I have a form which retrieves various values from my database and displays it in a form. The form contains text boxes, radio, drop down menus. The retrieving part works perfectly and the correct values are displayed for each field. But then when I want to change the field and update the data, it's not updating. Can some please help me with this. Here is my code:
if(isset($_POST['submit'])){
$sql = "UPDATE tbl_dealer_info ";
$sql .= "SET phone = '$phone', email = '$email', sfid = '$sfid', ... WHERE id = '$idhidden' ";
$result = mysqli_query($conn, $sql);
if(!$result){
die('Could not update data: '. mysqli_error());
}
else{
echo "Updated Successfully";
}
}
<input type = "hidden" name = "idhidden" id = "idhidden" value = "" /> // My hidden input to store the id
It displays "Updated Successfully" but isn't actually updating.
Try this
if(isset($_POST['submit'])){
$sql = "UPDATE tbl_dealer_info SET phone = '".$phone."', email = '".$email."', sfid = '".$sfid."', ... WHERE id = ".$idhidden;
$result = mysqli_query($conn, $sql);
if(!$result){
die('Could not update data: '. mysqli_error());
} else{
echo "Updated Successfully";
}
}
you are missing where condition and ';' in the sql statement
$sql = "UPDATE tbl_dealer_info ";
$sql .= "SET phone = '$phone', email = '$email', sfid = '$sfid' WHERE #here where condition #here ";
Related
I have two databases and i have one table "TabelaX" in database "Servidor1" with out data and other database "Servidor2" with one table "TabelaY". And i want do one select in table "TabelaY" and with her data do one insert in table "TabelaX" which is in another database. I already made some code but it is not working correctly. And this error appears:
"Error: INSERT INTO TabelaX (ID, Nome, Dados) VALUES (2000, XPTO2,
12345); Unknown column 'XPTO2' in 'field list'Error: INSERT INTO
TabelaX (ID, Nome, Dados) VALUES (2033, XPTO3, 1234567890); Unknown
column 'XPTO3' in 'field list'"
<?php
$conn= mysqli_connect('localhost','root',null,'Servidor2') or die
(mysqli_connect_error());
if (!$conn) {
die("Falha de conexao: ". mysqli_connect_error());
}
$ID = $_POST['ID'];
$sql = "SELECT * FROM TabelaY WHERE ID = $ID";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
$row1 = $row["ID"];
$row2 = $row["Nome"];
$row3 = $row["Dados"];
mysqli_select_db($conn,"Servidor1");
$sql = "INSERT INTO TabelaX (ID, Nome, Dados)
VALUES ($row1, $row2, $row3);";
if (mysqli_multi_query($conn, $sql)) {
echo "New records created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
} else {
echo "0 results";
}
mysqli_close($conn);
?>
From what I have read, your current approach might be the only way to do this using regular queries with MySQL. But, if you were doing this directly on MySQL, you could just use a simple INSERT INTO ... SELECT:
INSERT INTO db1.TabelaX (ID, Nome, Dados)
SELECT ID, Nome, Dados
FROM db2.TabelaY;
One possibility would be to create a stored procedure on MySQL which does the above insert, and then call it from your PHP code:
$result = mysqli_query($conn,
"CALL YourProcName") or die("Query fail: " . mysqli_error());
I want to GET user id FROM players WHERE username='$username' and post it into another MySQLi query and post it as pid but it shows error somehow, did I miss something?
if(isset($_POST["add"])) {
$content = $_POST['content'];
$sql = "SELECT id FROM players WHERE username='$username'";
$sql1 = "INSERT INTO bulletinboard (pid,content) VALUES ('$sql','$content')";
if (mysqli_query($conn, $sql1)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
This is the error I am receiving.
Error: SELECT id FROM players WHERE username='nasty93'
Thanks
You need to execute the query so it needs to not be quoted. You also should familiarize yourself with the insert...select syntax. http://dev.mysql.com/doc/refman/5.7/en/insert-select.html
You also should use parameterized queries. Here it is altered (untested) (I also only use mysqli on SO so likely to be an error here).
if(isset($_POST["add"])) {
$content = $_POST['content'];
$sql1 = "INSERT INTO bulletinboard (pid,content) SELECT id, ? FROM players WHERE username=?";
$stmt = mysqli_prepare($conn, $sql1) or die(mysqli_error($conn));
mysqli_stmt_bind_param($stmt, "ss", $content, $username) or die(mysqli_error($conn));
mysqli_stmt_execute($stmt) or die(mysqli_error($conn));
}
I want users to UPDATE any field(s) they want in d database - table but I don't want the UPDATE .. SET to erase existing records with empty submission if they submit without changing all the fields.. but changed only the ones they want to..
$sql = "UPDATE table SET username = '$username', email = '$email',
fname = '$fname', lname = '$lname', address = '$address', city = '$city',
country = '$country', phone = '$phone', aboutme = '$aboutme' WHERE email = '$email'";
If the user only updates address and phone then submits his entry.. this instruction erases other fields that is not filled in the form.... I don't want that to happen. Kindly look into this. Thanks
Please I have tried your suggestion but its not working for me.. may I am doing something wrong -- I am new to PHP - Here is my code below:
$sql = "UPDATE user_profile SET ";
if ($username!="")
$sql ."username = '$username',"
if ($fname!="")
$sql ."fname = '$fname',"
if ($lname!="")
$sql ."lname = '$lname',"
if ($address!="")
$sql ."address = '$address',"
if ($city!="")
$sql ."city = '$city',"
if($country!="")
$sql ."country = '$country', "
if($phone!="")
$sql ."phone = '$phone', "
if($aboutme!="")
$sql ."aboutme = '$aboutme' "
$sql ."WHERE email = '$email'";
$query = mysqli_query($database,$sql);
if($query)
{
$message = "<div class=\"btn btn-lg btn-default\"><i class=\"text-success text-center\">Update Successful!</i></div>";
//echo "update successful";
}
You should be using parameters rather than placing user input directly into strings. However, that is good practice and protects against SQL injection and poorly formed parameters.
Doesn't help your problem, though. You need to see if there is a new value, otherwise, use the old one. Assuming the new value is NULL when not present, then use COALESCE(). For example:
SET username = COALESCE($username, username),
. . .
Note: There is no reason to set email in the SET statement because you are using it in the WHERE.
This is for a registration form I have created. I cannot include all of my code, but the program checks for blank fields then format using the preg_match function. Then it INSERTS the info registered
My code is:
<?php
/* connection info */
ini_set('include_path','../../includes');
include("dbinfo.inc");
$cxn = mysqli_connect($host,$user,$password,$dbname)
or die("Couldn't connect to server. error 3");
?>
<?php
/* Program name: Register.php
* Description: Program displays the blank form and checks
* all the form fields for blank fields.
*/
// Insert info into database //
{
foreach($good_data as $field => $value)
{
$good_data[$field] = mysqli_real_escape_string($cxn,$value);
}
$sql = "INSERT INTO UserInfo (user_id, password, first_name, last_name, city, country, email) VALUES ('$good_data[user_id]', '$good_data[password]', '$good_data[first_name]', '$good_data[last_name]', '$good_data[city]', '$good_data[country]', '$good_data[email]')";
$result = mysqli_query($query, $sql) or die ("Couldn't connect to login");
$row = mysqli_fetch($result);
while ($row = mysql_fetch_assoc($result)) {
$sql2 = "UPDATE TimeStamp SET time = CURRENT_TIMESTAMP where user_id='$good_data[user_id]'";
$result2 = mysqli_query($cxn,$sql2) or die("<p>Couldn't Connect to Login</p>");
include('goodReg.inc');
}
{
echo $message;
extract($good_data);
include('register.inc');
exit();
}
}
}
else
{
include("register.inc");
}
?>
How do I move just the variable to the query and not the whole INSERT string?
There's no need to call mysqli_fetch or mysqli_fetch_assoc. Just do the UPDATE query outside of a loop:
$sql = "INSERT INTO UserInfo (user_id, password, first_name, last_name, city, country, email) VALUES ('$good_data[user_id]', '$good_data[password]', '$good_data[first_name]', '$good_data[last_name]', '$good_data[city]', '$good_data[country]', '$good_data[email]')";
mysqli_query($cxn, $sql) or die ("Couldn't insert into UserInfo: " . mysqli_error($cxn));
$sql2 = "UPDATE TimeStamp SET time = CURRENT_TIMESTAMP where user_id='$good_data[user_id]'";
mysqli_query($cxn, $sql2) or die ("Couldn't update TimeStamp: " . mysqli_error($cxn);
include('goodReg.inc');
So I have form1 that contains information from multiple tables in a database. I've got listboxes and textboxes within this form that have that information. So all I'm trying to do is insert whatever information the user submits back into the database and have it outputted on form2. I've got my INSERT INTOs on my output page. I know you can't use one INSERT INTO query, so I was wondering how to use multiple INSERTS and submit that information back into the database.
The variables created below come from the previous page and all of the values are there.
if (isset($_POST['n_submit'])){
$oid = $_POST['oid'];
$odate = $_POST['odate'];
$ostatus = $_POST['ostatus'];
$cfname = $_POST['cfname'];
$cname = $_POST['clname'];
$efname = $_POST['efname'];
$elname = $_POST['elname'];
echo "New record created successfully";
$db = mysqli_connect('127.0.0.1:3307', 'mysql_user', 'mysql_password') or die ("I cannot connect to the database because: ".mysqli_connect_error());
$query = "select status_id from ostatus where status_type = '$ostatus'";
$result = mysqli_query($db, $query) or die("Error in SQL statement:" .mysqli_error());
$row = mysqli_fetch_array($result);
$statusid = $row[0];
$query1 = "insert into cust ('c_fname', 'c_lname') values ('$cfname', $clname)";
$result1 = mysqli_query($db, $query1) or die("Error in SQL statement:" .mysqli_error());
$query2 = "insert into employed ('e_fname', e_lname) values ('$efname', '$elname')";
$result2 = mysqli_query($db, $query1) or die("Error in SQL statement:" .mysqli_error());
$query3 ="INSERT INTO sorder (o_id, o_date, s_id) VALUES ('{$oid}', '{$odate}', '{$statusid}')";
$result3 = mysqli_query($db, $query3);
}
First of all your query is vulnerable to SQL injection. I am not going to fix that.
Second, you should Google how to handle forms properly. And you should consider starting SQL transaction if you really care about the data to go into all the tables for sure.
Third, you should be able to use multiple inserts like you are doing in your code. but you need to correct your syntax errors.
Try this code (I also removed the select code are based on your question it is not needed)
if (isset($_POST['n_submit'])){
$oid = $_POST['oid'];
$odate = $_POST['odate'];
$ostatus = $_POST['ostatus'];
$cfname = $_POST['cfname'];
$cname = $_POST['clname'];
$efname = $_POST['efname'];
$elname = $_POST['elname'];
$db = mysqli_connect('127.0.0.1:3307', 'mysql_user', 'mysql_password') or die ("I cannot connect to the database because: ".mysqli_connect_error());
$query1 = "insert into cust (c_fname, c_lname) values ('".$cfname."', '".$clname."')";
$result1 = mysqli_query($db, $query1) or die("Error in SQL statement:" .mysqli_error());
$query2 = "insert into employed (e_fname, e_lname) values ('".$efname."', '".$elname."')";
$result2 = mysqli_query($db, $query2) or die("Error in SQL statement:" .mysqli_error());
$query3 ="INSERT INTO sorder (o_id, o_date, s_id) VALUES ('".$oid."', '".$odate."', '".$statusid."')";
$result3 = mysqli_query($db, $query3);
if($result1 && $result2 && $result3)
echo 'New record created successfully';
else
echo 'something did not work';
}