I want to add an array to my db. I have set up a function that checks if a value in the db (ex. health and money) has changed. If the value is diffrent from the original I add the new value to the $db array. Like this $db['money'] = $money_input + $money_db;.
function modify_user_info($conn, $money_input, $health_input){
(...)
if ($result = $conn->query($query)) {
while ($user = $result->fetch_assoc()) {
$money_db = $user["money"];
$health_db = $user["health"];
}
$result->close();
//lag array til db med kolonnene som skal fylles ut som keys i array
if ($user["money"] != $money_input){
$db['money'] = $money_input + $money_db;
//0 - 20
if (!preg_match("/^[[0-9]{0,20}$/i", $db['money'])){
echo "error";
return false;
}
}
if ($user["health"] != $health_input){
$db['health'] = $health_input + $health_db;
//0 - 4
if (!preg_match("/^[[0-9]{0,4}$/i", $db['health'])){
echo "error";
return false;
}
if (($db['health'] < 1) or ($db['health'] > 1000))
{
echo "error";
return false;
}
}
The keys in $db represent colums in my database. Now I want to make a function that takes the keys in the array $db and insert them in the db. Something like this ?
$query = "INSERT INTO `main_log` ( `id` , ";
foreach(range(0, x) as $num) {
$query .= array_key.", ";
}
$query = substr($query, 0, -3);
$query .= " VALUES ('', ";
foreach(range(0, x) as $num) {
$query .= array_value.", ";
}
$query = substr($query, 0, -3);
$query .= ")";
If the id field is already set to be an Auto-Increment value, you do not need to declare it in the INSERT command (it is just assumed as not being over-ridden, and will fill with the auto-incremented value).
Assuming that $db is an an associative array, where the element keys are the same as the SQL field names, and the element values are the desired values for those SQL fields.
# Sanitise the Array
$db = array_map( 'mysql_real_escape_string' , $db )
# Create the SQL Query
$query = 'INSERT INTO `main_log` '.
'( `'.implode( '` , `' , array_keys( $db ) ).'` ) '.
'VALUES '.
'( "'.implode( '" , "' , $db ).'" )';
That should produce an SQL query which will perform the required work. Plus it should reduce the possibility of SQL Injection attacks...
(Note: The line breaks, etc. above are for readibility only, and can be removed.)
Related
I have a query to insert multiple rows in split batches. Basically, I need to split inserts in batches so that I can generate a unique random ID to the inserted batch.
What I've tried and failed with many different options, one of them as follow.
$batch = 150;
$sql = "SELECT DISTINCT `column` FROM `table` GROUP BY `column` ORDER BY `ID` ASC";
$sqle = $con->Execute($sql);
$results = $sqle->getrows();
for($i=0; $i<count($results);$i++){
$columns1 = $results[$i]['column'];
if($i==$batch){
$randd = randcode(5).time();
$sql = "INSERT INTO `newtable` SET `columns1` = ".$con->qstr($columns1).", `rcode` = ".$con->qstr($randd).", `DATE_PUBLISHED` = ".$con->qstr($sdate);
$results=$con->Execute($sql);
$i=0;
}
}
However, am not successful in inserting unique code to every 150 batch inserted query.
Where am I going wrong in generating random unique code for every batch? And also I would like to know if there is less than 150 records, then how to handle the same?
This will provide you with the logic for a basic way for setting a random ID per batch.
In this example, there is no database connectivity. You will have to add that yourself. You also want to have a look at the syntax for the INSERT statement (spoiler: INSERT INTO <table name> (<columns>) VALUES (<values>)).
// For this example, generate a result array with 350 rows
// (remove when using actual db query)
for ($i = 1; $i <= 350; $i++) {
$results[] = ['column' => 'column ' . $i];
}
// Loop through all result rows
foreach ($results as $batchCounter => $result) {
if ($batchCounter % 150 == 0) {
// Generate a new random ID for the first row and every 150 rows
$random = uniqid();
}
// Replace with proper insert statement
echo "Insert random ", $random, ' for column "', $result['column'], '"', PHP_EOL;
}
Output:
Insert random 55e0186b0607f for column "column 1"
Insert random 55e0186b0607f for column "column 2"
Insert random 55e0186b0607f for column "column 3"
...
Insert random 55e0186b0607f for column "column 150"
Insert random 55e0186b063da for column "column 151"
Insert random 55e0186b063da for column "column 152"
Insert random 55e0186b063da for column "column 153"
...
Insert random 55e0186b063da for column "column 300"
Insert random 55e0186b0666e for column "column 301"
Insert random 55e0186b0666e for column "column 302"
Insert random 55e0186b0666e for column "column 303"
...
Insert random 55e0186b0666e for column "column 350"
You have to try this one
<?php
$batch = 0;
$sql = "SELECT DISTINCT `column` FROM `table` GROUP BY `column` ORDER BY `ID` ASC";
$sqle = $con->Execute($sql);
$results = $sqle->getrows();
$sql = "";
for($i=0; $i<count($results);$i++)
{
$columns1 = $results[$i]['column'];
$randd = randcode(5).time();
if($batch==0)
{
$sql = "insert into `demo` (`columns1`, `rcode`, `DATE_PUBLISHED`) values "
}
$sql.= "(".$results[$i]['column1'].",".$randd.",".$results[$i]['column1']."),";
if($batch==150)
{
$results=$con->Execute($sql);
$batch=0;
$sql="";
}
$batch++;
}
You have to try this one. I fixed some errors from your code to insert records successfully:
<?php
$batch = 1;
$rows = 0;
$sql = "";
$sql = "SELECT DISTINCT `column` FROM `table` GROUP BY `column` ORDER BY `ID` ASC";
$sqle = $con->Execute($sql);
$results = $sqle->getrows();
for($i=0; $i<count($results);$i++)
{
$columns1 = $results[$i]['column'];
$randd = randcode(5).time();
if($batch==1)
{
$sql = "insert into `demo` (`columns1`, `rcode`, `DATE_PUBLISHED`) values "
}
$sql.= "(".$results[$i]['column1'].",".$randd.",".$results[$i]['column1']."),";
$rows++;
if($batch==100)
{
$this->SendRecords($conn, $sql);
$batch=1;
$sql="";
} else if($rows == count($results) && $batch > 1 && $batch<=100){
$this->SendRecords($conn, $sql);
$batch=0;
$sql="";
}else {
$batch++;
$sql.=",";
}
}
I need to do a sql query in php for search some entries (so using WHERE). But the field used to search could be of variable number.
I have a page with a search form, with 4 Field. It sends via POST the fields to a search.php that make a query:
$gomme_sql = $data->query("SELECT * FROM table WHERE parameter1 = '$_POST['name1']' AND parameter2 = '$_POST['name2']' ORDER BY id ASC");
But I don't know which field are filled. So, if I don't enter anything in field1 from the search form, I shouldn't have parameter1 = '$_POST['name1']' in the WHERE query.
Have you any idea how to obtain this?
Thank you
You can check the post data before appending that clause to the query in a way like this:
edit: adding additional check:
$sql="select something from someTable ";
if(!empty($_POST['name1']) || !empty($_POST['name2'])) // add as many as you like
{
$sql.=" where ";
if(!empty($_POST['name1']))
{
$sql.="parameter1= $_POST['name1']";
}
// etc etc...
}
$sql.=" ORDER BY id ASC";
and so on.
Having said that, please, please use prepared statements with this sort of input from the user. This is SUPER open to sql injection. Please do read this: How can I prevent SQL injection in PHP?
You can write generic sql select function like this , if you need more complex SQL just modify it.
<?php
function sqlSelect($table, $sel, $wh = '', $groupby = '', $order = '', $add = '') {
$tb = $table;
if (is_array($table)) {
$tb = implode(',', $table);
}
if ($wh) {
if (is_array($wh)) {
$w = array();
foreach ($wh as $k => $v) {
$v = mysqli_real_escape_string($v);
if (is_null($v))
$w [] = "$k=null ";
else
$w [] = "$k ='$v'";
}
$wh = 'where ' . implode(' and ', $w);
}else {
$wh = "where $wh";
}
}
if ($groupby)
$groupby = "group by $groupby";
if ($order)
$order = "order by $order";
$sql = "select $sel from $tb $wh $groupby $order $add ";
return $sql;
}
//set _GET as this is console test
$_GET['name1']='Bob';
$where = array(
'name1'=>$_GET['name1']
);
echo sqlSelect('sometable' , '*' , $where) ."\n";
// select * from sometable where name1 ='Bob'
//or some complex stuff
echo sqlSelect('persons', "age,status" , array('name'=>'Maria' , 'likes'=>'PHP') , null, 'age' , 'limit 20');
//select age,status from persons where name ='Maria' and likes ='PHP' order by age limit 20
I’m wondering if this is possible, I’ve search and haven’t found anything so about to give up.
I’m looking to do the following for example, note i do not want to use a foreach as that converts it into single queries.
$a = (1,2,3);
$b = ('john','Rob','Stuffs');
$c = ('doe','roe','soe');
$sql = "update ppl set firstname = $b, lastname = $c where id = $a";
The same can be said for an insert.
$sql = "insert into ppl (firstname,lastname) value ($b,$c)";
The main reason I'm looking to do this is to optimise the db a bit. There are a lot of single queries that (if this method is possible) could be converted into 1 single query.
Thanks in advance.
if (count($a) <= 0)
return; // nothing to do
$sql = "INSERT INTO table (id, firstname, lastname) VALUES";
while (count($a) > 0)
{
$id = array_shift($a);
$fname = array_shift($b);
$lname = array_shift($c);
$sql .= sprintf("('%s', '%s', '%s'),", mysql_real_escape_string($id), mysql_real_escape_string($fname), mysql_real_escape_string($lname));
}
$sql = substr($sql, 0, -1); //remove last comma
$sql .= " ON DUPLICATE KEY UPDATE firstname=VALUES(fname), lastname=VALUES(lname)";
//run your sql
this will allow you to run all of them at once.
For update you can do as follows
$a = (1,2,3);
$b = ('john','Rob','Stuffs');
$c = ('doe','roe','soe');
$i=0;
foreach($b as $fname){
if( !empty($b[$i]))
{
$sql = "update ppl set firstname = '".$b[$i]."', lastname = '".$c[$i]."' where id = $a[$i]";
}
$i++;
}
and for insert you can try
$i=0;
$var = '';
foreach($b as $fname){
if( !empty($b[$i]))
{
$var .= "(".$a[$i].",'".$c[$i]."','".$b[$i]."') ";
}
$i++;
}
if(!empty($var)){
$sql = "insert into ppl(id,firstname,lastname) values ".$var;
}
I have an array in PHP that is looping through a set of names (and a corresponding quantity). I would like to print the ones found in a MYSQL database table (to which I've succesfully connected). I'm currently using the code:
foreach ($arr as $name => $quan) {
$query = "SELECT * FROM table WHERE name='$name'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
echo $quan." ".$row['name']. "\n";
}
}
For some reason, this only prints the last quantity and name in the array. Help?
For example, if the array has key-value pairs of {A-4, B-2, C-3}, and table contains {A, B, D} as names ... it'll only print "2 B".
Change the code to the following:
foreach ($arr as $name => $quan) {
$query = "SELECT * FROM table WHERE name='$name'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
while($row = mysql_fetch_array($result)) {
echo $quan." ".$row['name']. "\n";
}
}
}
You have to loop through the result. By the way, stop using mysql_query()! use MySQLi or PDO instead ( and be careful of SQL Injection ; you can use mysqli_real_escape_string() to handle input parameters ). For MySQLi implementation , here it is :
foreach ($arr as $name => $quan) {
$query = "SELECT * FROM table WHERE name='$name'";
$result = mysqli_query($query) or die(mysqli_error());
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)) {
echo $quan." ".$row['name']. PHP_EOL;
}
}
}
And rather "\n", I prefer using PHP_EOL ( as shown above )
And as the comment suggests, the SQL statement can be executed once, as follow:
$flipped_array = array_flip($arr); // flip the array to make "name" as values"
for($i = 0; $i < count($flipped_array); $i++) {
$flipped_array[$i] = '\'' . $flipped_array[$i] . '\''; // add surrounding single quotes
}
$name_list = implode(',', $arr);
$query = "SELECT * FROM table WHERE name IN ($name_list)";
// ... omit the followings
e.g. in $arr contains "peter", "mary", "ken", the Query will be:
SELECT * FROM table WHERE name IN ('peter','mary','ken')
sidenote: but I don't understand your query. You only obtain the name back from the query? You can check number of rows, or you can even group by name, such as:
SELECT name, COUNT(*) AS cnt FROM table GROUP BY name ORDER BY name
to get what you want.
UPDATE (again): based on the comment of OP, here is the solution :
$flipped_array = array_flip($arr); // flip the array to make "name" as values"
for($i = 0; $i < count($flipped_array); $i++) {
$flipped_array[$i] = '\'' . $flipped_array[$i] . '\''; // add surrounding single quotes
}
$name_list = implode(',', $arr);
$query = "SELECT name, COUNT(*) AS cnt FROM table WHERE name IN ($name_list) GROUP BY name HAVING COUNT(*) > 0 ORDER BY name";
$result = mysqli_query($query) or die(mysqli_error());
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)) {
echo $quan." ".$row['name']. ": " . $row['cnt'] . PHP_EOL;
}
}
The above query will show the name appearing in the table only. Names not in table will not be shown. Now full codes ( be cautious of SQL Injection , again )
I have a table with 12 columns and 200 rows. I want to efficiently check for fields that are empty/null in this table using php/mysql. eg. "(col 3 row 30) is empty". Is there a function that can do that?
In brief: SELECT * FROM TABLE_PRODUCTS WHERE ANY COLUMN HAS EMPTY FIELDS.
empty != null
select * from table_products where column is null or column='';
SELECT * FROM table WHERE COLUMN IS NULL
As far as I know there's no function to check every column in MySQL, I guess you'll have to loop through the columns something like this...
$columns = array('column1','column2','column3');
foreach($columns as $column){
$where .= "$column = '' AND ";
}
$where = substr($where, 0, -4);
$result = mysql_query("SELECT * FROM table WHERE $where",$database_connection);
//do something with $result;
The = '' will get the empty fields for you.
you could always try this approach:
//do connection stuff beforehand
$tableName = "foo";
$q1 = <<<SQL
SELECT
CONCAT(
"SELECT * FROM $tableName WHERE" ,
GROUP_CONCAT(
'(' ,
'`' ,
column_name,
'`' ,
' is NULL OR ',
'`' ,
column_name ,
'`',
' = ""' , ')'
SEPARATOR ' OR ')
) AS foo
FROM
information_schema.columns
WHERE
table_name = "$tableName"
SQL;
$rows = mysql_query($q1);
if ($rows)
{
$row = mysql_fetch_array($rows);
$q2 = $row[0];
}
$null_blank_rows = mysql_query($q2);
// process the null / blank rows..
<?php
set_time_limit(1000);
$schematable = "schema.table";
$desc = mysql_query('describe '.$schematable) or die(mysql_error());
while ($row = mysql_fetch_array($desc)){
$field = $row['Field'];
$result = mysql_query('select * from '.$schematable.' where `'.$field.'` is not null or `'.$field.'` != ""');
if (mysql_num_rows($result) == 0){
echo $field.' has no data <br/>';
}
}
?>
$sql = "SELECT * FROM TABLE_PRODUCTS";
$res = mysql_query($sql);
$emptyFields = array();
while ($row = mysql_fetch_array($res)) {
foreach($row as $key => $field) {
if(empty($field)) || is_null($field) {
$emptyFields[] = sprintf('Field "%s" on entry "%d" is empty/null', $key, $row['table_primary_key']);
}
}
}
print_r($emptyFields);
Not tested so it might have typos but that's the main idea.
That's if you want to know exactly which column is empty or NULL.
Also it's not a very effective way to do it on a very big table, but should be fast with a 200 row long table. Perhaps there are neater solutions for handling your empty/null fields in your application that don't involve having to explicitly detect them like that but that depends on what you want to do :)
Check this code for empty field
$sql = "SELECT * FROM tablename WHERE condition";
$res = mysql_query($sql);
while ($row = mysql_fetch_assoc($res)) {
foreach($row as $key => $field) {
echo "<br>";
if(empty($row[$key])){
echo $key." : empty field :"."<br>";
}else{
echo $key." =" . $field."<br>"; 1
}
}
}
Here i'm using a table with name words
$show_lang = $db_conx -> query("SHOW COLUMNS FROM words");
while ($col = $show_lang -> fetch_assoc()) {
$field = $col['Field'];
$sel_lan = $db_conx -> query("SELECT * FROM words WHERE $field = '' ");
$word_count = mysqli_num_rows($sel_lan);
echo "the field ".$field." is empty at:";
if ($word_count != 0) {
while($fetch = $sel_lan -> fetch_array()){
echo "<br>id = ".$fetch['id']; //hope you have the field id...
}
}
}
There is no function like that but if other languages are allowed, you can extract the structure of a table and use that to generate the query.
If you only need this for a single table with 30 columns, it would be faster to write the query by hand...