PHP - Insert Part Of An Sql Value

Can anyone tell me why this is not INSERTing? My array data is coming out just fine.. I've tried everything I can think of and cannot get anything to insert.. Ahhhh!

<?php
  $query = "SELECT RegionID, City FROM geo_cities WHERE RegionID='135'";
  $results = mysqli_query($cxn, $query);
  $row_cnt = mysqli_num_rows($results);
  echo $row_cnt . " Total Records in Query.<br /><br />";
  if (mysqli_num_rows($results)) {
      while ($row = mysqli_fetch_array($results)) {
          $insert_city_query = "INSERT INTO all_illinois SET state_id=$row[RegionID], city_name=$row[City] WHERE id = null" or mysqli_error();
          $insert = mysqli_query($cxn, $insert_city_query);
          if (!$insert) {
              echo "INSERT is NOT working!";
              exit();
          }
          
          echo $row['City'] . "<br />";
          
          echo "<pre>";
          echo print_r($row);
          echo "</pre>";
      }
      //while ($rows = mysqli_fetch_array($results))
      
      } //if (mysqli_num_rows($results))
      
      else {
          echo "No results to get!";
      }
?>

Here is my all_illinois INSERT table structu

CREATE TABLE IF NOT EXISTS `all_illinois` (
  `state_id` varchar(255) NOT NULL,
  `city_name` varchar(255) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

Here is my source table geo_cities structu

CREATE TABLE IF NOT EXISTS `1` (
  `CityId` varchar(255) NOT NULL,
  `CountryID` varchar(255) NOT NULL,
  `RegionID` varchar(255) NOT NULL,
  `City` varchar(255) NOT NULL,
  `Latitude` varchar(255) NOT NULL,
  `Longitude` varchar(255) NOT NULL,
  `TimeZone` varchar(255) NOT NULL,
  `DmaId` varchar(255) NOT NULL,
  `Code` varchar(255) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

I'm missing something here. I have a form, and when the submit is pressed, the relevant post data inserts into table one, then I want the last insert id to insert along with other form data into a second table. The first table's still inserting fine, but I can't get that second one to do anything. It leapfrogs over the query and doesn't give an error. EDIT: I forgot to add an error: I get: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'usage, why VALUES ('14', '', '123', '','1234', '', '')' at line 1

query:INSERT INTO tbl_donar (donar_fname, donar_name, donar_address, donar_address2, donar_city, donar_state, donar_zip, donar_email, donar_phone, donar_fax, donar_company) VALUES ('test 14', 'asdfa', 'asdf', 'adf','asdf', '', '', '', '123', '', '')


Code: [Select]
if (empty($errors)) {

require_once ('dbconnectionfile.php');

$query = "INSERT INTO tbl_donar (donar_fname, donar_name, donar_address, donar_address2, donar_city, donar_state, donar_zip, donar_email, donar_phone, donar_fax, donar_company)
 VALUES ('$description12', '$sn', '$description4', '$cne','$description5', '$description6', '$description7', '$description8',
'$description9', '$description10', '$description11')";

$result = @mysql_query ($query);


if ($result) {

$who_donated=mysql_insert_id();

$query2 = "INSERT INTO tbl_donation (donor_id, donor_expyear, donor_cvv, donor_cardtype, donor_authorization, amount, usage, why)
 VALUES ('$who_donated', '$donate2', '$donate3', '$donate4','$donate5', '$donate6', '$donate7')";
$result2 = @mysql_query ($query2);

if ($result2) {echo "Info was added to both tables! yay!";}

echo "table one filled. Table two was not.";
echo $who_donated;

//header ("Location: http://www.twigzy.com/add_plant.php?var1=$plant_id");

exit();
} else {
echo 'system error. No donation added';

Hello, I'm having a bit of a problem here, all help to this issues would be much appreciated

I am trying to use text boxes to insert numbers into the database based on what is inputed.
If I have a string, like this for example:
$variable = 09385493;

And I want to insert it into the database like this:
mysql_query("INSERT INTO integers(number)
VALUES ('$variable')");

When checking the integers table in my database, looking at the number field, the $variable that was inserted is outputted as
9385493

Notice the number zero was taken out of the front of the number. If the number is double 0's (009385493), both of those zero's would disappear, too.

Thanks

I am having problems making it so that if I typed site.php?url=http://example.com it would auto get rid of the http://.

Here's my code.

$url="{$_GET['url']}";
str_replace('http://', '', $url);
echo "<a href=\"http://$url\">$url</a>";

Hi People.

Thanks to everyone that helped me yesterday with my file that finally connected to the database.

However, I have added a new field to my DB and now get further problems. 

Here is the error message I am getting after I added the "ppr" stuff to both files.

Please could someone look at my code and tell me where I'm going wrong.
Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<?php include "config01.php"?>

<form name = 'form1' method = 'post' action='config01.php'>
<table width="700" border="1" cellspacing="5" cellpadding="5">
  <caption>
    Submit Your Airfield Details
  </caption>
  <tr>
    <td width="100">&nbsp;</td>
    <td width="200">Your Name</td>
    <td width="200"><input type='text' name='username' maxlength='30'></td>
    <td width="100">&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>Height Above MSL</td>
    <td><input type='text' name='height_above'maxlength= '30'></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>Mb Difference</td>
    <td><input type='text' name='mb_diff'maxlength='40'></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>Alternative Airfield</td>
    <td><input type='text' name='alternative' maxlength='30'></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>PPR</td>
    <td><input type='radio' name='ppr' value="Y"/>
    Yes
      <input type='radio' name='ppr' value="N" />
      No</td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><input type='submit' name='submit' value='post' /></td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
</form>


</body>
</html>
Then the code from config01.php
Code: [Select]
<?php
$host = 'localhost';
$usr = "VinnyG";
$password = 'thepassword';
$db_name = 'sitename';

$username = $_POST["username"];
$height_above = $_POST["height_above"];
$mb_diff = $_POST["mb_diff"];
$alternative = $_POST["alternative"];
$ppr = $_POST["ppr"];

//connect to database
mysql_connect ("$host","$usr","$password") or die ('Error During Connect:<br>'.mysql_error());
mysql_select_db ("$db_name") or die ('Error Selecting DB:<br>'.mysql_error());

/*
$sql01 = "INSERT INTO users SET username = '$username',height_above = '$height_above', mb_diff = $mb_diff, alternative = $alternative";
$result=mysql_query($sql01);
*/
//mysql_query("INSERT INTO users VALUES ('$username','$height_above','$mb_diff','$alternative')");
//mysql_query("INSERT INTO users (username, height_above, mb_diff, alternative) VALUES ('$username', '$height_above', '$mb_diff', '$alternative'"); 
//$insert_query = "INSERT INTO users (username, height_above, mb_diff, alternative) VALUES ('$username', '$height_above', '$mb_diff', '$alternative')";
//$insert_action = mysql_query($insert_query) or die ('Error Dring Insert :<br>'.mysql_error().'<br><br>Error occured running the following code :<br>'.$insert_query);

//mysql_query("INSERT INTO users VALUES ('$username','$height_above','$mb_diff','$alternative')"); CHANGES FOLLOW THIS LINE . . 
$query = "INSERT INTO users (username, height_above, mb_diff, alternative, ppr) VALUES ('$username', '$height_above', '$mb_diff', '$alternative', '$ppr'";
if( !$result = mysql_query($query) ) {
     echo "<br>Query: $query<br>Produced error: " . mysql_error() .'<br>';
} else {
     echo "Query ran and inserted " . mysql_affected_rows() . "row(s).";
}
?>
I only added the one thing and I've gone and broken it already.  It was working last night too.. :-(

Hi all,

I have the following :

Code: [Select]
print_r($fqlResult);
Which gives the following result :

Code: [Select]
Array ( [0] => Array ( [src_big] => http://a5.sphotos.ak.fbcdn.net/hphotos-ak-ash4/299117_2121699756933_1079004376_2442101_3103384_n.jpg ) )
I want to grab just the image url from it and store it in a seperate variable.

Any ideas how I can do this plzzz ?

Thanks in advance,

Scott.

Hello.   How would I print the following:     http://site.com/break?return=site2.com   So that I can set a button containing site2.com.   Example: <a href="site2.com"></a>   And so forth:       http://site.com/break?return=site3.com   Would print: <a href="site3.com"></a>

Hello, I am new to the php community
I have a problem with feedback code from api
I want to put a part in a variable
How is that ? please help
{"code": 0, "reason": "OK", "resp": "AT + CCFC = 1,3, \" 92061460 \ "\ r \ nOK \ r \ n"}
I want to put between \ r \ Variable \ r \
In this  case is == nOK
some time 
{"code":0, "reason":"OK", "resp":"AT+CCFC=1,3,\"  92061460\"\r\nERROR\r\n"}
in this case  = nERROR
need echo $varible 
i hope get your support

I'm using PHP to get a list of names from a mysql database, which then produces a drop down list for the user to select an option and then progress to the next page where the selection is displayed with other stuff. My problem is that my drop down list works fine, but when the user goes to the next page only the first part of the string is displayed, ie if the string is Fred Bloggs, only Fred is shown. I can get it to work by adding ' ' around the string name in the option section, but this shows 'Fred Bloggs' in the drop down list which isn't very pretty.

I haven't got the actual code to hand at the moment, but any ideas on where I'm going wrong?

Cheers

I opened a thread yesterday about an XSS vulnerability when the user is logged in. I'll summarize is in a short quote:

Quote

http://host/editText.php?fieldname=slogan&content=slogan<img src=x onerror=alert("XSS")>
This vulnerability only works if the user is logged in. I want to secure it anyway to give the security companies contacting me about this a break.



xyph solved my problem with this:

Code: [Select]
foreach( $_REQUEST as $key => $val )
$_REQUEST[$key] = htmlentities($val);

He warned me it was a risky but I didn't take him that seriously. Well guess he was right.

The foreach loop he gave me does protect me from the XSS attack, but it also disables the users to use any kind of code in the pages. Next time xyph warns me its risky, I'll know he means it.

Now to my problem, how do I use this foreach loop without disabling the user of using simple html tags?

Here's the file (editText.php) where the foreach loop was used:

Code: [Select]
<?php
   session_start();

// THE LOOP WAS USED HERE BUT I REMOVED IT DUE TO THE USERS PROBLEM.

function getSlug( $page ) {
   $page = strip_tags( $page );
   preg_match_all( "/([a-z0-9A-Z-_]+)/", $page, $matches );
   $matches = array_map( "ucfirst", $matches[0] );
   $slug = implode( "-", $matches );
   return $slug;
}

   $fieldname = $_REQUEST['fieldname'];
   
   $encrypt_pass = @file_get_contents("files/password");
   if ($_COOKIE['wondercms']!=$encrypt_pass)
   {
   echo "You must login before using this function!";
   exit;
   }
   
   $content = rtrim(stripslashes($_REQUEST['content']));
   // if to only allow specified tags
   if($fieldname=="title")    $content = strip_tags($content);
   else $content = strip_tags($content,"<audio><source><embed><iframe><p><h1><h2><h3><h4><h5><h6><a><img><u><i><em><strong><b><strike><center><pre>");

   $content = trim($content);
   $content = nl2br($content);

   if(!$content) $content = "Please be sure to enter some content before saving. Just type anything in here.";

   $content = preg_replace ("/%u(....)/e", "conv('\\1')", $content);

   if($fieldname>0 && $fieldname<4) $fname = "attachment$fieldname";
   else $fname = $fieldname;
   $file = @fopen("files/$fname.txt", "w");
   if(!$file)
   {
echo "<h2 style='color:red'>*** ERROR *** unable to open content_$fieldname</h2><h3>But don't panic!</h3>".
"Please set the correct read/write permissions to the files folder.<br/>
Find the /files/ folder and CHMOD it to 751.<br /><br />
If this still gives you problems, open up the /files/ folder, select all files and CHMOD them to 640.<br /><br />
If this doesn't work, contact me <a href='http://krneky.com/en/contact'>right here</a>.";
   exit;
   }
   fwrite($file, $content);
   fclose($file);

   echo $content;
   
   // convert udf-8 hexadecimal to decimal
   function conv($hex)
   {
   $dec = hexdec($hex);
   return "&#38;#$dec;";
   }
?>

is this part of code correct ?
Code: [Select]
$query = mysql_query("select * from username WHERE username='$username'");
if(mysql_query($query) > 0)
{
     die("Username already in use.");
}
else {

So, I am making a system that shows if there are new posts or not. How I have it done is a singular array called "Read" will have all of the IDs of the read posts.

It is entered in the database like so:
$ID2= $_SESSION['UserID'];
$ID2 = mysql_real_escape_string($ID2);
$Readornot=mysql_query("SELECT * FROM forum_read WHERE Reader_ID='$ID2'");
$Readornot2=mysql_fetch_array($Readornot);
if($ID2==0)
{
}
else
{
if(empty($Readornot2))
{
$Read1= array("Read" => $Get_TopicID);
$Read2 = implode('-',$Read1);
mysql_query("INSERT INTO forum_read (Reader_ID,`Read`) values ('$ID2','$Read2')") or die(mysql_error());
}
else
{
$cr_topicid=$Readornot2['Read'];
if(strpos($cr_topicid,'-'))
{
$cr_topicid=explode('-',$cr_topicid);
if(!in_array($Get_TopicID,$cr_topicid,true))
{
$Read0=implode('-',$cr_topicid);
$Read1= array("Read" => $Read0, $Get_TopicID);
$Read2= implode('-',$Read1);
mysql_query("UPDATE forum_read SET`Read`='$Read2' WHERE Reader_ID='$ID2'") or die(mysql_error());
}
}
else
{
if($cr_topicid==$Get_TopicID)
{
}
else
{ 
$Read1= array("Read" => $cr_topicid, $Get_TopicID);
$Read2= implode('-',$Read1);
mysql_query("UPDATE forum_read SET`Read`='$Read2' WHERE Reader_ID='$ID2'") or die(mysql_error());
}
}
}
}

It all works fine and dandy to the point where if it's in the database an icon will be black and white, and if its not it wont, signifying read or unread.

What I need to do, however, is make it so when there is a new post, it takes all of the entries in the database with the topic ID out of the database, and strips the one part.

What I thought of at first was to use str_replace to replace
"-" . $TopicID . "-"
with
"-"

But of course, that won't work, because the very first entry could be  the topic ID, so it would just be $TopicID- and not -$TopicID- in the database.

So, how would I go about doing this?

Let's say I have a variable called $big_paragraph

I want to display the variable IF it contains the word "hello".  The word may or may not be there AND it could be anywhere in that paragraph (separated by a space before and after it to signify that it is a word).  So I can't use substr since it assumes I know the position.

Thanks.

Hi - newbie to php - I need to search a string and possibly replace part of it.  This is how I would do it in perl:

Code: [Select]
if ($homepage) {
if ($homepage !~ /http/i) {
$homepage = "http:\/\/" . $homepage;
}
}

I have a homepage field in the database but sometimes people put the http in, and sometimes they leave it out.  In perl I can figure it out and format accordingly but it doesn't work in PHP.  I'm not sure if the first line even works in PHP.  Maybe if to say something like:

if $homepage is not equal to nothing. I'm not sure.

Any help would be appreciated.

Thanks.

Hello,
I have one line that I can't understand of PHP code used to encrypt strings:
$temp = ord(substr($str,$i,1)) ^ 203;
I understand everything but this " ^203 "
Can you explain me what it does?