|
PHP - Addslashes() Function .. Cannot Implement In My Mysql Insert - Why?
I am simply trying to use stripslashes for my mysqli insert statement, and errors are driving me nuts.. I've tried several variation and pattern with apostrophes and quotes to no avail. Should I even be using stripslashes to clean my data? Or is there a better function?
Notice: Use of undefined constant title - assumed 'title' in C:\wamp\www\php\simple_classifieds\add_posting.php on line 57 $query = "INSERT INTO Postings (id, city_id, title, description) VALUES ('','$_POST[city]','" . stripslashes($_POST[title]) . "','$_POST[description]')" or mysqli_error(); Similar Tutorialshow i can make a insert using this fuctions I m learning php, as using this functions (mysqli abstract) but after update wont work any more.
/** insert data array */
public function insert(array $arr)
{
if ($arr)
{
$q = $this->make_insert_query($arr);
$return = $this->modifying_query($q);
$this->autoreset();
return $return;
}
else
{
$this->autoreset();
return false;
}
}
complement
/** insert query constructor */
protected function make_insert_query($data)
{
$this->get_table_info();
$this->set_field_types();
if (!is_array(reset($data)))
{
$data = array($data);
}
$keys = array();
$values = array();
$keys_set = false;
foreach ($data as $data_key => $data_item)
{
$values[$data_key] = array();
$fdata = $this->parse_field_names($data);
foreach ($fdata as $key => $val)
{
if (!$keys_set)
{
if (isset($this->field_type[$key]))
{
$keys[] = '`' . $val['table'] . '`.`' . $val['field'] . '`';
}
else
{
$keys[] = '`' . $val['field'] . '`';
}
}
$values[$data_key][] = $this->escape($val['value'], $this->is_noquotes($key), $this->field_type($key), $this->is_null($key),
$this->is_bit($key));
}
$keys_set = true;
$values[$data_key] = '(' . implode(',', $values[$data_key]) . ')';
}
$ignore = $this->ignore ? ' IGNORE' : '';
$delayed = $this->delayed ? ' DELAYED' : '';
$query = 'INSERT' . $ignore . $delayed . ' INTO `' . $this->table . '` (' . implode(',', $keys) . ') VALUES ' . implode(',',
$values);
return $query;
}
before update this class i used to insert data like this
$db = Sdba::table('users');
$data = array('name'=>'adam');
$db->insert($data);
this method of insert dont works on new class. if i try like this i got empty columns and empty values.
thanks for any help complete class download http://goo.gl/GK3s4E
hi there..im new to php mysql and im having trouble inserting a string data to mysql from a php date() function. here's my code: Code: [Select] $year = date('Y'); echo $year; $insertSQL = sprintf("INSERT INTO tbl_elections (election_id=$year)"); mysql_select_db($database_organizazone_db, $organizazone_db); $Result1 = mysql_query($insertSQL, $organizazone_db) or die(mysql_error()); when i try to output the $year variable on a webpage, it returns "2012" but when i try to insert this data into my database table, it returns an error like this: check the manual that corresponds to your MySQL server version for the right syntax to use near '=2012)' is there a way to convert "2012" into a normal string data type? I'm working on a Wordpress theme, and I'm assigning my own image to the navi list. So far assigning the image to the corresponding works if I type in the path manually, but the only problem I'm experiencing is assigning the correct path to the image with a Wordpress specific function, here's the code: <div id='nav' class='link_var_4'> <div id='blog_navi'><?php wp_nav_menu(array( "link_before" => "<li><img src='" . bloginfo ('template_directory') . "/images/arrow.png' /></li>", "theme_location" => "primary-menu")); ?> </div> </div> How can I make the bloginfo function work inside the array in this above example? I've tried different variations and methods, none of them gave the expected results. For those who don't know Wordpress, normally in Wordpress you'd do it like this: <a href="<?php bloginfo('url'); ?>" title="<?php bloginfo('description'); ?>"><img src="<?php bloginfo ('template_directory'); ?>/images/logo.png" alt="<?php bloginfo('description'); ?>" /></a> I m just trying values for my DB, I have noticed that addslashes does not work, I just entered the text = " Is your name O'reilly?" as in php manual, and the data in the db is : "Is your name O'reilly?" without any slashes. And my query is as follows; $pnote= addslashes(nl2br($pnote)); mysql_query("INSERT INTO notes (note,rid,addeddate ) VALUES ( '$pnote','$rid','$mytime') ") || die ( mysql_error() ); It also does not give me any error, what can cause this ? Can anyone tell me why this is not INSERTing? My array data is coming out just fine.. I've tried everything I can think of and cannot get anything to insert.. Ahhhh! <?php $query = "SELECT RegionID, City FROM geo_cities WHERE RegionID='135'"; $results = mysqli_query($cxn, $query); $row_cnt = mysqli_num_rows($results); echo $row_cnt . " Total Records in Query.<br /><br />"; if (mysqli_num_rows($results)) { while ($row = mysqli_fetch_array($results)) { $insert_city_query = "INSERT INTO all_illinois SET state_id=$row[RegionID], city_name=$row[City] WHERE id = null" or mysqli_error(); $insert = mysqli_query($cxn, $insert_city_query); if (!$insert) { echo "INSERT is NOT working!"; exit(); } echo $row['City'] . "<br />"; echo "<pre>"; echo print_r($row); echo "</pre>"; } //while ($rows = mysqli_fetch_array($results)) } //if (mysqli_num_rows($results)) else { echo "No results to get!"; } ?> Here is my all_illinois INSERT table structu CREATE TABLE IF NOT EXISTS `all_illinois` ( `state_id` varchar(255) NOT NULL, `city_name` varchar(255) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; Here is my source table geo_cities structu CREATE TABLE IF NOT EXISTS `1` ( `CityId` varchar(255) NOT NULL, `CountryID` varchar(255) NOT NULL, `RegionID` varchar(255) NOT NULL, `City` varchar(255) NOT NULL, `Latitude` varchar(255) NOT NULL, `Longitude` varchar(255) NOT NULL, `TimeZone` varchar(255) NOT NULL, `DmaId` varchar(255) NOT NULL, `Code` varchar(255) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; Hi guys When I insert a data into MySQL and thru addslashes() it is adding not one but 3 slashes in mysql. By the way here are the codes, Code: [Select] <?php //$conn = new mysqli('localhost', 'root', '', 'my_db'); $conn = new mysqli('localhost', 'coder9_work', '******', 'coder9_portfolio'); $query = "INSERT into portfolio(category, title, description, version, started, finished) VALUES (?, ?, ?, ?, ?, ?)"; $select = $_POST['select']; $title = addslashes($_POST['title']); $description = $_POST['description']; $version = $_POST['version']; $started = $_POST['started']; $finished = $_POST['finished']; $stmt = $conn->stmt_init(); if($stmt->prepare($query)) { $stmt->bind_param('ssssss', $select, $title, $description, $version, $started, $finished); $stmt->execute(); } if($stmt) { echo "Thank you!"; } else { echo "There was a problem. Please try again later."; } ?> How do I fix this problem so that It will add only one slashes? Thanks in advanced. Hello, I'm having a bit of a problem here, all help to this issues would be much appreciated I am trying to use text boxes to insert numbers into the database based on what is inputed. If I have a string, like this for example: $variable = 09385493; And I want to insert it into the database like this: mysql_query("INSERT INTO integers(number) VALUES ('$variable')"); When checking the integers table in my database, looking at the number field, the $variable that was inserted is outputted as 9385493 Notice the number zero was taken out of the front of the number. If the number is double 0's (009385493), both of those zero's would disappear, too. Thanks I have a class built for an INSERT query but it is passing two sets of records into the database rather than one. Code: [Select] class DatabaseInsert { function DatabaseConnectionRequire() { include("../scrips/php/database.connection.class.php"); include("../scrips/php/database.settings.php"); include("../scrips/php/database.connection.class.invoke.php"); } function ArticleInsert($values,$fields,$table) { $values_imploded = implode(" ",$values); $fields_imploded = implode(" ",$fields); $i = "INSERT INTO $table ($fields_imploded) VALUES ($values_imploded)"; mysql_query($i) or die(mysql_error()); if (!mysql_query($i)) { echo "Sorry, something whent wrong there..."; } else { echo "<strong><p style='color:green;'>Content added sucessfully!!!</p></strong>"; } } } HI All, I would like create query when I add some one is look what the last number in field and add one ? example : you can see the img in attach IDT is primary key + auto increment Customer_id is number field customer _name is name how can create this login IDT Customer_ID Customer_name 112 5 bbbb 113 6 ccccc 114 7 eeeee Also I need the inster function and is look the last field in customer_ID and Increase one ( +1) Any help please/ THanks HI,i am using java script to create a add row function in the php .but when the first row data can insert into database ,the 2nd row data cannot insert into database ,can help me to check my coding? thanks a lot Code: [Select] <SCRIPT language="javascript"> function addRow(tableID) { var table = document.getElementById(tableID); var rowCount = table.rows.length; var row = table.insertRow(rowCount); var cell1 = row.insertCell(0); var element1 = document.createElement("input"); element1.type = "checkbox"; cell1.appendChild(element1); var cell2 = row.insertCell(1); var element2 = document.createElement("input"); element2.type = "text"; cell2.appendChild(element2); var cell3 = row.insertCell(2); var element3 = document.createElement("input"); element3.type = "text"; cell3.appendChild(element3); var cell4 = row.insertCell(3); var element4 = document.createElement("input"); element4.type = "text"; cell4.appendChild(element4); var cell5 = row.insertCell(4); var element5 = document.createElement("input"); element5.type = "text"; cell5.appendChild(element5); } function deleteRow(tableID) { try { var table = document.getElementById(tableID); var rowCount = table.rows.length; for(var i=0; i<rowCount; i++) { var row = table.rows[i]; var chkbox = row.cells[0].childNodes[0]; if(null != chkbox && true == chkbox.checked) { table.deleteRow(i); rowCount--; i--; } } } catch(e) { alert(e); } } </SCRIPT> THE PHP CODE Code: [Select] <?php require_once ('../../../Connections/admin_db.php'); mysql_select_db("admin_db"); if ((isset($_POST["Submit"])) && ($_POST["Submit"] == "Submit")) { $i=0; foreach($_POST['abc'] as $value ) { $abc = $_POST['abc'][$i]; $level = $_POST['level'][$i]; $level_desc = $_POST['level_desc'][$i]; $pc_desc = $_POST['pc_desc'][$i]; //Insert Data into Instructor Profile Info $q = "INSERT INTO plo_pc(p_name,plo_id,plo_criteria,plo_level,level_dec,plo_desc) VALUES ('$list','$plo_id','$abc','$level','$level_desc','$pc_desc') " ; mysql_query($q) or die(mysql_error()) ; $i=$i+1; } } ?> Hello all, so I created an insert function and it seems no matter what I try that it won't add values using the query function inside a table from the respective variables, I would like to know why is this happening? Here is the code can you tell me why it doesn't insert anything in the database? It shows no errors when it runs but then again when I check the tables they're empty!
function insert(){
$user = $_POST['user'];
$pass = md5($_POST['pass']);
$priv = "User";
$mail = $_POST['mail'];
$avatar = $_FILES['avatar']['name'];
$date="now()";
$submit = $_POST['submit'];
$query = "INSERT INTO user(user,pass,priv,mail,avatar,date) VALUES(`$user`,`$pass`,`$priv`,`$mail`,`$avatar`,`$date`);";
if($submit){
$res = mysqli_query($con,$query) or die(mysqli_error($con));
}
}
Hi guys I have a registration form working fine, my database is as below: userid username password repeatpassword I have added another column which is "name", users can update their profile once they have logged in so I have created updateprofile.php and when I login-->go to update profile and insert my name nothing adds to mysql name column this is my code below: <?php include ("global.php"); //username session $_SESSION['username']=='$username'; $username=$_SESSION['username']; //welcome messaage echo "Welcome, " .$_SESSION['username']."!<p>"; if ($_POST['register']) { //get form data $name = addslashes(strip_tags($_POST['name'])); $update = mysql_query("INSERT INTO users (name) VALUES ('$_POST[name]') WHERE username='$username'"); } ?> <form action='updateprofile.php' method='POST'> Company Name:<br /> <input type='text' name='name'><p /> <input type='submit' name='register' value='Register'> </form> can you please tell me where in this code is wrong? Im new in php so please excuse me if I have silly mistakes. thanks in advance I have this code: <?php $con = mysql_connect("localhost","hhh","hhh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("hhh", $con); // -------------------- // Avatar insert check // -------------------- session_start(); $name = $_POST[name]; $group = $_POST[group]; $age = $_POST[age]; $usernameid = $_SESSION[id]; $result = mysql_query("SELECT * FROM avatars WHERE name='$_POST[name]'"); $num = mysql_numrows($result); if ($num == 0) { mysql_query("INSERT INTO avatars (id, usernameid, name, group, age, xp) VALUES ('', '$usernameid', '$name', '$group', '$age', '0')"); header( 'Location: me/' ) ; } else echo 'Sorry, please pick a new name'; ?> And it does everything but put the data into the datebase. If I add a session befor and after '$request' they both run, but the sql doesn't. No error returns, if just redirects to the other page. Any help? well this is truely embarrising...i have a insert statement which works within phpmyadmin but when using mysqli_query it returns a error.
INSERT INTO users (username, timestamp) VALUES ('test', UTC_TIMESTAMP())
Unknown column 'timestamp' in 'field list'
i've been playing about with this for a few hours now ...tried changing the column name (timestamp), adding ` around column names as well as table name.
the column exists which is the strangest part, and ive even checked there is no space after the column name in the db.
whats going on please?
I don't understand where the empty value is. I've substituted the variables for text and still have the same problem. Code: Code: [Select] $sql = "INSERT INTO courses (course#, name, subject, semester, ap)VALUES('$courseNum', '$courseName', '$subject', '$semester', '$ap')"; Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 I need help badly! What I want to do is insert into database the value from the selected radio group buttons.. All of them. There are 10 radio groups total (they can be less, but not more). Thanks! Code: [Select] <?php require_once('Connections/strana.php'); mysql_select_db($database_strana, $strana); ?> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <table width="100%" height="100%" style="margin-left:auto;margin-right:auto;" border="0"> <tr> <td align="center"> <form action="" method="post" enctype="multipart/form-data" name="form1"> <table> <?php $tema = mysql_query("SELECT * from prasanja where tip=2")or die(mysql_error()); function odgovor1($string) { $string1 = explode("/", $string); echo $string1[0]; } function odgovor2($string) { $string1 = explode("/", $string); echo $string1[1]; } while ($row=mysql_fetch_array($tema)) { $id=$row['prasanje_id']; $prasanje=$row['prasanje_tekst']; $tekst=$row['odgovor']; ?> <tr> <td> </td> </tr> <tr> <td class="formaP"> <?php echo $prasanje?> </td> </tr> <tr> <td class="formaO"> <p> <label> <input type="radio" name="Group<?php echo $id?>" value="<?php odgovor1($tekst) ?>" /> <?php odgovor1($tekst) ?></label> <br /> <label> <input type="radio" name="Group<?php echo $id?>" value="<?php odgovor2($tekst) ?>" /> <?php odgovor2($tekst) ?></label> <br /> </p></td> </tr> <tr> <td> <br /> </td> </tr> <?php } ?> </table> <input align="left"type="submit" name="submit" value="Внеси" > </form> </td> </tr> </table> prasanje = question tekst/odgovor = answer The answer table: id - primary question_id - the questions ID whose answer is selected in the radio group user_id - cookie takes care of this answer - the value from radio group date - automatic Is there any way to tell my php ajax file to run the update query if the data already exist and if not, then create the row in the database? I have both the update and the insert functions created, but was just wondering if I could tell php which one to use without passing through a parameter. This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=308768.0 My hosting service has magic_quotes_gpc = On. I was working on my home test server and the following script worked perfectly. Turns out I had magic_quotes_gpc = Off .. I set magic_quotes_gpc = On and restarted. Now the script isn't working. See code and output below. I know something isn't being escaped properly, but I have no clue how/what. Even if I copy and paste the $insert output directly to phpmyadmin, it returns the same error. Code: [Select] //HTML Vars $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $email = $_POST['email']; $desc = $_POST['desc']; //This is a textarea with long description. $year = $_POST['date']; //MySQL - no connection issues $link = mysql_connect('localhost', '__uesr__', '__passwd__*'); $db = mysql_select_db('__DB__', $link); $insert = "INSERT INTO images (firstName, lastName, email, descript, dateYear) VALUES ('$firstName' , '$lastName' , '$email' , '$desc' , '$year' "; $query = mysql_query($insert); if (!$query) { die ('Can\'t query ' . mysql_error()); } echo $insert; ::OUTPUTS:: Can't query You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 INSERT INTO images (firstName, lastName, email, descript, dateYear) VALUES ('this' , 'is' , 'the@email.com' , 'and. the. description won\'t work.' , '3456' Obviously I am a novice. I have tried using mysql_real_escape_string with and without stripslashes, but I'm not getting anywhere except more errors. Any help would be greatly appreciated. And I don't care about SQL injection AT ALL. I just want the thing to work with proper escaping for the description if a user inputs special chars. |
|||||||