Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite
1

I have part of the code below: 

while($array = $result->fetch_assoc() ){


    $second_query = "INSERT INTO".TBL_USERSDONTPAY."VALUES ($array[\"username\"], $array[\"password\"], '0',$array[\"userid|\"], )";

$second_result = $database->query($second_query);

}

The query doesn't seem to work. Any clues? I think it's a problem with the quotes or something. How can actually pass array elements?

here is my whole code i want to move one row to another table 

$q = "SELECT * FROM ".TBL_USERS." WHERE username = '$subuser'"; 
          $result = $database->query($q); 

          if($result && $result->num_rows == 1){
              while($array = $result->fetch_assoc() ){
                  $second_query = "INSERT INTO" . TBL_USERSDONTPAY . "VALUES ('" . $array['username'] . "', '" . $array['password'] . "', '0', '" . $array['userid'] ."')";


                  $second_result = $database->query($second_query);
                  if($second_result){
                      // it worked!
                      $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
                      $database->query($q);
                  }
            }
          }
share|improve this question
3  
Looks like you need some spaces: ... "INSERT INTO ".TBL_USERSDONTPAY." VALUES ... – Andrew Jun 19 '12 at 19:40
you should update your question to reflect that the query is working now, but does not insert a row actually. – Kaii Jun 19 '12 at 20:02

2 Answers

up vote 2 down vote accepted

I see several issues with your query code

  1. escaping of the array indexes in your string:

    you can either end the string and concatenate the parts together:

    $second_query = "INSERT INTO " . TBL_USERSDONTPAY . 
                " VALUES ('" . $array['username'] . "', '" . $array['password'] . "', '0', '" . $array['userid'] . "')";

    or use the {$var} syntax: 

    $second_query = "INSERT INTO " . TBL_USERSDONTPAY . 
                " VALUES ('{$array['username']}', '{$array['password']}', '0', '{$array['userid']}')";

  2. missing spaces (see example code above .. you were missing the spaces before and after the table name)

  3. missing field names. your query may work without if you specify all fields in the right order, but will fail misteriously when you alter the table later (e.g. add a field to the table)

    $second_query = "INSERT INTO " . TBL_USERSDONTPAY . 
                " (username, password, foo, user_id)".
                " VALUES ('{$array['username']}', '{$array['password']}', '0', '{$array['userid']}')";

    please note you should actually insert the correct field names in the second line of my example above. You can find more information on this in the MySQL docs for INSERT

share|improve this answer
after making some expiriments i found out that it cant pass that line of code if($result && $result->num_rows == 1) so whats problem with that? – Mpampinos Holmens Jun 19 '12 at 20:15
thanks for that i'll fix them – Mpampinos Holmens Jun 19 '12 at 20:15
@MpampinosHolmens possibly there is more than one row returned with the same username - you check for num_rows == 1. Did you make sure that usernames are UNIQUE using a unique key in the table definition? check your data. – Kaii Jun 19 '12 at 20:19
2  
Apart from the fact that your query is screaming for SQL injection, you may examine the result of calling mysql_error() after calling mysql_query(...) (or $database->query(...) in your case) to see what's going wrong. – Bart Jun 19 '12 at 20:36
1  
If this is the first time you're using php (is it?) I'd suggest that you do it right from the start by using PDO and prepared statements. This is far better than using mysql_query and having to escape everything yourself. Unfortunately the latter is how most people start (minus the escaping...). Google is your friend here (as is Stackoverflow, try searching first, the truth is out here :) – Bart Jun 19 '12 at 21:33
show 4 more comments
up vote 3 down vote

You need to clean that query up and remove the final comma.

$second_query = "INSERT INTO " . TBL_USERSDONTPAY . " VALUES ('" . $array['username'] . "', '" . $array['password'] . "', '0', '" . $array['userid'] . "')";
share|improve this answer
ok now it's ok the query works but doesn't changes my usersdontpay table – Mpampinos Holmens Jun 19 '12 at 19:46

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.