Cant perform an SQL update when using php varibles - php

I just noticed that i can not perform SQL updates when i am using PHP varibles from the link
My code (I don't noticed any errors, and no error output)
<?php
if ($_POST && isset($_POST['hdduid'], $_POST['status'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'L24wmc1nJBVP90q9yY';
$dbname = 'watt';
try {
// Try to connect
$dbh = new PDO(
'mysql:host='.$dbhost.';dbname='.$dbname,
$dbuser,
$dbpass
);
// Data
$hdduid = $_POST['hdduid'];
$status = $_POST['status'];
// query
$sql = "UPDATE users SET paid=':status' WHERE hdduid=':hdduid'";
$q = $dbh->prepare($sql);
$q->execute(array(
':message' => $message,
':email' => $email
));
// Null connection
$dbh = null;
} catch (PDOException $e) { // if exception
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
?>
I edited the code, it still wont working

You need to use
mysqli_real_escape_string
Not
mysql_real_escape_string
You can not mix mysql with MySQLi

Here is another solution using prepared statements.
$servername = "localhost";
$username = "root";
$password = "L24wmc1nJBVP90q9yY";
$dbname = "ft";
// Create connection
$connection = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
$paid = $_GET["status"];
$hdduid = $_GET["hdduid"];
//Prepared statements
$statement = $connection->prepare("UPDATE users SET paid = ? WHERE hdduid = ?");
$statement->bind_param("ss", $paid, $hdduid);
if(!$statement->execute()) {
echo "Error updating record: " . $statement->error;
} else {
echo "Record updated successfully";
}
$statement->close();
$connection->close();

Here is a solution. It uses mysqli_real_escape_string instead of mysql_real_escape_string. I also changed the name of $status to $paid for better readability. Good luck!
$servername = "localhost";
$username = "root";
$password = ""; //$password = "L24wmc1nJBVP90q9yY";
$dbname = "test"; //$dbname = "ft";
// Create connection
$connection = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
$hdduid = $_GET["hdduid"];
$paid = $_GET["status"];
$sql = "UPDATE users SET paid='$paid' WHERE hdduid='$hdduid'";
if ($connection->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $connection->error;
}
$connection->close();

Related

How to transfer data from DB1 to DB2 (different network/server)

I want to set up a website with a form in it. The form will transfer the data to the DB, but I think it is not safe to let the personal data in the DB which is external reachable.
So I thought I should transfer the data via PHP from the DB1(server1 - external reachable) to DB2(server2 - only internal reachable).
The following picture should help to know what I am searching for.
Is there any names/methods to google for?
From php you just have to create a new connection for DB2.
<?php
$servername = "localhost";
$username = "database1";
$password = "xxxxxxxx";
$dbname = "database1";
$servername2 = "localhost";
$username2 = "database2";
$password2 = "xxxxxxxx";
$dbname2 = "database2";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
$conn2 = new mysqli($servername2, $username2, $password2, $dbname2);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($conn2->connect_error) {
die("Connection failed: " . $conn2->connect_error);
}
//escape variables for security
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn, $_POST['lname']);
$sql = "INSERT INTO mytable (fname,lname)
VALUES ('$fname','$lname')";
if ($conn->query($sql) === TRUE) {
echo "Successfully Saved";
} else {
echo "Error: Go back and Try Again ! " . $sql . "<br>" . $conn->error;
}
if ($conn2->query($sql) === TRUE) {
echo "Successfully Saved";
} else {
echo "Error: Go back and Try Again ! " . $sql . "<br>" . $conn2->error;
}
$conn->close();
$conn2->close();
?>

SQL with PHP variables

I'm trying to update db record using the code below. Even if the redirection is done, the record isn't being updated as it should be. any tips please?
<?php
session_start();
?>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "Mydatabase";
$id = $_GET["session_id()"];
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE leads SET first_name='hola' WHERE id = '$id'";
if ($conn->query($sql) === TRUE) {
header( "thank-you.php" ); die;
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
This one causes the problem.
$id = $_GET["session_id()"];
session_id() itself is a PHP function. No need for quoting. Just remove the quotes and it should be fine.
$id = $_GET[session_id()];

How to connect MySQL db using new XAMPP

Old connection method mysql_connect maybe deprecated from PHP7 so what is the best way to connect and query in mysql using XAMPP or how I implement PDO in my bellow script.
<?php
$key = $_GET['key'];
$array = array();
$con = mysql_connect("localhost", "root", "");
$db = mysql_select_db("search", $con);
$query = mysql_query("select * from ajax_example where name LIKE '%{$key}%'");
while ($row = mysql_fetch_assoc($query)) {
$array[] = $row['name'];
}
echo json_encode($array);
?>
Database connection using mysqli_* :
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$database = "database";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
?>
For further mysqli_* statement syntax refer: Mysqli_* Manual
Database connection using PDO_* :
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$database = "database";
try {
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
For further PDO_* statement syntax refer PDO_* Manual
$conn = new Connection();
$query = "select * from ajax_example where name LIKE '%{$key}%'";
$res = $conn->execute_query($query)->fetchall(PDO::FETCH_ASSOC);
if (!empty($res))
{
$result['data'] = $res;
echo json_encode($result);
}

mysql will not insert past fourth row

I'm not exactly sure what happened but this database and the php effecting it were working just fine until it hit the fourth row and now it won't insert new records at all.
if($_POST)
{
$servername = ******;
$username = ******;
$password = ******;
$db = ******;
$conn = mysqli_connect($servername, $username, $password, $db);
mysqli_select_db($conn,$db);
$uuid = $_POST['uuid'];
$sql = "INSERT INTO uuid VALUES ('$uuid');";
mysqli_query($conn,$sql);
mysqli_close($conn);
}
I'm not sure what happened but this is the relevant code for the mysqli query.
try this
<?php
if(isset($_POST['uuid']))
{
$servername = yourServerName;
$username = username;
$password = password;
$dbname = databaseName;
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$uuid = $_POST['uuid'];
$sql = "INSERT INTO tableName (columnName) VALUES ('$uuid')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
}
?>
Also, I recommend using prepared statements.

Why the require_once is not working in following scenario?

I've following code of a function in a PHP file titled sample.php :
function deleteValue($value) {
$servername = "localhost";
$username = "root";
$password = "jumbo";
$dbname = "demo";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "DELETE FROM user WHERE value = '$value'";
if ($conn->query($sql) === TRUE) {
$conn->close();
return true;
} else {
$conn->close();
return false;
}
}
Actually, in this file(sample.php) there are too many such functions which repeats the following database connectivity code :
$servername = "localhost";
$username = "root";
$password = "jumbo";
$dbname = "demo";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
Then, I created one file titled db.php in the same folder and added the above code to it. Using require_once('db.php'); at the beginning of file 'sample.php'I included the file to the above code. Finally the code appeared as follows :
require_once('db.php');
function deleteValue($value) {
$sql = "DELETE FROM user WHERE value = '$value'";
if ($conn->query($sql) === TRUE) {
$conn->close();
return true;
} else {
$conn->close();
return false;
}
}
Now it's giving me 500 Internal Server error.
Even instead of including the file I tried by pasting the whole code from db.php at the beginning of file sample.php as follows but still I get 500 Internal Server Error.
$servername = "localhost";
$username = "root";
$password = "jumbo";
$dbname = "demo";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function deleteValue($value) {
$sql = "DELETE FROM user WHERE value = '$value'";
if ($conn->query($sql) === TRUE) {
$conn->close();
return true;
} else {
$conn->close();
return false;
}
}
Can someone please correct the mistake I'm making in my code?
Thanks in advance.
I will suggest you that in db_config.php file you should use only database config and functions like this:
$servername = "localhost";
$username = "root";
$password = "jumbo";
$dbname = "jumbo_jet";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_errno) {
echo "Failed to connect to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
}
And in common.php use code like this:
require_once("db_config.php");
function deleteToken($receivedToken) {
global $conn;
$sql = "DELETE FROM user_login WHERE token = '$receivedToken'";
if ($conn->query($sql) === TRUE) {
return true;
}
return false;
}
I hope it will work for you. If anything else then let me know.

Categories