while inserting data to a mysql database using Php. I'm getting an error saying Incorrect integer value: '' for column 'rate' at row 1
Question
1.Php code is as follows and i do not have an auto increment field full error description
ERROR: Could not able to execute INSERT INTO employee( emp_name, rate, ifsc_code, acc_num, acc_holder_name) VALUES ( '', '', '', '', ''). Incorrect integer value: '' for column 'rate' at row 1
<?php
include_once('connectdb.php');
$emp_name = mysqli_real_escape_string($link, $_REQUEST['emp_name']);
$rate = mysqli_real_escape_string($link, $_REQUEST['rate']);
$ifsc_code = mysqli_real_escape_string($link, $_REQUEST['ifsc_code']);
$acc_num = mysqli_real_escape_string($link, $_REQUEST['acc_num']);
$acc_holder_name = mysqli_real_escape_string($link, $_REQUEST['acc_holder_name']);
$sql = "INSERT INTO employee( emp_name,
rate,
ifsc_code,
acc_num,
acc_holder_name)
VALUES ( '$emp_name',
'$rate',
'$ifsc_code',
'$acc_num',
'$acc_holder_name')";
if(mysqli_query($link, $sql)){
//echo "<script type='text/javascript'>alert('Commodity added to inventory')</script>";
echo "<meta http-equiv='refresh' content='0;url=insert_emp_details.php'>";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
2 answers
solution1
1 ACCPTED 2018-02-27 07:56:07
As per my comments you should convert $rate into integer or remove ' single quotes like this
$sql = "INSERT INTO employee( emp_name,
rate,
ifsc_code,
acc_num,
acc_holder_name)
VALUES ( '$emp_name',
$rate,
'$ifsc_code',
'$acc_num',
'$acc_holder_name')";
Or
you can convert into integer like this $rate= (int)$rate;
Also use pdo with bind parameter function for prevent sql injection
solution2
0 2018-02-27 08:41:21
As noted above in a comment the original code is potentially vulnerable to SQL injection so the use of a prepared statement would be advised to help mitigate risk.
The error message you posted though concerns me - it appears that all the values are empty... is that the case? You should check for the existence of these variables before attempting the sql operations.
<?php
include_once('connectdb.php');
try{
$sql='insert into `employee` ( `emp_name`, `rate`, `ifsc_code`, `acc_num`, `acc_holder_name` ) values (?,?,?,?,?);';
/* field names expected in REQUEST array and associated data type for filtering */
$args=array(
'emp_name' => FILTER_SANITIZE_STRING,
'rate' => FILTER_SANITIZE_NUMBER_INT, /* assumed that rate is an integer */
'ifsc_code' => FILTER_SANITIZE_STRING,
'acc_num' => FILTER_SANITIZE_NUMBER_INT, /* assumed that acc_num is an integer ?? */
'acc_holder_name' => FILTER_SANITIZE_STRING
);
/* filter REQUEST array using above arguments */
filter_input_array( INPUT_REQUEST, $args );
/* extract variables */
extract( $_REQUEST );
/* If all the variables were extracted correctly after filtering - proceed */
if( $emp_name && $rate && $ifsc_code && $acc_num && $acc_holder_name ){
/* if the filter failed this will probably never be called but... */
if( !is_integer( $rate ) ) throw new Exception('rate is not an integer');
/* create a prepared statement */
$stmt=$link->prepare( $sql );
/* If the query failed for some reason - abandon ship */
if( !$stmt )throw new Exception( sprintf( 'error preparing sql query: %s', $stmt->error ) );
/* assumed that rate and acc_num is an integer ?? */
$stmt->bind_param( 'sisis', $emp_name, $rate, $ifsc_code, $acc_num, $acc_holder_name );
/* execute the query */
$result = $stmt->execute();
if( $result ){
echo "Success";
} else {
throw new Exception( sprintf( "Bogus! %s", $stmt->error ) );
}
} else {
throw new Exception( 'an error occurred extracting one or more variables - check "$args" array!' );
}
} catch( Exception $e ){
exit( $e->getMessage() );
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.