echo "<BR>";
echo "<a href='usercom1.php'>View result</a>";
mysql_close($con)
?>
the values i get in the database r like this:
List data from mysql
Source Username Location Category Complaint Date Status Update
0 Singapore 0 0000-00-00 Pending Edit

The correct syntax:
$sql="INSERT INTO `sample`(`ID`,`source`,`username`, `location`,`category`,`complaint`,`date`,`status`)
VALUES (0, '$source','$username','$location','$category','$complaint','$date','$status')";
later edit ... you are using wrong mysql_query and connection syntax
$con = mysql_connect("localhost","root","") or die('database connection?');
mysql_select_db("sm_sample", $con) or die('wrong database?');
// and for $_POST you sould use mysql_real_escape_string
$source = mysql_real_escape_string($_POST['source']);
// ........................................
$sql="INSERT INTO `sample`(`ID`,`source`,`username`, `location`,`category`,`complaint`,`date`,`status`)
VALUES (0, '$source','$username','$location','$category','$complaint','$date','$status')";
mysql_query($sql) or die('Error: '.mysql_error().': '.mysql_errno());
// ........................................
mysql_close($con);

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
echo ('Could not connect: ' . mysql_error());
}
mysql_select_db("sm_sample",$con);
$source=$_POST['source'];
$username=$_POST['username'];
$location=$_POST['location'];
$category=$_POST['category'];
$complaint=$_POST['complaint'];
$status=$_POST['status'];
$date=$_POST['date'];
echo $source.$username.$location.$category.$complaint.$status.$date;
$sql="INSERT INTO sample ('source','username','location','category','complaint','status') VALUES('$source','$username','location','category','complaint','status' )";
if (!mysql_query($sql))
{
echo ('Error: ' . mysql_error());
}
echo "1 record added";
echo "<BR>";
echo "<a href='usercom1.php'>View result</a>";
mysql_close($con);
?>
First thing you do not have to add id if it is auto increment and date if it uses current timestamp and one more thing that never use die(); , use echo instead.

You should provide only VALUES of data with no column names:
$sql="INSERT INTO sample VALUES(ID, '$source', '$username', '$location', '$category', '$complaint', '$date', '$status')";
Also if you have only one DB connection you can not to define $con variable in mysql_query(). Like this: mysql_query($sql).

The problem is with the following line:
<?php
$sql="INSERT INTO sample VALUES(ID=NULL,source='$source',username='$username', location='$location', category='$category',complaint=
'$complaint',date='$date',status='$status')";
?>
If you check the result in the database, you'll see that the values are getting in the wrong order, use this instead:
<?php
$sql="INSERT INTO sample(ID, source, username, location, category, complaint, date, status) VALUES(NULL, '$source', '$username', '$location', '$category', '$complaint','$date','$status')";
?>
PLEASE read what Albireo posted in his comment. Your code is extremely vulnerable.

Related

pass value from one .php to another

I want to send the values from one form to a php file that posts it to a database, then to another php file that posts the same values, how can I do this using php?
This is my php
<?php
$con = mysql_connect("localhost","user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database_name", $con);
$sql="INSERT INTO players (first_name, last_name, company, phone, email, zip, street, city, state, country, reasons, notes, callback)
VALUE
('$_POST[first_name]','$_POST[last_name]','$_POST[company]','$_POST[phone]','$_POST[email]','$_POST[zip]','$_POST[street]','$_POST[city]','$_POST[state]','$_POST[country]','$_POST[reasons]','$_POST[notes]','$_POST[callback]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
Thank you for your help. (i'm sorry if this is a duplicate, i did not find anything on this)

In submit.php file
<?php
$con = mysql_connect("localhost","user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database_name", $con);
$sql="INSERT INTO players (first_name, last_name, company, phone, email, zip, street, city, state, country, reasons, notes, callback)
VALUE
('$_POST[first_name]','$_POST[last_name]','$_POST[company]','$_POST[phone]','$_POST[email]','$_POST[zip]','$_POST[street]','$_POST[city]','$_POST[state]','$_POST[country]','$_POST[reasons]','$_POST[notes]','$_POST[callback]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
//Add more
$id = mysql_insert_id();
mysql_close($con);
header('Location: review.php?id=' . $id);
?>
Then get data from review.php file
<?php
$id = $_GET['id'];
//SELECT * FROM tbl ... WHERE id = $id
//Your code
?>

SQL query is empty?

This php is suposed to send five attributes {id, description, email, price, shape} to the sales table in the salesinformation database.
<?php
define('DB_NAME', 'salesinformation');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Cannot connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if(!$db_selected){
die('Cannot use ' . DB_NAME . ': ' . mysql_error());
}
$value = $_POST['description'];
$value2 = $_POST['email'];
$value3 = $_POST['price'];
$value4 = $_POST['shape'];
$sql = mysql_query("INSERT INTO sales (id, description, email, price, shape) VALUES ('', '$value', '$value2', '$value3', '$value4')");
if (!mysql_query($sql)){
die('Error: ' . mysql_error());
}
mysql_close();
?>
If I echo $value it prints out the correct information that I filled in my html form (So the part that extracts values from the HTML is working atleast). I run xampp and created the database with PhpMyAdmin, and when this PHP runs all I get is Error: Query was empty and nothing is added to the database at all.
What makes the mysql_query empty?
EDIT: I had missed a ' sign at one of the values.
Now instead I get this error message
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1

Question: What makes the mysql_query empty?
It's you, who calls mysql_query without a real query:
$sql = mysql_query("INSERT INTO sales (id, description, email, price, shape) VALUES ('', '$value', '$value2', '$value3', '$value4')");
if (!mysql_query($sql)){ // <---- look here
die('Error: ' . mysql_error());
}
What we see in your code is that you pass $sql to mysql_query which isn't a valid query and you can check it with var_dump($sql);

Remove the ID column from your query. Assuming you made made it a INDEX (and AUTO_INCREMENT) probably:). You can either remove it out the fieldlist, or instead of the '' put a NULL there :).

PHP Code inserts Blank Records in MySql database with _POST method

PHP code is inserting blank records when inserting data in the database with the _POST Method, However when I use _GET everything works fine.
Thanks in Advace.
<?php
$con=mysqli_connect("localhost","root","*******","student");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Student (textnames, fathername, mom, occu, homenum, paddress, offcontact, Course, District, State, pincode, emailid, dob, mobileno)
VALUES
('$_POST[textnames]','$_POST[fathername]','$_POST[mom]','$_POST[occu]','$_POST[homenum]','$_POST[paddress]','$_POST[offcontact]','$_POST[Course]','$_POST[District]','$_POST[State]','$_POST[pincode]','$_POST[emailid]','$_POST[dob]','$_POST[mobileno]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Successfully Added Record";
mysqli_close($con);
?>
Any suggestions how to avoid this.....

a good rule of thumb is checking PHP Variables availability with phpinfo (this is related to your web server configuration).
Try and add:
echo phpinfo();
exit;
just before your
if (!mysqli_query($con,$sql))

The reason is that you are most probably doing the post not same as get
'$_POST[textnames]'// is wrong
'$_POST["textnames"]'// is correct
and same with all others. You must have used quotes to get these values without quotes your index like textnames would be incorrect both for GET and POST

try to initialise the $_POST to a local variable and use the query as follows
<?php
$a=$_POST['textname'];
$b=$_POST['fathername'];
$c=$_POST['mom'];'
$d=$_POST['occu'];
$e=$_POST['homenum'];
$f=$_POST['paddress'];
$g=$_POST['offcontact'];
$i=$_POST['Course'];
$j=$_POST['District'];
$k=$_POST['State'];
$l=$_POST['pincode'];
$m=$_POST['emailid'];
$o=$_POST['dob'];
$p=$_POST['mobileno']
$con=mysqli_connect("localhost","root","*******","student");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Student (textnames, fathername, mom, occu, homenum, paddress, offcontact, Course, District, State, pincode, emailid, dob, mobileno) VALUES('$a','$b','$c','$d','$e','$f','$g','$i','$j','$k','$l','$m','$o','$p')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Successfully Added Record";
mysqli_close($con);
?>

First check whether your form is sending value by
if(isset($_POST["submit"]))
{
Your insert query here
}
also in form try using following code
<form methode = "POST" action = "">
</form>

It works with the _REQUEST i think it'll do
<?php
$con=mysqli_connect("localhost","root","********","student");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Student (textnames, fathername, mom, occu, homenum, paddress, offcontact, Course, District, State, pincode, emailid, dob, mobileno)
VALUES
('$_REQUEST[textnames]','$_REQUEST[fathername]','$_REQUEST[mom]','$_REQUEST[occu]','$_REQUEST[homenum]','$_REQUEST[paddress]','$_REQUEST[offcontact]','$_REQUEST[Course]','$_REQUEST[District]','$_REQUEST[State]','$_REQUEST[pincode]','$_REQUEST[emailid]','$_REQUEST[dob]','$_REQUEST[mobileno]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Successfully Added Record";
mysqli_close($con);
?>

You can change your code like this. The point is you missed the single quotes when accessed the post variables.
<?php
$con=mysqli_connect("localhost","root","*******","student");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Student (textnames, fathername, mom, occu, homenum, paddress, offcontact, Course, District, State, pincode, emailid, dob, mobileno)
VALUES
('".$_POST['textnames']."','".$_POST['fathername']."','".$_POST['mom']."','".$_POST['occu']."','".$_POST['homenum']."','".$_POST['paddress']."','".$_POST['offcontact']."','".$_POST['Course']."','".$_POST['District']."','".$_POST['State']."','".$_POST['pincode']."','".$_POST['emailid']."','".$_POST['dob']."','".$_POST['mobileno']."')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Successfully Added Record";
mysqli_close($con);
}
}
?>

Timestamp to get current time/date

I need simple code using PHP to get the current date/time using TIMESTAMP and insert this into a database.
I have a field called "ArrivalTime" within a database as TIMESTAMP.
EDIT:
<?php
$con = mysql_connect("localhost","root","") or die('Could not connect: ' . mysql_error());
mysql_select_db("a&e", $con) or die('Could not select database.');
// validate
$time = time(); $date = date('Y-m-d H:i:s',$time);
$sql="INSERT INTO Patient(Forename, Surname, Gender, Date_Of_Birth, Address, Patient_History, Illness, Priority, Arrival_Time)
VALUES('$patient_name', '$patient_lastname', '$gender', '$date', '$address', '$history', '$illness', '$priority', '$time')";
mysql_query($sql,$con) or die('Error: ' . mysql_error());
echo "1 record added";
// close connection
mysql_close($con);
?>
Many thanks

main.php
<?php
require('connect.php');
$time = time();
$sql = "INSERT INTO yourtablename (ArrivalTime) Values ('$time')";
mysql_query($sql);
?>
P.S: in the sql statement i'm sure you'll need to put other things in the other fields ,so you just replace the one above by this:
$sql = "INSERT INTO yourtablename (field1, field2, ArrivalTime) Values ('$value1','$value2','$time')";
connect.php
<?php
$error = "Couldn't connect";
$connect = mysql_connect("localhost","username","password") or die($error);
mysql_select_db("yourdatabase") or die($error);
?>

The query will be:
INSERT INTO mytable(ArrivalTime) VALUES(UNIX_TIMESTAMP())

mysql has a function UNIX_TIMESTAMP() for getting a Unix timestamp as an unsigned integer.
Example:
mysql> SELECT UNIX_TIMESTAMP();
-> 1196440210
So you can use this sql query:
insert into tableName(ArrivalTime) values(UNIX_TIMESTAMP())

PHP/mySQLi not querying

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("d/m/y : H:i:s", time());
$dbc = mysqli_connect('localhost', 'root', 'derp', 'derpdb')
or die("Database connection fried.");
$query = "INSERT INTO ipstore (tstamp, ip), " .
"VALUES ('$date', '$ip')";
mysqli_query($dbc, $query);
mysqli_close($dbc);
?>
Can anyone tell me what's wrong with this code? It's meant to store the users IP/date they requested the page in the database. I've tried replacing localhost with 127.0.0.1, no luck. It doesn't bring a message, so it must be connected, however when it comes to querying it just doesn't do it. And it doesn't give a warning. I've checked the DB, nothings there.
Also don't worry, nothing sensitive is there ;)
Thanks

$query = "INSERT INTO ipstore (tstamp, ip), " . "VALUES ('$date', '$ip')";
You are not supposed to use a comma after specifying columns - try
$query = "INSERT INTO ipstore (tstamp, ip) VALUES ('$date', '$ip')";

try it this way
$query = mysql_query("INSERT INTO ipstore (tstamp,ip) VALUES ('$date', '$ip')") or die(mysql_error()); if($query) {echo 'Success'; esle { echo 'Failed'; }
And you will get success for sure

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Unable to update database using php - php

Related

pass value from one .php to another

SQL query is empty?

PHP Code inserts Blank Records in MySql database with _POST method

Timestamp to get current time/date

PHP/mySQLi not querying

Categories

Resources