This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
UTF-8 all the way through
(13 answers)
Closed 2 years ago.
I'm using paypal buttons as payment, the problem is, when the player type the username, and if have special characters the query don't update item quantity, but with normal name it updates.
{
global $first_name, $last_name, $payer_business_name, $custom,$payer_email;
global $mysql_linklok;
if (($data == "") || ($data == "NOTREQUIRED") || ($user2==""))
{
$key="Could not update user ".$user2;
return (string)$key;
}
$mysql_linklok=mysqli_connect("host","user","pass","db");
if ($mysql_linklok!==false)
{
$query="UPDATE users SET points=points + ".$data." WHERE name=".llipn_quote_smart($user2);
mysqli_query($mysql_linklok,$query);
mysqli_close($mysql_linklok);
}
$key=$data." points added to ".$user2;
return (string)$key;
i've been searching for hours and tried many options, but not of them works.
can someone help me how to solve it?
Many thanks
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 3 years ago.
I'm working on a website, and I have encountered with an strange MySQL behaviour. I'm trying to use an MySQL Update Query with multiple WHERE Clauses.
$name = $_POST['username'];
$updatequery1 = "UPDATE OTP SET 'Project' = 'ANETSignupUsed' WHERE Name = '$name' AND HashedOTP = '$hashedotp' ";
$sqlconnection->query($updatequery1);
die("DONE");
Note that I've already defined $hashedotp.
When I try doing the same thing in MySQL Console it works pretty well, and I've made sure that the user used to define $sqlconnection has Update rights.
I've tried solutions DESCRIBED
HERE
HERE
I've spent hours searching about it, but to no avail.
Thanks a lot in advance!
Try this Remove single quote from your query
$updatequery1 = "UPDATE OTP SET Project = 'ANETSignupUsed' WHERE Name = '$name' AND HashedOTP = '$hashedotp' ";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
Trying to do a school project, essentially need to take the choice of animal from a dropdown menu, and add the ID of that animal to the order table of the database. dropdown is on a seperate page which works fine, and posts result to this page.
the code:
<?php
include_once("connect-db.php");
if(isset($_POST['Submit'])) {
$choice = $_POST['choice'];
$result = mysqli_query($mysqli, "SELECT * FROM animals WHERE AnimalSpecies=$choice");
while($res = mysqli_fetch_array($result))
{
$id = $res['AnimalID'];
}
$query = mysqli_query($mysqli, "INSERT INTO order('AnimalID') VALUES('$id')");
}
The connectdb file is fine, i have used it in another page. additionally, $choice is working fine, i had it echo manually and it shows the right value. I dont get any error message, it just doesnt add anything to the order table.
This question already has answers here:
Are you allowed to use numbers as table names in MySQL?
(5 answers)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
<?php include('header.php');
include('config.php');
if (isset($_POST['submit']))
{
$link1=mysqli_real_escape_string($cone,$_POST['link1']);
$link2=mysqli_real_escape_string($cone,$_POST['link2']);
$link3=mysqli_real_escape_string($cone,$_POST['link3']);
$link4=mysqli_real_escape_string($cone,$_POST['link4']);
$link5=mysqli_real_escape_string($cone,$_POST['link5']);
$sql = "update path set 1='hello' where id=1";
if (mysqli_query($cone,$sql))
{
header("location:section_6.php?done");
}
}
?>
What am i doing wrong here ? The Cone variable is defined in config.php but i can't get the update working and there's no error.
This question already has answers here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(2 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
I'm trying to insert in to a table video_advert but it's failing,
$result=mysqli_query($db_handle,"INSERT INTO video_advert(title,video,date_out,gender,quantity,room,description) VALUES('".$_POST['adtitle']."','".$imagename."','".$_POST['addate']."','".$_POST['adgender']."','".$_POST['adquantity']."','".$_POST['adroom']."','".$_POST['addescription']."',)");
if($result){
$message1="you are now SignUp";
header("Location:index.php?msid=$message1");
}
else{
echo "not done!";
}
all my field names are correct, but it's returning not done, please help
You have an extra comma after description. Remove it and it will be fine.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I think I have all the syntax correct here but for some reason my table will not update when this code is executed. Does anyone know why?
Here is the code of my php page:
<?php
include_once("connexionMysql.php");
if(isset($_GET['valider'])){
$titreIci=$_GET['titre'];
$idIci=(int)$_GET['id'];
$preparedStatement = $bdd->prepare("UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'");
$preparedStatement->bindValue(':titreIci', $titreIci);
$preparedStatement->bindValue(':idIci', $idIci);
$preparedStatement->execute();
}
header("Location: pageDaccueilAdmin.php");
?>
You should remove the quotes.
Instead of this:
UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'
Do this:
UPDATE AY_albums SET titre=:titreIci WHERE id=:idIci