-2

I am suddenly using APM that I have not learned because of my university assignment.

The query works well when tested at cmd, but mysqli_query does not work. I don't know what the problem is, so I'm so stuck right now.

echo $query

output is :

mysqli_error(INSERT INTO professor(p_name,l_num,p_num) VALUES('rho',3008,2002); INSERT INTO lecture(l_num,l_name,week,start_time,end_time) VALUES(3008,'database','monwed','14:30:00','16:00:00'); UPDATE lecture SET p_id= (SELECT MAX(p_id) FROM professor) WHERE l_num=3008; UPDATE lecture SET r_id = (SELECT r_id FROM room WHERE r_name='s111') WHERE l_num=3008;)

This is my code.

<?php

    include './dbcon.php';

    $lnum = (int) $_POST['lnum'];         //학수번호
    $lname = $_POST['lname'];    //강의명
    $pname = $_POST['pname'];         //교수명
    $pnum = (int) $_POST['pnum'];         //교수번호
    $rname = $_POST['rname'];         //강의실

    $startt = $_POST['start_t'];
    $endt = $_POST['end_t'];

    $day = "";       //요일

    if(!empty($_POST['weekdays'])) {
        foreach($_POST['weekdays'] as $selected) {

          $check_sql=mysqli_query($connect,"SELECT * from room
                  join lecture on room.r_id=lecture.r_id
                  join building on room.b_num=building.b_num
                  where r_name='$rname'
                  and (week like '%$selected%'
                  and (('$startt' < start_time and start_time < '$endt')
                  or (start_time <='$startt' and '$endt'<=end_time)
                  or ('$startt' < end_time and end_time < '$endt')));");

          $check = mysqli_num_rows($check_sql);

          if($check > 0){
            echo "<script>
                  alert('You cannout add lecture.');
                  location.href='./admin.php';
                  </script>" . mysqli_error($check);
          }
          $day .= $selected;
        }
    }

    $query="INSERT INTO professor(p_name,l_num,p_num) VALUES('$pname',$lnum,$pnum);
            INSERT INTO lecture(l_num,l_name,week,start_time,end_time) VALUES($lnum,'$lname','$day','$startt','$endt');
            UPDATE lecture SET p_id= (SELECT MAX(p_id) FROM professor) WHERE l_num=$lnum;
            UPDATE lecture SET r_id = (SELECT r_id FROM room WHERE r_name='$rname') WHERE l_num=$lnum;";

    if (mysqli_query($connect, $query)) {
        echo "<script>alert('Success insert');location.href='./admin.php';</script>";
    } else {
        //echo "mysqli_error($query)";
        echo "<script>alert('Fail to insert');location.href='./admin.php';</script>" . mysqli_error($query);
    }
 ?>
Arkistarvh Kltzuonstev
  • 6,824
  • 7
  • 26
  • 56
KSG
  • 13
  • 3
  • 3
    you're super open to SQL injection and should resolve imminently – treyBake Jun 07 '19 at 15:54
  • Turn on error reporting. https://stackoverflow.com/q/5438060/296555 and https://stackoverflow.com/q/14578243/296555 – waterloomatt Jun 07 '19 at 15:55
  • 3
    Unless you're using `mysqli_multi_query`, you can NOT pass multiple queries in like this. Break it up so that you're passing in one query at a time – aynber Jun 07 '19 at 15:58

1 Answers1

-1

mysqli_query() can execute only one query at a time.

You can either split the below queries into many ones you execute one after the other

$query="INSERT INTO professor(p_name,l_num,p_num) VALUES('$pname',$lnum,$pnum);
        INSERT INTO lecture(l_num,l_name,week,start_time,end_time) VALUES($lnum,'$lname','$day','$startt','$endt');
        UPDATE lecture SET p_id= (SELECT MAX(p_id) FROM professor) WHERE l_num=$lnum;
        UPDATE lecture SET r_id = (SELECT r_id FROM room WHERE r_name='$rname') WHERE l_num=$lnum;";

Or use mysqli_multi_query() instead

Note : I strongly suggest you to use many prepared statement instead of 1 mysqli_multi_query(). Your queries are actually wide opened to SQL Injections

Cid
  • 14,968
  • 4
  • 30
  • 45
  • I was able to solve the problem right away by using mysql_multi_query that I hadn't solved in three hours. Thank you very much. – KSG Jun 07 '19 at 16:03