Adding data to the MySQL via PHP

Question

I have a table of the structure of the following type. The url data seems to be fine. The bay values (B1 B2 B3) are set to 1 of integer kind.

  DateToBook          | B1 | B2 | B3 | 
 ------------------------------------
  8March2013         | 1  |  1 |  1 |

I couldn't get the values inserted. The baycount for the above structure is 3.

   <?php
   $DB_hostname = "localhost";
   $DB_Name = "root";
   $DB_pass = "pass123";

   if(isset($_GET["tabName"])){
       $tableName = $_GET["tabName"];
       $dB = $_GET["db"];
       $bayCount = $_GET["bayNo"];
       $date =  $_GET["d"];
       $b = '1';
    }

   $con = mysql_connect($DB_Hostname,$DB_Name,$DB_pass) or die(mysql_error());


   mysql_select_db($db, $con);

   $_bayColumn = array();
   for ($i = 1; $i <= $bayCount; $i++) {
      $_bayColumn[] = "B$i";
   }
   echo $_bayColumn[0];


   mysql_query("INSERT INTO $tableName (DateToBook) VALUES ($date)");


   for ($j =0; $j < $bayCount; $j++) {

   mysql_query("UPDATE $tableName SET $_bayColumn[$j] = '$b'  WHERE DateToBook = '$date'");


   }




  mysql_close($con);
  ?>

Is there anything that is wrong with the syntax?

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Mar 08 '13 at 09:19
i think you must replace this line` for ($j =0; $j <= $bayCount; $j++) {` — DolDurma, Mar 08 '13 at 09:26
Cant equalise to baycount because Im looping into the index of the $_bayColumn[] array — DesperateLearner, Mar 08 '13 at 09:48

score 1 · Answer 1 · answered Mar 08 '13 at 09:24

1

Your problem is that $b only exists in the if statement below. If $b is always 1, why don't you just write 1 in your query instead of $b

Or change it to the following:

$b = '1'; //Place it here
if(isset($_GET["tabName"])){
   $tableName = $_GET["tabName"];
   $dB = $_GET["db"];
   $bayCount = $_GET["bayNo"];
   $date =  $_GET["d"];
   $b = '1'; //You can get rid of this now
}

Furthermore, I fully agree with the comments above and you SHOULD use MySQLI or PDO

answered Mar 08 '13 at 09:24

AmazingDreams

3,136
2
22
32

baycount is of type integer. "B1 INT NOT NULL DEFAULT 1" Is is something to do with that? – DesperateLearner Mar 08 '13 at 09:55
Yes true! even without the for loop I couldn't insert the date. DateToBook is a primary key and of type Varchar(11) – DesperateLearner Mar 08 '13 at 10:51
`mysql_query("INSERT INTO $tableName (DateToBook) VALUES ($date)");` What query is generated? (`var_dump("INSERT INTO $tableName (DateToBook) VALUES ($date)");`) – AmazingDreams Mar 08 '13 at 11:53
The query seems to work when I try on Php MyAdmin sql query page. – DesperateLearner Mar 11 '13 at 03:53
Yeah but in phpMyAdmin PHP does not generate your query. Try placing all of your values in 'quotes', tablenames in those things above your tab `\`key\``. -> actually, rewrite it in PDO or MySQLi – AmazingDreams Mar 11 '13 at 06:29

score 0 · Answer 2 · edited Mar 08 '13 at 09:29

0

You can use die("INSERT INTO $tableName (DateToBook) VALUES ($date)") to check if u got the right value.

edited Mar 08 '13 at 09:29

René Höhle

26,716
22
73
82

answered Mar 08 '13 at 09:28

Vince

36
3

Adding data to the MySQL via PHP

2 Answers2