Sheriff Said Elahl
Reputation: 177
MYSQL insertion using PHP prepared Statement
I am trying to insert a row in mysql table using the below php prepared statement, but the code always pass the statement and move to echo "failed". what is missing in the below code?
(My Database has extra columns but I didn't add it as I don't want to insert values inside (one of these columns are auto increment))
<?php
$ActivityDate = $_POST["ActivitytDate"];
$CoreSite = $_POST["CoreSite"];
$ActionAuditor = $_POST["ActionAuditor"];
$DCOSPOC = $_POST["DCOSPOC"];
if($stmt = $mysqli->prepare("Insert INTO DCO_Database (ActivityDate, CoreSite, ActionAuditor, DCOSPOC) Where (ActivityDate=? AND CoreSite=? AND ActionAuditor=? AND DCOSPOC=?)"))
{
$stmt->bind_param("ssss", $ActivityDate, $CoreSite, $ActionAuditor, $DCOSPOC);
$stmt->execute();
$stmt->close();
}
else{
echo ("Failed");
$mysqli->close();
}
?>
I have editied the code to use values instead, it is not echoing Failed but echoing success .. but still not adding values to database
<?php
$ActivityDate = $_POST["ActivitytDate"];
$CoreSite = $_POST["CoreSite"];
$ActionAuditor = $_POST["ActionAuditor"];
$DCOSPOC = $_POST["DCOSPOC"];
$AreaOwner = $_POST["AreaOwner"];
$ActionImplementer = $_POST["ActionImplementer"];
$ActionOwner = $_POST["ActionOwner"];
$MailSubject = $_POST["MailSubject"];
$ActionType = $_POST["ActionType"];
$RequestType = $_POST["RequestType"];
$RequestNumber = $_POST["RequestNumber"];
$OpenTime = $_POST["OpenTime"];
$CloseTime = $_POST["CloseTime"];
$ActionResult = $_POST["ActionResult"];
$Violation = $_POST["Violation"];
$ActionDetails = $_POST["ActionDetails"];
$Snags = $_POST["Snags"];
$SnagDesc = $_POST["SnagDesc"];
$Layout = $_POST["Layout"];
$LayoutDesc = $_POST["LayoutDesc"];
$CabinetLocation = $_POST["CabinetLocation"];
$Mapping = $_POST["Mapping"];
$MappingDesc = $_POST["MappingDesc"];
$Notes = $_POST["Notes"];
if($stmt = $mysqli->prepare("Insert INTO DCO_Database (ActivityDate, CoreSite, ActionAuditor, DCOSPOC, AreaOwner, ActionImplementer, ActionOwner, MailSubject, ActionType, RequestType, RequestNumber, OpenTime, CloseTime, ActionResult, Violation, ActionDetails, Snags, SnagDesc, Layout, LayoutDesc, CabinetLocation, Mapping, MappingDesc, Notes) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"))
{
$stmt->bind_param("ssssssssssssssssssssssss", $ActivityDate, $CoreSite, $ActionAuditor, $DCOSPOC, $AreaOwner, $ActionImplementer, $ActionOwner, $MailSubject, $ActionType, $RequestType, $RequestNumber, $OpenTime, $CloseTime, $ActionResult, $Violation, $ActionDetails, $Snags, $SnagDesc, $Layout, $LayoutDesc, $CabinetLocation, $Mapping, $MappingDesc, $Notes);
$stmt->execute();
$stmt->close();
}
else{
echo ("Failed");
$mysqli->close();
}
echo ("Successful");
?>
Upvotes: 2
Views: 2020
Answers (3)
JYoThI
Reputation: 12085
use values insted of where
<?php
$ActivityDate = $_POST["ActivitytDate"];
$CoreSite = $_POST["CoreSite"];
$ActionAuditor = $_POST["ActionAuditor"];
$DCOSPOC = $_POST["DCOSPOC"];
if($stmt = $mysqli->prepare("Insert INTO DCO_Database (ActivityDate, CoreSite, ActionAuditor, DCOSPOC) values(?,?,?,?)"))
{
$stmt->bind_param("ssss", $ActivityDate, $CoreSite, $ActionAuditor, $DCOSPOC);
$stmt->execute();
$stmt->close();
}
else{
echo ("Failed");
$mysqli->close();
}
?>
Upvotes: 2
Deep Kakkar
Reputation: 6307
You have to use
values
in your query. and remove
AND
from the query too. Please check the following code.
if($stmt = $mysqli->prepare("Insert INTO DCO_Database (ActivityDate, CoreSite, ActionAuditor, DCOSPOC) values (?,?,?,?)"))
{
$stmt->bind_param("ssss", $ActivityDate, $CoreSite, $ActionAuditor, $DCOSPOC);
$stmt->execute();
$stmt->close();
}
else{
echo ("Failed");
$mysqli->close();
}
Please note that where is used for update. so to insert use the query as follows:
INSERT INTO table_name (column1,column2,column3,...) VALUES (value1,value2,value3,...);
Upvotes: 1
Veshraj Joshi
Reputation: 3579
// think you should do as follows, insert statement only allows where clause when select statement is used,
<?php
$ActivityDate = $_POST["ActivitytDate"];
$CoreSite = $_POST["CoreSite"];
$ActionAuditor = $_POST["ActionAuditor"];
$DCOSPOC = $_POST["DCOSPOC"];
if($stmt = $mysqli->prepare("Insert INTO DCO_Database (ActivityDate, CoreSite, ActionAuditor, DCOSPOC) values (?,?,?,?)");
{
$stmt->bind_param("ssss", $ActivityDate, $CoreSite, $ActionAuditor, $DCOSPOC);
$stmt->execute();
$stmt->close();
}
else{
echo ("Failed");
$mysqli->close();
}
?>
Upvotes: 5
Related Questions
- How can I prevent SQL injection in PHP?
- How to reset AUTO_INCREMENT in MySQL
- How to import an SQL file using the command line in MySQL?
- How do you parse and process HTML/XML in PHP?
- Deleting an element from an array in PHP
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- How does PHP 'foreach' actually work?
- Should I use the datetime or timestamp data type in MySQL?
- How do I get PHP errors to display?
- Why shouldn't I use mysql_* functions in PHP?