I have a little problem
I want to create a script, that creates a new line in the table, if there is a new user and in the line, change the "points" columme to zero(0)
This is my current code:
<?php
header('Content-Type: text/html; charset=Windows-1250');
$firstName = $_POST['firstname'];
$servername = "db.mysql-01.gsp-europe.net";
$username = "xxxxxxxxxx";
$password = "xxxxxxxxxxx";
$dbname = "xxxxxxxxxxx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// sql to create table
$sql = "UPDATE `member_profile` SET points = points + 1 WHERE user_id = '$firstName'";
if ($conn->query($sql) === TRUE) {
echo "Thingz created successfully";
} else {
echo "Error doing sum thingz: " . $conn->error;
}
$conn->close();
?>
What i need in the cube: When there new user_id ($firstName) appear, create new line with this user name, and change the "points" columme from "null" into Zero(0)
Thanks for yout time, I appreciate it
If I understand well you want to check if the user exists or not. If user is new create new line with the user with 0 points and if exist increse points with 1.
<?php
header('Content-Type: text/html; charset=Windows-1250');
if(isset($_POST['firstname'])){
$firstName = $_POST['firstname'];
$servername = "db.mysql-01.gsp-europe.net";
$username = "xxxxxxxxxx";
$password = "xxxxxxxxxxx";
$dbname = "xxxxxxxxxxx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// check if the user exist
$check = "SELECT * FROM `member_profile` WHERE user_id = '$firstName'";
$result = mysqli_query($conn,$check) or die(mysqli_error($conn));
$rows = mysqli_num_rows($result);
//if exist increse points with 1
if($rows>=1){
$sql = "UPDATE `member_profile` SET points = points + 1 WHERE user_id = '$firstName'";
if ($conn->query($sql) === TRUE) {
echo "Thingz created successfully";
} else {
echo "Error doing sum thingz: " . $conn->error;
}
}
//if don't exist create user with points 0
if($rows==0)
{
$query = "INSERT into `member_profile` (user_id, points) VALUES ( '$firstName' ,'0')";
$result = mysqli_query($conn,$query)or die(mysqli_error($conn));
$conn->close();
}
}
?>
Remember, I gave you an idea, the code is prone to sql inject
Related
This is a segment of my code where I'm trying to edit a record using WHERE. When I enter the id number manually it edits the record and says record updated successfully. When I use a variable taken from the previous page the record says record updated successfully but doesn't change my record.
This works where I manually put in the ID to edit
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$student_ID = $_GET{'student_ID'};
$sql = "UPDATE student_info_2020 SET student_first_name = '$student_first_name', student_last_name = '$student_last_name', student_username = '$student_username',student_password = '$student_password',
student_program = '$student_program', student_portfolio = '$student_portfolio', student_linkedin = '$student_linkedin', student_secondary = '$student_secondary', student_hometown = '$student_hometown',
student_career_goals = '$student_career_goals', student_hobbies = '$student_hobbies', student_state = '$student_state' WHERE student_ID = 2";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
When I try to use a variable for my WHERE clause it doesn't work. I've echoed out the $student_ID and it came up with a correct number which was two but didn't edit record 2. It also reports the record was updated successfully but it didn't so I'm fairly confused.
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$student_ID = $_GET{'student_ID'};
$sql = "UPDATE student_info_2020 SET student_first_name = '$student_first_name', student_last_name = '$student_last_name', student_username = '$student_username',student_password = '$student_password',
student_program = '$student_program', student_portfolio = '$student_portfolio', student_linkedin = '$student_linkedin', student_secondary = '$student_secondary', student_hometown = '$student_hometown',
student_career_goals = '$student_career_goals', student_hobbies = '$student_hobbies', student_state = '$student_state' WHERE student_ID = '$student_ID'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
Use [ and ] for getting value from $_GET array:
$student_ID = $_GET['student_ID'];
Try to use sprintf
$sql = sprintf("UPDATE student_info_2020 SET student_first_name = '$student_first_name', student_last_name = '$student_last_name', student_username = '$student_username',student_password = '$student_password',
student_program = '$student_program', student_portfolio = '$student_portfolio', student_linkedin = '$student_linkedin', student_secondary = '$student_secondary', student_hometown = '$student_hometown',
student_career_goals = '$student_career_goals', student_hobbies = '$student_hobbies', student_state = '$student_state' WHERE student_ID = %d",(int)$student_ID);
I am trying to take the value of the topay column where torecieve equals to current session user id and use it to perform operation on the user table.
But it throws a syntax error
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "bazze2";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$merge = "SELECT topay FROM merge WHERE torecieve=$_SESSION[id]";
$sql = "UPDATE user SET topay2='10000000' WHERE 'id'=$merge";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Use a prepared query, and use a join.
$sql = "UPDATE user AS u
JOIN merge AS m ON u.id = m.topay
SET u.topay2 = '10000000'
WHERE m.toreceive = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_SESSION['id']);
if ($stmt->execute()) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $stmt->error;
}
I want to do a query to get the last id (int) in a table to create a new row with that last id + 1 but actually this just put all rows with the same id
my code:
<?php
$servername = "localhost";
$user = "root";
$pass = "dbpass";
$dbname = "site";
$mail = $_POST['mail'];
$password = $_POST['password'];
// Create connection
$conn = mysqli_connect($servername, $user, $pass, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sqlID = "SELECT MAX(id) FROM `login`;";
if ($result = mysqli_query($conn, $sqlID)) {
$id = mysqli_fetch_row($result);
}
settype($id, "int");
$id = $id + 1;
$sql = "INSERT INTO login (`id`,`mail`,`password`)
VALUES ('".$id."','".$mail."','".$password."');";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
mysqli_fetch_row returns always an array, also if there is only 1 element. So the MAX(id) in in $row[0].
Fixing this, you also don't need to use settype.
If your id is autoincrement, change this:
$sql = "INSERT INTO login (`id`,`mail`,`password`)
VALUES ('".$id."','".$mail."','".$password."');";
to:
$sql = "INSERT INTO login (`mail`,`password`)
VALUES ('".$mail."','".$password."');";
Then get rid of all code from $sqlID to $id + 1; (for tidyness)
I'm not exactly sure what happened but this database and the php effecting it were working just fine until it hit the fourth row and now it won't insert new records at all.
if($_POST)
{
$servername = ******;
$username = ******;
$password = ******;
$db = ******;
$conn = mysqli_connect($servername, $username, $password, $db);
mysqli_select_db($conn,$db);
$uuid = $_POST['uuid'];
$sql = "INSERT INTO uuid VALUES ('$uuid');";
mysqli_query($conn,$sql);
mysqli_close($conn);
}
I'm not sure what happened but this is the relevant code for the mysqli query.
try this
<?php
if(isset($_POST['uuid']))
{
$servername = yourServerName;
$username = username;
$password = password;
$dbname = databaseName;
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$uuid = $_POST['uuid'];
$sql = "INSERT INTO tableName (columnName) VALUES ('$uuid')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
}
?>
Also, I recommend using prepared statements.
I am doing an update of values inside a MySQL database using PHP
and here is my code to update
$id = $_REQUEST['uid'];
$name = $_REQUEST['name'];
$company = $_REQUEST['company'];
$contact = $_REQUEST['contact'];
$email = $_REQUEST['email'];
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
echo "$id "."$name". "$company" . "$contact" . "$email";
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
else
{
$sql = "UPDATE `users` SET `userName`='$name',`userEmail`='$email',`userCompany`='$company',`userContact`='$contact' WHERE userID = $id";
if (mysqli_query($conn, $sql))
{
mysqli_commit($conn);
echo "success";
}
else
{
echo "error";
}
}
mysqli_close($conn);
it does the update and changes the value in the db.
But when I login using the previous username and password, it still accepts it
code for login
$uname= $_REQUEST['loginusername'];
$pword= $_REQUEST['loginpassword'];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else
{
$sql = "SELECT * FROM `users` WHERE userName = '$uname' AND userPassword = '$pword'";
$return = mysqli_query($conn, $sql);
if(mysqli_num_rows($return) > 0)
{
echo 'found';
}
else
{
echo 'not found';
}
}
$conn->close();
thanks in advance
You don't update your Password field in
UPDATE `users` SET `userName`='$name',`userEmail`='$email',`userCompany`='$company',`userContact`='$contact' WHERE userID = $id
and it isn't a good practice to save clear text passwords. Its better to hash it with an hash algorithm (for example sha256) and salt it.