I have the following php query...
INSERT INTO `demographic2` (id, name, first_name, last_name, link, username, birthday, gender, relationship_status, email, timezone, locale, verified, updated_time) VALUES (845450180, Liam Gallagher, Liam, Gallagher, http://www.facebook.com/lia.co.uk, lia.co.uk, 11/25/1989, male, Single, gal@hotmail.com, 1, en_US, 1, 2012-03-30T21:54:17+0000)
I cant see any errors but for some reason the above wont insert data into my table, the schema looks like so...
Regarding string literals, I have this as my insert query, How would i add the quotes?
$columns = implode(", ",array_keys($userInfo));
$escaped_values = array_map('mysql_real_escape_string', array_values($userInfo));
$values = implode(", ", $escaped_values);
$sql = "INSERT INTO `demographic2` ($columns) VALUES ($values)";
Read about string literals in MySQL. You have to write strings in quotes, eg: "my text"
.
You should wrap your string value with ""
or ''
, eg "value"
or 'value'
.
You can also read more about anti-SQL-injection techniques to create an SQL query string better at http://www.unixwiz.net/techtips/sql-injection.html
I think you need to add 'SomevarcharOrDatetime'
INSERT INTO `demographic2`
(
id, name,
first_name,
last_name,
link,
username,
birthday,
gender,
relationship_status,
email,
timezone,
locale,
verified,
updated_time
)
VALUES
(
845450180,
'Liam Gallagher',
'Liam',
'Gallagher',
'http://www.facebook.com/lia.co.uk',
'lia.co.uk',
'11/25/1989',
'male',
'Single',
'gal@hotmail.com',
1,
'en_US',
1,
'2012-03-30T21:54:17+0000'
)
Nothing is quoted.
INSERT INTO `demographic2` (id, name, first_name, last_name, link, username, birthday, gender, relationship_status, email, timezone, locale, verified, updated_time)
VALUES (845450180, "Liam Gallagher", "Liam", "Gallagher", "http://www.facebook.com/lia.co.uk", "lia.co.uk", "11/25/1989", "male", "Single", "gal@hotmail.com", "1", "en_US", "1", "2012-03-30T21:54:17+0000")
Also, why aren't you using DATE columns for dates (birthday)?
you can try enclosing ', '
as glue into the implode() in the second use, so it becomes:
$columns = implode(", ",array_keys($userInfo));
$escaped_values = array_map('mysql_real_escape_string', array_values($userInfo));
$values = implode("', '", $escaped_values);
$sql = "INSERT INTO `demographic2` ({$columns}) VALUES ('{$values}')";
Use custom function to map each value & apply single quote to escaped string.
$columns = implode(", ",array_keys($userInfo));
$escaped_values = array_map('escape_inpt_string', array_values($userInfo));
$values = implode(", ", $escaped_values);
$sql = "INSERT INTO `demographic2` ($columns) VALUES ($values)";
function escape_inpt_string($val) {
return "'".mysql_real_escape_string($val)."'";
}
Cheers!!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.