PHP large number into SQL

Question

I'm trying to use this query:

$cert= 125125161241261241261;
$cert= $cert + 1;
INSERT into table (column) values ($cert);

however, when the insertion is done.

I get something like 12512516124126124+E17 or something like that. I already have put the datatype into varchar(max) and var_dump'ed my variable

SQL Server 200x.

have you try putting the variable with quotes to indicate is a string instead a number ? — Juan Carlos Oropeza, Sep 22 '15 at 17:39
@RocketHazmat apparently yes, I tried it and it returned Couldn't execute query. — Mostafa Mohsen, Sep 22 '15 at 17:47
Show us how are you calling the insert method? Are you creating parameter or you using dynamic sql? — Juan Carlos Oropeza, Sep 22 '15 at 17:56
@JuanCarlosOropeza `$query = $sql->Query("INSERT INTO table (col1,col2,col3,certificate,col4,col5) values('$val1','$val2','$val3','".$new_cert."','$val4','$val5')"); ` — Mostafa Mohsen, Sep 22 '15 at 21:30

score 1 · Answer 1 · edited May 23 '17 at 12:14

1

Insert quotes '

$cert= 125125161241261241261;
$query = mysql_query("INSERT INTO table (column) VALUES('".$cert."'");
                                                       ^^^       ^^^ 
                                                         INSERT QUOTES.

BEWARE OF SQL INJECTION

USE this way

$cert= 125125161241261241261;
$sql = "INSERT INTO table (column) VALUES(?)";

$stmt = $dbConnection->prepare($sql);
$stmt->bind_param('s', $cert); -- 's' indicate is a string parameter

$stmt->execute();

edited May 23 '17 at 12:14

Community

1
1

answered Sep 22 '15 at 18:35

Juan Carlos Oropeza

47,252
12
78
118

apparently this variable is already set and is not based on user input, and already filtered to be is_numeric() so no worries about SQL injection, I use OOP for queries too. however, can you please explain to me how a single quoted double quote differ from only a single quote? – Mostafa Mohsen Sep 22 '15 at 19:22
1

double quotes `"` indicate a php string. single quotes `'` inside the php string indicate to sql that is a `string`. So is diferent `"insert (5)" vs "insert ('5')"`. First insert number second insert string. That is why you get your big number convert to scientific notation. – Juan Carlos Oropeza Sep 22 '15 at 19:26
That's such a useful information I will always keep in mind. I thought that there's no difference between " ' " and " " ' " " and they were alternatives to each other, thanks for the useful tip! – Mostafa Mohsen Sep 22 '15 at 19:46
Remember upvote / accept answer if this solve your issue :) – Juan Carlos Oropeza Sep 22 '15 at 19:51
`$query = $sql->Query("INSERT INTO table (col1,col2,col3,certificate,col4,col5) values('$val1','$val2','$val3','".$new_cert."','$val4','$val5')");` – Mostafa Mohsen Sep 22 '15 at 21:30
You didnt concate the strings. Use `'.`$val`.'` Also as I suggest create a `$sql` variable instead. So you can debug the `$sql` value before pass to the `QUERY` function – Juan Carlos Oropeza Sep 22 '15 at 21:31
I forgot to say, that after assigning the variable I add a +1 each time. I tried removed that line and it was successfully inserted..any ideas? – Mostafa Mohsen Sep 22 '15 at 21:51
What difference that make? I told you to show me your $sql value – Juan Carlos Oropeza Sep 23 '15 at 13:34
What do you mean by "my $sql value"? – Mostafa Mohsen Sep 23 '15 at 16:32
I told you create a variable $sql and save the query string there. You really need to read more – Juan Carlos Oropeza Sep 23 '15 at 16:34
Can't you see that $sql variable is my oop main class? – Mostafa Mohsen Sep 23 '15 at 16:35
Then create a variable $strSQL – Juan Carlos Oropeza Sep 23 '15 at 16:36

score 0 · Accepted Answer · answered Sep 23 '15 at 17:37

0

I used a SQL procedure that does the insert and used it in my PHP insertion, Thanks for whoever tried to help.

answered Sep 23 '15 at 17:37

Mostafa Mohsen

766
5
15

PHP large number into SQL

2 Answers2