I have the codes following for a delete process;
if(isset($_POST['deleteSong'])) {
$id = $_POST['deleteSong'];
$delete = $connect->prepare('DELETE FROM lyrica_songs WHERE id = ?');
$delete->execute(array($id));
$error = TRUE;
}
These codes is not deleting row. I have 7 columns at lyrica_songs and 3 of them are integers. ID (auto increment), song_singer_id and song_hit and when i run my codes ID, song_singer_id, song_hit are not deleted. I tried making them text instead integers and ID and song_hit still can't be deleted.
EDIT:
My connection code
<?php
$db_host = 'mysql:host=localhost;dbname=lyrica;charset=utf8';
$db_username = 'root';
$db_password = '';
try {
$connect = new PDO($db_host,$db_username,$db_password);
$connect->exec('SET NAMES UTF-8; SET CHARACTER SET UTF-8');
} catch (PDOException $error) {
echo "Veritabanı bağlantısı kurulamadı: " . $error->getMessage();
}
PDO version of #ChukwuemekaInya code
$db_host = 'localhost';
$db_username = 'root';
$db_password = '';
try {
$query = "DELETE FROM `lyrica_songs` WHERE `id`=:id ";
$dB = new PDO("mysql:host=$db_host;dbname=lyrica", $db_username, $db_password);
$stmt = $dB->prepare($query);
$stmt->bindValue(':id', $id, PDO::PARAM_INT);
return $stmt->execute();
} catch (PDOException $e) {
echo $e->getMessage();
return false;
}
$db_host = 'localhost';
$db_username = 'root';
$db_password = '';
try {
$connect = new PDO("mysql:host=$db_host;dbname=lyrica",$db_username,$db_password);
} catch (PDOException $error) {
echo "Veritabanı bağlantısı kurulamadı: " . $error->getMessage();
}
$delete = $connect->prepare('DELETE FROM lyrica_songs WHERE id = :id');
$delete->bindParam(':id', $id);
$delete->execute();
$delete->close();
Related
Can't seem to get the database to update. No errors are returned, all variables are being passed into the function and I've googled for hours probably even days. What's weird is that I have another function using the same code that's in this function that works fine...
public function updateCustomer($uname, $umail, $ushipping, $uchargeID, $udate, $ID)
{
try {
$dbhost = 'host';
$dbuser = 'app';
$db_name = 'order';
$dbpass = '';
$conn1 = mysql_connect($dbhost, $dbuser, $dbpass);
$sql1 = "UPDATE customers
SET name = $uname, email = $umail, shipping = $ushipping, shipped = 'NO', charge_ID = $uchargeID, date = $udate
WHERE ID = $ID";
mysql_select_db('orders');
mysql_query($sql1);
return ;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
As I mentioned in my comment above, mysql_query() will not throw any exception. You should check it's return value, and if false, echo out mysql_error(). The issue you're having most likely is because none of your variables are being escaped in the database. This is not valid syntax:
UPDATE customers SET name = example_username
You want this:
UPDATE customers SET name = 'example_username'
You're much better off to just tell MySQL where you want variables, and let MySQL to the magic using prepared statements. An example can be found here:
public function updateCustomer($uname, $umail, $ushipping, $uchargeID, $udate, $ID)
{
try {
$dbhost = 'host';
$dbuser = 'app';
$db_name = 'order';
$dbpass = '';
$db = new PDO("mysql:host={$dbhost};dbname={$db_name}", $dbuser, $dbpass);
$sql1 = "UPDATE customers
SET name = :uname, email = :umail, shipping = :ushipping, shipped = 'NO', charge_ID = :ucharge_id, date = :udate
WHERE ID = :id";
$stmt = $db->prepare($sql1);
$res = $stmt->execute([
'uname' => $uname,
'umail' => $umail,
'ushipping' => $ushipping,
'ucharge_id' => $uchargeID,
'udate' => $udate,
'id' => $ID
]);
return;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
<?php
require 'functions/connection.php';
$conn = Connect();
$e_id = $conn->real_escape_string($_POST['e_id']);
$first_name = $conn->real_escape_string($_POST['first_name']);
$last_name = $conn->real_escape_string($_POST['last_name']);
$e_salary = $conn->real_escape_string($_POST['e_salary']);
$e_startdate = $conn->real_escape_string($_POST['e_startdate']);
$e_department = $conn->real_escape_string($_POST['e_department']);
$sql = "UPDATE employee SET firstname='$first_name' WHERE id=$e_id";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
mysqli_close($conn);
?>
I'm trying to use the first_name variable inside the update query.
I tried echo the variable and its working...
this is my connection code that im using.
<?php
function Connect()
{
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "company";
// Create connection
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname) or die($conn->connect_error);
return $conn;
}
?>
if i i replace the variable with anything between "" the database is getting updated
I'd suggest making it more secure and using prepared statements. This is an example using mysqli, but I prefer PDO:
<?php
require 'functions/connection.php';
$conn = Connect();
// Prepare the query
$myQuery = $conn->prepare("UPDATE employee SET firstname=? WHERE id=?");
$e_id = $conn->real_escape_string($_POST['e_id']);
$first_name = $conn->real_escape_string($_POST['first_name']);
$last_name = $conn->real_escape_string($_POST['last_name']);
$e_salary = $conn->real_escape_string($_POST['e_salary']);
$e_startdate = $conn->real_escape_string($_POST['e_startdate']);
$e_department = $conn->real_escape_string($_POST['e_department']);
// Bind your variables to the placemarkers (string, integer)
$myQuery->bind_param('si', $first_name, $e_id);
if ($myQuery->execute() == false) {
echo 'Error updating record: ' . $mysqli->error;
}
else {
echo 'Record updated successfully';
}
$myQuery->close();
?>
Note: The 'cleansing' you're doing in the middle I have left, but it's not really necessary with prepared statements.
functions/connection.php (Now an object):
<?php
class Connect
{
private $dbhost = "localhost";
private $dbuser = "root";
private $dbpass = "";
private $dbname = "company";
public $conn;
public function __construct()
{
if($this->conn = new mysqli($this->dbhost, $this->dbuser, $this->dbpass, $this->dbname))
{
//connection established
//do whatever you want here
}
else
{
//Error occurred
die($this->conn->error);
}
}
//other functions here
}
?>
Change mysqli_query to: $conn->conn->query($sql);
Prepared statement:
Avoid SQLI injection
if($stmt = $conn->conn->prepare("UPDATE employee SET firstname = ? WHERE id = ?"))
{
$stmt->bind_param('si', $first_name, $e_id);
$stmt->execute();
echo $stmt->affected_rows;
}
Final code:
<?php
require 'functions/connection.php';
$conn = new Connect();
$e_id = $conn->conn->real_escape_string($_POST['e_id']);
$first_name = $conn->conn->real_escape_string($_POST['first_name']);
$last_name = $conn->conn->real_escape_string($_POST['last_name']);
$e_salary = $conn->conn->real_escape_string($_POST['e_salary']);
$e_startdate = $conn->conn->real_escape_string($_POST['e_startdate']);
$e_department = $conn->conn->real_escape_string($_POST['e_department']);
if($stmt = $conn->conn->prepare("UPDATE employee SET firstname = ? WHERE id = ?"))
{
$stmt->bind_param('si', $first_name, $e_id);
$stmt->execute();
echo $stmt->affected_rows;
}
$conn->conn->close();
?>
I've recently tried to convert my procedural MySQL queries to PDO statements. I've copied the following code from php official documentation and added my parameters to it. It is not showing any results in the page.
<?php
$dsn = 'mysql:host=localhost;dbname=database';
$user = 'user';
$pass = 'pass';
try {
$dbh = new PDO($dsn , $user, $pass);
$dbh = null;
} catch (PDOException $e) {
print "An error has occurred. Please contact support. <br/>" . $e->getMessage() . "<br/>";
die();
}
$value = 'user1';
$stmt = $dbh->prepare("SELECT * FROM table where username = ?");
if ($stmt->execute(array($value))) {
while ($row = $stmt->fetch()) {
print_r($row);
}
?>
Try this:-
<?php
$dsn = 'mysql:host=localhost;dbname=databasename';
$user = 'user';
$pass = 'password';
try {
$dbh = new PDO($dsn , $user, $pass);
} catch (PDOException $e) {
print "An error has occurred. Please contact support. <br/>" .
$e->getMessage() . "<br/>";
die();
}
$value = 'user1';
$stmt = $dbh->prepare("SELECT * FROM table where column= ?");
if ($stmt->execute(array($value))) {
while ($row = $stmt->fetch()) {
print_r($row);
}
}
?>
I have a little SQL Commands Here
Databasename:Numbers
select * from tblstart where id = 1
output = 10
select * from tblstart where id = 2
output = 20
select * from tblstart where id = 3
output = 30
select * from tblstart where id = 4
output = 40
select * from tblstart where id = 5
output = 50
How can i transfer this output in textbox during Page Load
<input type="text" name="OutputOf10"><br>
<input type="text" name="OutputOf20"><br>
<input type="text" name="OutputOf30"><br>
<input type="text" name="OutputOf40"><br>
<input type="text" name="OutputOf50"><br>
Any help would be appreciated TY
Here is the code so far but im getting errors
Here is the php code(Updated)
<?php
$host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'poi';
try {
$pdo = new PDO('mysql:host='.$host.';dbname='.$db_name.'', $db_user, $db_pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare('SELECT COUNT(name) FROM tblmarker WHERE name = (Robbery)');
$stmt->execute(array('id'));
$result = $stmt->fetchAll();
if ( count($result) ) {
foreach($result as $row) {
$OutputOf10 = $row['Name'];
echo '<input type="text" name="OutputOf10" value="'.$OutputOf10.'"><br>';
}
} else {
echo "No rows returned.";
}
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
?>
You are missing quite a bit of information that would allow us to better help you.
Here's a start:
<?php
$host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'poi';
try {
$pdo = new PDO('mysql:host='.$host.';dbname='.$db_name.'', $db_user, $db_pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare('SELECT name from tblmarker where id = 112"');
$stmt->execute(array('OutputOf10' => $id));
$result = $stmt->fetchAll();
if ( count($result) ) {
foreach($result as $row) {
$OutputOf10 = $row['name'];
echo "<input type="text" name="OutputOf10" id="OutputOf10" value='".$OutputOf10."' ";
}
} else {
echo "No rows returned.";
}
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
?>
<input type="text" name="OutputOf10" value="<?php echo $Outputof10 ?>"><br>
To support update:
<?php
$id = 112;
$host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'poi';
try {
$pdo = new PDO('mysql:host='.$host.';dbname='.$db_name.'', $db_user, $db_pass);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare('SELECT * FROM tblmarker WHERE id = :id');
$stmt->execute(array('id' => $id));
$result = $stmt->fetchAll();
if ( count($result) ) {
foreach($result as $row) {
$OutputOf10 = $row['name'];
echo '<input type="text" name="OutputOf10" value="'.$OutputOf10.'"><br>';
}
} else {
echo "No rows returned.";
}
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
?>
I'm trying to retrieve data from my table using PDO, only I can't seem to output anything to my browser, I just get a plain white page.
try {
// Connect and create the PDO object
$conn = new PDO("mysql:host=$hostdb; dbname=$namedb", $userdb, $passdb);
$conn->exec("SET CHARACTER SET utf8"); // Sets encoding UTF-8
$lastIndex = 2;
$sql = "SELECT * FROM directory WHERE id > :lastIndex AND user_active != '' LIMIT 20"
$sth = $conn->prepare($sql);
$sth->execute(array(':lastIndex' => $lastIndex));
$c = 1;
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
echo 'ALL STYLING ETC RESULTS HERE';
$c++;
}
$conn = null; // Disconnect
}
EXAMPLE.
This is your dbc class
<?php
class dbc {
public $dbserver = 'server';
public $dbusername = 'user';
public $dbpassword = 'pass';
public $dbname = 'db';
function openDb() {
try {
$db = new PDO('mysql:host=' . $this->dbserver . ';dbname=' . $this->dbname . ';charset=utf8', '' . $this->dbusername . '', '' . $this->dbpassword . '');
} catch (PDOException $e) {
die("error, please try again");
}
return $db;
}
function getAllData($qty) {
//prepared query to prevent SQL injections
$query = "select * from TABLE where qty = ?";
$stmt = $this->openDb()->prepare($query);
$stmt->bindValue(1, $qty, PDO::PARAM_INT);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $rows;
}
?>
your PHP page:
<?php
require "dbc.php";
$getList = $db->getAllData(25);
foreach ($getList as $key=> $row) {
echo $row['columnName'] .' key: '. $key;
}