I don't know how to proceed to do the following thing on my specific table.
Let's say I have the following table param, with 3 columns tck, label, value . tck is my primary key.
The data are coming once everyday. I would like to update the value of the existing tck, and if the data sent contain a new tck, I would like to add it to the table...
I hope I'm clear enough... Thank you for your help.
The code I'm using is the following one :
<?php try {
$bdd = new PDO('mysql:host='.$_ENV['localhost'].';dbname=eip_tasks','root'); } catch(Exception $e) {
die('Erreur : '.$e->getMessage()); }
$data = $_POST['field1'];
$phpArray = json_decode($data, true); foreach ($phpArray as $u) {
//$req = $bdd->prepare('INSERT INTO param (tck, label, value) VALUES(:tck, :label, :value)');
$req = $bdd->prepare('UPDATE param SET value=:value WHERE tck=:tck');
$req->execute(array(
':tck'=>$u['tck'],
':value'=>$u['value']
)); } ?>
Here is the code I'm using now :
<?php
try
{
$bdd = new PDO('mysql:host='.$_ENV['localhost'].';dbname=eip_tasks','root');
}
catch(Exception $e)
{
die('Erreur : '.$e->getMessage());
}
$data = $_POST['field1'];
$phpArray = json_decode($data, true);
$sourceTck = array();
foreach ($phpArray as $u) {array_push($sourceTck, $u['tck']);
$req = $bdd->prepare("INSERT INTO param (tck, label, value) VALUES (:tck, :label, :value) ON DUPLICATE KEY UPDATE value=:value");
$req->execute(
array(
':tck'=>$u['tck'],
':label'=>$u['label'],
':value'=>$u['value']
)
);
}
if(count($sourceTck) > 0){
$sourceTckClause = implode("," , $sourceTck);
$req = $bdd->prepare("DELETE FROM param WHERE tck NOT IN ($sourceTckClause)");
$req->execute();
}
?>
Use ON DUPLICATE KEY syntax to update the row instead of insert (if tck was exist):
$req = $bdd->prepare("
INSERT INTO param (tck, label, value)
VALUES
(:tck, :label, :value)
ON DUPLICATE KEY UPDATE value=:value
");
Update: Also don't forget to bind :label. As your comment, To delete a data which would be in the table and not in the source, You should push source tck values to an array and then run a delete query where NOT IN your array:
$sourceTck = array();
foreach ($phpArray as $u) {
array_push($sourceTck, $u['tck']);
$req = $bdd->prepare("
INSERT INTO param (tck, label, value)
VALUES
(:tck, :label, :value)
ON DUPLICATE KEY UPDATE value=:value
");
$req->execute(
array(':tck'=>$u['tck'], ':label'=>$u['label'], ':value'=>$u['value'])
);
}
I found this answer useful to prepare and bind tck values, But for small solution, you can convert array values to int to prevent sql injection in this case:
if(count($sourceTck) > 0){
$sourceTckClause = implode("," , array_map('intval', $sourceTck));
$bdd->query("DELETE FROM param WHERE tck NOT IN ($sourceTckClause)");
}
What you want to do is called an upsert or merge. MySQL does support it.
INSERT INTO param VALUES (:tck, :label, :value)
ON DUPLICATE KEY UPDATE value = :value
-- change :label as well? , label = :label
Related
I am using a class to generate a string name profile to slug and next use an SQL command to tell me whats the unique value to use in insert command, the problem is the command isn't working properly, sometimes it is possible to return a value which already exist...
Thats the class I am using to generate the slug: (composer require channaveer/slug)
And this the example code:
use Channaveer\Slug\Slug;
$string = "john doe";
$slug = Slug::create($string);
$profile_count_stmt = $pdo->prepare("
SELECT
COUNT(`id`) slug_count
FROM
`advogados_e_escritorios`
WHERE
`slug_perfil` LIKE :slug
");
$profile_count_stmt->execute([
":slug" => "%".$slug."%"
]);
$profile_count = $profile_count_stmt->fetchObject();
if ($profile_count && $profile_count->slug_count > 0) {
$profile_increment = $profile_count->slug_count + 1;
$slug = $slug . '-' . $profile_increment;
}
echo 'Your unique slug: '. $slug;
// Your unique slug: john-doe-5
This is the content of the table when the script run:
Do you know how can I improve the select command to prevent it to return existing slugs from DB?
Ok finally found a solution... Heres the code for who wants to generate unique profile slugs using PHP - PDO and MySQL
$string = "John Doe";
$string = mb_strtolower(preg_replace('/\s+/', '-', $string));
$slug = iconv('UTF-8', 'ASCII//TRANSLIT', $string);
$pdo = Conectar();
$sql = "
SELECT slug_perfil
FROM advogados_e_escritorios
WHERE slug_perfil
LIKE '$slug%'
";
$statement = $pdo->prepare($sql);
if($statement->execute())
{
$total_row = $statement->rowCount();
if($total_row > 0)
{
$result = $statement->fetchAll();
foreach($result as $row)
{
$data[] = $row['slug_perfil'];
}
if(in_array($slug, $data))
{
$count = 0;
while( in_array( ($slug . '-' . ++$count ), $data) );
$slug = $slug . '-' . $count;
}
}
}
echo $slug;
//john-doe-1
You should check if the slug exists or not from your database. If it already exists then you can append some random string like the following
$slug = Slug::create($string);
$slugExists = "DB query to check if the slug exists in your database then you may return the count of rows";
//If the count of rows is more than 0, then add some random string
if($slugExists) {
/** NOTE: you can use primary key - id to append after the slug, but that has to be done after you create the user record. This will help you to achieve the concurrency problem as #YourCommenSense was stating. */
$slug = $slug.time(); //time() function will return time in number of seconds
}
//DB query to insert into database
I have followed the same for my blog articles (StackCoder) too. Even LinkedIn follows the same fashion.
Following is screenshot from LinkedIn URL
There are 2 tables quotedetails and quotationmaster and one common field QuoteNo. SNO is the primary key of quotation master. I want to get the maximum of sno and using it i want to insert same QuoteNo into 2 different tables.
Heres my code.
$response = '';
$customer=TableRegistry::get('quotationmaster');
$query=$customer->query();
$this->set(array('data'=>$query));
$response = $customer->find();
foreach($response as $row)
{
//echo $row['QuoteNo'];
$x++;
}
$qno = $x + 1;
$nqno = 'Q1-'.$qno;
$query->insert(['QuoteNo'])->
values(['QuoteNo'=>$nqno])->execute();
if($query)
{
$this->Flash->success('Saved');
$this->redirect(['controller'=>'Stockcheck','action'=>'index']);
}
$quotedetails=TableRegistry::get('quotationmaster');
$detquery=$quotedetails->query();
$options = $detquery->select(['QuoteNo'],['SerialNO' => $query->func()->MAX('SNO')]);
$qresponse = $quotedetails->find('all', $options);
Any helps are appreciable...
You can try to use:
echo $this->SNO->getInsertID();
echo $this->SNO->getLastInsertID();
You can use any of the above method to get the last inserted ID.
Using a joomla plugin I am trying to grab some user info from the '#__users' table and insert that info into another table '#__new_table' when the user is created.
The code is as follows
function onUserAfterSave( $user, $isnew, $success, $msg ) {
if ($isnew && $success) {
$db = &JFactory::getDBO();
$db->setQuery( 'INSERT INTO #__new_table (user_id) VALUES ('.$user['id'].')' );
$db->query();
}
}
The above works and the 'id' is copied over to the new table and is showing in the 'user_id' row. If I try the following however:
function onUserAfterSave( $user, $isnew, $success, $msg ) {
if ($isnew && $success) {
$db = &JFactory::getDBO();
$db->setQuery( 'INSERT INTO #__new_table (name) VALUES ('.$user['username'].')' );
$db->query();
}
}
Then this does not work even though the fields 'name' and 'username' exist in both tables.
Is there a better way to write this function for joomla 2.5. Also in the above examples I am just grabbing one value at a time. If I was trying to grab a few values at once from '#__users' to insert into a few fields in '#__new_table'.. how would I change the above function.
Thanks.
You should quote username value.
function onUserAfterSave( $user, $isnew, $success, $msg ) {
if ($isnew && $success) {
$db = &JFactory::getDBO();
$db->setQuery( 'INSERT INTO #__new_table (name) VALUES ('.$db->quote($user['username']).')' );
$db->query();
}
}
The easiest way to debug this problem is to print the query in the second example and paste it in phpMyAdmin and see what kind of error it will throw. My guess is that the id field in the second table cannot be null, but you are not adding it in the second example.
I'm using the following code. The code works, but I want to change it so that it uses bindparam
try {
$dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
$stqid=array();
for ($i=0; $i<$array_count; $i++){
$stqid[$i][0]=$lastInsertValue;
$stqid[$i][1]=$qid[$i][0];
$stqid[$i][2]=$qid[$i][1];
}
$values = array();
foreach ($stqid as $rowValues) {
foreach ($rowValues as $key => $rowValue) {
$rowValues[$key] = $rowValues[$key];
}
$values[] = "(" . implode(', ', $rowValues) . ")";
}
$count = $dbh->exec("INSERT INTO qresults(instance, qid, result) VALUES ".implode (', ', $values));
$dbh = null;
}
catch(PDOException $e){
echo $e->getMessage();
}
I replaced the following
$count = $dbh->exec("INSERT INTO qresults(instance, qid, result) VALUES ".implode (', ', $values));
with
$sql = "INSERT INTO qresults (instance, qid, result) VALUES (:an_array)";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':an_array', implode(',', $values),PDO::PARAM_STR);
$stmt->execute();
but the insert doesn't work anymore (I didn't get any error messages though).
QUESTION: What am I doing wrong? How can I rewrite the code to use bindParam?
You're trying to create a statement and bind a param.
Statement are great because it potentially nullify any kind of SQL injection. And it does it by removing the concept of a query being only seen as a string. The SQL query is seen as a string with a parameter list and an the associated data as binded variables.
So the query is not only text, but text + data.
I mean:
This simple query:
SELECT * FROM A WHERE val="$param"
It is not safe because the query is only viewed as a string. And if $param is not checked, it is a SQLi hole.
But when create a statement, your query becomes:
SELECT * FROM A WHERE val=:param
Then you use bindparam to specify the value a :param. Which mean the value is not appended to the query string, but the query is already parsed and the data is provided.
In your case, you bind to the param :array an imploded array (I assume "data1", "data2", etc..). Which is only one parameter with the value as a string ( "data1, data2, data3..." ), so it will only result in one insert and not multiple insertions.
You can change your statement generation by generating a query with enough parameters to handle your array
$sql = "INSERT INTO qresults (instance, qid, result) VALUES ( :val0, :val1, :val2, ...)";
Then loop on your array and call the bindparam method for each parameters.
$count = 0;
foreach($values as $val)
{
$stmt->bindParam(":val$count", $val,PDO::PARAM_STR);
$count++;
}
This will work.
Edit: This solution show how it works for a one dimensional array, but can be easily extended to your problem by tweaking the statement query generation and modify the bindparam loop.
Your statement should looks like:
$sql = "INSERT INTO qresults (instance, qid, result) VALUES (:val0, :val1, :val2) , (:val3, :val4, :val5), ...";
You just have to count the number of element in your base array.
Based on this question How to insert array into mysql using PDO and bindParam?
I'm trying to insert values of an array into mysql via PDO.
I'm having a hard time of it, because I keep getting the following error.
SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens
for this line $stmt->execute();
I'm guessing the problem has something to do with this line
$stmt->bindParam(':val$count', $val,PDO::PARAM_STR); Specifically 'val$count', but I'm not sure exactly what is going wrong.
QUESTION: What am I doing wrong? How can I fix this?
Anyway here is the code I'm using along with the sample array.
$lastInsertValue=87;
$qid[0][0]=1;
$qid[0][1]=1;
$qid[1][0]=2;
$qid[1][1]="null";
$qid[2][0]=3;
$qid[2][1]=0;
$array_count = count($qid);
if (isset($lastInsertValue))
{
try
{
$dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
$stqid=array();
$a=0;
for ($i=0; $i<$array_count; $i++)
{
$stqid[$a]=$lastInsertValue;
$a++;
$stqid[$a]=$qid[$i][0];
$a++;
$stqid[$a]=$qid[$i][1];
$a++;
}
$sql = "INSERT INTO qresults (instance, qid, result) VALUES ( :val0, :val1, :val2)";
$count = 0;
$stmt = $dbh->prepare($sql);
foreach ($stqid as $val)
{
$stmt->bindParam(':val$count', $val,PDO::PARAM_STR);
$count++;
}
$stmt->execute();
$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
Yikes, so many issues.
Your array building is so verbose. Try this
$stqid = array();
foreach ($qid as $qidArr) {
$stqid[] = $lastInsertValue; // no idea why you repeat this
$stqid[] = $qidArr[0];
$stqid[] = $qidArr[1];
}
Use positional placeholders if you're simply relying on number of arguments
$sql = 'INSERT INTO ... VALUES (?, ?, ?)';
bindParam uses references which you are overwriting with each loop iteration. You would want to use bindValue() instead
Your query only has 3 placeholders but your $stqid array has 9 items. This is the source of your error.
You have single quotes around a variable, which will be treated as the variable name $count (not the value), try concatenating the variable to the string. Give this a try:
$stmt->bindParam(':val' . $count, $val,PDO::PARAM_STR);
for ($i=0; $i<$array_count; $i++)
{
$stqid[$a]=$lastInsertValue;
$a++;
$stqid[$a]=$qid[$i][0];
$a++;
$stqid[$a]=$qid[$i][1];
$a++;
}
so in case $i = 2, it will add $stqid[6], $stqid[7], $stqid[8] so
foreach ($stqid as $val)
{
$stmt->bindParam(':val$count', $val,PDO::PARAM_STR);
$count++;
}
will give you :val0 to :val8
In your query you have only :val0 to :val2.
Also having multiple values in one field in database is bad. Don't do it. Try to redesign your DB differently
EDIT: bad math in the morning... sorry