Hello everyone please help me out regarding this this piece of code
$user = new User();
$user->connect();
$pno=$_POST['pno'];
$name=$_POST['name'];
$age=$_POST['age'];
$result = array('name'=>$name,'age'=>$age,'pno'=>$pno);
$error=$user->edit($result);
$user->disconnect();
I want to coustomize these line of code
$pno=$_POST['pno'];
$name=$_POST['name'];
$age=$_POST['age'];
$result = array('name'=>$name,'age'=>$age,'pno'=>$pno);
I mean like this
$result = array('$_POST['name']'=>$name,'$_POST['age']'=>$age,'$_POST['pno']'=>$pno);
but i am unable to put '' properly please help me out regarding this and a small simple hints about qoutes. Thanks
$result = array($_POST['name']=>$name,$_POST['age']=>$age,$_POST['pno']=>$pno);
The reason why your code was failing was because you are trying to interpolate $_POST['name'] in a string with single quotes, which will fail because $_POST['name'] also contains single quotes(this will raise a Parse error).
You're breaking up the string with the nested quotes. Use "..." in stead, like this:
$result = array('$_POST["name"]'=>$name, '$_POST["age"]'=>$age,'$_POST["pno"]'=>$pno);
That said, personally I'd go for more descriptive and less cluttered field names, like "name", "age", etc...
$result = array(
'name' => $_POST['name'],
'age' => $_POST['age'],
'pno' => $_POST['pno']
);
$result = array($_POST['name']=>$name, $_POST['age']=>$age, $_POST['pno']=>$pno);
That should be work however your array key index will be mixed with number and string, plus your code doesn't work because you use " ' " witch will interpret $_POST['age'] as a string if it work, double quote can understand variable inside it.
If you really want the whole variable name as the key for each of the results variable you could but why?
$results['$_POST["name"]'] = $name;
$results['$_POST["age"]'] = $age;
$results['$_POST["pno"]'] = $pno;
Related
Using PHP/PDO I’m trying to set a MySQL (mysql-5.0.96) variable named “flt_status” whose default is set to ‘NULL’ and which is defined as INT(5), nullable, to NULL.
There are a number of threads here on StackOverFlow (11692773, 1391777) that cover this topic but none of them seems to work for me.
My (very abbreviated) code looks like this;
$vs = “:ip, flt_status, sunrise”;
$match = array(
‘:ip’=>”$ip”,
‘:flt_status’=>”null, PDO::PARAM_INT”,
’:sunrise’=>”$sunrise”
);
$vars = “ip, flt_status, sunrise”;
$sql = "INSERT INTO skeds ( $vars ) VALUES ( $vs )";
$query = $db_found->prepare( $sql );
$query->execute( $match );
I’ve tried a number of techniques outlined in the above discussions and others I’ve found using Google but every time the value of flt_status comes out as zero (0). I've tried using both PDO::PARAM_NULL and PDO::PARAM_INT.
I’ve included the IP and SUNRISE variables in this example so I can better understand any example the more experienced PHP/PDO programmers out there give me.
Can someone show me what I’m doing wrong?
Thanks in advance for any assistance you can offer.
You are doing several things wrong.
$vs = “:ip, flt_status, sunrise”;
First, you're apparently using smart quotes instead of straight quotes. Code needs straight quotes.
Next, you put a : prefix before ip but you missed that prefix before the other two named parameters. You need a : before each one.
$match = array(
‘:ip’=>”$ip”,
‘:flt_status’=>”null, PDO::PARAM_INT”,
’:sunrise’=>”$sunrise”
);
Next, you put null inside a quoted string. That makes it a string literal containing the word 'null', not a true null. These two concepts are different, like the difference between a chicken and a piece of paper with the word "chicken" written on it.
Also, you don't need to put quotes around the variables.
Also, for what it's worth, the : prefix on the array keys of your array are optional. In early versions of PDO, they were mandatory, but now they're not. It does no harm to keep the colon prefix, I just wanted to let you know because it could make it easier in the future to prepare arrays of parameters from another associative array, like $_POST.
$vars = “ip, flt_status, sunrise”;
This is fine except for the continued use of smart quotes.
$sql = "INSERT INTO skeds ( $vars ) VALUES ( $vs )";
Here's where you will get into trouble with your $vs because it contains only one parameter placeholder, followed by two plain column names. Passing column names in the VALUES clause is not illegal in SQL, but it makes no sense to do it.
$query = $db_found->prepare( $sql );
$query->execute( $match );
Okay, except that you are not checking for errors. Unless you have enabled PDO's attribute for throwing exceptions, you need to check the return status of prepare() and execute() because they return false if there's any error. This continues to be one of the most common mistakes among PHP developers!
Here's how I would write this code.
As you connect to PDO, enable exceptions. See http://php.net/manual/en/pdo.error-handling.php
$db_found = new PDO(...);
$db_found->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Then the code for this routine:
$placeholders = ":ip, :flt_status, :sunrise";
$values = array(
'ip' => $ip,
'flt_status' => null,
'sunrise' => $sunrise
);
$columns = "ip, flt_status, sunrise";
$sql = "INSERT INTO skeds ($columns) VALUES ($placeholders)";
$stmt = $db_found->prepare($sql);
$stmt->execute($values);
You have few mistakes in your code, try to adjust it like this:
$sql = "INSERT INTO skeds ( ip, flt_status, sunrise ) VALUES ( :ip, :flt_status, :sunrise )";
$query = $db_found->prepare( $sql );
$query->execute( array(':ip'=> $ip,
':flt_status'=>null,
':sunrise'=>$sunrise
));
When you say
$match = array(
‘:ip’=>”$ip”,
‘:flt_status’=>”null, PDO::PARAM_INT”,
’:sunrise’=>”$sunrise”
);
it's going to use that actual string "null, PDO::PARAM_INT". If you want a NULL, bind the placeholder to the PHP value null.
You have to understand the difference between strings and PHP code.
"null, PDO::PARAM_INT" IS a string. You cannot store PHP code in a string.
"null" AGAIN is not a NULL value either but a string contains word " null
If you want ot bind a null, then just bind PHP NULL value. Yes, as simple as that.
I am sending myself crazy figuring out what the issue is with the following code. All names within the database are exact as I have them here however I can't seem to get the info from the quote using $quoteid however when I type in an id static e.g. quoteid = 12 I can filter through the data.
Obviously this isn't ideal.
<?php
$quoteid = $_GET["quoteid"];
if ($_GET['quoteid']) {
$quoteid = $_GET["quoteid"];
}
$quote = $db->getRow("SELECT * FROM quotes WHERE quoteid = $quoteid");
?>
Html
<h1><?php echo $quote->description;?></h1>
Any help would be greatly appreciated.
Thanks,
Melissa
Note that you need to put the PHP variables inside single quotes when writing SQL queries. Do it like in the example:
$quote = $db->getRow("SELECT * FROM quotes WHERE quoteid = '$quoteid'");
why you getting again and again $_GET["quoteid"] and also use single for variable when writing SQL queries
<?php
$quoteid = $_GET["quoteid"];
if (!empty($quoteid)) {
$quote = $db->getRow("SELECT * FROM quotes WHERE quoteid = '$quoteid'");
}
else {
echo 'quote id is empty';
}
?>
also use mysql_real_string_escape() to prevent sql injection
You should do the following... basic debugging.
print_r or var_dump for $_GET to see if and how "quoteid" is set up
in the $_GET superglobal
echo your SQL (instead of mysql_query just echo it) and run it in
phpmyadmin if it seems ok -- you might have something you missed out
somewhere
That way you should be able to figure out your issue faster
there is mistake in query syntax with $quoteid variable. you should use this one-
global $db;
$quote = $db->get_row("SELECT * FROM quotes WHERE quoteid ='".$quoteid."'");
I'm looking for a clean way to escape value for SQL query without quoting it.
Let's say i have a value It's cool. Now I would like to simply get escaped string It\'s cool, just like when using for example mysqli_real_escape_string() function for mysqli driver.
The problem is that all Zend\Db\Adapter\Platform interface's quoting methods adds single quotes to the value which means I get 'It\s cool'.
Simplest way I found to do this is to trim quotes after usage of quoteValue() method.
$raw = "It's cool";
$quoted = $this->db->platform->quoteValue($raw);
$final = trim($quoted, "'");
But it's of course a dirty solution and I don't want it to be like this in every place I need escaped-only value.
Is there any clean way to do this simple thing in Zend2?
Maybe you can try something like this:
$sql = "UPDATE posts set comment = :value where id = :id";
$data = ['value' => "It's cool", 'id' => 123];
$stmt= $this->tableGateway->getAdapter()->createStatement($sql);
$stmt->prepare($sql);
$stmt->execute($data);
I am getting my variables from form fields using php :
$url=$_POST['url'];
$tags=$_POST['tags'];
$skillArea=$_POST['skill_area'];
$description=$_POST['description'];
$slideshowImageFileName=($_FILES['imageNameSlideshow']['name']);
But when I run my sql insert query, I get an error if one of the variables is empty, so I have taken to write if statements to deal with this to rewrite the query string, but surely, that's not the answer? It seems very messy
if(empty($slideshowImageFileName)){
$query1="INSERT INTO portfolio (item_name,image_path,description,url) VALUES('$itemName','$imageFileName','$description','$url')";
}else{
$query1="INSERT INTO portfolio (item_name,image_path,description,url,slideshow_image_path) VALUES('$itemName','$imageFileName','$description','$url','$slideshowImageFileName')";
}
I suppose you are looking for something like this:
$slideshowImageFileName = (isset($_FILES['imageNameSlideshow']['name']) && !empty($_FILES['imageNameSlideshow']['name'])) ? $_FILES['imageNameSlideshow']['name'] : NULL;
This will check if the name of the slideshowimage is set and not empty. if it is NULL will be assigned to the variable, if its correct the value will be assigned.
You could replace NULL with "" if you want an empty string to be added.
Try to set the value of $slideshowImageFileName to empty string or a single space as your database table will accept, and use the second query always.
if(empty($slideshowImageFileName)){
$slideshowImageFileName = "";
}
$query1="INSERT INTO portfolio (item_name,image_path,description,url,slideshow_image_path) VALUES('$itemName','$imageFileName','$description','$url','$slideshowImageFileName')";
I am agreed with Mr. Ray. But there is another solution apart from that. Probably slideshow_image_path field on the table doesn't allow null. So you may change the attribute by allowing null and it will work.
I'd probably construct a builder if I'm sure I'll get a lot of optional data.
Like this:
$acceptedKeys = array
('item_name',
'image_path',
'description',
'url',
'slideshow_image_path');
$inserts = array();
foreach($_GET as $key => $var) {
if(in_array($key, $acceptedKeys)) {
// clean and validate your keys here!
$inserts[$key] = $var;
}
}
$customKeys = implode(array_keys($inserts), ',');
$customValues = implode($inserts, ',');
$query = "INSERT INTO portfolio ($customKeys) VALUES($customValues)";
There's a few options to this.
Simplest one is to make sure the variables are always set, even if not passed through:
//Set up your database connection as normal, check errors etc.
$db = mysqli_connect($host,$user,$password,$db);
$url = isset($_POST['url']) ? mysqli_real_escape_string($db, $_POST['url']) : "";
$tags= isset($_POST['tags']) ? mysqli_real_escape_string($db, $_POST['tags']) : "";
Escaping data is good practice :) In your INSERT query you'll still need to wrap the values in quotes, or you could do that in the above code as per your preference.
http://uk3.php.net/manual/en/mysqli.construct.php
ingHey guys.
I am wonder the correct syntax for using a $_POST statement in a while loop.
I have written this.
$result_i = $_POST['result_i'];
while ($result_i > 0){
//Get Post Values
$driver = $_POST['driver_update_".$result_i."'];
$BookingID = $_POST['ID_".$result_i."'];
$Task_No_update = $_POST['Task_No_update_".$result_i."'];
//SQL
$driver_update = mysql_query("UPDATE booking SET driver = '$driver', TaskNo= '$Task_No_update' WHERE BookingID = '$BookingID' " );
}
The problem I have is:
$_POST['driver_update_".$result_i."'];
Is it possible to write $_POSTS statements in this way.
Cheers.
The problem is you cannot interpolate variables in single-quoted strings.
Try concatenation instead
$_POST['driver_update_' . $result_i]
or use double-quotes and variable enclosures
$_POST["driver_update_{$result_i}"]
See http://www.php.net/manual/en/language.types.string.php
Also, that looks like an infinite loop as $result_i never changes.
You don't need to wrap everything in quotes here
$driver = $_POST["driver_update_" . $result_i];
$BookingID = $_POST["ID_" . $result_i];
$Task_No_update = $_POST["Task_No_update_" . $result_i];