i have two update queries to update mysql db of the system.problem is my second update query works but my first one doesn't execute at all.
cant figure out whats going on...any help would be great
here is my php code.
$dob = $_POST["dob"];
$name = $_POST["name"];
$mob = $_POST["mobileNo"];
$home = $_POST["homeNO"];
$files = $_FILES["filep"]["name"];
echo $files;
$folder = "images/";
$uid = $_SESSION["Uid"];
if($_FILES["filep"]["error"] == 4) {
echo "no file selected";
}
move_uploaded_file($_FILES["filep"]["tmp_name"] , "$folder".$_FILES["filep"]["name"]);
$result = mysqli_query($con,"UPDATE User SET DOB = '" . $uid . "', MOBNO = '" . $mob . "', HOMENO = '" . $home . "',DOB = '" . $dob . "',IMAGE_URL = '" . $files . "' WHERE UID='" . $uid . "'");
$result = mysqli_query($con,"UPDATE User_Credentials SET NAME = '" . $name . "' WHERE CID='" . $uid . "'");
i have checked all the $name,$mob etc variables and value are passing without any problem..
Related
I have a event form for my members to fill in. The form is working and going to database.
But, how can I show which member has posted the event, so other people know? Because I tried having the user_id in sql string and was only showing the last post in the database not all posts from all users.
here is the form php section
<?php
include("config/db_connect.php");
include("config/ckh_session.php");
// Inserting user Details code
if (isset($_POST['btnSave'])) {
$event_title = mysqli_real_escape_string($conn, $_POST['event_title']);
$myDate = mysqli_real_escape_string($conn, $_POST['myDate']);
$cboStartTime = mysqli_real_escape_string($conn, $_POST['cboStartTime']);
$dteEndDate = mysqli_real_escape_string($conn, $_POST['dteEndDate']);
$dteEndTime = mysqli_real_escape_string($conn, $_POST['dteEndTime']);
$event_type = mysqli_real_escape_string($conn, $_POST['event_type']);
$country = mysqli_real_escape_string($conn, $_POST['country']);
$event_region = mysqli_real_escape_string($conn, $_POST['event_region']);
$union_territory = mysqli_real_escape_string($conn, $_POST['union_territory']);
$event_town = mysqli_real_escape_string($conn, $_POST['event_town']);
$event_postalcode = mysqli_real_escape_string($conn, $_POST['event_postalcode']);
$event_title = mysqli_real_escape_string($conn, $_POST['event_title']);
$event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
$event_ltm = mysqli_real_escape_string($conn, $_POST['event_ltm']);
$insert = mysqli_query($conn, "update events set event_title = '" . $event_title . "' ,
myDate = '" . $myDate . "' ,
cboStartTime = '" . $cboStartTime . "' ,
dteEndDate = '" . $dteEndDate . "' ,
dteEndTime = '" . $dteEndTime . "' ,
event_type = '" . $event_type . "' ,
country = '" . $country . "' ,
event_region = '" . $event_region . "' ,
union_territory = '" . $union_territory . "' ,
event_town = '" . $event_town . "' ,
event_postalcode = '" . $event_postalcode . "' ,
event_title = '" . $event_title . "' ,
event_description = '" . $event_description . "' ,
event_ltm = '" . $event_ltm . "' ") or die(mysqli_error($conn));
if ($_POST['event_ltm'] == 'MF Cpl') {
header("location: CoupleffEvent.php");
} else if ($_POST['event_ltm'] == 'MM Cpl') {
header("location: CouplemmEvent.php");
} else if ($_POST['event_ltm'] == 'FF Cpl') {
header("location: CoupleffEvent.php");
}
}
// Fetch user details
$query = mysqli_query($conn, "select * from user where user_id = '" . $_SESSION['last_id'] . "' ");
$fetch_user = mysqli_fetch_array($query);
$user_country = $fetch_user['user_country'];
$user_gender = $fetch_user['user_gender'];
?>
any help would be much appreciated so i can go to next step
I'm not sure to understand what you're looking for.
If you're getting an user_id, you will have to select * FROM events and then join user table, like INNER JOIN user ON events.user_id = user.id
This type of request will display all event and join informations about the user.id
Resources : https://www.w3resource.com/mysql/advance-query-in-mysql/inner-join-with-multiple-tables.php
Hope it will help,
I've created a page where I've place for updating the attachment. While doing so, if a file with same name, size, extension is attached, the attachment table need not be updated. This is the scenario. This is how I tried to do:
else if($mode == "attachment_update") {
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["_id"]));
$upload_directory = "upload/attachment/";
$result = file_upload("attachment", "../".$upload_directory);
$file_name = '".addslashes($result[file_name])."';
write_log($file_name);
$file_extension = '".$result[file_extension]."';
write_log($file_extension);
$file_size = '".$result[file_size]."';
write_log($file_size);
$uploaded_file_name = '".$result[uploaded_file_name]."';
write_log($uploaded_file_name);
$uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."';
write_log($uploaded_file_path);
$query_select = "SELECT
file_name,
file_extension,
file_size,
uploaded_file_name,
uploaded_file_path
FROM
attachments
WHERE
id = 'id';";
$result1 = mysqli_query($mysqli, $query_select) or throwexception(mysqli_error($mysqli));
$row = mysqli_fetch_row($result1);
write_log($row[0]);
write_log($row[1]);
write_log($row[2]);
write_log($row[3]);
write_log($row[4]);
if($row[0] == $file_name &&
$row[1] == $file_extension &&
$row[2] == $file_size &&
$row[3] == $uploaded_file_name &&
$row[4] == $uploaded_file_path)
{
write_log("inside if");
} else {
if($result[status] == true) {
$query = "UPDATE
attachments
SET
file_name = '".addslashes($result[file_name])."',
file_extension = '".$result[file_extension]."',
file_size = '".$result[file_size]."',
uploaded_file_name = '".$result[uploaded_file_name]."',
uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."',
recorded_by = '$recorded_by',
recorded_datetime = '$recorded_datetime'
WHERE
id = 'id';";
mysqli_query($mysqli, $query) or throwexception(mysqli_error($mysqli));
}
}
echo json_encode(array("message" => "Updated successfully"));
exit;
}
The if condition does the thing. If all are true, the table will not be updated. If even any one fails, the table will be updated.
Here the problem is $file_name, $file_extension, $file_size, $uploaded_file_name are going null. I don't know how to retrieve it. Can someone tell how to retrieve those data, so that if can check it with the if condition?
In your case, You do not need to fire select query. just add AND condition in update query.
if ($mode == "attachment_update") {
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["_id"]));
$upload_directory = "upload/attachment/";
$result = file_upload("attachment", "../" . $upload_directory);
$file_name = '".addslashes($result[file_name])."';
write_log($file_name);
$file_extension = '".$result[file_extension]."';
write_log($file_extension);
$file_size = '".$result[file_size]."';
write_log($file_size);
$uploaded_file_name = '".$result[uploaded_file_name]."';
write_log($uploaded_file_name);
$uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."';
write_log($uploaded_file_path);
$query = "UPDATE
attachments
SET
file_name = '" . addslashes($result[file_name]) . "',
file_extension = '" . $result[file_extension] . "',
file_size = '" . $result[file_size] . "',
uploaded_file_name = '" . $result[uploaded_file_name] . "',
uploaded_file_path = '" . $upload_directory . $result[uploaded_file_name] . "',
recorded_by = '$recorded_by',
recorded_datetime = '$recorded_datetime'
WHERE
id = 'id'
and file_name <> '" . addslashes($result[file_name]) . "',
and file_extension = '" . $result[file_extension] . "',
and file_size = '" . $result[file_size] . "',
and uploaded_file_name = '" . $result[uploaded_file_name] . "',
and uploaded_file_path = '" . $upload_directory . $result[uploaded_file_name] . "',
;";
mysqli_query($mysqli, $query) or throwexception(mysqli_error($mysqli));
echo json_encode(array("message" => "Updated successfully"));
exit;
}
Your question need more clarity.
Can you share the function,
$result = file_upload("attachment", "../".$upload_directory);
Are you able to log the values of $filename and $row?
write_log($file_name);
AND
write_log($row[0]);
I have jtable working perfectly fine with adding/editing/removing records however I cant insert/update a record that contains an apostrophe ! Someone please help!
Below is a snapshot fo my code
Blockquote //Updating a record (updateAction)
$result = mysql_query("UPDATE teg_priority SET CustomerName = '" . $_POST["CustomerName"] . "', Service_Manager = '" . $_POST["Service_Manager"]. "', NGM = '" . $_POST["NGM"] . "', Tag = '" . $_POST["Tag"] . "', CBS = '" . $_POST["CBS"]. "' WHERE CIDN = " . $_POST["CIDN"] . ";");
//Return result to jTable
$jTableResult = array();
$jTableResult['Result'] = "OK";
print json_encode($jTableResult);
}
Blockquote
You can use addslashes on the variables before putting them in the query.
$result = mysql_query("UPDATE teg_priority SET CustomerName = '" . addslashes($_POST["CustomerName"]) . "', Service_Manager = '" . addslashes($_POST["Service_Manager"]). "', NGM = '" . addslashes($_POST["NGM"]) . "', Tag = '" . addslashes($_POST["Tag"]) . "', CBS = '" . addslashes($_POST["CBS"]). "' WHERE CIDN = " .addslashes( $_POST["CIDN"]) . ";");
The query isn't updating, not sure what I've done wrong.
$q_result = mysql_query("UPDATE
users
SET
recovery_answer = '".$_POST['answer']."',
recovery_question = '".$_POST['question']."',
date_question_set = '" . mysql_real_escape_string($register_date) . "'
WHERE
username='" . mysql_real_escape_string($_SESSION['username']) . "'");
Can you echo "UPDATE
users
SET
recovery_answer = '".$_POST['answer']."',
recovery_question = '".$_POST['question']."',
date_question_set = '" . mysql_real_escape_string($register_date) . "'
WHERE
username='" . mysql_real_escape_string($_SESSION['username']) . "'" and post?
this script is simply not working... can anyone tell me what I'm doing wrong?
$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];
include('appvars.php');
$query = "UPDATE insight SET name='".$name."' AND SET date='". $date . "' AND SET html='" . $html . "' AND SET shortdesc='" . $shortdesc . "' AND SET link='" . $link . "' AND SET target='" . $target . "' AND SET sort='" . $sort . "' WHERE id='" . $id . "'";
mysqli_query($dbc, $query);
You aren't escaping your values so you are vulnerable to SQL injection and also construction of invalid statements. For example, if any of your input strings contain an apostrophe then it could cause your code to fail.
Have a look at prepared statements that will make it much easier to construct your queries with parameters.
In your query you will also need to use commas instead of AND SET.
$query = "UPDATE insight SET name='foo', date='2012-12-10' WHERE id=42";
The syntax for UPDATE is described in the MySQL documentation:
UPDATE syntax
Use it like this,
$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";
Its working ... check now
$id = $_POST['id'];
$name = $_POST['name'];
$date = $_POST['date'];
$shortdesc = $_POST['shortdesc'];
$link = $_POST['link'];
$target = $_POST['target'];
$sort = $_POST['sort'];
$html = $_POST['html'];
include('appvars.php');
$query = "UPDATE insight SET name='".$name."' ,date='". $date . "' ,html='" . $html . "' ,shortdesc='" . $shortdesc . "' ,link='" . $link . "' ,target='" . $target . "' ,sort='" . $sort . "' WHERE id='" . $id . "'";
mysqli_query($dbc, $query);
I aint a pro at mysql, but a try.
I guess id is an integer. So, dont quote it.
Try this,
$query = "UPDATE insight SET name='".$name."' , date='". $date . "' , html='" . $html . "' , shortdesc='" . $shortdesc . "' , link='" . $link . "' , target='" . $target . "' , sort='" . $sort . "' WHERE id=". $id ;
I think the SQL syntax is not correct, you can use it like this: UPDATE tablename SET rowname = value , ....