Jump to content

SQL insert not working... any ideas


kevonini

Recommended Posts

<?php

error_reporting(E_ALL^E_NOTICE);

    $connect = mysqli_connect("");//removed

$doc = $_GET["doctor"];

$username = $_GET["username"];

$sql = "SELECT fname, lname from newpatient where username = '$username'";

    $result = mysqli_query($connect, $sql);

    $value = mysqli_fetch_row($result); 

    $fname = $value[0];

$lname = $value[1];

$totalcost = $_GET["totalcost"];

$reason1 = $_GET["reason1"];

$reason2 = $_GET["reason2"];

$reason3 = $_GET["reason3"];

$reason4 = $_GET["reason4"];

$reason5 = $_GET["reason5"];

$reason6 = $_GET["reason6"];

$reason7 = $_GET["reason7"];

$reason8 = $_GET["reason8"];

$date = $_GET["date"];

 

$reasons = array($reason1,$reason2,$reason3,$reason4,$reason5,$reason6,$reason7,$reason8);

rsort($reasons);

$reason1 = $reasons[0];

$reason2 = $reasons[1];

$reason3 = $reasons[2];

$reason4 = $reasons[3];

 

if(isset($_REQUEST["yes"]))

    {

        $sql1 = "SELECT * FROM appointments where doctor_name = '$doc' and time = '$time'";

        $result1 = mysqli_query($connect, $sql1);

        $num_rows = mysqli_num_rows($result1);

        if($num_rows > 0)

        {

    echo "Appointment Time already chosen. Select another time.";

            echo "<script language = 'javascript'>document.location.href='make_appointment.php?doc=$doc&username=$username'</script>";

        }

        else

        {           

            $sql2 = "INSERT INTO appointments (username, time, doctor_name, cost, reason1_for_visit, reason2_for_visit,reason3_for_visit,reason4_for_visit, fname, lname) values ('$username','$date','$doc',$totalcost,'$reason1','$reason2','$reason3','$reason4','$fname','$lname')";

    $result2 = mysqli_query($connect, $sql2);

if($result2)

    echo "This worked.";

else

    echo "Insert did not work.";

    //echo "<script language = 'javascript'>document.location.href='registered_login_page.php?username=$username'</script>";

}

}

mysqli_close($connect);

?>

 

Link to comment
Share on other sites

Not seeing how string parsing is applicable.......The data is not being sent to the database and the column names are correct and the data types are compatible....

 

String parsing is relevant because you're attempting to send strings contained within variables to mysql.  Double quoting php variables ensures the literal parsing.

Link to comment
Share on other sites

Got this error message - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','','','','','')' at line 1

This would mean that empty strings are being passed to the database... but the values for these can be null so what am i missing?

Link to comment
Share on other sites

$totalcost, being a presumably numeric value is unquoted in the query string. If there is no value, you'll need to explicitly assign it 0 or NULL. You also should be developing with the following directives in your php.ini file: error_reporting = -1 and display_errors = On.

Link to comment
Share on other sites

My take on SQL is to abstract it whenever possible, as you always have to escape your values and the SQL syntax is generally easy to get wrong, without any static syntax control what-so-ever.

 

sqlinsert below takes $values as an associative array of column values.

 

sqlquery is just mysql_query with error reporting via e-mail, so you can directly replace it with mysql_query.

 

You can thank me later.

 

Cheers,

Anders

 

function esc($text)

{

    return mysql_real_escape_string($text);

}

 

function sqlinsert($table, $values)

{

    $len = sizeof($values);

    if ($len > 0)

    {

        $query = "INSERT INTO $table ( ";

        $first = true;

        foreach ($values as $column => $value)

        {

            $query .=!$first ? ', ' : '';

            $first = false;

            $query .= "`$column`";

        }

 

        $query .= ' ) VALUES ( ';

 

        $first = true;

        foreach ($values as $column => $value)

        {

            $query .=!$first ? ', ' : '';

            $first = false;

            $query .= "'" . esc($value) . "'";

        }

 

        $query .= ' )';

        sqlquery($query);

        return mysql_insert_id();

    }

 

    return false;

}

 

 

Link to comment
Share on other sites

Replace:

sqlquery --> mysqli_query

mysql_insert_id --> mysqli_insert_id

 

Then run the function like this:

 

$id_appointments = sqlinsert('appointments', array('username' => $username, ...));

 

or create the array first and put it in the call:

 

$values = array();

$values['username'] = $username;

...

$id_appointments = sqlinsert('appointments', $values);

 

If you want to test on the result:

 

if ($id_appointments !== false)

{

    // It worked :) !

}

else

{

    // It failed :( !

}

 

Cheers,

Anders

Link to comment
Share on other sites

A few issues....not sure what parameters to use now for the mysqli_query - normally i use the ($link, $query) now it is picking up the link as null...also not sure what to use for mysqli_insert_id...thought it wud be the link but that is showing as null as well. A number of warnings for the escape sequence part as well.

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\confirm_appointment.php on line 57

 

Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\confirm_appointment.php on line 82

 

Warning: mysqli_insert_id() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\confirm_appointment.php on line 83

 

Link to comment
Share on other sites

I never use mysqli, so I wasn't aware of differences, but this seems to explain it:

 

link: A link identifier returned by mysqli_connect() or mysqli_init()

 

So you need to add $connect to both esc and sqlinsert and add $connect to the call of esc.

 

function esc($connect, $text)

{

    return mysql_real_escape_string($connect, $text);

}

 

I hope you can "connect the dots".

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.