I have this function which inserts to my database some values. Values are inserted just fine but i am trying to insert them in upper case which doesn't work. If i use print_r after the for loop values are printed in uppercase. But in my database it is not stored as uppercase. Has anyone experienced an issue like this before?
function tryToInsertRow($mCurrentRowData){
global $connection;
// Make Data Uppercase
for($i = 0; $i < sizeof($mCurrentRowData); $i++){
$mCurrentRowData[$i] = strtoupper($mCurrentRowData[$i]);
}
$query_insert = "INSERT INTO main_db (contact_id, customer_code, customer_name, territory, firstname, lastname, contact_type_description, contact_is_primary, mailing_street, mailing_postal_code, mailing_city, mailing_country, email, mobile_phone, phone) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
if ($stmt = mysqli_prepare($connection, $query_insert)) {
// bind parameters for markers
if (!mysqli_stmt_bind_param($stmt, "sssssssdsssssss", $mCurrentRowData[0] ,$mCurrentRowData[1] ,$mCurrentRowData[2] ,$mCurrentRowData[3] , $mCurrentRowData[4] ,$mCurrentRowData[5] ,$mCurrentRowData[6] ,$mCurrentRowData[7] ,$mCurrentRowData[8] ,$mCurrentRowData[9] ,$mCurrentRowData[10] ,$mCurrentRowData[11] ,$mCurrentRowData[12] ,$mCurrentRowData[13] ,$mCurrentRowData[14])) {
error_log(mysqli_error($connection));
return false;
}
//execute query
if (!mysqli_stmt_execute($stmt)) {
error_log(mysqli_error($connection));
return false;
}
mysqli_stmt_close($stmt);
return true;
} else {
error_log(mysqli_error($connection));
return false;
}
}
Main db creation :
CREATE TABLE `main_db` (
`contact_id` varchar(255) NOT NULL,
`customer_code` varchar(255) NOT NULL,
`customer_name` varchar(255) DEFAULT NULL,
`territory` varchar(255) DEFAULT NULL,
`firstname` varchar(255) DEFAULT NULL,
`lastname` varchar(255) DEFAULT NULL,
`contact_type_description` varchar(255) DEFAULT NULL,
`contact_is_primary` int(1) DEFAULT NULL,
`mailing_street` varchar(255) DEFAULT NULL,
`mailing_postal_code` varchar(255) DEFAULT NULL,
`mailing_city` varchar(255) DEFAULT NULL,
`mailing_country` varchar(255) DEFAULT NULL,
`email` varchar(255) DEFAULT NULL,
`mobile_phone` varchar(255) DEFAULT NULL,
`phone` varchar(255) DEFAULT NULL,
`is_processed` int(1) NOT NULL DEFAULT '0',
UNIQUE KEY `contact_id` (`contact_id`,`customer_code`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1
Related
A PDO prepared update statement is somehow updating the datetime column for the selected record in the table, even though that particular datetime column is not even in the query.
if(isset($_POST['editCriteria']))
{
$value = $_POST['editCriteria'];
$editusername = $value['editusername'];
$hiddenUsername = $value['hiddenUsername'];
$editfullname = $value['editfullname'];
$editemail = $value['editemail'];
$edituserlevel = $value['edituserlevel'];
$editdivision = $value['editdivision'];
$editdept = $value['editdept'];
$editphone = $value['editphone'];
try
{
$dbc->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$update = $dbc->prepare("UPDATE users_edi SET username = :uname,
fullname = :fname, userlevel = :ulevel, email = :uemail,
division = :udivision, dept = :udept, phone = :uphone WHERE username = :hname");
$update->execute([
'uname' => $editusername,
'fname' => $editfullname,
'ulevel' => $edituserlevel,
'uemail' => $editemail,
'udivision' => $editdivision,
'udept' => $editdept,
'uphone' => $editphone,
'hname' => $hiddenUsername
]);
if($update)
{
echo "Success: User has been updated.";
}
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
}
In the database table, there is a column called lastLoginDate that is being updated to the current datetime.
If you'll notice in the update statement above, the query does not include lastLoginDate.
How is lastLoginDate being updated when it's not even in the query?
Upon using the SHOW CREATE TABLE command, there was indeed a trigger on the lastLoginDate column.
CREATE TABLE `users_edi` (
`username` varchar(30) NOT NULL DEFAULT '',
`fullname` varchar(50) DEFAULT NULL,
`userlevel` tinyint(1) unsigned NOT NULL,
`ipaddress` varchar(30) DEFAULT NULL,
`email` varchar(150) DEFAULT NULL,
`entrydate` datetime DEFAULT NULL,
`division` varchar(35) DEFAULT NULL,
`password` varchar(32) DEFAULT NULL,
`userid` varchar(32) DEFAULT NULL,
`timestamp` int(11) unsigned NOT NULL,
`job_title` varchar(30) DEFAULT NULL,
`dept` varchar(50) DEFAULT NULL,
`phone` varchar(11) DEFAULT NULL,
`lastLoginDate` datetime DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP, // <-- here
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
I will have to ask another question on how to remove this trigger.
I have a database table with two columns that have been set as boolean. Whenever I store something in the table everything works correctly except the boolean columns are always false. The columns are featured post and published.
I am using php 7.1.1 and MariaDB 10.1.21 on my xampp local installation.
Output of show table:
CREATE TABLE `posts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) NOT NULL,
`content` text NOT NULL,
`seo_description` varchar(255) NOT NULL,
`featured_post` tinyint(1) NOT NULL DEFAULT '0',
`published` tinyint(1) NOT NULL DEFAULT '0',
`seo_title` varchar(255) NOT NULL,
`post_type` enum('blog','product') NOT NULL,
`featured_image_id` int(11) NOT NULL,
`category_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `title` (`title`),
UNIQUE KEY `seo_title` (`seo_title`)
) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT
Php code defining onr of the variables, the other is exactly the same:
if(isset($_POST["published"])){
$published = sanitizeInput($_POST["published"]);
if($published){ //test to see if correct values where being sent and they were
echo json_encode("boolean true");
} else {
echo json_encode("boolean false");
}
} else {
$published = false;
}
$query = "insert into posts "
. "(title, content, seo_description, featured_post, published, seo_title, post_type, category_id) "
. "values "
. "(:title, :content, :seo_description, :featured_post, :published, :seo_title, :post_type, :category_id)";
$stmt = $pdo->prepare($query);
$stmt->bindValue("featured_post", $featuredPost, PDO::PARAM_BOOL);
$stmt->bindValue("published", $published, PDO::PARAM_BOOL);
$stmt->bindValue("title", $title);
$stmt->bindValue("content", $content);
$stmt->bindValue("seo_description", $seoDescription);
$stmt->bindValue("seo_title", $seoTitle);
$stmt->bindValue("post_type", $postType);
$stmt->bindValue("category_id", $categoryId);
$stmt->execute();
Any help would be much appreciated.
Thanks in advance
So I'm running a PDO update working, and for some reason it won't update the table...
$business_id = 9874128;
$hidden = 1;
$query = "UPDATE business_property_overrides SET hidden=? WHERE business_id=?";
try {
$stmt = $pdo->prepare($query);
$stmt->execute(array($business_id, $hidden));
}
For some reason this won't update, even though I get no errors. The existing tables schema looks like this, and the data is:
There is an existing data set with business_id = 9874128 and hidden set to 0, but it won't update when I run the above code.
CREATE TABLE `business_property_overrides` (
`business_id` int(11) NOT NULL,
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(512) NOT NULL,
`apt_type` varchar(25) DEFAULT NULL,
`apt_num` varchar(9) DEFAULT NULL,
`street_address` varchar(255) DEFAULT NULL,
`city` varchar(255) DEFAULT NULL,
`state` varchar(255) DEFAULT NULL,
`zip` varchar(25) DEFAULT NULL,
`phone` varchar(11) DEFAULT NULL,
`url` varchar(512) DEFAULT NULL,
`hours` varchar(100) DEFAULT NULL,
`openhours` varchar(100) DEFAULT NULL,
`location` point DEFAULT NULL,
`yelp` varchar(512) DEFAULT '0',
`twitter` varchar(512) DEFAULT '0',
`hidden` tinyint(1) DEFAULT '0',
`merged` int(11) DEFAULT NULL,
`closed` tinyint(1) DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `business_id` (`business_id`),
UNIQUE KEY `id` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=9874134 DEFAULT CHARSET=utf8;
The hidden is TINYINT 1 characters long, you are assigning it business_id which is 7 characters long, that is the error.
Change
$stmt->execute(array($business_id, $hidden));
To:
$stmt->execute(array($hidden,$business_id))
As I've already commented over here, or you can simply use the placeholders of taking no care about the occurence like as
$query = "UPDATE business_property_overrides SET hidden = :hidden WHERE business_id = :business_id";
try {
$stmt = $pdo->prepare($query);
$stmt->execute(array(":business_id" => $business_id, ":hidden" => $hidden));
}
The following code returns 0 instead of the biggest number from the row order_id
if ($result_oid = $link->prepare("SELECT MAX(order_id) AS order_id FROM $table")) {
$result_oid->execute();
$obj = $result_oid->get_result()->fetch_object();
$oid_o = $obj->id;
$result_oid->close();
$oid = $oid_o + 1;
}
Here is a working example using the PHP mysql instead of mysqli (with the same mysql database):
mysql_connect($host, $user, $pwd) or die ("Couldn't connect to MySQL database.");
mysql_select_db($db) or die ("No Database found!");
$query = mysql_query('SELECT MAX(order_id) FROM airsale_list');
$result = mysql_fetch_array($query, MYSQL_NUM);
$max_order_id = $result[0];
$max_order_id = (int)$max_order_id;
$oid = $max_order_id++;
echo "<h4>order_id: $oid</h4>";
mysql_close();
Table structure
CREATE TABLE IF NOT EXISTS `airsale_list` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`cat` int(11) NOT NULL,
`title` varchar(255) NOT NULL,
`desc_small` varchar(1000) DEFAULT NULL,
`name` varchar(255) NOT NULL,
`lastupdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`price` int(20) NOT NULL,
`currency` varchar(3) NOT NULL DEFAULT 'EUR',
`total_time` varchar(255) DEFAULT NULL,
`engine` varchar(1000) DEFAULT NULL,
`engine_time` varchar(255) DEFAULT NULL,
`prop` varchar(1000) DEFAULT NULL,
`prop_time` varchar(255) DEFAULT NULL,
`exterior` varchar(2000) DEFAULT NULL,
`interior` varchar(2000) DEFAULT NULL,
`avionics` varchar(5000) DEFAULT NULL,
`add_info` varchar(5000) DEFAULT NULL,
`order_id` int(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=103;
I think you should be using $obj->order_id instead of $obj->id since you are grabbing the maximum value as order_id in the query.
if ($result_oid = $link->prepare("SELECT MAX(order_id) AS order_id FROM $table")) {
$result_oid->execute();
$obj = $result_oid->get_result()->fetch_object();
$oid_o = $obj->order_id;
$result_oid->close();
$oid = $oid_o + 1;
}
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I have these three tables below in DB
Tables
`accounts` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(32) NOT NULL DEFAULT '',
`password` varchar(255) NOT NULL,
`salt` varchar(40) NOT NULL DEFAULT '',
`premdays` int(11) NOT NULL DEFAULT '0',
`lastday` int(10) unsigned NOT NULL DEFAULT '0',
`email` varchar(255) NOT NULL DEFAULT '',
`key` varchar(32) NOT NULL DEFAULT '0',
`blocked` tinyint(1) NOT NULL DEFAULT '0' COMMENT 'internal usage',
`warnings` int(11) NOT NULL DEFAULT '0',
`group_id` int(11) NOT NULL DEFAULT '1',
`page_access` int(11) DEFAULT NULL,
`page_lastday` int(11) DEFAULT NULL,
`email_new` varchar(255) DEFAULT NULL,
`email_new_time` int(15) DEFAULT NULL,
`rlname` varchar(255) DEFAULT NULL,
`location` varchar(255) DEFAULT NULL,
`created` int(16) DEFAULT NULL,
`email_code` varchar(255) DEFAULT NULL,
`next_email` int(11) DEFAULT NULL,
`premium_points` int(11) DEFAULT NULL,
`nickname` char(48) DEFAULT NULL,
`avatar` char(48) DEFAULT NULL,
`about_me` text,
`vip_time` int(15) NOT NULL,
`event_points` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;
`players` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`group_id` int(11) NOT NULL DEFAULT '1',
`account_id` int(11) NOT NULL DEFAULT '0',
`online` tinyint(1) NOT NULL DEFAULT '0',
`deleted` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`,`deleted`),
KEY `account_id` (`account_id`),
KEY `group_id` (`group_id`),
KEY `online` (`online`),
KEY `deleted` (`deleted`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;
`gamecodes` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`gamecode` varchar(50) NOT NULL,
`accountname` varchar(50) NOT NULL,
`premium_points` int(11) NOT NULL,
`alreadyused` varchar(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=15 ;
This is my .PHP that insert FORM's information into TABLE GAME CODES
<?php
function anti_injection($sql)
{
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
$accountorname = anti_injection($_POST['accountorname']);
$gamecode = $_POST['gamecode'];
$category = $_POST['category'];
$premiumpoints = anti_injection($_POST['premiumpoints']);
switch ($category) {
case 'accountname':
$insertquery = "INSERT INTO gamecodes (gamecode, accountname, premium_points, alreadyused) VALUES ('$gamecode','$accountorname',$premiumpoints,'N')";
break;
case 'charactername':
$insertquery = "INSERT INTO gamecodes (gamecode, accountname, premium_points, alreadyused)
SELECT '$gamecode',accounts.name,$premiumpoints,'N'
FROM accounts
JOIN players
ON accounts.id = players.account_id
WHERE players.name = '$accountorname'";
break;
}
$result = mysql_query($insertquery);
?>
The problems are:
in case 'accountname':, before INSERT it must check if informed account is valid in table ACCOUNTS.
in case 'charactername':, before INSERT it must check if informed character name is valid in table PLAYERS
I could not do, can someone help me?
$selectquery = "SELECT * from accounts where accountname='$accountname'";
$selectresult = mysql_query($selectquery);
if (mysql_num_rows($selectresult)) {
// account exists, now you can do the INSERT
}
NOTICE!
The mysql extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.
You can use a function for that purpose like this one:
function Validate($table, $name)
{
if ($res = mysql_query("SELECT Count(*) as isvalid FROM $table WHERE name = '$name'"))
{
$isvalid = 0;
#extract(mysql_fetch_assoc($res));
if ($isvalid == 0) return false;
else return true;
}
}
So you call this way:
case 'accountname':
if (Validate("accounts", $accountorname)) {
// Do things
}
case 'charactername':
if (Validate("players", $accountorname)) {
// Do things
}
I didn't tested it and I confess that is not the best approach, but it should do what you want.
By the way, your SQL injection functions have some breach holes. You have to filter all your inputs cause user can alter the input data of any control in the browser. Consider reviewing that.
You could always do another query to check before you do this. With this you'll still run the risk of someone deleting the account in between the queries. If that's a concern for you, you should look into transactions.
$shouldinsert = false;
switch ($category) {
case 'accountname':
$result = mysql_query("SELECT count(*) as account_count FROM accounts WHERE name = '$accountorname'");
$shouldinsert = mysql_num_rows($result) > 0;
$insertquery = "INSERT INTO gamecodes (gamecode, accountname, premium_points, alreadyused) VALUES ('$gamecode','$accountorname',$premiumpoints,'N')";
break;
case 'charactername':
//I'm not quite sure how to check if a charactername is 'valid' but this should get you started
$result = mysql_query("SELECT count(*) as account_count FROM players WHERE name = '$charactername'");
$shouldinsert = mysql_num_rows($result) > 0;
$insertquery = "INSERT INTO gamecodes (gamecode, accountname, premium_points, alreadyused)
SELECT '$gamecode',accounts.name,$premiumpoints,'N'
FROM accounts
JOIN players
ON accounts.id = players.account_id
WHERE players.name = '$accountorname'";
break;
}
if($shouldinsert) {
mysql_query($insertquery);
}