i'm new in php,i have 2 table with many to many relation and another table for relations:
each time i want update foreign table i'm give the error:
Cannot add or update a child row: a foreign key constraint fails (`wikiseda`.`genre_singer`, CONSTRAINT `genre_singer_ibfk_1` FOREIGN KEY (`f_singer_id`) REFERENCES `singers` (`singerid`) ON DELETE CASCADE ON UPDATE CASCADE);
this is my code:
<?php
include('../db_inc.php');
define("UPLOAD_DIR",realpath(dirname(__FILE__)));
$singer_name =$_POST['singer_name'];
$singer_gender=$_POST['singer_gender'];
$singer_des=$_POST['singer_description'];
$singer_genre=$_POST['genre_list'];
$path = UPLOAD_DIR .'/musics/'.$singer_name;
if(!file_exists($path)){
mkdir($path,0777,true);
}
$sql ="INSERT INTO singers(singer_name,singer_gender,singer_description) VALUES ('$singer_name','$singer_gender','$singer_des')" ;
$singer_id = mysql_insert_id();
$sql2 =("INSERT INTO genre_singer(f_singer_id,f_genre_id) VALUES ('$singer_id','$singer_genre')");
$result=mysql_query($sql)or die(mysql_error());
$result2=mysql_query($sql2)or die(mysql_error());
if('$result'){
echo "insert successfully";
};
?>
SQL injection vulnerabilities and overly-loose directory permissions aside for a moment (though you really should pay heed to the comments about them). Try executing your first query before trying to get the id last inserted hence:
$sql ="INSERT INTO singers(singer_name,singer_gender,singer_description) VALUES ('$singer_name','$singer_gender','$singer_des')" ;
$result=mysql_query($sql)or die(mysql_error());
$singer_id = mysql_insert_id();
$sql2 =("INSERT INTO genre_singer(f_singer_id,f_genre_id) VALUES ('$singer_id','$singer_genre')");
$result2=mysql_query($sql2)or die(mysql_error());
You are trying to get the id of the inserted record before actually inserting it.
You need to move your first query execution - $result=mysql_query($sql)or die(mysql_error());
before $singer_id = mysql_insert_id();
.
Also:
Your code is vulnerable to SQL injection (as others noted).
Creating a directory on your server with an arbitrary path/name which comes from the user is probably a bad idea. If you follow that up with creating a file in a similar way you will allow any user to execute arbitrary code on your server.
For the sake of being complete, here's the work done with PDO:
// note: untested code follows
$pdo = new PDO('mysql:host='.$host.';dbname='.$db_name, $username, $password);
$statement = $pdo->prepare('
INSERT INTO `singers` (
singer_name,
singer_gender,
singer_description
) VALUES (
:singer_name,
:singer_gender,
:singer_des
)
');
$statement->execute(array(
'singer_name'=>$_POST['singer_name'],
'singer_gender'=>$_POST['singer_gender'],
'singer_des'=>$_POST['singer_description']
));
$singer_id = $pdo->lastInsertId();
if (!$singer_id) {
// tip: do something nicer than die
die('Error occurred:'.implode(":",$pdo->errorInfo()));
}
$statement = $pdo->prepare('
INSERT INTO `genre_singer` (
f_singer_id,
f_genre_id
) VALUES (
:singer_id,
:singer_genre
)
');
$result = $statement->execute(array(
'singer_id'=>$singer_id,
'singer_genre'=>$_POST['genre_list']
));
if (!result) {
// tip: do something nicer than die
die('Error occurred:'.implode(":",$pdo->errorInfo()));
}
Documentation
PDO
- http://us1.php.net/manual/en/pdo.errorinfo.php PDO::prepare
- http://us1.php.net/manual/en/pdo.prepare.php PDOStatement::execute
- http://php.net/manual/en/pdostatement.execute.php PDO::errorInfo
- http://us1.php.net/manual/en/pdo.errorinfo.php PDO::lastInsertId
- http://php.net/manual/en/pdo.lastinsertid.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.