I am inserting value which contains & character, but the value breaks after & while it's inserted in database. Can anyone please help me to insert value with & character?
My filed's datatype is varchar(50) and collation is utf8_general_ci.
I have used code:
NSString *strUr=[NSString stringWithFormat:#"%s%s?event_name=%#&id=%#",ServerPath,URLAddEvent,eventName,ID];
strUr = [strUr stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSLog(#"url : %#",strUr);
request=[NSMutableURLRequest requestWithURL:[NSURL URLWithString:strUr]];
con=[[NSURLConnection alloc]initWithRequest:request delegate:self];
if(con)
{
webdata=[NSMutableData data];
}
in my ios code.
Any needful help will be appreciated.
You can escape any special characters.
you need to identify them using string manipulation and then create the sql accordingly.
See My fiddle.
Inserting into table:
INSERT INTO Table1
(`id`, `col1`)
VALUES
(1, 'test\&'),
(2, 'special character \''),
(3, 'speacial character \"'),
(4, 'test'),
(5, 'testing'),
(6, 'test')
;
Selection from table:
select * from Table1 where col1 like '%&%' or col1 like '%\'%'
Related
I am trying to insert values coming from a select and variable :
INSERT INTO routeur (`codeAdherent`, `quantiteArticle`, `dateFin`) VALUES
(SELECT `codeAdherent` FROM adherents WHERE categorie = 'G', `quantiteArticle` = $a, `dateFin`= $b);
Write it with and without VALUES, with and without IN, with and without brackets but I always get an synthax error.
Where is my mistake?
Try below:
INSERT INTO routeur (codeAdherent, quantiteArticle, dateFin)
SELECT codeAdherent, #a, #b FROM adherents WHERE categorie = 'G'
You have to read carefully the INSERT syntax because you have got many errors.
This is the right syntax:
INSERT INTO routeur (codeAdherent, quantiteArticle, dateFin)
SELECT codeAdherent, '$a', '$b'
FROM adherents
WHERE categorie = 'G'
PS: To avoid the SQL Injection you should use Prepared Statements
You can try this out :
INSERT INTO routeur (codeAdherent, quantiteArticle, dateFin) VALUES
(SELECT codeAdherent FROM adherents WHERE categorie = 'G', $a, $b);
Here it is..
Foreach ($data as $x) {
$mydata = implode( ", ", $x);
$sql = "INSERT INTO `wp_realty_listingsdb` (`listingsdb_id`, `user_id`,
`class_id`, `MLS`, `DOM`, `Zip`, `Status`) VALUES($id, 1, 1, $mydata);";
echo "$sql<br>";
$id++;
}
Keep in mind this is a simplified example and there will be over 200 fields being imploded for insertion.. so there might be as many as 100+ character variables that will require tick encapsulation so if the implode won't do it then it could get complicated..
End result of echo the resultant sql..
Line 1:
INSERT INTO `wp_realty_listingsdb` (`listingsdb_id`, `user_id`,
`class_id`, `MLS`, `DOM`, `Zip`, `Status`) VALUES(2, 1, 1, 1475566, 626,
89005, Sold);
Line 2:
INSERT INTO `wp_realty_listingsdb` (`listingsdb_id`, `user_id`,
`class_id`, `MLS`, `DOM`, `Zip`, `Status`) VALUES(3, 1, 1, 1485995, 492,
89005, 'Sold');
PROBLEM: To use php insert the character variables require that it have a tick on each side of the variable like 'Sold' as you see in line 1 it will not put the tick on implode.. Line 2 is an example of where i manually added the tick.. and it works fine.. Is there anyway to have the implode add the ticks around any character variables... w/o extensive additional programming.
$xt = array_map(function($x){ return "'$x'";}, $x);
$mydata = implode( ", ", $xt);
Apart from that the code is probably vulnerable to SQL injection.
I have a .sql file that I am importing into my database using phpmyadmin. Each time I have been going through the long list of values and changing the ID so it doesn't conflict with another entry. Since I don't care what the ID is, is there any way to have that auto generated?
Example:
INSERT INTO `my_column` (`id`, `valueone`, `valuetwo`) VALUES
(1, 'some value A', 'some value B'),(2, 'some value C', 'some value D'),(3, 'some value E', 'some value F');
So in the above code, I don't want to type in the "1", "2", and "3".
Can I just leave this blank for it to auto generate? Or is there a symbol that I add instead?
Thanks!
Add AUTO_INCREMENT to id column and remove it from the insert Statement:
INSERT INTO `my_column` ( `valueone`, `valuetwo`) VALUES
( 'some value A', 'some value B'),( 'some value C', 'some value D'),(...
I am trying to insert a record in mysql database using the following query, but getting the #1064-sql syntax error.
INSERT INTO RESOURCES(ID, NAME, RESTYPE, CONTENT) VALUES('4', 'Printer.TicketTotal', 0, LOAD_FILE('/home/anand/Openbravo-POS/main/src-pos/com/openbravo/pos/templates/Printer.TicketTotal.xml));
INSERT INTO RESOURCES(ID, NAME, RESTYPE, CONTENT) VALUES('4', 'Printer.TicketTotal', 0, $FILE{/home/anand/Openbravo-POS/main/src-pos/com/openbravo/pos/templates/Printer.TicketTotal.xml});
You miss ' at the end of file name -
INSERT INTO RESOURCES(ID, NAME, RESTYPE, CONTENT) VALUES
('4',
'Printer.TicketTotal',
0,
LOAD_FILE('/home/anand/Openbravo-POS/main/src-pos/com/openbravo/pos/templates/Printer.TicketTotal.xml'));
Getting driven crazy by this one...
I'm trying to insert a number of rows into a D6 database with a single db_query call. I've collected the rows as a set of strings, and have then collected them into one big string, something like so:
$theData = "(1, 2, 'a'), (3, 4, 'b'), (5, 6, 'c')";
db_query("insert into {table} (int1, int2, str) values %s", $theData);
($theData isn't typed like that in my code; it's the result of the code I've written -- a big string containing sets of values wrapped up in parens.)
When this runs, I get an error like:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'insert into
table (int1, int2, str) values (1,2,\'a\' at line 1 query: insert into
table (int1, int2, str) values (1,2,\'a\'),(3,4,\'n\'),(5,6,\'c\')...
So, db_query or somebody else is escaping the strings before passing the values of to mysql. How do I keep this from happening? I could do individual queries for each set of data, but that's wrong/expensive for all the obvious reasons. Thanks!
$theDatas = array("(1, 2, 'a')", "(3, 4, 'b')", "(5, 6, 'c')");
foreach($theDatas as $data) {
db_query("insert into {table} (int1, int2, str) values %s", $data);
}
But it's not recommend to do that, instead of this you should:
$theDatas = array(array(1, 2, 'a'), array(3, 4, 'b'), array(5, 6, 'c'));
foreach($theDatas as $data) {
db_query("insert into {table} (int1, int2, str) values (%d, %d, '%s')", $data[0], $data[1], $data[2]);
}
Or you can serialize($theData) and put it "text" format field as one value, then use unserialize() for restoring array - this way is recommend if you want only store data (no searching, indexing etc).