Hi i use this php script to update some values in my database but it accepts only numbers when i put my email it says : Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#hotmail.com' at line 1
i want to update the values where by entering email and username
and increase the values because i have more than 5 values to update
any solution? :)
<html>
<head>
<title>Update a Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$email = $_POST['email'];
$gold = $_POST['gold'];
$sql = "UPDATE userdata ". "SET gold = $gold ".
"WHERE email = $email" ;
mysql_select_db('chickenstories');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Email : </td>
<td><input name = "email" type = "text"
id = "email"></td>
</tr>
<tr>
<td width = "100">Gold : </td>
<td><input name = "gold" type = "text"
id = "gold"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
The problem is you are not putting email as string, you are passing it without escaping it, update this line:
$sql = "UPDATE userdata ". "SET gold = $gold ". "WHERE email = $email" ;
to Be:
$sql = "UPDATE userdata ". "SET gold = $gold ". "WHERE email = '$email'" ;
I also recommend you to escape all variable before putting them in database, to avoid SQL injection.
now it dont work again i have somewhere a syntax error on my query
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'email = 'test#hotmail.com' and username = 'TestName'' at line 1
<html>
<head>
<title>Update a Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$email = $_POST['email'];
$username = $_POST['username'];
$gold = $_POST['gold'];
$chickens = $_POST['chickens'];
$sql = "UPDATE userdata ". "SET gold = $gold, chickens = $chickens". "WHERE email = '$email' and username = '$username'" ;
mysql_select_db('chickenstories');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Email : </td>
<td><input name = "email" type = "text"
id = "email"></td>
</tr>
<tr>
<td width = "100">Username : </td>
<td><input name = "username" type = "text"
id = "username"></td>
</tr>
<tr>
<td width = "100">Gold : </td>
<td><input name = "gold" type = "text"
id = "gold"></td>
</tr>
<tr>
<td width = "100">Chickens : </td>
<td><input name = "chickens" type = "text"
id = "chickens"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Related
I am writing out a form in php,html... witch should normally update to my database but the form isnt showing up on the screen. Help!!! I am not a very expirianced coder so pleases if you could tell meif there is any other probleme with my code. Thanks :-)
<html>
<head>
<title>help</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = '*********';
$dbpass = '*****';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysqli_error());
}
$Userid = $_POST['UserID'];
$TableID = $_POST['tableID'];
$Life_points = $_POST['Life_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE points SET TableID = " . $TableID . " WHERE UserID = ". $Userid . " AND life_points = " . $Life_points . " AND xp_points= " . $xp_points;
mysqli_select_db('womath');
$retval = mysqli_query( $conn, $sql );
<?php echo $_SERVER['PHP_SERVER'] ?>
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully\n";
mysqli_close($conn);
} else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">UserID</td>
<td><input name = "UserID" type = "number" id = "UserID"></td>
</tr>
<tr>
<td width = "100">TableID</td>
<td><input name = "TableID" type = "number" id = "TableID"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "life_points" type = "number" id = "life_points"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "number" id = "xp_points"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td><input name = "update" type = "submit" id = "update" value = "Update"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
You have issued a query to the database for compilation and execution before you have told MYSQL which database you are trying to gain access to.
The mysqli_select_db('womath'); must happen before your first query
In fact that function is more for use when you want to switch from one database to another during a scripts execution, you can add the database name to the
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
like this
$conn = mysqli_connect($dbhost, $dbuser, $dbpass,'womath');
line if you like and forget about the line
mysqli_select_db('womath');
completely.
<html>
<head>
<title>help</title>
</head>
<body>
<?php
ini_set('display_errors', 1);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = '*********';
$dbpass = '*****';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass,'womath');
// --------------------------^^^^^^^^
if(! $conn ) {
die('Could not connect: ' . mysqli_error());
}
// move this calll to here or add database to the connect line
//mysqli_select_db('womath');
$Userid = $_POST['UserID'];
$TableID = $_POST['tableID'];
$Life_points = $_POST['Life_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE points SET TableID = '$TableID'
WHERE UserID = '$Userid'
AND life_points = '$Life_points'
AND xp_points = '$xp_points'";
$retval = mysqli_query( $conn, $sql );
// this following line also need a `;`
echo $_SERVER['PHP_SERVER'];
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully\n";
mysqli_close($conn);
// remove this else, as with it in place
// you only show the form when you are NOT updating the database
// }else {
// just terminate the IF so the form will show after an update
// AND when page is first loaded and there is no user input
}
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">UserID</td>
<td><input name = "UserID" type = "number"
id = "UserID"></td>
</tr>
<tr>
<td width = "100">TableID</td>
<td><input name = "TableID" type = "number" id = "TableID"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "life_points" type = "number" id = "life_points"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "number" id = "xp_points"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit" id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
Your script is at risk of SQL Injection Attack
Have a look at what happened to Little Bobby Tables Even
if you are escaping inputs, its not safe!
Use prepared parameterized statements
I have created a database (on phpmyadmin) and a form using php and html but I can't seem to find my databases URL address or there is something very wrong with my form... and It is saying Error -1 - Bridge response error, please check the API docs or this ajax response. What does it mean?
Here is the code:
<html>
<head>
<title>Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = localhost;'localhost:id674442_wommath';
$dbuser = 'root';
$dbpass = 'passroot';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$fir_name = $_POST['fir_name'];
$sur_name = $_POST['sur_name'];
$li_points = $_POST['li_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE First_name ". "SET Sur_name = $sur_name ".
"WHERE fir_name= $fur_name" ;
mysql_select_db('test_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">First_Name</td>
<td><input name = "fir_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">Surname</td>
<td><input name = "sur_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "li_points" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Please help!(my students want their website finished!!)
I have updated the code, there were lot of errors in the code. Also, if you are using php7, always use mysqli not only mysql.
<html>
<head>
<title>Database</title>
</head>
<body>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'passroot';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysqli_error());
}
$fir_name = $_POST['fir_name'];
$sur_name = $_POST['sur_name'];
$li_points = $_POST['li_points'];
$xp_points = $_POST['xp_points'];
$sql = "UPDATE First_name SET Sur_name = '".$sur_name."' WHERE fir_name= '".$fir_name."'";
mysqli_select_db('test_db');
$retval = mysqli_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Updated data successfully\n";
mysqli_close($conn);
}
else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">First_Name</td>
<td><input name = "fir_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">Surname</td>
<td><input name = "sur_name" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">life_points</td>
<td><input name = "li_points" type = "text"
id = "emp_id"></td>
</tr>
<tr>
<td width = "100">xp_points</td>
<td><input name = "xp_points" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Check this line
$dbhost = localhost;'localhost:id674442_wommath';
Why is there semicolon?
Set $dbhost to "localhost" and it will work.
The problem is about your $dbhost parameter .
You must set it correct value.
And if you can share more details helping will be easy to you .
If you are working on localhost use must write something like this :
$dbhost = 'localhost'; or $dbhost = '127.0.0.1';
And make sure your Apache server is using port 80 and if its different you must write it after the localhost or ip like this :
$dbhost = 'localhost:port number'; or $dbhost = '127.0.0.1:port number';
<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() ) {
$emp_name = addslashes ($_POST['emp_name']);
$emp_address = addslashes ($_POST['emp_address']);
}else {
$emp_name = $_POST['emp_name'];
$emp_address = $_POST['emp_address'];
}
$emp_salary = $_POST['emp_salary'];
$sql = "insert into employee(emp_name,emp_address, emp_salary)values('$emp_name','$emp_address','$emp_salary')";
mysqli_select_db($conn,"test_db");
$retval = mysqli_query($conn,$sql);
if(!$retval) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border = "0" cellspacing = "1"
cellpadding = "2">
<tr>
<td width = "100">Employee Name</td>
<td><input name = "emp_name" type = "text"
id = "emp_name"></td>
</tr>
<tr>
<td width = "100">Employee Address</td>
<td><input name = "emp_address" type = "text"
id = "emp_address"></td>
</tr>
<tr>
<td width = "100">Employee Salary</td>
<td><input name = "emp_salary" type = "text"
id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "add" type = "submit" id = "add"
value = "Add Employee">
</td>
</tr>
</table>
</form>
<?php
}
?>
when I am trying to enter the value and pressing the submit button at this time I am not getting any error but I cannot be able to enter the value in database.
The problem is I am getting text as "Could not enter data: Table 'employee' is read only".Can anyone please help me to sort out this problem ?
I have created the database (test_db) and table (employee ) in wamp server.
Your problem is solved. Even though, I will strongly recommend you to use Prepared Statements, otherwise your code is open for SQL injection and possible quoting issues.
You're mixing mysql and mysqli. Stop it. Since you're using mysqli,
take advantage of prepared statements and bind_param, otherwise you're
open for SQL injection and possible quoting issues. – #aynber
Changes
Change die('Could not connect: ' . mysql_error()); To die('Could not connect: ' . mysqli_connect_error());
Change mysql_close($conn); To mysqli_close($conn);
Change action = "<?php $_PHP_SELF ?>" To action = "<?php echo $_SERVER['PHP_SELF']; ?>"
Use Prepared Statements.
Updated Code
<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$db = "test_db";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $db);
if(! $conn ) {
die('Could not connect: ' . mysqli_connect_error());
}
$stmt = mysqli_prepare($conn, "INSERT INTO employee(emp_name,emp_address, emp_salary) VALUES (?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sss', $_POST['emp_name'], $_POST['emp_address'], $_POST['emp_salary']);
if(!mysqli_stmt_execute($stmt)) {
die('Could not enter data: ' . mysqli_error($conn));
}
echo "Entered data successfully\n";
mysqli_close($conn);
} else {
?>
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>">
<table width = "400" border = "0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">Employee Name</td>
<td><input name = "emp_name" type = "text" id = "emp_name"></td>
</tr>
<tr>
<td width = "100">Employee Address</td>
<td><input name = "emp_address" type = "text" id = "emp_address"></td>
</tr>
<tr>
<td width = "100">Employee Salary</td>
<td><input name = "emp_salary" type = "text" id = "emp_salary"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td><input name = "add" type = "submit" id = "add" value = "Add Employee"></td>
</tr>
</table>
</form>
<?php
}
?>
Quick Look
mysqli_stmt_bind_param
PHP_SELF
Table is 'read only' : [Solved]
I'm sure you user is not granted to enter data into you table
Please edit schema_name, and execute query on you DB:
GRANT ALL ON TABLE schema_name.employee TO root;
Also you can try without schema:
GRANT ALL ON TABLE employee TO root;
Hi guys im having difficult time here. i want to update data in sql server by using php but it keeps failing. can anyone help me with this? here are my sample codes i have used. Please guys help me with that i have been assigned to create that and it keeps me failing.im not sure where the problem is. i will be thankfull for your help.
<?php
if(isset($_POST['update'])) {
$server = "WIN-2012SRV-BK";
$user = "sa";
$pass = "";
$db = "test";
$connInfo = array("Database"=>$db, "UID"=>$user, "PWD"=>$pass);
$conn = sqlsrv_connect($server, $connInfo) or die( print_r( sqlsrv_errors(), true));
//$id = $_POST['id'];
//$emp_salary = $_POST['emp_salary'];
$pin = $_POST['pin'];
$phone = $_POST['phone'];
$sql = "UPDATE [test].[dbo].[subscriptions] ". "SET pin = {$pin} ".
"WHERE phone = {$phone}" ;
//$sqlsrv_select_db('test');
$retval = sqlsrv_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ');
}
echo "Updated data successfully\n";
mysql_close($conn);
}else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border =" 0" cellspacing = "0"
cellpadding = "0">
<tr>
<td width = "100">Phone Number</td>
<td><input name = "phone" type = "text"
id = "phone"></td>
</tr>
<tr>
<td width = "100"> </td>
<td> </td>
</tr>
<tr>
<td width = "100"> </td>
<td>
<input name = "update" type = "submit"
id = "update" value = "Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
The error i am getting is
Warning: sqlsrv_query() expects parameter 1 to be resource, string given in C:\xampp\htdocs\visionFund\pin-reset.php on line 70
Could not update data:
You have to put the connection string inside the query:
$sql = "$connection_string,UPDATE [test].[dbo].[subscriptions] ". "SET pin = {$pin} ". "WHERE phone = {$phone}" ;
I am not sure why my database is not receiving information from my website. Also, no error messages are popping up so I'm not sure the data is going anywhere at all. It appears to be letting me connect to the database, but when I click add employee I just get a blank page. Any suggestions?
EDIT: I have changed my code to only input one variable, but am still only returning a blank page.
<html>
<head>
<title>Add New Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['add'])) {
$dbhost = '';
$dbuser = 'j';
$dbpass = 'os';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() ) {
$emp_name = addslashes ($_POST['employee_name']);
} else {
$emp_name = $_POST['employee_name'];
}
$sql = "INSERT INTO employee ". "(employee_name) ". "VALUES('$emp_name')";
mysql_select_db('test_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
} else {
?>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<table width = "400" border = "0" cellspacing = "1" cellpadding = "2">
<tr>
<td width = "100">
Employee Name
</td>
<td>
<input name = "employee_name" type = "text" id = "employee_name">
</td>
</tr>
<tr>
<td width = "100">
</td>
<td>
</td>
</tr>
<tr>
<td width = "100">
</td>
<td>
<input name = "add" type = "submit" id = "add" value = "Add Employee">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
$sql = "INSERT INTO employee ". "(employee_name) ". "VALUES('$emp_name', NOW())";
You are passing 2 values in the sql, but only specifying one column. employee_name
you probably need to either remove the NOW() value or add another column (employee_name, date_added)
$sql = "INSERT INTO employee ". "(employee_name) ". "VALUES('$emp_name')";
$sql = "INSERT INTO employee ". "(employee_name, date_added) ". "VALUES('$emp_name', NOW())";