I hope you can help. I am trying to use the AES_ENCRYPT on my update query but I am unable to get it to work.
I am trying to encrypt the first_name variable but when I run the query it refuses to update the field. When I remove the AES_ENCRYPT method from the update query it works absolutely fine.
My current code looks as follows:
if(!define('SALT')) define('SALT','4a7s3n3j93n98lk');
$sql = "UPDATE cases
SET first_name=?,
last_name=?
WHERE cases_id=?";
$query = $db->prepare($sql);
$query->execute(array(
AES_ENCRYPT('$first_name','".SALT."'),
$last_name,
$id));
$db = null;
I managed to fix my AES_ENCRYPT update query issue with the following revision:
$encrypt_key = '4a7s3n3j93n98lk';
$statement = $db->prepare("UPDATE cases SET
first_name = AES_ENCRYPT(:first_name, '$encrypt_key'),
last_name = AES_ENCRYPT(:last_name, '$encrypt_key'),
WHERE cases_id = :id");
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$statement->bindParam(':first_name', $first_name, PDO::PARAM_STR);
$statement->bindParam(':last_name', $last_name, PDO::PARAM_STR);
$statement->execute();
$db = null;
Related
I want execute a sql query with my php code but it is wrong and I don't know what is my problem!
$end_type = $executed[end_type];
$start_type = $executed[start_type];
$sql = "SELECT * FROM `wants` WHERE ((`car`=? AND $start_type=? AND $end_type=?) OR (`car`=? AND $start_type=? AND $end_type='all'))";
$query = $con->prepare($sql);
$query->bindValue(1, $executed[car]);
$query->bindValue(2, $executed[start_place]);
$query->bindValue(3, $executed[end_place]);
$query->execute();
$results = $query->fetchall();
sendmsg($user_id, $results);
sendmsg is my massage sender function and it don't return any array even an empty array!
why? what in my solution?
The main issue here seems to be that you have five ? placeholders in your prepared statement, but are only binding three values. There might be some way to recycle binding values in PHP, but in this case I would rephrase your query as:
SELECT *
FROM wants
WHERE car = ? AND start_type = ? AND end_type IN (?, 'all');
Updated PHP code:
$sql = "SELECT * FROM wants WHERE car = ? AND start_type = ? AND end_type IN (?, 'all')";
$query = $con->prepare($sql);
$query->bindValue(1, $executed[car]);
$query->bindValue(2, $executed[start_place]);
$query->bindValue(3, $executed[end_place]);
$query->execute();
$results = $query->fetchall();
My goal is to update 4 column in my table in a single query.But end up only 1 column is updated,the other 3 is not.
My query is like this
$stmt = $this->conn->prepare("UPDATE users_info SET profile_image_path = ?,user_bio = ? ,gender = ?,date_of_birth = ? WHERE user_id = ?");
$stmt->bind_param("sssii",$profile_image_upload_url,$user_bio,$gender,$date_of_birth,$user_id);
$result = $stmt->execute();
$stmt->close();
return $result;
Here is my code for the query call
//update to database
global $user_id;
$db = new DBhandler();
$update_result = $db->callForQueryFunction($user_id,$user_bio,$date_of_birth,$gender,$profile_image_string);
$response = array();
if($update_result){
$response['error'] = false;
$response['message'] ="sucess";
}else{
$response['error'] = true;
$response['message'] ="fail";
}
After I run in advanced rest client ,with the the following query
user_bio=hihi&gender=f&profile_image_string=somestringhere&date_of_birth=2015-08-16
After run the query,the result is always "success",but in Mysql table only profile_image_path column is updated,the rest 3 column user_bio,date_of_birth and gender all are not updated.
Here is my database structure
I work for hours still haven't figure it out what's wrong with the code or my database structure.
Update:
I tried with bind_param for s with $date_of_birth,but still no luck with it
$stmt->bind_param("ssssi",$profile_image_upload_url,$user_bio,$gender,$date_of_birth,$user_id);
UPDATE
I actually using this example from Androidhive,the sample code is as below
/**
* Updating existing task
* method PUT
* params task, status
* url - /tasks/:id
*/
$app->put('/tasks/:id', 'authenticate', function($task_id) use($app) {
// check for required params
verifyRequiredParams(array('task', 'status'));
global $user_id;
$task = $app->request->put('task');
$status = $app->request->put('status');
But I use the same method as below to grab the value,but after var_dump() all the value is NULL.Here is my code
$app->put('/updateuserdetails','authenticate',function ()use ($app){
$user_bio = $app->request()->put('userbio');
$gender =$app->request()->put('gender');
$date_of_birth = $app->request()->put('dob');
$profile_image_string = $app->request()->put('profilestring');
I try this as well.The value of user_bio,gender,date_of_birth are all still null.
$app->post('/updateuserdetails','authenticate',function ()use ($app){
$user_bio = $app->request()->post('userbio');
$gender =$app->request()->post('gender');
$date_of_birth = $app->request()->post('dob');
$profile_image_string = $app->request()->post('profilestring');
I just cant figure out what is going wrong here
Update
After I test it in Postman by send data with x-www-form-urlencoded it come out with this error,which I cant get any solution
Try the following:
$stmt = $this->conn->prepare("UPDATE users_info SET profile_image_path = :image, user_bio = :bio, gender = :gender, date_of_birth = :dob WHERE user_id = :id");
$stmt->bindParam(":image", $profile_image_upload_url, PDO::PARAM_STR);
$stmt->bindParam(":bio", $user_bio, PDO::PARAM_STR);
$stmt->bindParam(":gender", $gender, PDO::PARAM_STR);
$stmt->bindParam(":dob", $date_of_birth, PDO::PARAM_STR);
$stmt->bindParam(":id", $user_id, PDO::PARAM_INT);
$result = $stmt->execute();
$stmt->close();
return $result;
This is the code that makes the error:
$sql = 'INSERT INTO pedidos (pagado, instalado) VALUES ("'.$_POST['email'].'", "'.$_POST['b'].'") WHERE email="'.$_POST['2'].'"';
$stm = $conn->prepare($sql);
$conn->exec($stm);
That's not the proper way to use prepare and execute. The reason this was created was so that you wouldn't need to put logic and data together and put yourself at risk of an SQL injection attack.
$sql = 'INSERT INTO pedidos (pagado, instalado) VALUES (:pagado, :instalado)';
$stm = $conn->prepare($sql);
$stm->bindParam(':pagado', $_POST['email']);
$stm->bindParam(':instalado', $_POST['b']);
$stm->execute();
It also doesn't make sense to put a WHERE in an INSERT query. You're inserting into your table, you're not getting data.
However, if you're updating data based on other data, then you should use an UPDATE query.
UPDATE pedidos SET pagado=?, instalado=? WHERE email=?
An example of this would be:
$sql = 'UPDATE pedidos SET pagado=:padago, instalado=:instalado WHERE email=:email';
$stm = $conn->prepare($sql);
$stm->bindParam(':pagado', $_POST['email']);
$stm->bindParam(':instalado', $_POST['b']);
$stm->bindParam(':email', $_POST['2']);
$stm->execute();
UPDATE - 2:
$sql = 'INSERT INTO pedidos SET pagado = ?, instalado = ? WHERE email = ?';
$stm = $conn->prepare($sql);
$stm->bindParam(1,$_POST['email']);
$stm->bindParam(2,$_POST['b'] );
$stm->bindParam(3,$_POST['2'] );
$stm->execute(); // here your code generate error
Reason: You put $stm in execute() , which makes an error.
I have the following code:
$selectUserQuery = 'SELECT email_address, password FROM user WHERE email_address = :email_address AND password = :password';
$prepSelectUser = $conn->prepare($selectUserQuery);
/*
* HOW DO I ADD MULTIPLE PARAMETERS TO THIS BINDPARAM() FUNCTION?
*/
$prepSelectUser->bindParam(':email_address', $email, PDO::PARAM_INT);
$prepSelectUser->execute();
$userResult = $prepSelectUser->fetchAll();
$userCount = count($userResult);
How can I add multiple parameters to the bindParam() function?
You don't actually need this function at all. as well as most of other code you used.
$sql = 'SELECT 1 FROM user WHERE email_address = ? AND password = ?';
$stmt = $conn->prepare($sql);
$stmt->execute([$email, $password]);
$userCount = $stmt->fetchColumn();
First, change
$prepSelectUser->bindParam(':email_address', $email, PDO::PARAM_INT);
to
$prepSelectUser->bindParam(':email_address', $email, PDO::PARAM_STR);
then call another bindParam, like
$prepSelectUser->bindParam(':password', $password, PDO::PARAM_STR);
I have two stored procedures in my database Postgres, both have the same name but the difference are the parameters.
procedure1(::string, ::integer, ::string, ::integer)
procedure1(::string, ::integer, ::integer)
In PDO doing bindParam correct, is coming STR, INT, INT but the prepere always performs procedure1.
How do I get him to understand what I call the procedure2?
Some information for more help? I clear? thanks
EDIT ===
...
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name, :domain, :geo, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('geo', $geoString, PDO::PARAM_STR);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}else{
$query = "SELECT procedure1(:name, :domain, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}
$result = $stmt->execute();
...
The error it gives is that he is running a procedure that requires four parameters
Try changing your $query statements to explicitly tell PDO the types, and to avoid extra code switch to bindValue (PDO uses the PARAM flags to format SQL, not to cast data types):
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :geo::VARCHAR, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('geo', $geoString);
$stmt->bindValue('userid', $userId);
}else{
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('userid', $userId);
}
$result = $stmt->execute();