Does anybody know what could be wrong here?
<?php
$q = intval($_GET['q']);
echo $q." "; // $q=2
$d = $_GET['d'];
echo $d." "; //$d=3priority
$m = preg_replace('/[0-9]+/', '', $d);
echo $m." "; //$m = priority
$s = intval($_GET['d']);
echo $s;// $s = 3
$sql = "UPDATE form SET $m = $q WHERE id = $s";
$result = $conn->query($sql);
if ($conn->query($sql) === TRUE) {echo "das";}
else{
echo "Error: " . $sql . "<br>" . $conn->error;
}
?>
I get the Error Message :
UPDATE form SET = 0 WHERE id = 0 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near '= 0 WHERE id = 0' at line 1
However if I echo the $m/$q/$s/$d thy show the right values. But somehow they get changed to 0 in the sql statement.
Would be nice if you could help me out :)
Try This
$sql = "UPDATE form SET" . $m . "=" . $q . " WHERE id =" . $s;
Related
I have a problem and I don't know how to solve it. I want to transfer a json to another table and I get a syntax error.
This is my output
INSERT INTO saved_cmd ('id_user','value','store','totalPrice','hour','type_payement') VALUES ('11','"{\"lenght\":0,\"produits\":[{\"id\":29,\"name\":\"Tarte au fraise\",\"count\":1,\"price\":2,\"totalPrice\":2},{\"id\":28,\"name\":\"rose des sables\",\"count\":0,\"price\":2,\"totalPrice\":0}]}"','6','2.00','13:00','caisse')
===================================================
Error: INSERT INTO saved_cmd ('id_user','value','store','totalPrice','hour','type_payement') VALUES ('11','"{\"lenght\":0,\"produits\":[{\"id\":29,\"name\":\"Tarte au fraise\",\"count\":1,\"price\":2,\"totalPrice\":2},{\"id\":28,\"name\":\"rose des sables\",\"count\":0,\"price\":2,\"totalPrice\":0}]}"','6','2.00','13:00','caisse')<br>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id_user','value','store','totalPrice','hour','type_payement') VALUES ('11','"{\' at line 1
I tried to encode my json but i have the same problem
and this is my php
$state = $row['states'];
$id_user = $row['id_user'];
$value = ($row['value']);
$panier = json_encode($value);
$store = $row['store'];
$totalPrice = $row['totalPrice'];
$hour = $row['hour'];
$type_payement = $row['type'];
if ($row['states'] != 4) {
$states = $state + 1;
$sql = "UPDATE cmd SET states = $states WHERE id = '$id'";
if ($conn->query($sql)) {
echo "good:up";
}
} else {
$sql = "INSERT INTO saved_cmd ('id_user','value','store','totalPrice','hour','type_payement') VALUES ('$id_user','$panier','$store','$totalPrice','$hour','$type_payement')";
echo $sql . "\n\n\n===================================================\n\n\n";
if ($conn->query($sql) === true) {
echo "good:save";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
the following sql query works perfectly in phpAdmin.
SELECT response_text FROM statement_responses WHERE response_code = "s1_r1"
it doesn't work without the speech marks around response_code value.
I'm attempting to use the value of response_text in php.
for ($x = 1; $x <= 9; $x++) {
$user_response = ${"statement_" . $x . "_response"};
$sql = "SELECT response_text FROM statement_responses WHERE response_code = \"$user_response\"";
$result = mysqli_query($sql);
$value = mysqli_fetch_object($result);
echo $user_response . "<br>";
echo $sql . "<br>";
echo $result . "<br>";
echo $value . "<br>";
}
The echoes allow me to see what each of the variables contains.
I get the following:
s1_r3 (the value of $user_response)
SELECT response_text FROM statement_responses WHERE response_code = "s1_r3" (the value of $sql - which is identical to the phpAdmin query that works.)
There are no values echoed for $result or $value.
What am I doing wrong, please? Why am I not getting the values from the database into my php code?
The first parameter for the mysqli_query should be the database connection created with mysqli_connect. Similarily, the first parameter for the mysqli_fetch_object, should be the result set identifier returned by mysqli_query.
It is a good practice to check the return values from the functions you call.
firstly, thank you for all of the responses. The following code works - i.e. it returns the value contained in 'response_text' column with the selected row identified by 'response_code' for use as the value of $response_text.
for ($x = 1; $x <= 9; $x++) {
$user_response_pre = ${"statement_" . $x . "_response"};
$user_response = "\"'" . $user_response_pre . "'\"";
$sql = "SELECT response_text FROM statement_responses WHERE response_code = $user_response";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$response_text = $row[0];
${"statement_" . $x . "_complete"} .= $response_text;
}
you can write like this
for ($x = 1; $x <= 9; $x++) {
$user_response = ${"statement_" . $x . "_response"};
$sql = 'SELECT response_text FROM statement_responses WHERE response_code = "'.$user_response.'"';
$result = mysqli_query($sql);
$value = mysqli_fetch_object($result);
echo $user_response . "<br>";
echo $sql . "<br>";
echo $result . "<br>";
echo $value . "<br>";
}
The first problem was with mysql_query which returns FALSE and mysql_num_rows expects parameter 1 to be resource not a boolean. I ve made this to get the error
if($itemsres === FALSE)
die(mysql_error());
Now i have this error " You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
<?php
ob_start();
session_start();
require("header.php");
require("functions.php");
echo "<h1>Your shopping cart</h1>";
showcart();
if(isset($_SESSION['SESS_ORDERNUM']) == TRUE) {
$sql = "SELECT * FROM orderitems WHERE order_id = " .
$_SESSION['SESS_ORDERNUM'] . ";";
$result = mysql_query($sql);
$numrows = mysql_num_rows($result);
if($numrows >= 1) {
echo "<h2><a href='checkout-address.php'>Go to the checkout</a></h2>";
}
}
require("footer.php");
?>
The problem started from here.
if(isset($_SESSION['SESS_LOGGEDIN']))
{
$custsql = "SELECT id, status from orders WHERE customer_id = ".
$_SESSION['SESS_USERID']. " AND status < 2;";
$custres = mysql_query($custsql);
$custrow = mysql_fetch_assoc($custres);
$itemssql = "SELECT products.*, orderitems.*, orderitems.id AS itemid FROM
products, orderitems WHERE orderitems.product_id =products.id AND order_id
= " . $custrow['id'];
$itemsres = mysql_query($itemssql);
if($itemsres === FALSE)
die(mysql_error());
$itemnumrows = mysql_num_rows($itemsres);
}
mysql_num_rows expects parameter 1 instead of boolean which is given by mysql_query and after i made that check now i have this sql error.
<?php
ob_start();
session_start();
require("config.php");
if(isset($_SESSION['SESS_LOGGEDIN']) == TRUE) {
header("Location: " . $config_basedir);
}
if(isset($_POST['submit']))
{
$loginsql = "SELECT * FROM logins WHERE username = '" . $_POST['userBox'].
"' AND password = '" . sha1($_POST['passBox']) . "'";
$loginres = mysql_query($loginsql);
$numrows = mysql_num_rows($loginres);
if($numrows == 1)
{
$loginrow = mysql_fetch_assoc($loginres);
session_start("SESS_LOGGEDIN");
session_start("SESS_USERNAME");
session_start("SESS_USERID");
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " .
$_SESSION['SESS_USERID'] . " AND status < 2"; $orderres =
mysql_query($ordersql); $orderrow = mysql_fetch_assoc($orderres);
session_start("SESS_ORDERNUM"); $_SESSION['SESS_ORDERNUM'] =
$orderrow['id']; header("Location: ".$config_basedir);
}
else {
header("Location: http://" .$_SERVER['HTTP_HOST']. $_SERVER['SCRIPT_NAME'] .
"?error=1");
}
}
else {
require("header.php");
?>
You have a syntax error
Use query like this
$sql = "SELECT * FROM orderitems WHERE order_id = $_SESSION['SESS_ORDERNUM']";
Or
$sql = "SELECT * FROM orderitems WHERE order_id = ".$_SESSION['SESS_ORDERNUM'];
Or
$sql = "SELECT * FROM orderitems WHERE order_id = '$_SESSION['SESS_ORDERNUM']'";
NOTE: SQL Injection.
PS: Use prepared statements
$loginrow = mysql_fetch_assoc($loginres);
session_start();
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " .
$_SESSION['SESS_USERID'] . " AND status < 2";
$orderres =
mysql_query($ordersql); $orderrow = mysql_fetch_assoc($orderres);
$_SESSION['SESS_ORDERNUM'] =
$orderrow['id']; }
First of all, you should check the value of $_SESSION['SESS_ORDERNUM'].
The error means the created query($sql) is not valid, so you should debug $sql.
Hi to everyone i have a problemn with a query in PHP to Update records.
<?php
include('../webcgo/script/cox.php');
$query = $cox->query("SELECT cf_id FROM offerte;");
while ($idx = mysqli_fetch_array($query)) {
$check = '<button class="uk-button" onclick="location.href=\'http://localhost/chartscript/remRegola.php?dis=2&id=' . $idx['cf_id'] . '\'">OK</button>';
$query_check = 'UPDATE offerte SET check=\'' . $check . '\' WHERE cf_id=' . $idx['cf_id'].';';
if ($queryx = $cox->query($query_check) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $cox->error;
}
}
mysqli_close($cox);?>
The result:
Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check='
check is a MySQL reserved keyword. If you're going to use it in your query you must wrap it in backticks:
$query_check = 'UPDATE agoragroup_chronoforms_data_inserimento_offerte_prod SET `check`=\'' . $check . '\' WHERE cf_id=' . $idx['cf_id'].';';
I build my query in PHP dynamically, and when I try to execute it, it fails. When I copy the query it generated and paste it into the mysql terminal and run it, it works fine. The error I get is "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '>' at line 1" for the following query:
UPDATE events SET event = 'orgo lecture', start = '2014-07-24 16:00:00' WHERE userID = 1 AND eventID = 5
The following is the code used to generate the query dynamically:
$query = "UPDATE events SET ";
$query_list = array();
if ($set_event) {
$query_list[] = "event = '{$event}'";
}
if ($set_start) {
$query_list[] = "start = '{$start}'";
}
if ($set_end) {
$query_list[] = "end = '{$end}'";
}
$query_list_size = count($query_list);
for ($i = 0; $i < $query_list_size - 1; $i++) {
$query .= $query_list[$i];
$query .= ", ";
}
$query .= $query_list[$query_list_size - 1];
$query .= " WHERE userID = {$userID} AND eventID = {$eventID}";
echo $query .= "<br />";
$query_result = mysqli_query($connection, $query) or die(mysqli_error($connection));
This issue is this:
echo $query .= "<br />";
Should be
echo $query . "<br />";
Ironically, by checking your query you were breaking it.
As a side note,
$query_list_size = count($query_list);
for ($i = 0; $i < $query_list_size - 1; $i++) {
$query .= $query_list[$i];
$query .= ", ";
}
$query .= $query_list[$query_list_size - 1];
Could be shortened to:
$query .= implode(", ", $query_list);
The echo $query .= "<br />"; instruction is changing the query and making it invalid SQL. Why not use echo $query . "<br />";?