开发者

My insert statement (php to mysql) fails to use my variables

It must be the simplest error, but I dont see nor find it.

I fill a variable $aa_minerid with开发者_运维技巧 value 7. I use this variable in a insert. The insert always inserts a 0 (zero) in the database never a 7

The field i put it in is a smallint(6) I tried

VALUES ('$aa_productid')
VALUES ($aa_productid)
VALUES ("$aa_productid")
VALUES ('{$aa_productid}')
VALUES ("{$aa_productid}")

and all with use of ` aswell into script placed hereafter.

If I put there : VALUES ( 7 ) It does work perfect.

So what do I do wrong in this script? BTW the echo at the end DOES show the right value of the variable $aa_productid

<?php

/* This php script should transfer data from the aa to the sql database */

// Info coming from aa

$aa_productid = 7 ;

include ("dogs.inc");

$cxn=mysqli_connect($host,$user,$passwd,$dbname);

$query = 'SELECT * FROM `Price` WHERE '
        . ' `Time_Stamp`=(select max(`Time_Stamp`) from `Price` where `Product_ID` = \'1\')';

$result=mysqli_query($cxn,$query) or
                die("Couldn't execute select query");

$row = mysqli_fetch_row($result);

$aa_price=$row[3]   ;   

$aa_value = $aa_price * $aa_amount;

// Info ready to go to database

$sqlinsert = 'INSERT INTO Mining (Product_ID)'
      . ' VALUES ( $aa_productid )' ;

echo $aa_productid;


Single quotes don't do variable expansion in PHP. But I would recommend you use prepared statements, such as:

$stmt = $cxn->prepare('INSERT INTO Mining (Product_ID) VALUES ( ? )');
$stmt->bind_param('i', $aa_productid);
$stmt->execute();

See the documentation at prepare and bind_param.

This will protect you from SQL injection.


Try '.$aa_productid.' or ".$aa_productid."

Depending on the type of apostrophe used to beging the string, use the same one.

Also, if You are using ", then You should be able to Just do

$insert="INSERT INTO $tablename;";


It's been a while since I have done any PHP but..

I think you need to have smartquotes turned on

Try this instead:

$sqlinsert = 'INSERT INTO Mining (Product_ID)'
  . ' VALUES ('. $aa_productid .' )' ;

concatenate the variable into the query.


When you are using variables within quotes, you must use the double-quote if you want PHP to parse variables within it. So, this would work:

$sqlinsert = 'INSERT INTO Mining (Product_ID) VALUES ('.$aa_productid.')';

Or this would:

$sqlinsert = "INSERT INTO Mining (Product_ID) VALUES ($aa_productid)";


Try:

$query = "SELECT * FROM Price WHERE Time_Stamp=(select max(Time_Stamp) from Price where Product_ID = "1")";

$sqlinsert = "INSERT INTO Mining (Product_ID) VALUES ( '$aa_productid' )" ;

Also, its always a good idea to escape the strings before entering them in the db.


Try this syntax instead:

$sqlinsert = "INSERT INTO Mining (Product_ID) VALUES ("' . $aa_productid . '")";

no need to concatenate the two parts of the insert. Also double quoting the variable seems to avoid problems.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜