tags:

views:

109

answers:

7
Q: 

Odd Mysql issue on insert.

Hy all,

Not sure what's going on here, but if I run this:

$query = 'INSERT INTO users 
(`id`, `first_name`, `second_name`, `register_date`, `lastlogin_date`) 
VALUES 
("'. $user_id . '", "' . $first_name .'", "'. $second_name . '", "' . $date . '", "' . $date . ");'; 
$result = mysql_query($query);

I get no return, but if I change it to this it's fine:

$query = 'INSERT INTO users (`id`, `first_name`, `second_name`, `register_date`, `lastlogin_date`) 
VALUES ("21021212", "Joe", "Bloggs", "20090202", "20090202");'; 
$result = mysql_query($query);

User id = bigint(20)

first name = varchar(30)

second name = varchar(30)

date = int(8)

At first I thought it was a issue with the vars but they are exactly the same and still don't work.

Any help appreciated.

+4  A: 

What's the result from "mysql_error()"? Always check this, especially if something doesn't seem to be working.

Also, echo out $query to see what it really looks like. That could be telling.

GoatRider  2009-03-29 15:08:39
+1 This is the best advice, in the spirit of "teach a man to fish!"
Bill Karwin  2009-03-29 20:01:40
A: 

I echo'd query and it comes out exactly the same using vars or not. It also returns no error.

 2009-03-29 15:11:40
Tip: If you have more info you should edit your question rather than adding an answer
Greg  2009-03-29 15:16:31
@RoBorg: Users with reputation <50 cannot add comments.
Bill Karwin  2009-03-29 17:27:03
@Bill: but they can edit their own question
Chris Lively  2010-06-01 18:23:49
A: 

In addition to echoing the query and checking mysql_error() as @GoatRider suggests:

  1. Are you escaping your data properly? See mysql_real_escape_string()
  2. You shouldn't end your queries with a semicolon when using mysql_query()
Greg  2009-03-29 15:15:51
+6  A: 

Get into the habit of escaping all database inputs with mysql_real_escape_string- really, you should use some kind of wrapper like PDO or ADODb to help you do this, but here's how you might do it without:

$query = sprintf("INSERT INTO users ".
    "(id, first_name, second_name, register_date, lastlogin_date)".
    "VALUES('%s','%s','%s','%s','%s')",
    mysql_real_escape_string($user_id),
    mysql_real_escape_string($first_name),
    mysql_real_escape_string($second_name),
    mysql_real_escape_string($date),
    mysql_real_escape_string($date));

 $result = mysql_query($query);

and also check for errors with mysql_error

 if (!$result)
 {
     echo "Error in $query: ".mysql_error();
 }
Paul Dixon  2009-03-29 15:16:38
A: 

If you print out $query, what does it contain?

Eric Holmberg  2009-03-29 15:17:51
+1  A: 

Maybe the value of $date was "1111'); DELETE FROM users;"?

Seriously though? The problem is that isn't how you interact with your database. You shouldn't be passing in your data with your query. You need to specify the query, the parameters for the query, and pass in the actual parameter values when you execute the query. Anything else is inefficient, insecure and prone to bugs like the one you have.

By using PDO or something that supports parametrized queries, you'll find these kinds of issues go away because you are calling the database property. It is also much more secure and can speed up the database.

$sth = $dbh->prepare("INSERT INTO users (`id`, `first_name`, `second_name`, `register_date`, `lastlogin_date`) VALUES (?,?,?,?,?)")
$sth->execute(array($user_id ,$first_name , $second_name , $date, $date ));
Cory R. King  2009-03-29 15:25:04
A: 

in $query = 'INSERT INTO users (id, first_name, second_name, register_date, lastlogin_date) VALUES ("' . $user_id . '", "' . $first_name . '", "' . $second_name . '", "' . $date . '", "' . $date . '"); are u giving the correct date format?? it might be the issue. otherwise the syntax is all fine.

terrific  2009-03-29 16:19:02

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL