I've got an issue regarding my UPDATE statement. When I want to update a column, it just doesn't let me to do that.
I tried to use a binded value for updating the column, I expected for it to change it but it didnt do that.
I wanted it to update the column which was the thing that I expected, but it didnt work.
Here's the code that I am struggling with:
$updatecolor = $conn->prepare("UPDATE avatar SET :part=:color WHERE user_id=:id");
$updatecolor->bindParam(':part', $part, PDO::PARAM_STR);
$updatecolor->bindParam(':color', $color, PDO::PARAM_STR);
$updatecolor->bindParam(':id', $myu->id, PDO::PARAM_INT);
$updatecolor->execute();
You can't bind param the name of a column. Perhaps use if statements to do this correctly.
if($part == "soandso"){
$updatecolor = $conn->prepare("UPDATE avatar SET soandso=:color WHERE
user_id=:id");
$updatecolor->bindParam(':color', $color, PDO::PARAM_STR);
$updatecolor->bindParam(':id', $myu->id, PDO::PARAM_INT);
$updatecolor->execute();
} elseif($part == "soandso2"){
// you get the idea
Related
Alright so this bugs the crap out of me, and I can't seem to find anything in the PHP documentation, nor anywhere in the Google resultosphere, so maybe someone can help here.
I'm trying to make a simple request to a database to return a varchar(30).
Code:
$qryID = "select idPhotos from housesphotos where idHouse = ?";
//Prepare the query
$stmt = mysqli_prepare($link, $qryID);
$x = 106;
//Bind the login parameter to the statement
if(mysqli_stmt_bind_param($stmt, "i", $x)){
if(mysqli_stmt_execute($stmt)){
//Bind every column in the select
if(mysqli_stmt_bind_result($stmt, $photoID)){
// $photoID = mysqli_stmt_fetch($stmt);
echo $photoID;
}
}
}
if(empty($photoID)){
printf("EMPTY");
}
As you can guess the output was EMPTY. I have tried using this solution: Strange issue with mysqli_stmt_bind_result but it did not work.
To make sure that everthing was suppost to go correctly I have made the query in the mysql and it worked wonders:
select idPhotos from housesphotos where idHouse = 106
OUTPUT:
591219e92b2fe_591219e92b302
The housephotos is a varchar(30) field. I'm not sure if it's the field type that is messing with the return value. I'm not sure also if it's the connections that I made earlier on the code but I have tried unset($stmt) and other variables to solve the problem but it's not working.
Is this some kind of bug with mysqli_stmt_bind_result() or just a new person's mistake?
You're not actually fetching the results - you commented the mysqli_stmt_fetch() out. The fetch also returns a boolean, not the actual results. Uncomment that line, and remove the variable assignment to it.
$qryID = "select idPhotos from housesphotos where idHouse = ?";
//Prepare the query
$stmt = mysqli_prepare($link, $qryID);
$x = 106;
//Bind the login parameter to the statement
if(mysqli_stmt_bind_param($stmt, "i", $x)){
if(mysqli_stmt_execute($stmt)){
//Bind every column in the select
if(mysqli_stmt_bind_result($stmt, $photoID)){
mysqli_stmt_fetch($stmt); // Remove the comment and variable assignment
echo $photoID;
}
}
}
If you still don't get any results, it might be because the number of rows returned was zero (you can check that with $stmt->num_rows after executing), but since you said the query worked in phpMyAdmin, it's likely that there's some sort of error you're ignoring. To check for errors, add an else to your if conditions, and log $stmt->error inside.
http://php.net/manual/en/mysqli-stmt.fetch.php
It seems that PHP 5.4 (at least the way it's installed on Comcast servers) has a bug that causes bind-result to fail on a varchar field. Changing the field definition to "text" solves the problem.
I am trying to get this script to run, but I fail on a very simple stupid thing that has kept me getting further for the past 2 hours.
I have written a PDO statement in a function of a class that inserts a bunch of integers in a mysql db.
If I call on the function from a file using
$result->createResult(0, 0, 0,0,0,0,0,"1234",0);
it does not work.
If I use
$result->createResult(1, 1, 1,1,1,1,1,"1234",1);
it runs just fine!
the function that created the mysql entry is
public function createResult($id, $pp_id, $i_id, $ii_id, $cs_id, $ed_id, $em_id, $l_id, $ud_id){
if ($this->databaseConnection()) {
$query_new_result_insert = $this->db_connection->prepare('INSERT INTO results (id, pp_id, i_id, ii_id, cs_id, ed_id, em_id, l_id, ud_id, created_at) VALUES(:id, :pp_id, :i_id, :ii_id, :cs_id, :ed_id, :em_id, :l_id, :ud_id, now())');
$query_new_result_insert->bindValue(':id', $id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':pp_id', $pp_id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':i_id', $i_id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':ii_id', $ii_id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':cs_id', $cs_id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':ed_id', $ed_id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':em_id', $em_id, PDO::PARAM_INT);
$query_new_result_insert->bindValue(':l_id', $l_id, PDO::PARAM_STR);
$query_new_result_insert->bindValue(':ud_id', $ud_id, PDO::PARAM_INT);
$query_new_result_insert->execute();
}
}
this seems to crash on 0 values. if I check (empty($i_id)) it returns true.
I can't get my head around this! Could anyone be so kind to help?
Ok, I finally figured it out...
It wasn't the table structure, but the empty check...
empty returns true on value 0 as described here
I know this topic has been discussed a lot in stackoverflow but I've read all topics I couldn't find a solution.
I've got this function which should update a mysql database. It justs do not do nothing, and do not show any errors. As you see I use PDO. I've seen lots of question similar to mine in stackoverflow, and tried their solution but none of them seems to work.
I've checked that all variables that I pass to this function arrive and are correct.
public function updateValues($coreID, $table, $name, $time){
if ($this->databaseConnection()) {
$query_edit_user_name = $this->db_connection->prepare("UPDATE :tableT SET time = :timeT, name = :nameT WHERE id = :coreID");
$query_edit_user_name->bindValue(':coreID', trim($coreID), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':tableT', trim($table), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':nameT', trim($name), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':timeT', trim($time), PDO::PARAM_INT);
$query_edit_user_name->execute();
}
}
I've been trying to add´´ or '' to different rows names or values but didn't worked. The only way it "works" is if there isn't a single PDO parameter:
$query_edit_user_name = $this->db_connection->prepare("UPDATE table1 SET time = '55', name = 'name1' WHERE id = 'core2'");
Any ideas?
You can't use a bind value or parameter for a table name.
$query_edit_user_name = $this->db_connection->prepare("UPDATE :tableT SET time...
^^^^^^^
Try this instead:
public function updateValues($coreID, $table, $name, $time){
if ($this->databaseConnection()) {
$query_edit_user_name = $this->db_connection->prepare("UPDATE `$table` SET time = :timeT, name = :nameT WHERE id = :coreID");
$query_edit_user_name->bindValue(':coreID', trim($coreID), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':nameT', trim($name), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':timeT', trim($time), PDO::PARAM_INT);
$query_edit_user_name->execute();
As has been pointed out in the comments, a dynamic table name is open to a possible injection, depending on where the table name is derived from.
Either, escape the table name before preparing the statement with something like:
$table = str_replace(array('\\',"\0" ,'`'), '', $table);
Or, use a whitelist method:
$allowed = array('table1', 'table2');
if (in_array($table, $allowed)) {
// prepare and execute query
}
I can't get this code to update my, mysql database.
$SQL = $odb -> prepare("UPDATE `LB` SET `running` = `running` + 1 WHERE `url`= :url");
$SQL -> execute(array(":url"=> $url ));
May someone please help, I have searched for this and couldn't find something like this.
Don't do :url in your array, there is no need for it.
You can also use a question mark in place of your =:url like so:
url=?
Then in your array, you can either place a direct value:
$SQL->execute(array($url));
Or you can bind values incrementally:
$SQL->bindValue(1, $url, PDO::PARAM_INT);
$SQL->execute();
Except, instead of using PDO::PARAM_INT, you would use your own parameters...
So I'm guessing in your instance you would use PDO::PARAM_STR
Hopefully this helps :)
I have two inserts on a processing page. The first works without a hitch. The second will not even activate. I even tried putting a PDO query to see if it would work but still nothing.
$cpinsert = $db->prepare('insert into Chatposts values (0, :chatid, :name, :url, :text, now(), :ipaddress, 0)');
$cpinsert -> bindParam(':chatid', $chatroomid, PDO::PARAM_INT);
$cpinsert -> bindParam(':name', $name, PDO::PARAM_STR);
$cpinsert -> bindParam(':url', $url, PDO::PARAM_STR);
$cpinsert -> bindParam(':text', $text, PDO::PARAM_STR);
$cpinsert -> bindParam(':ipaddress', $ipaddress, PDO::PARAM_STR);
$cpinsert -> execute();
// Needs an error checker
$cpid = $cpinsert ->lastInsertID();
$cpinsert->closeCursor();
^ That works fine, though I don't know about the lastinsertid since I cannot test it.
\V/ Nothing in there will execute no matter what I try. Something is preventing anything there from executing or I didn't close the above's connection properly.
// Targets Insert
//if (isset($target)):
$query = "insert into Targets values (9,'rommel')";
$db->query($query);
$targetinsert = $db->prepare('insert into Targets values (:cpid,:tname)');
foreach ($target as $tname):
$targetinsert -> bindParam(':cpid', $cpid, PDO::PARAM_INT);
$targetinsert -> bindParam(':tname', $tname, PDO::PARAM_STR);
endforeach;
$targetinsert -> execute();
//endif;
I have tried everything I know of and no luck. It is quite possible I did a minor mistake since I am new to PDO. Closecursor didn't seem to do anything either when I added it in.
You said you need to do execute many inserts, but for some reason you are executing your query only once.
Also, please remove these try..catch things from your code - they are the reason why you have no idea what's going wrong
I had to recreate a half functional model of my page but I found the problem, it was lastinsertid(). I was applying a PDOstatement class on a PDO class.
Before:
$cpid = $cpinsert->lastInsertID();
After:
$cpid = $db->lastInsertID();
I just had to call the Database instead of the prepare with that line of code.