Jump to content

PHP concatenate

dekip

By dekip
in PHP Coding Help

 Share

Recommended Posts

dekip Newbie

dekip

Posted
  • Author
Posted

Obviously not enough of data. My bad

Idea is to have a device that will send some random string via GET. Say: 123gh5

On server I query DB, check last ID, increment to one more and insert that incremented ID into DB. But also put together this ID and this string and insert that, too. Let's call it newID. I hope it is not too confusing.

This ID in DB is INT type, and newID is VARCHAR. But on server, it just doesn't pass $z =  $x.$y;. It doesn't pass to inserting query.

 

Say, this is GET request:

somesite.com/index.php?upit=id&espID=12a456?id=12a456

And on server:
  

if ($_SERVER["REQUEST_METHOD"] == "GET") {
           $action = $_GET["upit"];
           if ($action == "id"){
               $espID = $_GET["espID"];
               $sql = mysqli_query($con,"SELECT * FROM autoSetup ORDER BY deviceID DESC LIMIT 1");
               while($row = mysqli_fetch_array($sql,MYSQLI_ASSOC)){
               $newID = $row["deviceID"] + 1;
               }
           echo $newID;
           $IDID = $newID.$espID;
           mysqli_query($con,"INSERT INTO autoSetup (deviceID, espID, UID, date) VALUES ('$newID', '$espID',$IDID, now())");
           }

}

You can see here it is a part of a ESP MCU system I build.

So deviceID is INT, espID and UID are VARCHAR.

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted
1 hour ago, dekip said:

check last ID, increment to one more and insert that incremented ID into DB

don't do that. it is NOT concurrent safe. when more than one instance of your code is requested, each instance will get the same starting value, increment it, and produce duplicate values. you should instead use an auto-increment column. you should also NOT use a loop to fetch data from a query that will at most return one row. just directly fetch the data.

1 hour ago, dekip said:

But also put together this ID and this string and insert that, too.

don't do this either. this is storing derived/duplicate data. instead, concatenate this when the data is queried for.

1 hour ago, dekip said:

UID are VARCHAR

then why isn't the value inside of single-quotes in the query?

you should use a post method form when performing an action on the server, so that a search engine indexing your site won't  trigger the actions. this code is also open to sql injection. use a prepared query when supplying external, unknown, dynamic values to a query when it is executed. there's no validation logic, that would prevent empty values from being used, and no error handling for the database statements, that would handle duplicate user data in the insert query.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.