Insert into desk with select and embody PHP $_POST variable – PHP – SitePoint Boards

Views: 0

:

I am struggling to present you a technique to embody a POST variable as soon as I do an insert with select assertion. The code ought to decide on all clients the place they’re energetic to insert into desk, nevertheless embody the variable throughout the trainyearID column.

elseif ( $_POST['Submit'] == 'addCurrentYear' ) {
		
	$toYear = isset( $_POST['toYear'] ) ? $_POST['toYear'] : NULL;
			
	$sql = "INSERT INTO tbl_training_record (personnelID, trainyearID) 
			SELECT EmpID, $toYear 
			FROM tbl_employee 
			WHERE energetic="1" ;";	
			
	$stmt = $mysqli->put collectively($sql);
	$stmt->bind_param("i", $toYear);    
	
		if ($stmt->execute()) {
				header('Location: training_current_year.php', TRUE, 302 );
			} elseif (!$stmt->execute()) {
				echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
		}			
}

I’ve moreover tried some variation like this

$sql = "INSERT INTO tbl_training_record (personnelID, trainyearID)  VALUES ( ( SELECT EmpID 	FROM tbl_employee WHERE energetic="1" ), $toYear";

:thinking: What’s that this even attempting to do? You acquire 2 actions taking place proper right here which isn’t smart. Moreover, you should not be stuffing raw variables into your query everytime you’re using prepared statements. That’s not the best way you’re presupposed to be using prepared statements.

You’re already binding it proper right here, why are you using raw variables in your query? You must be using your placeholders to bind to.

Proper right here too. Stop stuffing raw variables in your query everytime you’re using prepared statements. You’re not using prepared statements precisely.


Other than that, your elementary topic is because you’re attempting to do 2 actions inside 1 query which isn’t smart. Plus that’s not the suitable syntax for inserting into the database. You’re missing an entire bunch after that.

SELECT INTO is a sound technique to fill a desk (from an current one), which i think about is what the OP is attempting to infer.



1 Like

You will use a prepared query place-holder ? on the extent the place you want the literal toYear price to be used.

As quickly as a kind has been submitted, aside from unchecked checkbox/radio fields, all kind fields will possible be set, regardless of the price they comprise. There’s no degree in testing if these always-set fields are set. It is advisable nonetheless trim, then validate all inputs sooner than using them. If the toYear space is empty, you almost certainly don’t must run the query the least bit, or chances are high you will must setup and use a default price, akin to the current yr.

In trendy php (8+), the default error coping with setting for the mysqli and PDO extensions is to utilize exceptions for errors (and in lower php variations you will must set the error coping with setting to utilize exceptions.) When using exceptions, not one of many discrete error coping with logic for statements which will fail – connection, query, exec, put collectively, and execute will ever get executed upon an error since execution transfers to the closest applicable sort of exception coping with in your code, or to php if there isn’t any such factor as a applicable sort of exception coping with in your code. You can on account of this reality take away any discrete error coping with logic you’ll have now. If execution continues earlier a press launch which will throw an exception, that there was no error, with out having to test.

,, https://world.discourse-cdn.com/sitepoint/genuine/3X/6/d/6dbd48feb20de08c7fcc132892f7914