Can anyone tell me what is wrong with my Query? I have two tables event and customer, I want to select customer id from customer table and insert it in the customer_id Column in the event table. this is only where the login id in the customers table is the same as the logged in user id
$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start)
VALUES(customer-id,'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."', '".$event_date."') SELECT customer_id FROM 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID'].";";
try this
$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start)
VALUES((select customer-id from 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID']."),'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."', '".$event_date."') ";
The syntax for INSERT
needs either a VALUES
clause or a SELECT
as the source of rows, but not both.
You are using single-quotes for the table name of your SELECT
, but single-quotes are only for string literals or date literals.
You aren't using query parameters, so you have ugly code to manage quoted variables. I assume $safe_
means that you have escaped the variables, so at least you may have less chance for SQL injection.
I would write the statement with PDO this way:
$cust_sql = "SELECT customer_id FROM customer WHERE login_id = :login_id";
$stmt = $pdo->prepare($cust_sql);
// test if $stmt is false
$result = $stmt->execute(array(":login_id" => $_SESSION['SESS_LOGIN_ID']));
// test if $result is false
while ($row = $result->fetch()) {
$customer_id = $row["customer_id"];
}
$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type,
event_shortdesc, event_vanue, event_start)
VALUES (:customer_id, :videographer_package, :event_type,
:event_shortdesc, :event_vanue, :event_start)";
$stmt = $pdo->prepare($cust_sql);
// test if $insEvent_stmt is false
$result = $insEvent_stmt->execute(array(
":customer_id" => $customer_id,
":videographer_package"=> $videography_package,
":event_type" => $event_type,
":event_shortdesc" => $event_shortdesc,
":event_vanue" => $event_vanue,
":event_start" => $event_date
));
// test if $result is false
You cannot INSERT
a row followed by a SELECT
. A work around is to add your row to the SELECT
:
$insEvent_sql = "INSERT INTO event
(customer_id,
videography_package,
event_type,
event_shortdesc,
event_vanue,
event_start)
SELECT 'customer-id' AS customer_id,
'" . $safe_videography_package . "' AS videography_package,
'" . $safe_event_type . "' AS event_type,
'" . $safe_event_shortdesc . "' AS event_shortdesc,
'" . $safe_event_vanue . "' AS event_venu,
'" . $event_date . "' AS event_start
UNION ALL
SELECT customer_id, NULL, NULL, NULL, NULL, NULL
FROM customer
WHERE login_id = " . $_SESSION['SESS_LOGIN_ID'];
Using sample data:
$safe_videography_package = 'package1'; $safe_event_type = 'type1'; $safe_event_shortdesc = 'short description'; $safe_event_vanue = 'some venu'; $event_date = '2012-05-05'; $_SESSION['SESS_LOGIN_ID'] = 1;
Will produce:
INSERT INTO event (customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start) SELECT 'customer-id' AS customer_id, 'package1' AS videography_package, 'type1' AS event_type, 'short description' AS event_shortdesc, 'some venu' AS event_venu, '2012-05-05' AS event_start UNION ALL SELECT customer_id, NULL, NULL, NULL, NULL, NULL FROM customer WHERE login_id = 1
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.