I have a situation in some really old code of mine where I am trying to pass through the data from a string and do a DB query off of those values.
The data loads correctly if I set $hula = '7630' but when I set it to multiple values in a string like $hula = '7890, 5630' I get error (Message: db2_execute(): Statement Execute Failed)
I clearly know I am missing something here but I am CLEARLY not seeing it. Thanks
<?php
$hula = '7890, 5630';
$stmt = "SELECT TXLCT2, ZFDLDS FROM ".$ArEnviro>getDataLibFin().".TXPL6C2, ".
$ArEnviro->getDataLibFin().".HXPTABLD WHERE TXLCT2 = CFDECD AND CFDTCD = 'YCT2' AND TXLLV6 IN ? ORDER BY TXLCT2";
$preparedStmt = db_prepare($ArConnections->getDB2ConnResource(),$stmt);
$result = db_execute($preparedStmt, [$hula]);
while(($row = db_fetch_both($preparedStmt)) == true) {
echo('<option value="'.htmlspecialchars($row["TXLCT2"]).'">'.htmlspecialchars($row["TXLCT2"]).' - '.htmlspecialchars($row["ZFDLDS"]).'</option>');
}
?>
A simple change:
if TXLLV6 is integer:
$hula = '(7890, 5630)';
If it is varchar or any kind of string:
$hula = "('7890', '5630')";
I integrated a PHP file in my Wordpress installation with a plugin. I have found out, how I am able to send several variables and posting them to a MySQL database, but I am confused, how to manipulate my data like this:
$web = "http://internal.weddingcenter.at/wp-content/themes/twentytwelve/orders.php";
a href="<? echo ''.$web.'?contact='.$daten[id].'' ?>">Rechnung</a>
if ($contact) {
$datum = date('Y-m-d', $date);
$sql_update = "Update wccrm_orders set contacted_date = $datum where id = $contact";
$result = mysql_query($sql_update, $db);
}
I never jump into the if-clause.
How can this be solved?
It has to be :
if($_GET['contact'])
...
OR You cant try :
$contact = $_GET['contact'];
if($_GET['contact'])
...
To add to Kunal Gupta I can see more problems...
if ($_GET['contact']) {
//Forgot to mention SQL injection prevention...
//Try preg_replace or mysqli_real_escape_string()
$datum = preg_replace('[0-9 \/]', '', date('Y-m-d',$date)); //I think that will work
//OR
$test = date('Y-m-d', $date);
$datum = mysqli_real_escape_string($test); //Should also work...
//You must always place PHP variables in inverted commas
$sql_update = "UPDATE wccrm_orders SET contacted_date='$datum' WHERE id='$contact'";
//use MySQLi... It's quicker. Use the variables this way around
$result = mysqli_query($db, $sql_update);
}
There are still quite a few problems with the code but without fully understanding what data is coming from the previous page or what you intend to do with the data I can only help so much.
I am new to PHP. I wanted to create a new record in another table but just one new variable gets returned. I've tried following:
$user_id = mysql_real_escape_string($_POST['user_id']);
$user_name = mysql_query("SELECT user_name FROM accept WHERE user_id=".$user_id." ");
$row1 = mysql_fetch_array($user_name);
$server = mysql_query("SELECT server FROM accept WHERE user_id=".$user_id." ");
$row2 = mysql_fetch_array($server);
$url = mysql_query("SELECT link FROM accept WHERE user_id=".$user_id."");
$row3 = mysql_fetch_array($url);
$lpoints = mysql_real_escape_string($_POST['lpoints']);
And my result is this.
First of all, combine your queries into one:
$user_id = mysql_real_escape_string($_POST['user_id']);
$user_info = mysql_query("SELECT user_name, server, link FROM accept WHERE user_id=".$user_id." ");
$row = mysql_fetch_array($user_info);
$lpoints = mysql_real_escape_string($_POST['lpoints']);
In order to create a new record, you will need INSERT INTO, to change existing records use UPDATE.
When you're fetching info from the database, it will be an array so you will need to use it accordingly. So essentially, to use the variables it will be like this:
$row['user_name'] or $row['server'] etc..
Also, look into using mysqli instead. You will need to change your connection script and some other syntax but it needs to be done. mysql is deprecated, insecure, and future support is not there so you will need to change it later anyway.
You should use pdo or mysqli and here is your code;
$user_id = &$_POST["user_id"];
if($user_id){
$result = mysql_query("select user_name,server,link,lpoints from accept where user_id='".mysql_real_escape_string($user_id)."'");
/*You should use single quotes for escaping sql injection*/
if($result){
$vars = mysql_fetch_array($result);
if($vars){
list($username,$server,$link,$lpoints) = $vars;
}
else{
//do something with errors
}
mysql_free_result($result);
}
else{
//do something with errors
}
}
else{
//do something with errors
}
Try This-
$user_id = mysql_real_escape_string($_POST['user_id']);
$result = mysql_query("SELECT user_name, server, link FROM accept WHERE user_id=".$user_id." ");
$row=mysql_fetch_array($result)
$row1=$row['user_name'];
$row2=$row['server'];
$row3=$row['link'];
$lpoints = mysql_real_escape_string($_POST['lpoints']);
Now you got what you wanted based on your requirement use the data to insert or update.
$num=$_POST['data'];
$no = (int) $num;
$sql = "select * from uploads where id > '$no'"
The above query not working properly.It is displaying the values below the no.I think the problem with conversion.somebody please help to solve this problem
Try this code instead:
if ( empty( $_POST['data'] ) ){
// show error message
echo "No data received";
// use a default values
$num = 0;
}
else
$num=$_POST['data'];
$no = intval($num);
$sql = "select * from uploads where id > $no";
Try to use intval instead of casting to int
You have apostrophes around the value, so the values will be compared as strings, not numbers. The string value 10 for example is smaller than the string value 2.
Remove the apostrophes:
$sql = "select * from uploads where id > $no";
You have Sno = ..., it should be $no = .... It's a typo.
Then, numbers in query doesn't require apostrophes, so don't use them in this context.
You also had $_post instead of $_POST - it's another issue, variables in PHP are case-sensitive.
Try with this
$sql = "select * from uploads where id > ".$no;
and also put $_POST instead of $_post
$no = (int) $_POST['data']; //wrong variable declaration ?
$sql = "select * from uploads where id > $no";
Try this.
$_post replaced by $_POST
one variable instead of two
$lastname = clean($_SESSION['lastname']);
$firstname = clean($_SESSION['firstname']);
$mi = clean($_SESSION['mi']);
$nickname = clean($_SESSION['nickname']);
$studentno = clean ($_SESSION['studentno']);
$password = clean ($_SESSION['password']);
$cpassword = clean ($_SESSION['cpassword']);
$bdate = clean($_POST['bdate']);
$maddress = clean($_POST['maddress']);
$paddress = clean($_POST['paddress']);
$status = clean($_POST['status']);
$religion = clean($_POST['religion']);
$telno = clean($_POST['telno']);
$celno = clean($_POST['celno']);
$email = clean($_POST['email']);
$nationality = clean($_POST['nationality']);
$batch = clean($_POST['batch']);
$dept = clean($_POST['dept']);
$course = clean($_POST['course']);
$achvmnts = clean($_POST['achvmnts']);
$emp = clean($_POST['emp']);
$empadd = clean($_POST['empadd']);
$position = clean($_POST['position']);
$emptelno = clean($_POST['emptelno']);
$empemail = clean($_POST['empemail']);
I have the following INSERT query for the values above where the first 7 are being retrieved from a saved session, everything are declared as varchar except for the fields bdate = date, celno and studentno = bigint, :
$result = mysql_query("INSERT INTO `$dept`(lastname,firstname, mi,nickname,bdate,maddress,paddress,status,religion,telno,celno,email,nationality,password,studentno,batch,dept,course,achvmnts,emp,empadd,position) VALUES
('$lastname','$firstname','$mi','$nickname','$bdate', '$maddress','$paddress','$status,','$religion','$telno',$celno,'$email','$nationality','$password',$studentno,'$batch', '$dept','$course','$achvmnts','$emp','$empadd,'$position')");
.I can't seem to find the error in this query, for hours i have been receiving "Query Error". can anyone please help me find the error. Thanks in advance!
There is an error in your insert right there:
'$empadd, '$position')");
the 2. quotation is missing
$result = mysql_query("INSERT INTO `$dept`(lastname,firstname, mi,nickname,bdate,maddress,paddress,status,religion,telno,celno,email,nationality,password,studentno,batch,dept,course,achvmnts,emp,empadd,position) VALUES
('$lastname','$firstname','$mi','$nickname','$bdate', '$maddress','$paddress','$status','$religion','$telno',$celno,'$email','$nationality','$password',$studentno,'$batch', '$dept','$course','$achvmnts','$emp','$empadd','$position')");
Should work if thats the problem.
(Edit: removed the , in '$status,' since someone mentioned it in the comments
I don't believe you need the quotations on the INSERT INTO '$dept'. Also, I think your quotations are different, and $studentno has no quotations, I'm not sure if that was intentional. Last, could you post the exact query error
For one thing, this is a ridiculously huge INSERT to be making. Here are things I noted
'$status,', looks incorrect. This would add the status with a trialing comma
'$empadd, is missing a trailing quote
$celno is not placed within quotations. This is risky. All phone numbers should be stored as VARCHAR fields.
Consider using sprintf with mysql_real_escape_string in order to ensure that your variables are formatted correctly. For more information, consult the PHP manual docs on mysql_real_escape_string and sprintf.
The code could be a bit more readable and less open to errors resulting from repetition:
$session_columns = array('lastname','firstname','mi','nickname','studentno',
'password','cpassword');
$post_columns = array('bdate','maddress','paddress','status','religion','telno',
'celno','email','nationality','batch','dept','course','achvmnts','emp',
'empadd','position','emptelno','empemail');
$assignments = array();
foreach ($session_columns as $column)
$assignments[] = sprintf("$column = '%s'", clean($_SESSION[$column]));
foreach ($post_columns as $column)
$assignments[] = sprintf("$column = '%s'", clean($_POST[$column]));
$sql = "INSERT INTO `$dept` SET ".implode(', ', $assignments);