I wrote some code for my login and registration system.
In my registration system, I have included this code:
<?php
$sql3="UPDATE users SET
firstname='$firstname', lastname='$lastname',
password='$password',bio='$bio',
dob='$dob',gender='$gender'
?>
But of course, this just updates all rows in the users table.
But when I add:
<?php WHERE username=$username ?>
I will get an error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1.
Let me be clear, this is NOT an error question, I know what the problem is. I just want to know how to troubleshoot my code so that it doesnt update the whole table instead of just one users row. Thank you in advance.
Yes, they do work. The WHERE clause will actually help you to update specific row(s) otherwise, it will update all the rows of the table.
UPDATE TABLE_NAME SET COLUMN_NAME=<VALUE> WHERE COLUMN_NAME=<VALUE>;
So, putting identifier column like username in WHERE clause will avoid updating all rows.
Something like using prepared statement
UPDATE users
SET firstname=?, lastname=?,password=?,bio=?, dob=?, gender=?
where username=?
Related
I wanted to update a column in my database table, the update should just add a numeric value to the existing one.
But this time around, I'm writing the query with CodeIgniter Query builder, the issue is that when I run the script, CodeIgniter throws an Sql Exception below:
"message": "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '11:01:37\nWHERE `user_id` = '26'' at line 1"
As you can see, it added a new line character to the query string.
The PHP code below is the query in CodeIgniter
$userModel->set('reputations', 'reputations+10', false)
->where('user_id', $user_id)
->update();
One thing I noticed is that if I removed the false (the third parameter) which tells CodeIgniter not to escape the column name, there won't be any error, instead '0' will be updated at reputation column.
I don't know what the problem might be, I could have moved on by writing a custom query, but, I wanted to be sure that I'm not doing something wrong.
P.S: custom one will look like this:
UPDATE users
SET reputations = reputations + 10 WHERE user_id = $user_id
Note: in the above error message you might be wondering where the digits in the error came from i.e
'11:01:37 in '11:01:37\nWHERE user_id
It is the value of a column in my table which is also updating along side reputation column.
Thanks amigos.
Could it be your code editor generating the newline?
Anyways, one fast way to avoid the problem is to use codeigniter query method:
$userModel->query("UPDATE `users` SET `reputations` = reputations + 10 WHERE `user_id` = $user_id)
Not the cleanest solution but it makes sure it works! :)
Mattia
I have a delete function implemented on my website. A normal customer can delete his/her account and this updates a "delete" field from 0 to 1.
My table is called "users" and everything seem to work fine. However when I test the delete function I get the following error:
" You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'delete='1' WHERE email='active#user.com'' at line 1"
The code for my update query is shown below:
mysql_query("UPDATE users SET delete='1' WHERE email='$email'")or die(mysql_error());
Your help will be much appreciated.
DELETE is a MySQL reserved keyword. If you're going to name a column after that you must wrap it in ticks;
mysql_query("UPDATE users SET `delete`='1' WHERE email='$email'")or die(mysql_error());
You really shouldn't use DELETE as a column identifier. I strongly recommend changing it.
I am experiencing something so basic, yet so annoying that I thought I had to put it out to the wider community to save my sanity.
I am using a table within a database to store some very basic data. There is only two columns, Id and Campaign. I only want to use a single row of the table, however, campaign will be updated at various points. I have set up the table as follows:
$sql = "CREATE TABLE IF NOT EXISTS TestCampaign(id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
Campaign CHAR(20))";
Initially I write to the table to insert a null CHAR in campaign:
$sql = "INSERT INTO TestCampaign (Campaign) VALUES ('None')";
The based on a specific text field being filled in on an html form followed by a submit button press I intended to do the update of the campaign field:
$sql = "UPDATE TestCampaign SET Campaign = '$Test' WHERE id = '1'";
$Test is the POSTED campaign name from the form. Unfortunately although the INSERT works fine the UPDATE doesn't. I have checked the permissions and I have ALL on this database. I have also checked the syntax with various sites and it seems that it is fine.
Interestingly I do not get an error when I echo:
echo " ".mysqli_error($con);
I'm sure I have made some basic error somewhere but I have been looking at it for so long and changing the syntax that I can't seem to spot it.
Any help would be appreciated.
UPDATE:
I have played around with the code and it seems as though the UPDATE code does work, however, It only works when it is the next line of code after the INSERT. In fact I have found that it works as long as it is not where I need it to be. I have it placed in 'if' statement that is run only on a specific button press on the form:
if(isset($_POST['TestID']))
{
Some Code;
$sql = "UPDATE TestCampaign SET Campaign = '$Test' WHERE id = '1'";
Some More Code;
}
I have checked the rest of the code in the 'if' statement and it seems solid.
Is this odd behaviour or have I missed something?
SOLVED
Finally found out what the problem was, it ended up that when exiting the first 'if' statement as expected the html form code was revisited which must have closed the connection to the database, when the button was pressed to run the second 'if' statement there was a connection to MySQL but no connection to the database I needed access to. A quick fix to re-connect and all works fine.
$sql = "UPDATE TestCampaign SET Campaign = '$Test' WHERE id = 1";
Is the only thing I think is wrong... What do you get with :
Select * from TestCampaign
have you set up any triggers based on this table name? After update, before update triggers may prevent you from storing the required data on the table.
Also, MySQL may use 0 as id value if you don't specify the value of the id at sending insert command. Are you sure the value of your id is 1 in the record you want to update? If you have run insert statements before on your table, the id may be a larger number than 1, because of the MySQL indices (I guess this may be the problem).
I don't know how exactly PHP statements are processed when sending them to MySQL, but I would recommend you to use PDO statements, the PHP syntax would look something like this:
$sql = $pdo->prepare("UPDATE TestCampaign SET Campaign = ? WHERE id = ?");
$sql->bindParam(1, $Test);
$sql->bindParam(2, 1);
$sql->execute();
Tutorial: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
I would also echo your $Test variable to check what is stored in it.
Hope it helps...
Finally found out what the problem was, it ended up that when exiting the first 'if' statement as expected the html form code was revisited which must have closed the connection to the database, when the button was pressed to run the second 'if' statement there was a connection to MySQL but no connection to the database I needed access to. A quick fix to re-connect and all works fine.
I got two tables. One is account, another is Interest.
One account can have multi Interests and It can be edited.
Now, the process is deleting all Interest of this account then insert these insterests.
The QUERY IS:
"DELETE FROM Interests WHERE account_id='$id'"
"INSERT INTO Interests (account_id, interest_name) VALUES('$id', '$name')"
I use the both query when user update their account, but the insert is fail, there is nothing insert into the table (ps. the interests_id is auto_increment and this was be counted) but there is nothing new in the table. When I comment out the delete query. The insert will be successful.
Does any one know what can i do?
If you want to update your table records, you will do update operation.
like this:
UPDATE TABLE_NAME SET FIELD_NAME = 'VARIABLE_NAME'
WHERE PRIMERY_FIELD_NAME = 'VARIABLE_NAME' ;
you did not have to use these two queries, if you want to update data simply use the updat query of mysql.use this:
<?php
$query = "UPDATE Interests SET interest_name = '".$name."' WHERE account_id = '".$id."'" ;
mysql_query($query);
?>
If you want to update your table records then you may execute update operation. It like following
UPDATE Interests
SET
interest_name = '$name'
WHERE
accountno = '$id' ;
Try it. You may solve your problem by this way.
If you have queries failing, you should capture the error and see what went wrong. In all MySQL APIs for PHP, a query that fails returns a status code to indicate this. Examples of checking this status code are easy to find in the docs. But most developers fail to check the status.
Use transactions to ensure that both changes succeed together or neither are applied.
How to Decide to use Database Transactions
Definition of a transaction in MySQL: http://dev.mysql.com/doc/refman/5.5/en/glossary.html#glos_transaction
Syntax for starting and committing transactions in MySQL: http://dev.mysql.com/doc/refman/5.5/en/commit.html
You need to use InnoDB. MyISAM does not support transactions. http://dev.mysql.com/doc/refman/5.5/en/innodb-storage-engine.html
In PHP, you need to stop using the old ext/mysql API and start using MySQLi or PDO.
http://php.net/manual/en/mysqli.quickstart.transactions.php
http://php.net/manual/en/pdo.begintransaction.php
This happens because the query are treated as two single transaction, so the order of execution is not guaranteed.
The effect you are describing is because the insert is processed before delete, so the interests_id is auto-incremented properly, then the row is deleted by delete statement.
You should change the query logic or perform both queries in one single transaction.
I'm running this code in PHP:
mysql_query("SET #update_id:=NULL");
echo mysql_error();
And this is what I get:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '' at line 1
Also this same code runs perfectly in PHPMyAdmin. What am I doing wrong?
Additional information. I'm trying to write a query described here:
How to get ID of the last updated row in MySQL?
But the problem right now is that I even can't run a simple query to create variable.
P.S. Ok, now it seems that it desn't work because of some previous queries that are not related to this one. If i move this query to the top of the php file it works. Also if I try to make this:
mysql_query("SET #update_id:=NULL; SELECT #update_id;");
It fails with syntax error. But this works fine:
mysql_query("SET #update_id:=NULL;");
mysql_query("SELECT #update_id;");
Does somebody knows what am I missing here?
Why can't I run two commands in one query and why they're the separate queries are related to each other?
mysql_query("UPDATE your_table SET update_id=NULL");
Check this it may be helpful
SELECT #update_id IN("SET #update_id:=NULL");