We Keep Coding

SQL add to already existing value [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 4 years ago.
I have a value in my MYSQL database, all I want to do is to increase the current value with a new one, this is what I have tried
} elseif ($gametype == "veckanskluring"){
$sql = "UPDATE users SET veckanskluring='veckanskluring'+'$score' WHERE id='$id'";
$retval = mysql_query( $sql, $link );
echo "GAME == $gametype";
}
But for some odd reason, this won't work.
I have searched online and found examples, but they all look, almost exactly the same as my code.
// Sidenote this is not the whole code, obviously.
Everything except the part where I add the new value to the old value works, and if I remove 'veckanskluring'+ it updates without any problems.
I strongly believe something is wrong with this part - 'veckanskluring'+ as the other part works fine.
//NOTE2 score is always 999, just have it set to $score if I want to change it later.
UPDATE -
MY fault, apparently I had put '' around veckanskluring.
$sql = "UPDATE users SET veckanskluring=veckanskluring +'$score' WHERE id='$id'"; <-- Working.

Assuming that $score and $id are number you shoudl not use sigle quote around this vars
and assuming that veckanskluring is column name you must not use single quote aroud column name
"UPDATE users SET veckanskluring= veckanskluring +$score WHERE id=$id";
But the use of php var in sql is deprecated you at risk for sql injection .. take a look at your mysql driver for bindig param

PHP MySQL not adding to database [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
Trying to do a school project, essentially need to take the choice of animal from a dropdown menu, and add the ID of that animal to the order table of the database. dropdown is on a seperate page which works fine, and posts result to this page.
the code:
<?php
include_once("connect-db.php");
if(isset($_POST['Submit'])) {
$choice = $_POST['choice'];
$result = mysqli_query($mysqli, "SELECT * FROM animals WHERE AnimalSpecies=$choice");
while($res = mysqli_fetch_array($result))
{
$id = $res['AnimalID'];
}
$query = mysqli_query($mysqli, "INSERT INTO order('AnimalID') VALUES('$id')");
}
The connectdb file is fine, i have used it in another page. additionally, $choice is working fine, i had it echo manually and it shows the right value. I dont get any error message, it just doesnt add anything to the order table.

Selecting a item from a databbase depending on the session [duplicate]

This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 6 years ago.
How can I select the 'description' row from my 'users' table? I want to just grab the description row depending on what user is logged in.
So far I have this code
$sql = "SELECT description FROM users WHERE uid="$_SESSION['uid']";
but I get this error:
Parse error: syntax error, unexpected '$_SESSION' (T_VARIABLE) in /Applications/XAMPP/xamppfiles/htdocs/login_sys/includes/profile.inc.php on line 19`

That's because your code is syntaxically wrong.
The correct code would be this:
$uid = $_SESSION['uid'];
$sql = "SELECT description FROM users WHERE uid='$uid'";
(I put the $_SESSION['uid'] in a variable to avoid the problem with lots of quotes in the query).
However, this solution is also wrong, in that you should never use a variable directly in the database like this, even when it's a session. You should read up on prepared queries, and make sure you use either mysqli_ or PDO as a database-handler in PHP.

you are getting this error beacause you are missing one " at end of query
$sql = 'SELECT description FROM users WHERE uid="$_SESSION['uid']"';
but always use prepare queries or pdo's as you query this is vulnerable to sql
injection

this should work
$sql = "SELECT description FROM users WHERE uid='$_SESSION[uid]'";

Data not updating in mysql table when using PDO UPDATE [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I think I have all the syntax correct here but for some reason my table will not update when this code is executed. Does anyone know why?
Here is the code of my php page:
<?php
include_once("connexionMysql.php");
if(isset($_GET['valider'])){
$titreIci=$_GET['titre'];
$idIci=(int)$_GET['id'];
$preparedStatement = $bdd->prepare("UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'");
$preparedStatement->bindValue(':titreIci', $titreIci);
$preparedStatement->bindValue(':idIci', $idIci);
$preparedStatement->execute();
}
header("Location: pageDaccueilAdmin.php");
?>

You should remove the quotes.
Instead of this:
UPDATE AY_albums SET titre=':titreIci' WHERE id=':idIci'
Do this:
UPDATE AY_albums SET titre=:titreIci WHERE id=:idIci

semi-colon breaking mysql_query [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 8 years ago.
I'm adding some html code to a database through a mysql_query. So, a basic query looks like this $qry = "UPDATE Pages SET ".$column."='$value' WHERE id='$id'";
If this is called, an actual query might look like this: $qry = "UPDATE Pages SET content_en='<h1>This is a title</h1>' WHERE id='12'"; However, if the HTML code looks like this: <h1 style='color:red;'>This is a title</h1>, it'll break the query because of the semi-colon. Is there any way to solve this?

Use mysql escaping function over your content, like that :
$value = mysqli_real_escape_string($value);