When I send an email through PHP I want it to update a database saying it has sent the message. But the code below is what I can find online that should work but it does not and I definitely have a connection to the database.
$sql = "UPDATE Mail SET Sent='1' WHERE key='$key'";
And I get no errors and everything else on the page runs right. Any help?
That's because "key" is a reserved word in MySQL. There are some others which you find here.
In SQL, 'key' is a keyword, maybe you can:
$sql = "UPDATE Mail SET Sent='1' WHERE `key`='$key'";
Related
I am creating a chat feature for my project where people can send messages to each other, but the problem is i want user to send anything, text, quotes or anything... But the problem is when i am sending degree symbol or sign, it does not inserts anything.
My code (This is example of what i have tried) :
<?php
$message = htmlspecialchars($_POST['message']);
$message = mysqli_real_escape_string($con, $message);
//Here i am inserting everything
mysqli_query($con, "INSERT INTO message (message) VALUES ('$message')");
?>
Hope you guys have understand my problem, i need help, please help me.
It may be something related to the database's collation. Try changing it to utf8. You may also consider this option of mysqli - mysqli::set_charset().
Try with PDO, it should work even if $message contains quotes or anything:
$query=$pdo->prepare("INSERT INTO message (message) VALUES (:message)");
$query->execute(array(
"message"=>$message
));
I'm trying to output a simple list with all the usernames registered on a single e-mail address in our database. The SQL queries necessary for it shouldn't be too hard, but apparently they are too hard for me - here's my issue:
$sql = "SELECT emailaddress FROM ".db_prefix("accounts")." where acctid = '$mailid'";
$mailadress = db_query($sql);
That one's working just fine - I'm declaring mailid in a earlier part of the code, and with that query I can output the e-mail adress (for debugging) of the currently logged in user without any problems. Fine so far.
$sql = "SELECT name FROM ".db_prefix("accounts")." where emailadress ='$mailadress'";
$charakterliste = db_query($sql);
Here's the issue: $charakterliste seems to stay empty, even though I'm pretty sure my syntax is correct. var_dump() and print_r() don't return anything that would point towards the array/variable containing something.
I've double checked and executed a similar query directly in the SQL database and found no problems there - all the fields I'm calling do exist, and the DB connection is fine too. I guess something is wrong in my syntax for the second SQL query? I'd want to list all the names saved in the $charakterliste afterwards with a foreach loop, but as of now there doesn't seem to be anything to list saved in there, although there should be.
Thanks in advance!
Are you sure the column 'emailadress' exist?
Maybe it's 'emailaddress' with two 'd'?
According to your first line of code it should be 'emailaddress'.
$sql = "SELECT name FROM ".db_prefix("accounts")." where emailaddress ='$mailadress'";
$charakterliste = db_query($sql);
Am I doing something wrong here?
Of course I am, hah otherwise it'd be working. Can anybody tell me what in these statements aren't allowed?
$signedin = $_SESSION['signed_in'];
mysqli_query($con, 'UPDATE users SET last_created_article = NOW() WHERE username ="' . $signedin .'"');
If you use double quotes to wrap your mysql query, then you don't have to outquote the $signedin.
$signedin = $_SESSION['signed_in'];
mysqli_query($con, "UPDATE users SET `last_created_article` = NOW() WHERE `username` = '$signedin'");
Also, why isn't your mysql stuff in a class? You can find tons of them on the web. So all your connection related files are in one place. So you can simply do $db->query("");
Also, most of those mysql classes have very good debugging methods. I would send you mine, but it takes time to upload it to GitHub.
https://github.com/a1phanumeric/PHP-MySQL-Class/blob/master/class.MySQL.php
Here is something similar.
EDIT: So where is my mysql macro. In the readme, you can figure out how to use it. And this one will output an error right away, if something is wrong :)
http://kallevaravas.github.io/kvMysqlMacros/
I am trying to change my log in script from mysql to PDO.
For the rest of my script all seams to be going well apart from this parts and I simply cant see why.
I have the below code
...
$pasword=md5($_POST['password']);
$email=$_POST['email'];
....
$query ="SELECT id FROM guests WHERE email=':eml' AND password =':pwd' AND lead_guest=17";
// $param2=array(':eml'=>$email,':pwd'=>$pasword);
$state=$dbh->prepare($query);
$state->bindParam(':eml',$email);
$state->bindParam(':pwd',$pasword);
$state->execute();
in it's current state it will return a row count of 0 (which it should not), I have also tried
//$state->bindParam(':eml',$email);
//$state->bindParam(':pwd',$pasword);
$state->execute($param2);
which also returns a row count of 0.
The variables $email and $pasword are correct when I echo them out, and the script works perfectly using mysql_ functions.
The $dbh variable is in created in a header and with a $query ="select id where 1" it works as expected.
I am sure (although could be wrong ) that I have the problem narrowed down to the state->bindParam() part of the script. I am completely lost why this part of the script is not working any advice warmly welcome.
Remove single quotes ' :
SELECT id FROM guests WHERE email=:eml AND password =:pwd
Your query will be
$query ="SELECT id FROM guests WHERE email=:eml AND password =:pwd AND lead_guest=17";
No single quotes around :eml and :pwd.
I am doing a really simple script to delete a row out of a database. I have done it before with almost identical code but for some reason this wont work!
Viewmessages.php has no problem running but when I try and delete the row using deletemessage.php I receive the an sql error, I only have one line of sql:
viewmessage (sending info to deletemessage.php):
echo "<a href='deletemessage.php?contactname=".$contactname."'>Delete</a>";
The following is the delete message code:
<?php
session_start();
if ( !isset($_SESSION['adminusername']))
{
header("Location:admin.php");
exit();
}
require "dbconn.php";
$contactname = $_GET['contactname'];
$query = "DELETE FROM message WHERE contactname =".$contactname;
$results = mysql_query($query) or die(mysql_error());
header("Location: viewmessages.php");
?>
I cant work out what the error is! $contactname in the viewmessages.php file definately speaks of the primary key for the table!
Any Ideas?>
EDIT: I know that the problem lies with the contactname in the sql... for some reason it is not recieving it well, I did an echo to see what it thought the contactname was and it was correct. I then changed the variable and put in a string of one values in contactname and it deleted the row correctly... so the problem is the GET_['contactname'] but I am not sure what....
Enclose $contactname in quotes in the query, since it is a string. But escape it first! It is highly vulnerable to SQL injection the way it is now. I understand it may be an administrative page, but it is a very good habit to always observe, even when your users are trusted. (Especially since Mr O'Malley would break the SQL statement when you tried to delete him)
$concatname = mysql_real_escape_string($_GET['contactname']);
$query = "DELETE FROM message WHERE contactname ='".$contactname . "'";
Always beware when deleting via a hyperlink. Looks like you are checking for admin privileges before allowing this to execute, but be sure these links are not accessible to the broad Internet, where they might get crawled.
Wild guess here? $contactname is a STRING. Therefore it must be in quotes in the query. Also, you want people to destroy your database, apparently.
$query = "DELETE FROM `message` WHERE `contactname` = '".mysql_real_escape_string($contactname)."'";
You need quotes around a string you're inserting.
$query = "DELETE FROM message WHERE contactname ='".$contactname."'";
Note that this is MASSIVELY vulnerable to SQL injection. Someone could delete your entire database table with this code as it stands.