I am getting an unwanted duplicate entry for every last row on an insert statement. Does anyone know why this happens and how I can fix it?
?php
if(isset($_POST['submit'])) {
$con = mysql_connect("localhost"," "," ");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$sql="INSERT INTO table(ID,user) VALUE('$ID','$_POST[user]')";
$result = mysql_query( $sql,$con );
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
header( 'Location: index.php?success' ) ;
}
?>
if (!mysql_query($sql,$con)) executes the query again.
Should be:
$result = mysql_query( $sql,$con );
if (!$result)
You're running the query twice. Try this:
$result = mysql_query( $sql,$con );
if (!$result) {...
And please sanitize the $_POST before using it ine a query string (mysql_real_escape at least).
Maybe you could comment somewhere what is $ID and how you get it.
Related
I have a few string variables I am trying to insert them into my DB but I am having trouble because nothing is being inserted into the DB. I know the variables are populated. Since all variables are string I'm converting some of them to integers because those fields in the db table are type integer. I tried assigning the mysql_query to a variable and then check to return an error but it didn't display anything. I'm a bit new at PHP so I'm not sure what's wrong with my code below. I appreciate the help.
$connect = mysql_connect("localhost", "user", "pass");
if (!$connect) { die("Could not connect: ". mysql_error()); }
mysql_select_db("dbname");
mysql_query($connect,"INSERT INTO table1 (id, AU, TI, JO, VL, ISS, PB, SN, UR, DO, SP, EP, PY) VALUES ('NULL', '".$authors."', '".$title."', '".$journal."', '".(int)$volume."', '".(int)$issue."', '".$publisher."', '".$serial."', '".$url."', '".$doi."', '".(int)$startpage."', '".(int)$endpage."', '".(int)$year."')");
mysql_close($connect);
Try to debug your code, adding some more useful checks.
$link = mysql_connect("localhost", "user", "pass");
if (!$link) {
die("Could not connect: ". mysql_error());
}
$dbSelected = mysql_select_db("dbname", $link);
if (!$dbSelected) {
die ("Can't select db: " . mysql_error());
}
$result = mysql_query("YOUR_QUERY", $link);
if (!$result) {
die("Invalid query: " . mysql_error());
}
ps: you may want to use mysqly::query, just because mysql_query is deprecated
ps2: you should google about SQL Injection, since your statement doesn't look secure (unless those values are escaped somewhere)
NOTE: I just noticed that you are using a wrong order for the parameters on mysql_query($query, $link). You have put $link as first parameter.
I'm trying to make a delete button from sql. I started a function called $del but I don't know how to complete it, in the form of a delete button echoe'd out beside the current echo statements.
$con = mysql_connect("localhost", "user", "pass");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$sql = "INSERT INTO camps (city, map, park, day, details)
VALUES ('$_POST[city]','$_POST[map]','$_POST[park]','$_POST[day]','$_POST[details]')";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
$number = 0;
$del = mysql_query("DELETE FROM camps WHERE user_id= '$number'");
$result = mysql_query("SELECT * FROM camps");
while ($row = mysql_fetch_array($result)) {
echo "" . $row['city'] . "";
echo "<br />";
}
You will need to make your links pass a param to a script that will delete that record.
Your links would looks something like this
echo "" . $row['city'] . "";
Then your delete can just grab the params from the $_GET gloabal, and pass them into your sql like so
$del = mysql_query("DELETE FROM camps WHERE user_id=" . $_GET['user_id']);
This current query will delete all camps for that user (adjust params / sql as needbe).
However, you should NEVER pass user vars into your sql strings. You leave yourself open for sql injection attacks. I would recommend using PDO to escape your sql. I would also recommend using the post method for any destructive db operation so that you don't accidentally alter something.
.I don't know if it's syntax or what. I've tried a variety of ways this is the simplest I thought would work.
I send info to the userData.php using:
http://mydomain.com/adverts/userStats.php?name=001EC946C2F4&adNum=1&playClick=1
On the userData.php I have:
<?php
$db = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error());
$db_selected = mysql_select_db('databaseName', $db) or die('Could not select database');
if (!$db_selected)
{
die ("Can\'t use test_db : " . mysql_error());
}
$name = mysql_real_escape_string($_GET['name']);
$date = date("d/m/Y");
$adClick = mysql_real_escape_string($_GET['adNum]);
$playN = mysql_real_escape_string($_GET['playClick']);
$query = mysql_query("INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')");
$result = mysql_query($query) or die('Query failed: ' . mysql_error()));
mysql_close($db);
?>
I manually added 2 records to the table from phpMyAdmin, and I can display or update them just fine but adding a new record isn't working. I simply want to start a new record each time the link is called from another program, and store the mac address, date, adNum, and playClick.
EDIT2:: echo $query; for
http://simplehotkey.com/adverts/userStats.php?name=001EC946C2F4&adNum=1&playClick=1
outputs:
INSERT INTO playerData(mac,date,AdClick,PlayNum) VALUES ('001EC946C2F4', '26/07/2012','1','1')
Which is what I want it's just not adding it to the DB.
Correct syntax is --
mysql_select_db("databaseName", $db);
And its better if u use something like this for connection errors--
$db_selected= mysql_select_db("databaseName", $db);
if (!$db_selected)
{
die ("Can\'t use test_db : " . mysql_error());
}
EDIT
You are writing all wrong :(
$query = mysql_query("INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')");
$result = mysql_query($query) <--------------WRONG
Try Something like this----
$query = "INSERT INTO playerData(CORRECT_COL_NAMES) VALUES ('$name', '$date','$adClick','$playN')";
$results = mysql_query($query, $connection);
NEW EDIT
AREA OF ERROR---- WRONG DATATYPE
','1','1' <--- this is passing as string while u have have this as an int in your db structure ..now run the same query as it is to figure out the error..also u can figure out using $result = mysql_query($query) or die(mysql_error());
It's pretty easy to see what's wrong here, especially with syntax highlighting.
$adClick = mysql_real_escape_string($_GET['adNum]);
This line is missing a single quote mark; it should be:
$adClick = mysql_real_escape_string($_GET['adNum']);
This is a syntax error that ruins everything else.
Not to mention that your database selection is missing your database handler, ie:
mysql_select_db('databasename',$db);
As pointed out by #swapnesh, and as noted here.
Edit
I have been unable to reproduce your lack of an error, what I have gotten however, are errors. Firstly, you have an extra ) at line 12:
$result = mysql_query($query) or die('Query failed: ' . mysql_error()));
Should be:
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
Lastly, you actually improperly execute your query twice, so the second time, the query is empty. What you have:
$query = mysql_query("INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')");
$result = mysql_query($query) or die('Query failed: ' . mysql_error()));
Should instead be:
$query = "INSERT INTO playerData VALUES ('$name', '$date','$adClick','$playN')";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
Instead of using the insert statement the way you do add the fields that will receive entries explicitly. The database table might have more fields and the insert statement does not explcitly state which fields will receive data.
$query = mysql_query("INSERT INTO playerData (Name,Date,AdClick,PlayN) VALUES ('$name', '$date','$adClick','$playN')");
You have the syntax error on this line
Wrong :
$adClick = mysql_real_escape_string($_GET['adNum]);
Correct :
$adClick = mysql_real_escape_string($_GET['adNum']);
I have been able to manually insert values in my table using phpmyadmin, and even if i end up using the same php code i get from php my admin to call the query it STILL won't add the value to the table. here is the code:
<?php
$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_select_db('sc2broating1', $link);
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES (\'hello11\')";
mysql_query($sql);
mysql_close($link);
?>
Don't escape value.
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES ('hello11')";
I would also consider using bound parameters, as seen in mysqli::prepare, if Mysqli is an option.
I have a webform, from which i want records should be submitted into two tables under same database name.
My code is
<?php
$con = mysql_connect("localhost","************","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db=mysql_select_db("qserves1_uksurvey", $con);
$sql="INSERT INTO forms (date, Receivingsky, Title, Firstname, Lastname, House, Street, Town, County, Postcode, Number, WarrantyCoverForSky, Tvmake, Warrantycover, Payingmonthly, Agentnotes, Agentname)
VALUES
(NOW(),'$_POST[Receivingsky]','$_POST[Title]','$_POST[Firstname]','$_POST[Lastname]','$_POST[House]','$_POST[Street]','$_POST[Town]','$_POST[County]','$_POST[Postcode]','$_POST[Number]','$_POST[WarrantyCoverForSky]','$_POST[Tvmake]','$_POST[Warrantycover]','$_POST[Payingmonthly]','$_POST[Agentnotes]','$_POST[Agentname]')";
$sql_result = mysql_query($sql, $con) or die (mysql_error());
$con2 = mysql_connect("localhost","*******8","*********8");
if (!$con2)
{
die('Could not connect: ' . mysql_error());
}
$db2=mysql_select_db("qserves1_uksurvey", $con2);
$sql2="INSERT INTO dupphones (date, Number)
Values
(NOW(),'$_POST[Number]')";
$sql_result = mysql_query($sql2, $con2) or die (mysql_error());
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo '<html>
<head>
<title>Lead Submitted successfully!!!</title>
</head>
<body>
<center>
<strong>Lead Submitted ---- Click Here To Enter New Lead</strong>
</center>
</body>
</html>!';
mysql_close($con)
?>
This is submitting 3 leads 1 is in table dupphones and 2 leads in table forms.
I want this to submit 1 lead in each table only.
Please help
Thanks
You create two connections to the same database. You also execute mysql_query numerous times, sometimes with $sql2, then again with $sql. To clear up your code a little bit this is how it could look:
<?php
$con = mysql_connect("localhost","************","***********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db=mysql_select_db("qserves1_uksurvey", $con);
$sql="INSERT INTO forms (date, Receivingsky, Title, Firstname, Lastname, House, Street, Town, County, Postcode, Number, WarrantyCoverForSky, Tvmake, Warrantycover, Payingmonthly, Agentnotes, Agentname)
VALUES
(NOW(),'$_POST[Receivingsky]','$_POST[Title]','$_POST[Firstname]',
'$_POST[Lastname]','$_POST[House]','$_POST[Street]','$_POST[Town]','$_POST[County]',
'$_POST[Postcode]','$_POST[Number]','$_POST[WarrantyCoverForSky]','$_POST[Tvmake]',
'$_POST[Warrantycover]','$_POST[Payingmonthly]','$_POST[Agentnotes]',
'$_POST[Agentname]')";
$sql_result = mysql_query($sql, $con) or die (mysql_error());
$sql2="INSERT INTO dupphones (date, Number)
Values
(NOW(),'$_POST[Number]')";
$sql_result = mysql_query($sql2, $con2) or die (mysql_error());
echo '<html>
<head>
Note that your queries are still vulnerable to sql injection. Use escaping or prepared statements to get rid of sql injection.
Just a few words of advice. Sanitize your $_POST data before you submit. And consider using a primary key. Also, why do you make a new connection to run the second query?
At least use mysql_real_escape()
You get two queries because you do
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
Which runs the query again. You already run it once on top
$sql_result = mysql_query($sql, $con) or die (mysql_error());