I have problem updating my password. It keep showing database error but everything is fine.
My PHP coding, anything wrong here?
<?php
require ("config1.php");
if(!empty($_POST)){
$lecID=$_GET['lecID'];
$query = "UPDATE lect SET lecass= :lecass WHERE leID = $leID ";
$query_params=array(':lecass'=> $_POST['leass']);
try{
$stmt=$db->prepare($query);
$result=$stmt->execute($query_params);
}catch(PDOException $ex){
$response["success"]=0;
$response["message"]="Database Error1. Please try again";
die(json_encode($response));
}
}?>
Help me to solve this.
Your query should be
"UPDATE lecturer SET lecPass=".$query_params[:lec_Pass]." WHERE lecID = $lecID ";
UPDATE
1.
$query = "UPDATE lecturer SET lecPass= :lec_Pass WHERE lecID = :lec_id ";
$query_params=array(':lec_Pass' => $_POST['lecPass'],':lec_id' => $_GET['lecID'] );
2.
$query = "UPDATE lecturer SET lecPass= ? WHERE lecID = ? ";
try{
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $lecpass, $lecID);
$lecpass = $_POST['lecPass'];
$lecID = $_GET['lecID']; // I think you should use either post or get...
$stmt->execute();
}
and also, tell me in the comment why you are using get and post both?
Related
I am trying to save a string on my database: italo's house
but it's not working. my code:
include 'conexao.php';
$organizacao = mysqli_real_escape_string($con, $_POST['organizacao']); //italo's house
$result = mysqli_query($con, "update organizacao set organizacao = '".$organizacao."'");
if (!$result) {
throw new Exception(mysqli_error($con)."update organizacao set organizacao = '".$organizacao."'";
}else{
header('location:feira.php');
}
mysqli_close($con);
I receive a blank page
Using a prepared statement will resolve the issue with quotes and at the same time help protect you from SQL injection. Try this:
$organizacao = $_POST['organizacao'];
$stmt = $con->prepare("update organizacao set organizacao = ?");
$stmt->bind_param('s', $organizacao);
if (!$stmt->execute()) {
throw new Exception($stmt->error ." update organizacao set organizacao = '".$organizacao."'");
}else{
header('location:feira.php');
}
I have problem without any error in my code that update row ..
if(!isset($error)){
try {
$sql = "UPDATE `invoice` SET `client`='".$client."', `company`='".$company."' , `clientemail`='".$clientemail."' , `mobailclient`='".$mobailclient."' , `startdate`='".$startdate."' , `enddate`='".$enddate."' WHERE `id` ='".$id."'";
$count = $db->exec($sql);
//redirect to invoice page
header('Location: invoice.php');
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
This is my code , i try to get variable $sql and go to mysql phpmyadmin and its work good ,, but in file not work and i dont get any error
==== Update ====
i try this and not work
try {
$sql = 'UPDATE invoice SET client = :client, company = :company, clientemail = :clientemail, mobailclient = :mobailclient, startdate = :startdate, enddate = :enddate WHERE id = :id';
$statement = $db->prepare($sql);
$statement->bindParam(":client", $client);
$statement->bindParam(":company", $company);
$statement->bindParam(":clientemail", $clientemail);
$statement->bindParam(":mobailclient", $mobailclient);
$statement->bindParam(":startdate", $startdate);
$statement->bindParam(":enddate", $enddate);
$statement->bindParam(":id", intval($_GET['id']) );
$statement->execute();
if($statement->rowCount() > 0) // will return 1 if any row is updated
{
echo "<script>alert('".$statement->rowCount()."')</script>";
}
else
{
echo "<script>alert('No record updated')</script>";
}
Your query is opened for SQL Injection. You should use parameterized query which provide a kind of protection against SQL injection but will not provide 100% of protection. Kindly visit this Post for more details.
Try the following code by replacing table and column names.
$client = "my name";
$company = "my-company";
$id= 2;//make sure your table has a record with that specific id
$sql = 'UPDATE invoice SET client = :client, company = :company WHERE id = :id'; // here i am updating only two columns
//You can add more column that you want to upate like ColumnName = :ParameterIdentifier
//Where ParameterIdentifier Is the name of parameter used in bindParam as in my example company
$statement = $db->prepare($sql);
$statement->bindParam("client", $client); //Binding parameter for client
$statement->bindParam("company", $company); //Binding parameter for company
$statement->bindParam("id", $id);
$statement->execute();
if($statement->rowCount() > 0) // will return 1 if any row is updated
{
echo "Record updated successfully";
}
else
{
echo "No record updated";
}
I'm trying to update the table status value whenever I make a selection from the dropdown list.
The problem is I'm having a syntax error on my update query. I've read stuff about syntax error and I can't quite understand it. I think I'm gonna need a more specific help. Here's what I've done:
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$databasename = "companydb";
try
{
$conn = new PDO("mysql:host=$hostname;dbname=$databasename",$username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if(isset($_POST["status"]))
{
$query = "UPDATE tickets SET status = '$status' WHERE id = $id";
$statement = $conn->prepare($query);
$statement->execute(array('status' => $_POST["status"]));
$count = $statement->rowCount();
if($count > 0)
{
echo "Data Inserted Successfully..!";
}
else
{
echo "Data Insertion Failed";
}
}
else
{
echo "unknown index: 'status'";
}
}
catch(PDOException $error)
{
echo $error->getMessage();
}
?>
And here's my table schema:
You are not performing prepared statements properly. You need to add the placeholder in the query and not the variables. The variables should be added in the execute() line.
$query = "UPDATE tickets SET `status` = :status WHERE `id` = :id";
$statement = $conn->prepare($query);
$statement->execute(array(':status' => $_POST["status"],':id' => $id));
Also FYI, $id is undefined.
Try Changing this:
$query = "UPDATE tickets SET status = $status WHERE id = $id";
I want to update my database with an SQL statement once someone clicks a button on the website. I've tried something, no success. Can you guys help me ? Here's the code:
http://pastebin.com/D0S83Jgh
Don't know if I made this question correctly, I'm new here.
Your prepared statement is wrong.
The code I use with pdo to do a query is this:
$sqlUpd = $upd->prepare("UPDATE league_signups SET approved='1' WHERE id = :id");
$q->bindParam(':id', $id, PDO::PARAM_STR);
$q->execute();
Should work like a charm.
Get this code out of the main loop: while($row = $q->fetch(PDO::FETCH_ASSOC)) {}
<?php
include('pdoconnect.php');
$id = isset($row['id'];
if(isset($_REQUEST['approve']))
{
$sqlUpd = "UPDATE league_signups SET approved='1' WHERE id=$id";
$q = $upd->prepare($sqlUpd);
$q->execute();
}
if(isset($_REQUEST['unapprove']))
{
$sqlUpd = "UPDATE league_signups SET approved='0' WHERE id=$id";
$q = $upd->prepare($sqlUpd);
$q->execute();
}
?>
Put this code after the loop ending or the beginning of your code...
The data you want to update comes from the checkbox am I right? then you may want to make a loop to update all the values selected with checkbox to the corresponding action 'approve' or 'unapproved'
remove include('pdoconnect.php'); its utterly unnecessary if you are including this file from the beginning already
<?php
// checkbox[] it's an array...
$UpdateIDs = (isset($_REQUEST['checkbox'])) ? $_REQUEST['checkbox'] : [];
// check if $_REQUEST['approve'] is set else check if $_REQUEST['unapprove'] is set else set $approve to null;
$approved = (isset($_REQUEST['approve']) ?
$_REQUEST['approve'] :
(isset($_REQUEST['unapprove'])) ? $_REQUEST['unapprove'] : null;
if(!is_null($approved))
{
try {
foreach($UpdateIDs as $ID)
{
$stmt = $upd->prepare("UPDATE league_signups SET approved=:approved WHERE id=:id");
$stmt->execute([
':approved' => $approved,
':id' => $ID
]);
}
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
}
Problem is that if I update all users at one time the points row updates. But if I updating it by username row wont updating. I don't know why.
foreach($points as $p) {
$p = $p['points'] - $bet;
$username = $_SESSION['username'];
$q = $pdo -> prepare("UPDATE users SET points = '$p', username = '$username' ");
$q->execute();
}
without 'username = $username' all users updates perfectly.
Try:
try {
$q = $pdo->prepare("UPDATE users SET points = ? WHERE username = ?");
$q->execute(array($p, $username));
} catch(Exception $e) {
echo $e->getMessage();
die();
}
Or:
try {
$q = $pdo->prepare("UPDATE users SET points = :p WHERE username = :username");
$q->bindParam(':p', $p);
$q->bindParam(':username', $username);
$q->execute();
} catch(Exception $e) {
echo $e->getMessage();
die();
}
I haven't tested it, but I think that should work.
Check out the site.
WHERE username = 'username' or else with that lack of code, all rows are getting updated and that could be either planned or disaster.
As points is an integer, you should NOT use quotes around the variable, as it will be interpreted as a string, thus failing. So the correct syntax would be:
"UPDATE users SET points = {$p}, username = '{$username}'"