I want to delete a string from a database (of Wordpress posts) that starts with <noindex> and ends with </noindex>. The string is not always the same between those strings.
I found a PHP script that seems to old and doesn't work, it requires some fixes (like msqli) and I have no idea, I'm just trying to clean viruses from a database:
<?php
$co = mysql_connect("localhost", "MY_USER", "MY_PASS");
mysql_set_charset('utf8');
mysql_select_db("MY_DB", $co);
$selectQuery = "SELECT ID, post_content FROM wp_posts";
$res = mysql_query($selectQuery, $co) or exit(mysql_error());
while($row = mysql_fetch_assoc($res))
{
$updateQuery = "UPDATE wp_posts SET post_content = '" . addslashes(preg_replace("<noindex>(.*)</noindex>", '', $row['post_content'])) . "' WHERE ID = " . $row['ID'];
mysql_query($updateQuery) or exit(mysql_error());
}
mysql_close($co);
?>
Can you please help me? Thank you.
Try this code:-
<?php
$co = mysqli_connect("localhost", "MY_USER", "MY_PASS");
mysqli_set_charset($co,'utf8');
mysqli_select_db("MY_DB", $co);
$selectQuery = "SELECT ID, post_content FROM wp_posts";
$res = mysqli_query($co,$selectQuery) or exit(mysqli_error());
while($row = mysqli_fetch_assoc($res))
{
$updateQuery = "UPDATE wp_posts SET post_content = '" . addslashes(preg_replace("<noindex>(.*)</noindex>", '', $row['post_content'])) . "' WHERE ID = " . $row['ID'];
mysqli_query($co,$updateQuery) or exit(mysqli_error());
}
mysqli_close($co);
?>
Related
I'm pretty new to php, so don't really know how to do much, but from what I've looked up, this should echo all values from the two fields.
<?php
$con = mysqli_connect('localhost', 'root', 'root', 'unityaccess');
if(mysqli_connect_errno())
{
echo "1: Connection failed"; //error code 1 = connection failed
exit();
}
$username = $_POST["name"];
$idcheckquery = "SELECT id FROM users WHERE username = '" . $username . "';";
$idcheck = mysqli_query($con, $idcheckquery) or die("7: ID check query failed"); //error code 8 = couldn't get user's id
$existingid = mysqli_fetch_assoc($idcheck);
$userid = $existingid["id"];
$itemfindquery = "SELECT itemid, equipped FROM inventory WHERE userid = '" . $userid ."';";
$itemfind = mysqli_query($con, $itemfindquery) or die("9: Couldn't find items");
while($row = $mysqli_fetch_assoc($itemfind)){
echo $row["itemid"] . ", " . $row["equipped"] . " ";
}
?>
I expect this to, when it is called in unity, to print a list of all the values in each list, but instead it doesn't echo anything.
The mysqli_fetch_assoc() function is being used as a variable ($). Just remove the dollar sign and it will work.
while($row = mysqli_fetch_assoc($itemfind)){
echo $row["itemid"] . ", " . $row["equipped"] . " ";
}
Also, try to use prepared statements to fight against SQL injections.
I have created a code to delete image which is in a folder and to update image_path to null in the database. Although the image deletes the image, the path does not get updated to null. I spent hours to catch my mistake. But I could not. Any help would be grateful!
This is my code
<?php
//this is were images displayed
$sql = "SELECT * FROM services WHERE user_name='wendi'";
$result = $con->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while ($row = $result->fetch_assoc()) {
?>
<img src="images/template/delete.png" id="AEDbutton">delete
<?php
echo "<img border=\"0\" src=\"" . $row['image_path4'] . "\" width=\"200\" height=\"100\">";
echo "<br>";
}
}
?>
this is delete.php
<?php
include('config.php');
$sql = "SELECT * FROM services WHERE user_name='wendi'";
$result = $con->query($sql);
while ($row = $result->fetch_assoc()) {
$image = $row['image_path4'];
unlink($image);
}
$sql = "UPDATE image_path4=null, file_name4=null FROM services WHERE user_name='wendi'";
$result = $con->query($sql);
?>
It seems your UPDATE query is malformed, the syntax should be like this:
UPDATE {table} SET {column}={value} WHERE {column2}={value2}
So in your case this would be:
UPDATE services SET image_path4=null, file_name4=null WHERE user_name='wendi'
Your query should be like this:
$sql = "UPDATE services SET image_path4 = null, file_name4 = null WHERE user_name = 'wendi' ";
After uplink function assign $image to null:
$image = null;
And use update query below:
$sql = "UPDATE `services ` SET `image_path4` = ' ". $image." ', `file_name4` = ' ". $image." ' WHERE `user_name` = 'wendi' ";
this is my code when i run it
$name=$_GET['name'];
$strSQL = "SELECT * FROM category WHERE name LIKE =" .$name;
$rs = mysql_query($strSQL);
// Loop the recordset $rs
$response = array();
while($row = mysql_fetch_array($rs)) {
$product = array();
$product["id"] = $row["id"];
$product["name"] = $row["name"];
array_push($response, $product);
}
echo json_encode($response);
}
error:mysql_fetch_array() expects parameter 1 to be resource, boolean given in while($row = mysql_fetch_array($rs))
it shows error on this line help me to fix this
you have inserted wrong syntax ....use this
$strSQL = "SELECT * FROM category WHERE name LIKE '%$name'";
You need to open a connection to your database. Something like:
<?php
$dbhost = 'localhost:3036';
$dbuser = 'root';
$dbpass = 'rootpassword';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$name=$_GET['name'];
$strSQL = "SELECT * FROM category WHERE name LIKE '%" .$name . "%'";
// $strSQL = "SELECT * FROM category WHERE name = '" .$name . "'";
$rs = mysql_query($strSQL, $conn);
// Loop the recordset $rs
$response = array();
while($row = mysql_fetch_array($rs)) {
$product = array();
$product["id"] = $row["id"];
$product["name"] = $row["name"];
array_push($response, $product);
}
echo json_encode($response);
?>
Also if you are going to use "LIKE" in your sql, you don't use "=".
It is because You are not sending Query matched with your datatype of the name field.
Try below syntax with ''
$strSQL = "SELECT * FROM category WHERE name LIKE '" .$name . "'";
IF you still getting the same error then try this code
$name=$_GET['name'];
$strSQL = "SELECT * FROM category WHERE name LIKE '" .$name . "'";
$rs = mysql_query($strSQL);
if(mysql_num_rows($rs) > 0){
// Loop the recordset $rs
$response = array();
while($row = mysql_fetch_array($rs)) {
$product = array();
$product["id"] = $row["id"];
$product["name"] = $row["name"];
array_push($response, $product);
}
echo json_encode($response);
}
}
else{ echo json_encode(array('msg'=>"No records found")); }
Hi I am building a blog using html and php and have run into a problem with my sql. In my blog I would like to show all the comments that have been put in by users in the comments section that have the same article ID. In my database I am saving these parameters via $_POST and a query ID, ArticleID, Comments. However only the last comment that has been inserted in the database with that articleID is showing up.
this is the code that I am using. Can anyone help me please?
if(isset($_POST['submit']))
{
$comment = htmlentities($_POST["comment"]);
$articleID = $_GET['artId'];
$query = "INSERT INTO tbl_comments (comment, ArticleID) VALUES ('$comment', $articleID)";
$result = mysqli_query($connection, $query) or die("Error in query: ". mysqli_error($connection));
}
$query1 = "SELECT * FROM tbl_comments WHERE ArticleID = $artId";
$result1 = mysqli_query($connection, $query1) or die("Error in query: ". mysqli_error($connection));
while($row = mysqli_fetch_assoc($result1))
{
$articleId = $row['ArticleID'];
$comment = $row['comment'];
}
if(isset($comment))
{
echo "<div class='comments'>";
if (isset($comment))
{
echo "<div class='commentName'>";
echo $comment;
echo "</div>";
}
change
while($row = mysqli_fetch_assoc($result1))
{
$articleId = $row['ArticleID'];
$comment = $row['comment'];
}
to:
$comment = '';
while($row = mysqli_fetch_assoc($result1))
$comment .= $row['comment'] . '<br/>';
So my problem is that I want to add multiple members in one team, but I cannot seem to figure out how or whether if it is even possible to do so. Here is my code for you to get my question.
<?php
$tname = $_POST['tname'];
$maxnum = $_POST['maxnum'];
$host = "localhost";
$sqluname = "root";
$sqlpass = "";
$db = "teams";
$tablename = "team info";
$mem1 = $_POST['mem1'];
$mem2 = $_POST['mem2'];
$mem3 = $_POST['mem3'];
$mem4 = $_POST['mem4'];
$connect = mysqli_connect("$host","$sqluname","$sqlpass","$db") ;
if(mysqli_connect_errno())
{
echo "Problem". mysqli_connect_error();
}
$sql = "INSERT INTO teaminfo (TeamName,MaxNum,Members)
VALUES
('$tname','$maxnum','$mem1')";
/* Inside Members, I would like to add more than just $mem1, like $mem2, $mem3, $mem4.
*/
if(!mysqli_query($connect,$sql)){
die('Error: ' .mysqli_error($connect));
}
echo "Team is added";
mysqli_close($connect);
header("location: TeamDummyClient.html");
?>
$sql = "INSERT INTO teaminfo (TeamName,MaxNum,Members) VALUES";
$sql .= "('$tname','$maxnum','$mem1'),";
$sql .= "('$tname','$maxnum','$mem2'),";
$sql .= "('$tname','$maxnum','$mem3'),";
$sql .= "('$tname','$maxnum','$mem4')";
You should be escaping the strings before you insert their values to prevent SQL injections. Here's an example for one of the rows:
$sql .= "(
'" . mysqli_real_escape_string($tname) . "',
'" . mysqli_real_escape_string($maxnum) . "',
'" . mysqli_real_escape_string($mem1) . "'
),";