on my first UPDATE statement, im trying to have my WHERE value contain the variable $couponCode but it does not work as of now. This is so that the correct row updates depending on what the input is. any help would be appreciated.
if ($couponCode == $coupons_db3['coupon_code']){
echo $couponCode;
$stmt = $db->prepare('UPDATE promocode_3 SET used = 1 WHERE coupon_code ='.$couponCode);
$stmt = $db->prepare('UPDATE usr_customer_profile SET packageid = 3 WHERE usrcustomerid = :usrcustomerid');
$stmt->bindValue(':usrcustomerid', $_SESSION['usrcustomerid'], PDO::PARAM_INT);
$stmt->execute();
break;
}
You need to bind the couponCode as well.
if ($couponCode == $coupons_db3['coupon_code']){
echo $couponCode;
$stmt = $db->prepare('UPDATE promocode_3 SET used = 1 WHERE coupon_code =:couponCode');
$stmt->bindValue(':couponCode', $couponCode, PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare('UPDATE usr_customer_profile SET packageid = 3 WHERE usrcustomerid = :usrcustomerid');
$stmt->bindValue(':usrcustomerid', $_SESSION['usrcustomerid'], PDO::PARAM_INT);
$stmt->execute();
break;
}
Edit
Please ignore.. #Bira's answer is more accurate
Try this:
$stmt = $db->prepare("UPDATE promocode_3 SET used = 1 WHERE coupon_code ='".$couponCode."'");
you missed the quote in coupon code value.
P.S. I don't know which database you are using. Please mention that next time. :)
This should work but it's not an ideal case for a prepared statement because in case of prepared statements you should give parameters only at the time of execution.
"prepare" should only compile an sql statement and parameters should be passed later on.
Related
I have the following update statement which does execute successfully but with no value change in the table.
$name = "John Doe"; //to update into John Stack
$chenna = "Mz"; $reg = 25; $km = 3;
$dbh = PDO Object
$stmt = $dbh->prepare("UPDATE `hl_customer` SET `name`=:hming, `address`=:chenna
WHERE `regd`=:regd AND `kum`=:km");
$stmt->bindParam(':hming', $name, PDO::PARAM_STR);
$stmt->bindParam(':chenna', $hmun, PDO::PARAM_STR);
$stmt->bindParam(':regd', $reg, PDO::PARAM_INT);
$stmt->bindParam(':km', $km, PDO::PARAM_INT);
$stmt->execute();
$affected = $stmt->rowCount();
Another tested code:
$stmt = $dbh->prepare("UPDATE `hl_customer` SET `name`=?, `address`=?
WHERE `regd`=? AND `kum`=?");
$stmt->execute([$name, $hmun, $reg, $km]);
$affected = $stmt->rowCount();
$stmt = $dbh->query("UPDATE `hl_customer` SET `name`='$name', `address`='$chenna'
WHERE `regd`='$reg' AND `kum`='$km'");
In order to update I kept changing the $name variable, yet there was no affected row. The row count always return 0. I did tested in both phpmyadmin(latest version) and mysql Workbench(latest) and the problem is still there. Then I tested again in mysql console, and it works as expected. But why is it not working in the code shown above, phpmyadmin and workbench. What could be the problem? Is my code wrong? I used mysql 8.0.12, php 5.6.* and php 7.1.*.
I did test it again without parameterized query, still it did not work. Now I begin to think that it is a kind of bug in php.
Thanks
Well i don't see anything wrong with your code try and verify if the number of columns in your table matches the number of paramaters you have because you said it works when you drop the last parameter
Yesterday i decided to learn PDO and rewrite our server php to PDO.
The thing that jumped to my mind while rewriting the code is the need of repeated use of bindParam for the same parameters i already used.
Here is an example:
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->beginTransaction();
$stmt = $dbh->prepare("INSERT INTO Products(productID,numOfLikes) VALUES (:productID,0) ON DUPLICATE KEY UPDATE productID = productID;");
$stmt->bindParam(":productID",$productID);
$stmt->execute();
if($customerID !== 0){
//*****Check, if customerID is in the Database, else add the customerID to the Database.
$stmt = $dbh->prepare("INSERT INTO Customers(customerID) VALUES (:customerID) ON DUPLICATE KEY UPDATE customerID = customerID;");
$stmt->bindParam(":customerID",$customerID);
$stmt->execute();
//*****if customerID and productID are NOT registered together ,then register and add +1 to productID numOfLikes
$stmt = $dbh->prepare("SELECT customerID, productID FROM CustomerProducts WHERE productID = :productID AND customerID = :customerID");
$stmt->bindParam(":productID",$productID);
$stmt->bindParam(":customerID",$customerID);
$stmt->execute();
if ($stmt->rowCount() == 0) {
//echo "added";
$stmt = $dbh->prepare("INSERT INTO CustomerProducts(customerID, productID) Values (:customerID,:productID)");
$stmt->bindParam(":customerID",$customerID);
$stmt->bindParam(":productID",$productID);
$stmt->execute();
$stmt = $dbh->prepare("UPDATE Products SET numOfLikes = numOfLikes + 1 WHERE productID = :productID");
$stmt->bindParam(":productID",$productID);
$stmt->execute();
}else {
//echo "removed";
$stmt = $dbh->prepare("DELETE FROM CustomerProducts WHERE productID = ".$productID." AND customerID = ".$customerID);
$stmt->bindParam(":customerID",$customerID);
$stmt->bindParam(":productID",$productID);
$stmt->execute();
$stmt = $dbh->prepare("UPDATE Products SET numOfLikes = numOfLikes - 1 WHERE productID = ".$productID);
$stmt->bindParam(":productID",$productID);
$stmt->execute();
}
}
$dbh->commit();
Is there a way to write it in "prettier way"?
Can you see any flows in that could. I would appreciate every help.
Note: this code will be for production use in the near future.
Yes there is...
You can supply bindParam as an array to the execute function...
Something like this:
$statement->execute([
':username'=> $username,
':password'=> $password
]);
It's using bindParam and execute in just one statement, and it looks cleaner in my opinion.
Yes, you can get around the repeated variables by defining mySql user variables like this:
$psVars = $dbh->prepare("SET #pid = :productID;");
$psVars->bindParam(':productID', $productID);
$psVars->execute();
Then, in subsequent statements, just use #pid instead of a bound parameter
These lines of code seem to work fine:
if(isset($_POST['result'])) {
if($_POST['result'] == 'true'){
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id='$post_id'");
if($stmt = mysqli_prepare($con,$delete_post_query)){
}
}
}
However the prepared equivalent doesnt below doesnt seem to execute:
if(isset($_POST['result'])) {
if($_POST['result'] == 'true'){
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id=?");
if($stmt = mysqli_prepare($con,$delete_post_query)){
mysqli_stmt_bind_param($stmt, "s",$post_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
}
}
I am quite confused by this and am fairly certain i am missing something obvious. Any suggestions/solution ?
UPDATE/EDIT:
I made a silly mistake copy/pasting the code so i updated that as suggested.
Have also tried the binding parameters as an integer and as a double respectively.
I believe the issue has something to do with binding parameters as when i replace the placeholder (i.e. '?') with the hardcoded variable $post_id, it works just fine.
Since you are using MySQLi you could take a different approach to your code, and use something like
if(isset($_POST['result'])) {
if($_POST['result'] == 'true'){
$id = $_POST['post_id']; // make sure to define id
$delete_post_query = "UPDATE posts SET deleted='yes' WHERE id=? LIMIT 1"
if ($stmt = $mysqli->prepare($delete_post_query))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
}
}
}
You haven't passed reference for any parameter for input.
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id='$post_id'");
This query says to delete and you have also given a $post_id but below
mysqli_stmt_bind_param($stmt, "ss",$friend_array,$user_to_remove);
you have binding parameter which server couldn't find what's it's reference. Your query should be like this
$delete_post_query = mysqli_query($con, "UPDATE posts SET deleted='yes' WHERE id=?");
and binding paramter should be like this. Since you have only one reference ? you can only bind one parameter. Also id is int then use i if string then use s
mysqli_stmt_bind_param($stmt, "i",$user_to_remove);
//New Way
$stmt = $con->prepare("UPDATE posts SET DELETED='yes' WHERE id=?");
$stmt->bind_param("i",$user_to_remove);
$stmt->execute();
I have the following query
$products = $this->mysqliengine->query("select * from temp_all_product where download_status = 0") or die($this->mysqliengine->error());
$temp_status_update = $this->mysqliengine->prepare("update temp_all_product set download_status = ? where id = ?") or die($this->mysqliengine->error);
$temp_status_update->bind_result($download_status, $id);
while($product = $products->fetch_assoc()) {
$id = $product['id'];
$download_status = 1;
$temp_status_update->execute();
}
In the above statement I can select the values from temp table but unable to update the status. What is the problem here
You need to use bind_param in your update statement instead of bind_result.
$temp_status_update->bind_param('dd', $download_status, $id);
The 'dd' just tells the system that each input is a number.
http://www.php.net/manual/en/mysqli-stmt.bind-param.php
#eggyal was merely suggesting that you could replace all your code with a single update statement. Your remark about LIMIT does not make much sense.
Suggestion: If you don't have much invested in mysqli then switch to PDO. It allows using named parameters which can make your code more robust and easier to maintain:
$sql = "UPDATE temp_all_product SET download_status = :status where id = :id";
$stmt = $pdo->prepare($sql);
$stmt->execute(array('status' => 1, 'id' => $product['id']));
Plus you can configure it to throw exceptions so you don't need all this error checking.
http://www.php.net/manual/en/book.pdo.php
http://net.tutsplus.com/tutorials/php/pdo-vs-mysqli-which-should-you-use/
I can update my columns dynamically, but I dont know how to update it with set values (stupid I know)
This is my sql code that updates the columns with set values:
if (isset($_POST['delete'])) {
$sql = 'UPDATE users SET user_deletion_date = NOW(), user_deleted_by = '.$_SESSION['id'].', deleted = Y
WHERE user_id = ?';
if ($stmt->prepare($sql)) {
// bind the query parameters
$stmt->bind_param('i', $_GET['user_id']);
// bind the result to variables
$stmt->bind_result($user_id, $user_deletion_date, $user_deleted_by, $deleted);
// execute the query, and fetch the result
$done = $stmt->execute();
$stmt->fetch();
}
}
if ($done) {
header('Location: update_users_confirm.php');
exit;
}
this doesn't update the table at all, I know that the issue is with my bind_param, could someone please help
Michael B's answer is mostly likely the solution. Change the $_GET to $_POST