I have two tables, one 'comment' and the other 'pendingcomment'. I want when I copy the data of the 'pendingcomment' in the 'comment' table then that data should be deleted from the 'pendingcomment' table.
This is my code.
<?php
include '../conn.php';
$id = $_GET['id'];
// sql to Insert and delete a record
$sql = "INSERT INTO comment (blogid, name, email, subject, message, date) SELECT blogid, name, email, subject, message, date FROM pendingcomment WHERE id= $id";
$sql .= "DELETE FROM pendingcomment WHERE id=$id";
if (mysqli_multi_query($conn, $sql)) {
// mysqli_close($conn);
header('Location: ../pendingcomments.php'); //redirect to the pending page
exit;
}
else {
echo "Error deleting record ";
}
?>
Result: Error deleting record
NEVER USE mysqli_multi_query()!!!
This function is extremely unsafe and causes a lot more problems than it solves. In fact, it doesn't solve any problems, it just creates more. You can't run queries at the same time from PHP! It is impossible to do so without threading or parallelization. If you need something like this then you can check out Swoole or ReactPHP but it's probably not needed in your case.
When executing queries you need to execute them one after another using prepared statements. This is how it should be done properly:
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli('localhost', 'user', 'password', 'test');
$conn->set_charset('utf8mb4'); // always set the charset
$id = $_GET['id'];
// begin atomic transaction
$stmt = $conn->begin_transaction();
// prepare statement for insert
$stmt = $conn->prepare('INSERT INTO comment (blogid, name, email, subject, message, date) SELECT blogid, name, email, subject, message, date FROM pendingcomment WHERE id= ?');
$stmt->bind_param('s', $id);
$stmt->execute();
// prepare statement for delete
$stmt = $conn->prepare('DELETE FROM pendingcomment WHERE id=?');
$stmt->bind_param('s', $id);
$stmt->execute();
// commit transaction
$conn->commit();
header('Location: ../pendingcomments.php'); //redirect to the pending page
exit;
The transaction ensures atomicity of the operations as long as your DB engine is InnoDB or a similar transaction engine. MyISAM is not. Remember to enable mysqli error reporting or it won't work.
Related
I have a little project which have item management and log history.
Item Management
Item Log
My problem is if I delete the data the last item name that I added is getting inserted in log history instead of the item name that I deleted.
How can I fetch the last item name that I deleted?
Here is my codes on delete button
if(isset($_GET['delete'])) {
$the_item_management_id = $_GET['delete'];
$query = "DELETE FROM item_management WHERE item_management_id = {$the_item_management_id}";
$delete_query = mysqli_query($connection, $query);
$query1 = "INSERT INTO item_management_log (item_code_id, item_name, deleted_stock) VALUES ('$item_code_id', '$item_name', 'deleted $item_name from the stock')";
mysqli_query($connection, $query1);
header("Location:inventory_management.php");
}
I believe you could do this:
if (isset($_GET["delete"])) {
mysqli_begin_transaction($connection); // Using transactions.
// Execute log insertion first.
$stm_log = mysqli_prepare($connection, "INSERT INTO item_management_log (item_code_id, item_name, deleted_stock) VALUES (?, ?, ?)");
$log_message = "deleted $item_name from the stock";
mysqli_stmt_bind_param($stm_log, "iss", $item_code_id, $item_name, $log_message);
mysqli_stmt_execute($stm_log);
// Remove the item later.
$stm_delete = mysqli_prepare($connection, "DELETE FROM item_management WHERE item_management_id = ?");
$the_item_management_id = $_GET["delete"];
mysqli_stmt_bind_param($stm_delete, "i", $the_item_management_id);
mysqli_stmt_execute($stm_delete);
if (mysqli_stmt_affected_rows($stm_delete) > 0) {
mysqli_commit($connection);
} else {
mysqli_rollback($connection); // Undo everything if nothing was deleted.
}
header("Location:inventory_management.php");
}
Why Transactions
You should use transactions because you probably want to log something that actually happened, and so you can abort (through rollback) recording the log if there is an error deleting the item. This way, you won't have an inaccurate log in the database.
Note
I also used mysqli_stmt_affected_rows which makes it possible to know the number of affected records and thus know if an item was really deleted or not.
Also, I believe you should use PDO instead of mysqli, which is a friendlier api. Or at least you should use the mysqli's object-oriented style, which will make your code cleaner and easier to understand.
I am using the below code to grab a users ID from another table and creating a new record in this table. in the same row there is a field called action and I would like to insert either 'Log-In' or 'Log-Out' in this field for the same record.
my question is im not sure how to incorporate it with the code below without the database creating a new blank line
try{
// check for user ID in sessions table and apply to new session_log record
$sql = "INSERT INTO session_logs (USER_ID, first, last, email) SELECT USER_ID, first, last, email FROM sessions WHERE email=:email";
$stmt = $pdo->prepare($sql);
// Bind parameters to statement
$stmt->bindParam(':email', $_REQUEST['email']);
// Execute the prepared statement
$stmt->execute();
} catch(PDOException $e){
die("ERROR: Could not able to execute $sql. " . $e->getMessage());
}
Unfortunately, Table and Column names CANNOT be replaced by parameters in PDO so you cant just bind the SELECT column as a value or similar, however, you can manipulate the string yourself to add in the required value like so:
$action = 'Log-In'; // if you get this value from user input in any way, be sure to sanitize it with something like `mysqli_real_escape_string`
$sql = "INSERT INTO session_logs (USER_ID, first, last, email, action) SELECT USER_ID, first, last, email, '$action' FROM sessions WHERE email=:email";
I am trying to build an override feature so users can manually remove a MySQL table row if they have the correct rights to do so. The user is prompted to input the same credentials used for program login as well as the uniqueID for the row that needs to be removed. Upon hitting the 'Submit' function, I run a series of if statements/ MySQL SELECT statements to check credentials, user rights and finally row Deletion with the result output as an alert.
However, my alert shows up blank and the row is not removed so I know there is a problem with my if statements. Upon testing, I believe the problem is when I try to use the previous query's results to run the next if statement logic.
How do I properly determine if the MySQL query returned a row using prepared statements?
All help is appreciated! Thank you!
My CODE:
if ((isset($_POST['overrideUsername'])) and (isset($_POST['overridePassword'])) and (isset($_POST['overrideUniqueID']))) {
$overridePasswordInput = $_POST['overridePassword'];
$overrideUsername = $_POST['overrideUsername'];
$overridePassword = ENCODE(($overridePasswordInput).(ENCRYPTION_SEED));
$roleID = '154';
$overrideUniqueID = $_POST['overrideUniqueID'];
//connect to the database
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if(mysqli_connect_errno() ) {
printf('Could not connect: ' . mysqli_connect_error());
exit();
}
$conn->select_db($dbname);
if(! $conn->select_db($dbname) ) {
echo 'Could not select database. '.'<BR>';
}
$sql1 = "SELECT users.id FROM users WHERE (users.login = ?) AND (users.password = ?)";
$stmt1 = $conn->prepare($sql1);
$stmt1->bind_param('ss', $overrideUsername, $overridePassword);
$stmt1->execute();
$stmt1->bind_result($userID);
//$result1 = $stmt1->get_result();
if ($stmt1->fetch()) {
$sql2 = "SELECT * FROM rolestousers WHERE (rolestousers.userid = ?) AND (rolestousers.roleid = ?)";
$stmt2 = $conn->prepare($sql2);
$stmt2->bind_param('ss', $userID, $roleID);
$stmt2->execute();
$stmt2->store_result();
if ($stmt2->fetch()) {
$sql3 = "DELETE * FROM locator_time_track_out WHERE locator_time_track_out.uniqueid = ?";
$stmt3 = $conn->prepare($sql2);
$stmt3->bind_param('s', $overrideUniqueID);
$stmt3->execute();
$stmt3->store_result();
if ($stmt3->fetch()) {
echo 'Override Successful! Please scan the unit again to close it out.';
} else {
echo 'Could Not Delete Record from the table.';
}//End $sql3 if.
} else {
echo 'User does not have override permission. Please contact the IT Department.';
}//End $sql2 if.
} else {
echo 'Your login information is incorrect. Please try again. If the issue persists, contact the IT Department.';
}//End $sql1 if.
//Free the result variable.
$stmt1->free();
$stmt2->free();
$stmt3->free();
$stmt1->close();
//Close the Database connection.
$conn->close();
}//End If statement
NOTE: I am definitely sure my DB connection information is correct. The issue resides after I connect into the database. I have also tested the code using only the first if statement and get the blank alert so I'm not making it past the first if statement.
EDIT:: My php Script was definitely failing, but even earlier than expected, at the following code:
$overridePassword = ENCODE(($overridePasswordInput).(ENCRYPTION_SEED));
So my issue is that I need to properly compare the password and encryption seed information. However, the previous programmer used the following line to do the same process (which is obviously unsafe):
$querystatement = "SELECT id, firstname, lastname, email, phone, department, employeenumber, admin, usertype FROM users WHERE login=\"".mysql_real_escape_string($user)."\" AND password=ENCODE(\"".mysql_real_escape_string($pass)."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\")";
$queryresult = $this->db->query($querystatement);
I will need to fix this issue before I can even test the functionality of the if logic using prepared statements.
Your are passing wrong variable for delete query
$stmt3 = $conn->prepare($sql3);
Please refer [ http://www.plus2net.com/php_tutorial/pdo-delete.php ]
I want to know if mysqli->rollback will rollback all the queries that have been committed before the rollback.
For example, in the code below, the first query will be committed, but the second query will fail because of misspelling 'username'. Does that mean that the query before the rollback will or will not get executed?
$mysqli->autocommit(FALSE);
$query = "INSERT INTO users (username, password) VALUES ('user123', '1apple')";
$query2 = "INSERT INTO users (**usernam**, password) VALUES ('user987', '2apple')";
if($resrouce = $mysqli->query($query)){
$mysqli->commit();
if($resource2 = $mysqli->query($query2)){
$mysqli->commit();
}else{
$mysqli->rollback();
}
}else{
$mysqli->rollback();
}
Once you commit the transaction , you can not rollback it , you can only rollback the statement which is not comited yet
modify line 8 and add a line in the end in your code:
$mysqli->autocommit(FALSE);
$query = "INSERT INTO users (username, password) VALUES ('user123', '1apple')";
$query2 = "INSERT INTO users (**usernam**, password) VALUES ('user987', '2apple')";
if($resrouce = $mysqli->query($query)){
//$mysqli->commit(); this not necesary
if($resource2 = $mysqli->query($query2)){
$mysqli->commit();
}else{
$mysqli->rollback();
}
}else{
$mysqli->rollback();
}
$mysqli->close();
Personally I find the PDO library better for database access than mysqli. You can check:
http://php.net/manual/en/pdo.begintransaction.php
which does exactly what you need... Hope that helps
I have the following table:
ID: bigint autoinc
NAME: varchar(255)
DESCRIPTION: text
ENTRYDATE: date
I am trying to insert a row into the table. It executes without error but nothing gets inserted in database.
try {
$query = "INSERT INTO mytable (NAME, DESCRIPTION, ENTRYDATE) VALUES(?,?,?)";
$stmt = $conn->prepare($query);
$name= 'something';
$desc = 'something';
$curdate = "CURDATE()";
$stmt->bind_param("sss", $name, $desc, $curdate);
$stmt->execute();
$stmt->close();
$conn->close();
//redirect to success page
}
catch(Exception $e) {
print $e;
}
It runs fine and redirects to success page but nothing can be found inside the table. Why isn't it working?
What about replacing DESCTIPTION with DESCRIPTION inside the $query?
Edit
Just out of curiosity, I created a table called mytable and copy-pasted your code into a PHP script.
Here everything worked fine and rows got inserted, except that the binded parameter CURDATE() did not execute properly and the ENTRYDATE cell was assigned 0000-00-00.
Are you sure you are monitoring the same database and table your script is supposedly inserting to?
What happens when going with error_reporting(E_ALL); ?
Have you verified that the script actually completes the insertion?
The following appears to be working as expected:
error_reporting(E_ALL);
try {
$query = "INSERT INTO mytable (NAME, DESCRIPTION, ENTRYDATE) VALUES (?, ?, CURDATE())";
$stmt = $conn->prepare($query);
$name= 'something';
$desc = 'something';
$stmt->bind_param("ss", $name, $desc);
$stmt->execute();
if ($conn->affected_rows < 1) {
throw new Exception('Nothing was inserted!');
}
$stmt->close();
$conn->close();
//redirect to success page
}
catch(Exception $e) {
print $e->getMessage();
}
Are you sure there is no error? There seems to be a typo in your column name for example.
Note that PDO is extremely secretive about errors by default.
See How to squeeze error message out of PDO? on how to fix this.
Try preparing this query instead:
"INSERT INTO mytable (NAME, DESCRIPTION, ENTRYDATE) VALUES(?,?,CUR_DATE())"
And check the results of $stmt->execute(). It would have given you a warning that "CUR_DATE()" (sic) is not a valid DATE.
You can check if a statement was correctly executed by checking the return value of execute() and querying the errorInfo() method:
if (!$stmt->execute()) {
throw new Exception($stmt->errorInfo(), stmt->errorCode());
}
Be aware that upon failure, execute() does not throw an exception automagically. You'll have to check for successful operation and failure for yourself.
Is it possible that autocommit is OFF?
If so then you have to commit your insert like so
/* commit transaction */
$conn->commit();
Regards