Menu
Community /Pin to ProfileBookmark
@NogDogJul 03.2020 — #Remove the quotes around
Also, if you are not going to use prepared statements with bound values, I hope you are sanitizing those values before using them in the query?@NogDogJul 03.2020 — #
Actually, that's making me wonder if
As far as sanitizing goes, you do not want to use any values from external sources (form fields, cookie/session values, etc.) directly in a query, in case they contain values that will break things in the SQL (either accidentally or maliciously). Specifics on how to do that will depend on which PHP database extension you are using, and whether the use of prepared statements is an option in that extension or if you need to explicitly sanitize each value.
Search on "SQL injection" for more info on why.
A very brief explanation:[XKCD SQL injection cartoon](https://imgs.xkcd.com/comics/exploits_of_a_mom.png) . :)@NogDogJul 07.2020 — #Then you probably should verify that they are populated before you try to use them. ;)@NogDogJul 07.2020 — #
So, in the PHP it appears you then need to confirm that both of them exist with non-empty values before you try to do anything with them in the database query. Since I don't know where they come from, I cannot give specific suggestions. Find where they get set, figure out how/why they could end up either not being set or being set to an empty string. Then if it's due to a bug in your code, fix it; but if it's due to possible user error, add logic to handle it without actually trying to do the query (display an error message, maybe?). At it's simplest:
Not the only way, or even the best way, but a fairly straight-forward way, at least.
Incorrect integer value: ” for column
I have a problem with a line of sql and php code. I keep getting this error and I’m so confused as to what it is
the problem:
`Incorrect integer value: ” for column ‘ID’ at row 1
the sql code:
`CREATE TABLE` (
`` int(10) NOT NULL,
`` int(10) NOT NULL,
`` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
`` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
`` varchar(100) COLLATE utf8_unicode_ci NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
then:
`ALTER TABLE
`ADD PRIMARY KEY (
`);
ALTER TABLE`MODIFY
` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5;
`
this is the php script:
`$sql = “INSERT INTO attendanceout (out_ID, ID, time_out, date_info, Room)
VALUES (‘$out_id’, ‘$id’, ‘$time’, ‘$date’, ‘$dataSendOut’)”;
Sign in
to post a comment8 Comments(s) ↴
0
@NogDogJul 03.2020 — #Remove the quotes around $out_id$idAlso, if you are not going to use prepared statements with bound values, I hope you are sanitizing those values before using them in the query?
0
@NogDogJul 03.2020 — #>@frncskn#1620212 Incorrect integer value: '' for column 'ID' at row 1
Actually, that's making me wonder if
$idAs far as sanitizing goes, you do not want to use any values from external sources (form fields, cookie/session values, etc.) directly in a query, in case they contain values that will break things in the SQL (either accidentally or maliciously). Specifics on how to do that will depend on which PHP database extension you are using, and whether the use of prepared statements is an option in that extension or if you need to explicitly sanitize each value.
Search on "SQL injection" for more info on why.
A very brief explanation:
0
@NogDogJul 07.2020 — #Then you probably should verify that they are populated before you try to use them. ;)0
@NogDogJul 07.2020 — #>@frncskn#1620294 those values will be filled with the id when an user account is created or when he/she logs in
So, in the PHP it appears you then need to confirm that both of them exist with non-empty values before you try to do anything with them in the database query. Since I don't know where they come from, I cannot give specific suggestions. Find where they get set, figure out how/why they could end up either not being set or being set to an empty string. Then if it's due to a bug in your code, fix it; but if it's due to possible user error, add logic to handle it without actually trying to do the query (display an error message, maybe?). At it's simplest:
<i>
</i>if(trim($some_var) === '' or trim($another_var) === '') {
// display an error message here about missing required things
}
else {
// go ahead and do stuff with those variables
}
Not the only way, or even the best way, but a fairly straight-forward way, at least.