I'm a beginner in PHP and MySQL. Now I'm trying to get the date and time in MySQL. But without succes, I already been trying it for a couple of days :-(
The error message:
Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax.
In MySQL I have given the variable timechoice the type 'DATETIME'. Is there the mistake or is it in my code? THANKS!
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$choice = $_POST["choice"];
$today = date("y-m-d h:m:s");
$servername = "xxxxx";
$username = "xxxxx";
$password = "xxxxx";
$dbname = "xxxxx";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE Deelnemers SET choice='$choice' timechoice='$today' WHERE teamnaam='".$_SESSION['username']."'";
if ($conn->query($sql) === TRUE) {
echo 'antwoord verwerkt';
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
?>
As per your code, try using this query,
UPDATE Deelnemers SET choice='$choice',timechoice='$today' WHERE teamnaam='".$_SESSION['username']."';
Also, as you have mentioned you have this error,
Error updating record: You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the right
syntax.
In MySQL I have given the variable timechoice the type 'DATETIME'. Is
there the mistake or is it in my code? THANKS!
Answer to this is, eitheir the field $today is not proper, if you have given DATETIME datatype in mysql then try this
$today = date("Y-m-d H:i:s");
P.S - I don't recommend you to use this,as your code is vulnerable.
Your SQL syntax is wrong,
$sql = "UPDATE Deelnemers SET choice = '$choice', timechoice = '$today' WHERE teamnaam = '".$_SESSION['username']."'";
Notice the commas after '$choice'.
I'd also point out several comments under your question in regards to SQL injection issues. These are important observations in ensuring DB security and handling user input.
Related
At the moment, I'm trying to store a value from a MySQL table as a variable in PHP, so running some basic tests to make sure that I can access the variable.
I've managed to store the varaible, which will either be a 1 or a 0 (1 = server is up and running, 0 = server down).
<?php
$servername = "localhost";
$username = "*****";
$password = "*****";
$dbname = "scicomservers";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT nccpm FROM web_servers WHERE time_checked='2016-02-16 11:44:17.212126'";
$nccpm = $conn->query($sql);
if($nccpm==1){
echo("NCCPM Server is running");
}
$conn->close();
?>
When I run this code, it reads in that $nccpm is 1, and it echos the statement, however, I get the error:
Notice: Object of class mysqli_result could not be converted to int in
/Applications/XAMPP/xamppfiles/htdocs/SciCom_admin_servers/files/connect2.php
on line 17
Line 17 being the if statement: "if($nccpm==1){".
I've had a look around on here, and I think this may be because it is trying to print an array of the answers, however it will only ever be one value that I will retrieve. The column of the DB is an int.
I was wondering, what would be a better way of coding this? It clearly isn't the best practice!
Thank you very much.
$sql = "SELECT nccpm FROM web_servers WHERE time_checked='2016-02-16 11:44:17.212126'";
$ncc = $conn->query($sql);
$nccpm = $conn->fetch_array($ncc);
if ($nccpm['nccpm'] == 1)
{
// Rest of script
}
You need to fetch your query or find how many rows are returned
I am using the following code to insert Event Logs and User Info from my Mobile App to a mysql database.
I am finding the " Character gives me issues later on when in use with JSON arrays that I pull from the db. What I would like to do is remove the " character in the php code completely before posting to the db.
Removing the " character by Javascript from the Mobile App is not really an option.
<?php
$servername = "localhost";
$username = "Fred";
$password = "Barney";
$dbname = "BamBam";
// Create connection
$conn = new mysqli ($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// escape variables for security
$event_log = mysqli_real_escape_string($conn, $_POST['event_log']);
$logged_by = mysqli_real_escape_string($conn, $_POST['logged_by']);
$sql = "INSERT INTO time_event (event_log, logged_by)
VALUES ('$event_log', '$logged_by')";
if ($conn->query($sql) === TRUE) {
echo "Data entered successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
Use mysqli_prepare and mysqli_stmt_bind_param to execute a parameterised query. I strongly advise this approach.
If you really want to just escape special characters for manual interpolation
into a query string, use mysqli_real_escape_string.
Hand-rolling a solution presents a real risk that you will
miss something important, leaving your program vulnerable
to SQL injection attacks.
I did not try, but this should do
$sql = sprintf("INSERT INTO time_event (event_log, logged_by)
VALUES ('%s' ,'%s'",$event_log,$logged_by);
I am very new to php programming. I have tried googling and searching this website for a fix to this but I don't know what to even type into google to really find my answer.
I get the error:
unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
I am unsure what I can do avoid this.I know it is caused by the ['userid'] but I need that as part of my coding.
Here is my code:
<?php
include ('auth/userInfo.php');
$servername = "example";
$username = "example_1";
$password = "example";
$dbname = "example_enter";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$userprofile['userid'] = mysqli_real_escape_string($userprofile['userid']);
$sql="INSERT INTO today (accessed)
VALUES ('$userprofile['userid']')";
if ($conn->query($sql) === TRUE) {
echo "Success";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
In case my coding is so bad that no one knows what it is attempting to do. I am attempting to write to a MySQL DB when a user has signed in.
The problem is caused by the fact that you are (a) using quotes to reference an array index inside a literal string (b) inserting a line break inside that same string:
$sql="INSERT INTO today (accessed)
VALUES ('$userprofile['userid']')";
What you probably meant to write is:
$sql="INSERT INTO today (accessed) VALUES ('" . $userprofile['userid'] . "')";
However even this is problematic due to SQL injection attacks - I recommend you read up on parameterized queries (mysqli_prepare).
I am trying to update sql ROW only using member_id this is my current code.
if ($con = mysql_connect($host, $username, $password)) {
if (mysql_select_db($db_name)) {
$sql = "UPDATE members set
ussd_office = '".$ussd_office."',
ussd_email = '".$ussd_email."',
ussd_e1cell4 = '".$ussd_e1cell4."',
WHERE member_id='$member_id'" ; // This is where my problem lies I presume
if (mysql_query($sql, $con)) {
$insertSuccessful = true;
} else {
echo $sql;
print_r($_POST);
echo "\n" . mysql_error($con);
echo "mysql err no : " . mysql_errno($con);
To get the information my form POST and I place it as follow;
$member_id = $_REQUEST['member_id'];
$ussd_surname = $_REQUEST['ussd_surname'];
$member_msisdn = $_REQUEST['member_msisdn'];
$ussd_office = $_REQUEST['ussd_office'];
This is the error I am getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use near 'WHERE member_id=''' at line 38mysql
err no : 1064
By looking at the error I presume the member_idis not pulled to the WHERE part of my string, and the PHP does not know what row to update. How can I correct my code?
Remove the comma before WHERE.
"UPDATE members set
ussd_office = '".$ussd_office."',
ussd_email = '".$ussd_email."',
ussd_e1cell4 = '".$ussd_e1cell4."'
WHERE member_id='$member_id'"
Your variables in the query and variables from REQUEST dont match.
<?php
$con3=mysqli_connect("localhost","root","","test");
if (mysqli_connect_errno())
{
echo "Connection Failed: " . mysqli_connect_error();
}
//$result = mysqli_query($con3,"SELECT * FROM servers");
$updateln = $_POST ['LoggedIn'];
$updateloc = $_POST ['Location'];
$updateos = $_POST ['OperatingSystem'];
$updatesn = $_POST ['ServerName'];
$updatesql="UPDATE servers SET LoggedIn='$updateln', Location='$updateloc'"
. " OperatingSystem = '$updateos' WHERE ServerName = '$updatesn'";
if (!mysqli_query($con3,$updatesql))
{
die('Error: ' . mysqli_error($con3));
}
echo "Record Updated";
I am fairly new to PHP and SQL so I am not really sure what is wrong with the UPDATE sql.
This is the error I am getting
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OperatingSystem = 'ht' WHERE ServerName = 'hr'' at line 1
I have tried other stackoverflow questions and although some people have had problems with this before I can't really see where my code has gone wrong.
You seem to be missing a comma. Replace this:
"UPDATE servers SET LoggedIn='$updateln', Location='$updateloc'"
With this:
"UPDATE servers SET LoggedIn='$updateln', Location='$updateloc',"