I am playing around with php but the script doesnt execute to the last point and with no error...
What i am trying to do is checking the input of the user and comparing it what is in db and then applying conditions. So i have 2 files. update.php and dash.php.
dash.php is my html form page and i included 'update.php' in it
In my update.php, i have these codes
me.php is my html form page and i included 'update.php' in it
In my update.php, i have these codes
<?php
error_reporting(E_ALL);
include_once('database.php');
if(isset($_POST['submit']))
{
$q = $_GET['q'];
$next = $q + 1;
if($q == 26)
{
echo '<h2>Weldone!!</h2>';
}
elseif($q <= 25){
$sql = "SELECT * FROM Students WHERE Email=?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s',
$_SESSION['login']);
$stmt->execute();
$result = $stmt->get_result(); $row = $result->fetch_assoc();
$Mark = $row['Mark'];
$Correct = $Mark + 1;
$Fail = $Mark + 0;
$sqlb = "SELECT * FROM Answers WHERE qid = ?";
$stmtb = $conn->prepare($sqlb);
$stmtb->bind_param('s', $q);
$stmtb->execute();
$resultb = $stmtb->get_result();
$rowb = $resultb->fetch_assoc();
$Answer =
$rowb['Answer'];
$Pick = $_POST['ans'];
if($Pick == $Answer)
{
$sqld = "UPDATE Students SET Mark=? WHERE Email = ?";
$stmtd = $conn->prepare($sqld);
$stmtd->bind_param('ss', $Correct,$_SESSION['login']);
$stmtd->execute();
$resultd = $stmtd->get_result();
echo "correct" ;
}
}
else
{
echo "<script type='text/javascript'>document.location.href='dash.php?q='.$next.';</script>";
}
}//post submit
?>
The else statement doesnt run. so it keeps reloading the same page.
Also i want to ask why i keep getting the value of 2 for my $Correct variable stored on the database into column Mark for a single correct question instead of 1. What could be wrong?
Lastly, i dont want the script to run if the browser is edited by the user by changing the value of $q from the browser, because i am using get method, is there a way to do that.
Please be nice with your comments. Thanks in advance.!!!
Related
Why MYSQLi does not update the DB record, but it does provide a successful message. Of course, with the following message: 0 records UPDATED successfully And no changes are made to the database.
my index php file code:
<?php
include 'connect.php';
$work = $_GET["work"];
if($work == "select"){
$query = "SELECT * FROM login ORDER BY City DESC";
$result = $connect->prepare($query);
$result ->execute();
$out = array();
while ($row = $result->fetch(PDO::FETCH_ASSOC)){
$record = array();
$record["InsID"] = $row["InsID"];
$record["Password"] = $row["Password"];
$record["Name"] = $row["Name"];
$record["City"] = $row["City"];
array_push($out,$record);
}
echo json_encode($out);
} elseif($work == "update"){
$name2 = $_REQUEST["Ali"];
$code2 = $_REQUEST["4779"];
$city2 = $_REQUEST["teh"];
$pass2 = $_REQUEST["123"];
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2'";
$result2 = $connect->prepare($query2);
$result2 ->execute();
}
?>
I really do not know where my coding is wrong. Please help.
I don't get why you are updating InsID and also using 'where InsID like'
Also there is additional ; in query
You may try
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID like '$code2'";
Important = sanitize input data first**
if I understand what you're trying to accomplish then :
you don't have to set InsID again
you need to use = and not LIKE in the WHERE condition
i.e. this is the row you need :
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2';";
also see Nico Haase's comment, it's super correct ! you must improve the code security, see : http://php.net/manual/en/security.database.sql-injection.php
Try this code
May be useful
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2';
if(mysqli_affected_rows($connect)==1){
echo "updated successfully";
}
else{
echo "failed";
}
I'm new to PHP and SQL. I'm trying to make a rule so that it will only show certain information for certain pages. The code I'm using is
include 'dbh-login.php';
$id = $_GET['id'];
$i = 1;
while ($i != 100) {
$sql = "SELECT * FROM ui_off WHERE id='$i'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if ($row['link'] = $id) {
echo $row['title']."<br>";
}
$i++;
}
The if statement seems to have no effect on weather the script echoes the title or not.
You are missing == assignment. Here is the working code.
$id = $_GET['id'];
$i = 1;
while ($i != 100) {
$sql = "SELECT * FROM ui_off WHERE id='$i'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if ($row['link'] == $id) {
echo $row['title']."<br>";
}
$i++;
}
Your code does not make any sense.
You are using a while loop and looping in it 100 times just to check if 1 row have the given id.
Why don't you search directly for the id? Your code will be cleaner and you will free some memory on the server by deducting 100 queries each time the page is opened.
$id = $_GET['id'];
$sql = "SELECT * FROM ui_off WHERE id!='100' AND link='$id'" ;
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if ($row['link'] != '') {
echo $row['title']."<br>";
}
My code working fine , but i got this error :
SQLSTATE[HY000]: General error
I searching on google and someone say that it's may SQLi
What is this ? And how can i fix that ?
thanks and sorry for my poor english
try{
$db_con = new PDO("mysql:host={$db_host};dbname={$db_name}",$db_user,$db_pass);
$db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Anti Brute Forced
$stmt = $db_con->prepare("
SELECT * FROM users
");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$users_username = $row["users_username"];
$users_password = $row["users_password"];
$users_wrong_password = $row["users_wrong_password"];
if ($users_wrong_password <= 3 && isset($_GET["username"],$_GET["password"]) && $_GET["username"] == $users_username && $_GET["password"] != $users_password){
$u = $users_wrong_password + 1;
$g = 0;
$g = $_GET['username'];
$stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$stmt->execute();
}
if ($_GET["username"] == $users_username && $users_wrong_password >= 4){
echo "Your Account Was Banned For 1 Hours";
die;
}
}
$g = $_GET['username'];
$stmt = $db_con->prepare("SELECT * FROM users where users_username = '$g'");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$ss = $row["users_wrong_password"];
}
if($ss <= 3){
$g = 0;
$g = $_GET['username'];
$stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = 0
WHERE users_username = '{$_GET['username']}'
");
$stmt->execute();
}
// Anti Brute Forced
[Solved]
Edit:
$g = $_GET['username'];
$p = $_GET['password'];
$stmt = $db_con->prepare("
SELECT * FROM users where users_username = '$g' and users_password = '$p'
");
I found this problem in a similar another way
"errorInfo":["HY000"]
How does "HY000" error happen?
It happens when you are updating, deleting or inserting data with PDO, and you try to fetch it's result.
The solution, just do not use fetch or fetchAll methods after executing an updating, deleting or inserting. Surely, it does not make sense to fetch it's result!
Example:
$stmt = $db_con->prepare("
UPDATE users SET name = 'Renato' WHERE ID = 0
");
$stmt->execute();
$stmt->fetch(PDO::FETCH_ASSOC); // The mistake is here, just remove this line
$stmt->fetchAll(PDO::FETCH_ASSOC); // It will cause troubles too, remove it
Solving the problem in a loop
The solution is changing the statement variable name inside loop, or fetch all before starting loop:
Solution: Changing variable name
$stmt = $db_con->prepare("
SELECT * FROM users
");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
// ...
// This is another statment
$another_stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$another_stmt->execute();
}
Solution: Fetch all data from query before loop
$stmt = $db_con->prepare("
SELECT * FROM users
");
$stmt->execute();
// Everything is fetched here
$results = $stmt->fetchAll(PDO::FETCH_ASSOC)
foreach($results as $row){ // Another way to loop through results
$stmt = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$stmt->execute(); // Be happy with no troubles
}
I think there are multiple preparations of the same query.
Solution Get the query preparation out of the while.
code:
//... your code
$stmt1 = $db_con->prepare("
UPDATE users
SET users_wrong_password = $u
WHERE users.users_username = '$g'
");
$stmt->execute();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$users_username = $row["users_username"];
$users_password = $row["users_password"];
$users_wrong_password = $row["users_wrong_password"];
if ($users_wrong_password <= 3 && isset($_GET["username"],$_GET["password"]) && $_GET["username"] == $users_username && $_GET["password"] != $users_password){
$u = $users_wrong_password + 1;
$g = 0;
$g = $_GET['username'];
$stmt1->execute();
//...
}
I had this query using php in inserting images after submitting the form It says "Requirements submitted succesfully" but there is no data inserted in database.
This is my code so far:
if(isset($_POST['sumit'])){
$count = count($_FILES);
$query = "SELECT * FROM dummyclients_tbl WHERE user_id = '".$_SESSION['user']."'";
if (!$result = mysql_query($query)) {
exit(mysql_error());
}
if(mysql_num_rows($result)){
$row = mysql_fetch_assoc($result);
$sid = $row['user_id'];
$coll =$row['college'];
$stat = "Pending";
$query = "INSERT INTO request_tbl (user_id,document_id,imgreq1,imgreq2,imgreq3,imgreq4,imgreq5,imgreq6,imgreq7,request_status,college) VALUES ('$sid','$passed_id'";
for($i = 1; $i <= $count; ++$i){
if(is_uploaded_file($_FILES['imgreq'.$i]['tmp_name']) && $_FILES['imgreq'.$i]['size']){
$query .= ",'" . base64_encode(file_get_contents(addslashes($_FILES['imgreq'.$i]['tmp_name']))) . "'";
}else{
$query .= ",NULL";
}
}
$query .= ",'$stat','$coll')";
?>
<script>alert('Requirements Successfully Submitted!');</script>
<?php
// saveimage($query);
}
else{
?>
<script>alert('Error while submitting form!');</script>
<?php
}
}
I dont know where did I go wrong so please if anyone can help I appreciate it. Thanks.
So it is true that I did not execute the query and forgot to put mysql_query($query); after $query .= ",'$stat','$coll')"; . And that lead me to solving another problem wherein I did not set the fields in the database to receive NULL values which is the cause of the error.
after:
$query .= ",'$stat','$coll')";
add
mysql_query($query)
im using php to insert into the review table.ive given the variables $email, $starcount, $bookid fixed values for now just to test the file. the $res query checks to see if there is a row with that book id and email in it. if theres not The $sql query inserts it, and then the $nex query loops through taking any starcount columns where the book column = $book.
if i change the the email at the top of the file it should insert into the new info database and pull out the new and existing starcount, but it does not post, it just returns the already existing starcount. i dont understand why its not working .... im using the array to return to my file.
<?php
mysql_connect("localhost","root","");
mysql_select_db("FunReads");
$email = "sd";
$starcount = "2";
$bookid = "5";
$res = mysql_query("SELECT * FROM Review WHERE book_id='$bookid' AND user_email='$email'");
if (mysql_num_rows($res) != 0) {
$array[]= array("starcount" => "already entered");
} else {
$sql = mysql_query("INSERT INTO Review(book_id,starcount,user_email) values('.$bookid.','.$starcount.','.$email')");
$nex = mysql_query("SELECT * FROM Review WHERE book_id='$bookid'");
while($row = mysql_fetch_array($nex)){
$star = $row["starcount"];
$array[] = array("starcount" => $star);
}
}
echo json_encode($array);
//echo "[{"name":"n1","city":"NY"},{"name":"n2","city":"Paris"}, ...]
?>
It seems to me "book_id" in "Review" table is primary key, as you have tried to add it multiple time, system shows the error duplicate key. Check the error & post it. Also check whether insert query is working or not.
you should not pass the primary key value manually
try this it will helps you
<?php
mysql_connect("localhost","root","");
mysql_select_db("FunReads");
$starcount="2";
$email = "vinodh#gmail.com";
$res=mysql_query("SELECT * FROM Review WHERE email ='$email'");
if(mysql_num_rows($res)!=0){
$array[]= array("starcount" => "already entered");
}else{
$sql=mysql_query("INSERT INTO Review (starcount,email) values('.$starcount.','.$email')");
$nex=mysql_query("SELECT * FROM Review WHERE email='$email'");
while($row=mysql_fetch_array($nex)){
$star = $row["starcount"];
$array[] = array("starcount" => $star);
}
}
echo json_encode($array);
?>
I just updated your code and it is working fine for me.
<?php
mysql_connect("localhost","user","");
mysql_select_db("xyz");
$email = "hari#gmail.com";
$starcount = "2";
$bookid = "5";
$sql = "SELECT * FROM review WHERE book_id='$bookid' AND user_email='$email'";
$res = mysql_query($sql);
if (mysql_num_rows($res) != 0) {
$array[]= array("starcount" => "already entered");
} else {
$sql = "INSERT INTO review(book_id,starcount,user_email) values('$bookid','$starcount','$email')";
$sql = mysql_query($sql);
$nex = mysql_query("SELECT * FROM review WHERE book_id='$bookid'");
while($row = mysql_fetch_array($nex)){
$star = $row["starcount"];
$array[] = array("starcount" => $star);
}
}
echo json_encode($array);
sample output :
[{"starcount":"2"},{"starcount":"3"},{"starcount":"1"},{"starcount":"2"},{"starcount":"1"}]
I updated the insert query, please try to update the same and test.