Trying to extract 5 characters from a column when adding record mysql via php

Question

My part_no column has the following format: 000-00000-00 for all records.

I need to extract the five middle characters from part_no and place it in the core column when I create the record.

I can't get my script to work.

I'm not getting any errors. Just not working.

$order = "INSERT INTO cartons_added (add_time, type, part_no, add_type, add_qty, add_ref, add_by, add_notes)
        VALUES
        ('$date',
        '$_POST[type]', 
        '$_POST[part_no]', 
        '$_POST[add_type]', 
        '$_POST[add_qty]', 
        '$_POST[add_ref]', 
        '$_POST[add_by]', 
        '$_POST[add_notes]')";

$result = mysql_query($order);
$query2 = "select part_no from cartons_current";
$sel = mysql_query($query2);
$res = mysql_result($sel);
while($row = mysql_fetch_row($res)) {
    $core_digits = split('-',$row[0]);
    $core =$core_digits[1];
    $query3 = "insert  into cartons_current(core) values($core)";
    $sel2 = mysql_query($query3);
}

Answer 1

You can update your cartons_current table based on your cartons_added table with something like:

INSERT INTO cartons_current(core) 
SELECT SUBSTR(part_no, 5, 5) FROM cartons_added

You will probably want to limit that with a WHERE clause or maybe deal with what happens when this value is already in cartons_current (use either INSERT IGNORE or ON DUPLICATE KEY UPDATE)

Answer 2

Try removing this

$res = mysql_result($sel);

And change your while to reference the main query resource

while($row = mysql_fetch_row($sel)) {

I don't understand your logic with your tables though. You're inserting data into the cartons_added table but then you're selecting from cartons_current?

Also, split is deprecated as of PHP 5.3.0

Answer 3

You said five middle "characters", so I'd add quotes around your variable like so:

$query3 = "insert  into cartons_current(core) values('$core')";

(Also, there's only about a gazillion answers on SO about SQL injection, and using pdo)

Answer 4

INSERT INTO cartons_current(core) 
SELECT 
  substr(part_no,position('-' IN part_no)+1,position('-' IN substr(part_no,position('-' IN part_no)+1))-1)
FROM cartons_added;

Answer 5

You are right, the script has no error.

I think the problem is on your SQL that made you can't insert a new row, specifically on the table structure. Maybe you defined a PRIMARY KEY without AUTO_INCREMENT, defined a INDEX or UNIQUE key that is not the core key or there have some other key that did not have default value. Remember that you can't insert a row without defining all required field.

You script is selecting all part_no and for every part_no you are inserting a new row in the same table, so maybe there is the problem.

I think what you want is update every result to add they core value, you can do that with UPDATE as this code:

function getValue($value) {
  return "'" . trim(mysql_real_escape_string($value)) . "'";
}

mysql_query('INSERT INTO `cartons_added` (`add_time`, `type`, `part_no`, `add_type`, `add_qty`, `add_ref`, `add_by`, `add_notes`)
             VALUES (' . 
              getValue($date) . ', ' .
              getValue($_POST[type]) . ', ' .
              getValue($_POST[part_no]) . ', ' .
              getValue($_POST[add_type]) . ', ' .
              getValue($_POST[add_qty]) . ', ' .
              getValue($_POST[add_ref]) . ', ' .
              getValue($_POST[add_by]) . ', ' .
              getValue($_POST[add_notes]) . 
             ')');

$partNoQuery = mysql_query('SELECT `part_no` FROM `cartons_current`');

while($partNoResult = mysql_fetch_assoc($partNoQuery)) {
    list($prefix, $core, $suffix) = explode('-', $partNoResult['part_no']);
    mysql_query('UPDATE cartons_current SET `core` = \'' . $core . '\' WHERE `part_no` = \'' . $partNoResult['part_no'] . '\'');
}

I added getValue function to escape posted data to prevent SQL injection.