When I'm using mysqli_query, website after submitting the form reloads with visible change, but if I use mysqli_multi_query to change more than one table, page display "No result" (or whatever I have set to display if there's no result), but if I then reload website manually, everything has been changed, which means the records are updated in the database. I need to change the page and get back again or refresh to see the result.
For example:
$query = "UPDATE tools SET quantity=quantity+$quantity WHERE id = $tools;";
$query .= "UPDATE tools SET quantity=quantity-$quantity_edit WHERE id = $tools;";
$query .= "UPDATE rent SET quantity=$quantity_edit WHERE id=$rent_id;";
mysqli_multi_query($db, $query);
If I submit the form with this code, the result will be "No result", but If I reload the page, I will see result e.g. changed value. But if I do this:
$query = "UPDATE tools SET quantity=quantity+$quantity WHERE id = $tools;";
$query2 = "UPDATE tools SET quantity=quantity-$quantity_edit WHERE id = $tools;";
$query3 = "UPDATE rent SET quantity=$quantity_edit WHERE id=$rent_id;";
mysqli_multi_query($db, $query);
mysqli_multi_query($db, $query2);
mysqli_multi_query($db, $query3);
It will work as I expect it, after submitting the form, page will show result.
Don't use mysqli_multi_query(). It is a special function, which has a very narrow use case that doesn't apply in your case.
You must use prepared statements instead.
You have 3 separate queries, so you need to prepare and execute 3 statements. This is the correct way to execute your SQL statements:
$stmt = $db->prepare('UPDATE tools SET quantity=quantity + ? WHERE id = ?');
$stmt->bind_param('ss', $quantity, $tools);
$stmt->execute();
$stmt = $db->prepare('UPDATE tools SET quantity=quantity - ? WHERE id = ?');
$stmt->bind_param('ss', $quantity_edit, $tools);
$stmt->execute();
$stmt = $db->prepare('UPDATE rent SET quantity = ? WHERE id = ?');
$stmt->bind_param('ss', $quantity_edit, $rent_id);
$stmt->execute();
Related
$query = "UPDATE INTO Sanctions SET (idNumber, lastName,firstName, section,sanction,expireDate) VALUES('$idNumber','$lastName', '$firstName','$section','$sanction', '$dueDate') WHERE id= '$id'";
Wrong
$query = "UPDATE INTO Sanctions
SET (idNumber, lastName,firstName, section,sanction,expireDate)
VALUES('$idNumber','$lastName', '$firstName','$section','$sanction', '$dueDate')
WHERE id= '$id'";
Correct way:
$query = "UPDATE Sanctions
SET idNumber = '{$idNumber}',
lastName = '{$lastName}', ....
WHERE id = '{$id}'";
The INTO command is not valid for UPDATE query. You need to assign the table equals to (=) values for every column you want to edit.
Notes:
These query are not well secured, please use prepared statement insted. :)
These lines of code seem to work fine:
if(isset($_POST['result'])) {
if($_POST['result'] == 'true'){
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id='$post_id'");
if($stmt = mysqli_prepare($con,$delete_post_query)){
}
}
}
However the prepared equivalent doesnt below doesnt seem to execute:
if(isset($_POST['result'])) {
if($_POST['result'] == 'true'){
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id=?");
if($stmt = mysqli_prepare($con,$delete_post_query)){
mysqli_stmt_bind_param($stmt, "s",$post_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
}
}
I am quite confused by this and am fairly certain i am missing something obvious. Any suggestions/solution ?
UPDATE/EDIT:
I made a silly mistake copy/pasting the code so i updated that as suggested.
Have also tried the binding parameters as an integer and as a double respectively.
I believe the issue has something to do with binding parameters as when i replace the placeholder (i.e. '?') with the hardcoded variable $post_id, it works just fine.
Since you are using MySQLi you could take a different approach to your code, and use something like
if(isset($_POST['result'])) {
if($_POST['result'] == 'true'){
$id = $_POST['post_id']; // make sure to define id
$delete_post_query = "UPDATE posts SET deleted='yes' WHERE id=? LIMIT 1"
if ($stmt = $mysqli->prepare($delete_post_query))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
}
}
}
You haven't passed reference for any parameter for input.
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id='$post_id'");
This query says to delete and you have also given a $post_id but below
mysqli_stmt_bind_param($stmt, "ss",$friend_array,$user_to_remove);
you have binding parameter which server couldn't find what's it's reference. Your query should be like this
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id=?");
and binding paramter should be like this. Since you have only one reference ? you can only bind one parameter. Also id is int then use i if string then use s
mysqli_stmt_bind_param($stmt, "i",$user_to_remove);
//New Way
$stmt = $con->prepare("UPDATE posts SET DELETED='yes' WHERE id=?");
$stmt->bind_param("i",$user_to_remove);
$stmt->execute();
First post, here it goes.
So this is the code that I have so far:
include('Connection/connect-test.php');
$selected1 = $_POST['selected'];
$sqlget = "SELECT paymentid FROM highschoolpayment WHERE hsgameid = '$selected1'";
$sqldata = mysqli_query($dbcon, $sqlget);
$sqlupdate = "UPDATE highschool SET paymentid = '$sqldata' WHERE hsgameid = '$selected1'";
mysqli_query($dbcon, $sqlupdate);
What I'm trying to do is grab the 'paymentid' from the 'highschoolpayment' table and store that value into the $sqldata variable (line 4). Then I want to update a value in the 'highschool' table using the value that I got from line 4 as well as a value that was pulled from a POST submission (line 6). I know for a fact that the first 3 lines execute as they should. It is after those lines when things become iffy. I don't see the form (reappear) like I normally would when everything else is working. To me, this indicates that the PHP has successfully run. I go to the 'highschool' table but I don't see the value (paymentid) that I am expecting to see. I personally can't think of a single reason why this wouldn't work, but, I am not that experienced in PHP or MySQL so I am open to any help that I can get.
I hope this makes sense without seeing the structure of the tables but if I need to post those, let me know. I've spent a couple hours trying to troubleshoot this problem but with no forward progress.
Thanks!
Assuming this query returns only one row:
$sqldata = mysqli_query($dbcon, $sqlget);
$row = mysqli_fetch_array($sqldata);
$paymentid = $row['paymentid']; // then use $paymentid in the next query
$sqlupdate = "UPDATE highschool SET paymentid = '$paymentid'
WHERE hsgameid = '$selected1'";
if(mysqli_query($dbcon, $sqlupdate)){
echo 'Update successfull';
} else {
echo 'Update query is wrong. The query generated was <br />'.$sqlupdate;
}
try like this,
include('Connection/connect-test.php');
$selected1 = $_POST['selected'];
$sqlupdate = "UPDATE highschool SET paymentid = (select paymentid FROM highschoolpayment WHERE hsgameid = '$selected1') where hsgameid = '$selected1'";
mysqli_query($dbcon, $sqlupdate);
you need to do fetch_assoc(), and while you are at it you should parameterize your query to make it more secure, good practice for the future. here is what your code should look like
$selected1 = $_POST['selected'];
$connect = mysqli_connect("localhost","user","pass","database");//i connect this way to my database
//the first statement that will get your paymentid
$stmt = $connect->prepare("SELECT paymentid FROM highschoolpayment WHERE hsgameid = ?")
mysqli_stmt_bind_param($stmt, 's', $selected1);//'s' is for string, 'i' for int, google rest
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){//it fetches each id
//the second statement that will use the payment id and update the database
$stmt2 = $connect->prepare("UPDATE highschool SET paymentid = ? WHERE hsgameid = ? ;")
mysqli_stmt_bind_param($stmt2, 'ss',$row['paymentid'], $selected1 );//'s' is for string, 'i' for int, google rest
$stmt2->execute();
$stmt2->close();
}
$stmt->close();
I just threw this quickly together, so if anyone sees something wrong don't hesitate to edit it or mark it down if completely wrong, Would rather that.
I am currently trying to run a query where the current value of a mysql table column increase itself by 1... Let me show this with mysql query example
$sql = mysql_query("UPDATE `table` SET quantity=quantity+1 WHERE id='$id'");
I am unable to do this in PDO prepared statement...
$sql = "UPDATE `table` SET quantity=:quants+1 WHERE id=:userid";
$sql_prep = $db->prepare($sql);
$sql_prep->bindParam(":quants", what will i write here??);
$sql_prep->bindParam(":userid", $id);
$sql_prep->execute();
Help needed..! Thanks
You don't need to pass that as a parameter, just do:
$sql = "UPDATE `table` SET quantity=quantity+1 WHERE id=:userid";
$sql_prep = $db->prepare($sql);
$sql_prep->bindParam(":userid", $id);
$sql_prep->execute();
You don't need the to protect quantity as you're just augmenting a value already in the db.
$sql = "UPDATE `table` SET quantity=quantity+1 WHERE id=:userid";
You can also drop the bind line for the :quants
$sql_prep = $db->prepare($sql);
// NOT NEEEDED --> $sql_prep->bindParam(":quants", what will i write here??);
$sql_prep->bindParam(":userid", $id);
$sql_prep->execute();
Prepared statements are for protecting data being inserted from the outside into your db via your query.
I try to make prepared statament using pdo. It is possible to put several updates atonce?
Ex:
sql1 = "Update product set large = '1large' where id = 1";
sql2 = "Update product set large = '2large' where id = 2";
sql3 = "Update product set large = '3large' where id = 3";
How to prepare sql1,sql2....sqlN in Pdo to execute faster?
I found an example but it works line by line (sql1, sql2 ....)
<?php
$stmt = $dbh->prepare("UPDATE product SET large = ':large' WHERE id = ':id'");
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->bindParam(':large', $large, PDO::PARAM_STR);
$stmt->execute();
?>
Unlike inserts, which can be grouped into a single statement, updates are specific to an existing entry in the database.
Dependant on the broader context of what you are doing you may find a question like this of interest for bulk updates using CASE, WHEN, THEN:
Question: Update multiple rows with one query?