sql statement in PHP doesn't update the Database [closed] - php

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 1 year ago.
Improve this question
When I put a number myself the database gets updated to Success but when I try to access the same number from $_POST It complete the transaction but doesn't affect the rows even thought it's using the same number.
Example of a query that works perfectly and updates the database
$sql = "UPDATE `transactions` SET `status` ='Success' WHERE `transactions`.`txn_id` = 65765756";
Example of a query that doesn't work
$sql = "UPDATE `transactions` SET `status` ='Success' WHERE `transactions`.`txn_id` = ".$_POST['m_payment_id'];

First, check what's in the value, and make sure it is the same as what you are manually entering.
var_dump($_POST['m_payment_id'])
Second, the code without any other checks is a SQL injection vulnerability.
You could convert the value into an integer to protect against this, e.g. intval($_POST['m_payment_id'])
Ideally though, you would be using bindings.

Related

How to get only a text corresponding to the id from MySQL and store it as a variable in PHP [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
I'm a begginer to PHP and I want to know how can I fetch some text from the corresponding ID and store it as a variable in PHP.
The table is like
ID----NAME----ACCOUNT----PASSWORD
1----name1----accont1----password2
2----name2----accont2----password2
3----name3----accont3----password3
Now if I want to get the account2 as text and save it in an variable (say acc2) then what should I do. Assuming that I have connection information in connect.php.
Edit: I want to select the account2 using the ID like from ID 2 select account.
Thanks In Advance!!!
Assuming you use MySQL, the table is named users and you are using PDO, this would get what you need:
$stmt = $conn->query("SELECT * FROM users WHERE ID = 2");
$row = $stmt->fetch()
$account = $row['ACCOUNT']

SQL query doesnt find exact name from database [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 4 years ago.
Improve this question
SELECT * FROM hge_funcionarios
JOIN hospitais
ON hge_funcionarios.hospital_id = hospitais.id_hospitais
JOIN funcoes
ON hge_funcionarios.funcao_id = funcoes.id_funcoes
WHERE nome LIKE '%$search%'
ORDER BY hospital_id DESC
When I try the exact name from the database doesnt show up any results.
If i search "Larissa" or "LARISSA", I get no results even in my database having "LARISSA CAMPOS".
If I try "lar" or anything like this I can find it, but when it gets too close to the name on database like "LARISS" I can't find it any more.
I tried collate and charset but no success.
EDIT: Its not a Query error with ambiguous column name in SQL because column names are distinct.
I'm writing this answer since it's not possible to show it in the comments. Feel free to disregard it.
The problem you are facing seems to be related to the injection of parameter values into your SQL query. The easy (dangerous) way is to simply concatenate strings, as in:
$stmt = $conn->prepare(
"select * from my_table where name = '" . $param1 . "'");
Even though it works for simple cases, your case is more complicated, and confusing. Most of the time you'll use Prepared Statements as in:
$stmt = $conn->prepare("select * from my_table where name = ?");
$stmt->bind_param("sss", $param1);
This way, the parameter will be injected the right way. In your case you'll need to prepend and append % to your parameter, since it'll be used for a LIKE operator.
WHERE nome LIKE '%$search%'
May be $ is the Reason.Try Like : WHERE nome LIKE '%search%'

SQL Insert and Select (Simple) [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I believe it has to be simple, but I'm totally green in SQL.
I will include pictures of the database so it will be easier to imagine.
I use it in my PHP code that is accessed by Flash to enter data into the database.
This is my code which doesn't work:
$sql = "SELECT * FROM users
WHERE username = '$username' AND password = '$password'
INSERT INTO users (contactlist) VALUES ('$xmlcontactlist1')";
I want the data from variable $xmlcontaclist1 were entered to 'contactlist' column but to specific User (based on their Name and Password). Somehow when the code was doing something it was creating NEW empty space in the database with just contactlist instead of adding it for each user.
Database Screenshot
Try this one:
$sql = "UPDATE users
SET contactlist = '$xmlcontactlist1'
WHERE username = '$username'
AND password = '$password'";
But this is a bad practice. You can get SQL injections with this code. Read this post here to prevent this: How can I prevent SQL injection in PHP?

Updating MySQL boolean (tinyint) value from php [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have a bit of a problem with a script I'm writing.
$sql ="UPDATE users SET adagio = 1 WHERE username = '$_SESSION[username]'";
The main problem here is that, while I've tested that
this part of the code will run
I've successfully connected to the correct server
3) $_SESSION[username] gives me the the correct username,
the database isn't updated when I run the code. adagio is a boolean (well, a tinybit, really), and I've uploaded my phpMyAdmin screen of the database here:
(http://imgur.com/HUFdx0p)
I'm not entirely sure why it isn't working, and although I've searched online and found similar threads, there wasn't a fix in any thread that worked for me. I'm wondering if one of you could possibly see what I'm doing wrong here?
Edit extra:
if(($_POST['adagio']) == 1){
$sql ="UPDATE users SET adagio = 1 WHERE username = '$_SESSION[username]'";
}
$_SESSION[username] is almost certainly a string so it must be in quotes:
$sql ="UPDATE users SET adagio = 1 WHERE username = '$_SESSION[username]'";
FYI, MySQL would be happy to tell you about SQL errors if you check for them. You should be using the appropriate error reporting functions in whatever MySQL library you are using.
Can you try this.
if (1 == $_POST['adagio']) {
$sql = sprintf ( "UPDATE users SET adagio = 1 WHERE username = '%s'", mysql_escape_string($_SESSION['username']) );
}

I need to join two tables in php [closed]

Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I need to insert image row from table 'users2' to 'allbets'. But suddenlly this code don't working and I don't know why.. What is wrong with this?
$q2 = $pdo->prepare('INSERT INTO allbets (image) SELECT users2.image FROM users2 WHERE username = ?');
$q2->bindValue(1, $_SESSION['name']);
$q2 -> execute();
This code did not suddenly stop working, it never could have worked with its present query syntax. Change the query to this -
$q2 = $pdo -> prepare('INSERT INTO allbets (user, bet, komanda, teams, cof, data, image) VALUES ($user, $bet, $komanda, $teams, $cof, $data, (SELECT `users2`.`image` FROM `users2` WHERE `username` = ?));
Do yourself a service and error checking to your PHP code and to your PDO. This will let you know where to look when errors occur.

Categories