0

Operand should contain 1 column

What wrong with my code is it mean AND I try to insert into activitynote table by selection 

<?php
   require_once('Connections/Thaymay.php');
   mysql_select_db($database_Thaymay, $Thaymay);   
   $activityid = $_POST['select'];

  if($_POST) {
    foreach($_POST['namebox'] as $check) {

            echo "$check \n "; 
            echo "<br> ";


            $query_ReSeActi = " INSERT INTO `ph3`.`activitynote` ( `idmemberref`, `idactivity`, `manaferid`, `staffinput`) select ( 
            idmemberref,    $activityid,    manaferid,  'system'  ) from activitynote where id = $check ;    ";
            $RsActivitynoteMem = mysql_query($query_ReSeActi, $Thaymay) or die(mysql_error());

    }
}



?>
Bill Karwin
  • 538,548
  • 86
  • 673
  • 828
user1040364
  • 103
  • 1
  • 10
  • 1
    Not only are you prone to SQL injection attack, you are not even checking whether you have any data in `$_POST['select']`, but you are blindly using it in your query directly. Apparently, it has no value. – N.B. Dec 27 '11 at 10:27
  • learn to use `mysql_real_escape_string`, see: http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain – Johan Dec 27 '11 at 12:18

2 Answers2

0

If you are expecting multiple values for $_POST['namebox'] you might want to do it all in one query rather than in a loop (generally speaking if you can save trips to the database you should as a round-trip to the database is usually quite an expensive operation). Something like this might work, with some added sanitisation of your POST input:

$idArray = array();  
if($_POST) {
  if( is_array( $_POST['namebox'] ) ) {
     foreach($_POST['namebox'] as $check) {
       $cleanCheck = intval( $check );
       if( $check > 0 ) {
          $idArray[] = $check;
       }
     }
  }
  $query_ReSeActi = " INSERT INTO `ph3`.`activitynote` ( `idmemberref`, `idactivity`, `manaferid`, `staffinput`) select ( 
        idmemberref,    $activityid,    manaferid,  'system'  ) from activitynote where id IN (" . implode( ',', $idArray ) . ") ;    ";
        $RsActivitynoteMem = mysql_query($query_ReSeActi, $Thaymay) or die(mysql_error());

}

This assumes that your $_POST['namebox'] is passing integer IDs to your script.

liquorvicar
  • 6,081
  • 1
  • 16
  • 21
  • IN (" . implode( ',', $idArray ) . ")"; – user1040364 Dec 27 '11 at 14:18
  • Operand should contain 1 column(s) – user1040364 Dec 27 '11 at 14:19
  • CREATE TABLE `activity` ( `idactivity` int(11) NOT NULL AUTO_INCREMENT, `activitydate` datetime NOT NULL, `activityname` varchar(30) DEFAULT NULL, `group` varchar(25) DEFAULT NULL, `ActDEsc` varchar(255) DEFAULT NULL, `dateadd` datetime DEFAULT NULL, `timestamp` timestamp NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`idactivity`) ) ENGINE=MyISAM AUTO_INCREMENT=18 DEFAULT CHARSET=utf8; – user1040364 Dec 27 '11 at 14:41
  • @user1040364 Sorry I left off some parentheses. I have edited my answer accordingly. – liquorvicar Dec 28 '11 at 15:45
0
<?php
   require_once('Connections/Thaymay.php');
   mysql_select_db($database_Thaymay, $Thaymay);

   $activityid = $_POST['select'];

  if($_POST) {
    foreach($_POST['namebox'] as $check) {


            echo "$check \n "; 
            echo "<br> ";


            $query_ReSeActi = "
INSERT INTO `ph3`.`activitynote` 
( `idmemberref`
, `idactivity`
, `manaferid`
, `staffinput`
, `dateadd`
)
SELECT
  idmemberref
, $activityid
, manaferid
, 'system'
, NOW() 
FROM activitynote 
WHERE id = $check
"
;

$RsActivitynoteMem = mysql_query($query_ReSeActi, $Thaymay) or die(mysql_error());
    }
}
echo "<br><br> ";
echo $_POST['select'];



?>
user1040364
  • 103
  • 1
  • 10