How to INSERT a value with a name from another table - mysql

I am looking to have a value from my users table column name (profile_img) insert into my news table to column name (profile_img1) with the other information the users submits.
Here is the query I am using so far
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
$profile_img1=$_REQUEST["profile_img1"];
$rsvp=$_REQUEST["rsvp"];
$query = "INSERT INTO news (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user,profile_img1,rsvp) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','" . mysql_real_escape_string($city) . "','$state','$zip','".str_replace([",",":","\"","\\", "/", "*"," ","$","&","?",";","'","!","(",")","|","~","<",">","=","[","]","{","}","#","^","%","=","#","+","è","é"],"",$name) ."-".$stdate."-".$file."','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user','" . mysql_real_escape_string($rsvp)."')";
The name for the profile_img1 will go after the user value in the query but I cannot figure out how to get the name of the profile_img in the users table to the news table
here is what I have been trying:
$query = "INSERT INTO news (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user,profile_img1,rsvp) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','" . mysql_real_escape_string($city) . "','$state','$zip','".str_replace([",",":","\"","\\", "/", "*"," ","$","&","?",";","'","!","(",")","|","~","<",">","=","[","]","{","}","#","^","%","=","#","+","è","é"],"",$name) ."-".$stdate."-".$file."','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user','(SELECT profile_img FROM users WHERE username=`username`)''" . mysql_real_escape_string($rsvp)."')";
using this method causes the profile_img1 column in the news table to read (SELECT profile_img FROM users WHERE username=username) instead of what the profile_img column reads in the users table.
Also if I add a second INSERT query
$q2 = mysql_query("INSERT INTO news (profile_img1) SELECT profile_img FROM users WHERE username='username'");
the query causes a new row to be created in the news table displaying only the profile_img from the users table, separate from the other data the user will enter.
My desired result is to have the user submit the data to the news table and the user image from the users table will be inserted into the news table in the row with the other data submitted so the data submitted and the user image is displayed together.
If you need more clarification please let me know

Don't you already have the value for profile_img1 ?
$profile_img1=$_REQUEST["profile_img1"];
But anyway, of course if you do 2 inserts it will insert 2 lines.
You want to look up UPDATE .
And mysql_insert_id() to get the id of the last insert executed.
As in (at the end, after you know what you're doing):
UPDATE news SET profile_img1 = "whateveritis" where id = theidoftherowyoujustinserted

The short answer is to do INSERT (...) SELECT ...
e.g.
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
$profile_img1=$_REQUEST["profile_img1"];
$rsvp=$_REQUEST["rsvp"];
$query = "INSERT INTO news (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user,profile_img1,rsvp) SELECT '" .
mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) .
"','" . mysql_real_escape_string($addr2) . "','" . mysql_real_escape_string($city) . "','$state','$zip','".
str_replace([",",":","\"","\\", "/", "*"," ","$","&","?",";","'","!","(",")","|","~","<",">","=","[","]","{","}","#","^","%","=","#","+","è","é"],"",$name) .
"-".$stdate."-".$file."','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) .
"',provile_img,'" .
mysql_real_escape_string($rsvp)."'" .
" FROM users WHERE username = '{$username}'";
This should turn into something like:
INSERT INTO news (fname, stdate, profile_img1, rsvp)
SELECT 'Bob', '2017-09-02', profile_img, 0
FROM users
WHERE username = 'jimbob'
The long answer involves pleas to not do your own escaping and re-structuring this bit to make it easier to read, and by extension, easier to maintain later

Related

Select value in table if it exists in another

I am trying to get all the values from a users table where a specific company name is found.
I also need to get the rows in the users table where that same company name is in another table and matches the name in users table
I have 2 tables like this:
Table: Users.
USERNAME COMPANY EMAIL PHONE
Table: Dispatchers.
USERNAME DISPATCH_CLIENT
I need to get all the rows in the Users table that have a specific company name
I also need to get all the rows in the Users table where the USERNAME and DISPATCH_CLIENT fields in the Dispatch table match the USERNAME AND COMPANY field in Users table.
I have looked at some questions on here using EXISTS, but it either didn't work in my situation or i'm not smart enough to understand it.
This is what I have at the moment.
SELECT *
FROM Users
WHERE Users.COMPANY = '" . $company . "'
AND EXISTS
(SELECT USERNAME
FROM Dispatchers WHERE DISPATCH_CLIENT = '" . $company . "')";
Also tried doing it this way but no records are returned:
SELECT
*
FROM
Users
INNER JOIN
Dispatchers
ON Dispatchers.USERNAME = Users.USERNAME
AND Dispatchers.DISPATCH_CLIENT = Users.COMPANY
WHERE
Users.COMPANY = '" . $company . "'"
Try this
SELECT *
FROM Users
WHERE Users.COMPANY = '" . $company . "'
OR Users.USERNAME IN
(SELECT USERNAME
FROM Dispatchers WHERE DISPATCH_CLIENT = '" . $company . "')";
I think you missed the join condition in "exists" phase. Please try this.
SELECT *
FROM Users
WHERE Users.COMPANY = '" . $company . "'
AND EXISTS
(SELECT USERNAME
FROM Dispatchers
WHERE Dispatchers.DISPATCH_CLIENT = Users.COMPANY
and Users.USERNAME = Dispatchers.USERNAME)

REPLACE and SET in mysql query

According to w3resource you can replace text using REPLACE keyword.
Now look at this code extracted from OpenCart
<?php
class ModelToolOnline extends Model {
public function addOnline($ip, $customer_id, $url, $referer) {
$this->db->query("DELETE FROM `" . DB_PREFIX . "customer_online` WHERE date_added < '" . date('Y-m-d H:i:s', strtotime('-1 hour')) . "'");
$this->db->query("REPLACE INTO `" . DB_PREFIX . "customer_online` SET `ip` = '" . $this->db->escape($ip) . "', `customer_id` = '" . (int)$customer_id . "', `url` = '" . $this->db->escape($url) . "', `referer` = '" . $this->db->escape($referer) . "', `date_added` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "'");
}
}
?>
They have Replace query with SET keyword and no WHERE condition. Now I couldn't find anything similar to this anywhere to understand whats happening in this query.
If anyone knows what is happening in this query please explain with authentic source link
That are two different things. There is a REPLACE() function and a REPLACE statement.
In the code the REPLACE statement is used. It is similar to an INSERT statement, and thus has no WHERE clause.
Here's what the documentatin says:
REPLACE works exactly like INSERT, except that if an old row in the
table has the same value as a new row for a PRIMARY KEY or a UNIQUE
index, the old row is deleted before the new row is inserted.

Select coalesc max on key update?

My sql query is working fine, until I try to add the absolute last row. How can I get that part working?
INSERT INTO posts (ssp_order, ssp_id, ssp_ss_id, ssp_c_id)
SELECT COALESCE(MAX(ssp_order),0)+1 ,
" . $sspid . "," . $ssid . "," . $cid . "
FROM posts
WHERE ssp_ss_id = " . $ssid . "
ON DUPLICATE KEY UPDATE
ssp_status = 0,
ssp_order = SELECT COALESCE(MAX(ssp_order),0)+1 FROM posts
(please don't worry about the safety of the variables in there)
Reference the table used in the select statement rather than using a subquery
INSERT INTO posts (ssp_order, ssp_id, ssp_ss_id, ssp_c_id)
SELECT maxssporder ,sspid,ssid,cid from
(SELECT COALESCE(MAX(ssp_order),0)+1 as maxssporder,
" . $sspid . " as sspid," . $ssid . " as ssid," . $cid . " as cid
FROM posts p
WHERE ssp_ss_id = " . $ssid . ") q
ON DUPLICATE KEY UPDATE
ssp_status = 0,
ssp_order = q.maxssporder

My Sql queries inorder to update it

How can I update over this query
$sqlquery = UPDATE("conference",
array('area_of_expertise' => $area_of_expertise_id1,
'long_name' => $_POST['longname'],
'short_name' => $_POST['shortname'],
'description' => $_POST['textarea'],
'creator_id' => $get_id
)
);
I inserted all the need data in the conference table while making sure that it was the same data the user had chosen.
Your UPDATE query syntax is wrong.
You're not saying what table you want to update and which column of that table.
You're just saying UPDATE.
Syntax should be like :
UPDATE tableName SET column = value [ WHERE someColumn = someValue ]
Reference :
http://www.w3schools.com/php/php_mysql_update.asp
I assume you're also using PHP. Is 'UPDATE' a self-defined function? I've never come across it before.
$update = mysql_query("UPDATE conference SET area_of_expertise = '" . $area_of_expertise_id1 . "', long_name = '" . $_POST["longname"] . "', short_name = '" . $_POST["shortname"] . "', description = '" . $_POST["textarea"] . "' WHERE creator_id = " . $get_id);
I'm only assuming your table and column names by the way.
$query = "UPDATE conference SET area_of_expertise='$area_of_expertise_id1', long_name='$_POST['longname']', short_name='$_POST['shortname']', description='$_POST['textarea']' WHERE creator_id='$get_id'");
$update_value = mysql_query($query);
Hope that Helps.

Correcting an UPDATE statement (and making it more secure!)

I'm trying to a single value in my DB...When I run it through the console, it works correctly (as I'm replacing the variables with numbers and text).. However, My query is not returning a value for book ID when I insert the PHP variable for it.. It's because the book_id is unpopulated...
$query = "UPDATE books "
. "SET readstatus='".$readstatus."' "
. "WHERE book_id=".$book_id;
echo $query
The echoed query states:
UPDATE books SET readstatus='half' WHERE book_id=0
The book ID is stored in the URI as bookstatusupdate.php?book_id=
Just cannot figure this one out!
It would help to know the error. Firstly, echo out the query:
$query = "UPDATE books "
. "SET readstatus='".$readstatus."' "
. "WHERE book_id=".$book_id;
echo $query;
I would guess that $book_id is unpopulated, so the query fails. What you should really be doing to make it secure is casting integers with (int) and wrapping strings in mysqli_real_escape_string().
$query = "UPDATE books "
."SET readstatus='". mysqli_real_escape_string( $readstatus )."' "
."WHERE book_id=". (int) $book_id;
If you're trying to get data from the URL, do it like so:
$book_id = (int) $_GET['book_id'];
$query = "UPDATE books "
."SET readstatus='". mysqli_real_escape_string( $readstatus )."' "
."WHERE book_id=". (int) $book_id;
echo $query;