This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am working on a membership script, and can't for the life of me figure out whats wrong with my query... anyone have any idea's? Think I need a second set of eyes.. Originally I was just sending
$sqlquery2 = "UPDATE users SET lastvisit = now() WHERE id = '" . $id ."'";
but it was updating the joined_date column as well. So I tried this and broke it further.
CODE EXCERPT :
//These variables are pulled from prior query
$id = $row['id'];
$hashed_password = $row['password'];
$username = $row['username'];
$joined = $row['join_date'];
$salt = $row['salt'];
$email = $row['email'];
//compare password pulled from database
if(password_verify($password,$hashed_password)){
$sqlquery2 = "UPDATE users SET lastvisit = now(), join_date = ".$joined." WHERE id = '" . $id ."'";
//$joined is equal to 2016-10-19 17:24:08
Please check whether your joined_date is a TIMESTAMP column. If so following will help you.
http://dev.mysql.com/doc/refman/5.7/en/timestamp-initialization.html
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 3 years ago.
When I run this Script the strtotime and date functions work, but when the SQL query runs the date column in the db remains blank.
$date = mysqli_real_escape_string($conn, $_POST['date']);
$day1 = strtotime($date);
$day1 = date('Y-m-d', $day1);
$id = 1;
echo $day2;
$sql = "UPDATE essay SET date = $day1 WHERE id = $id";
You have to add a quote over the $day1 like this way :
$sql = "UPDATE essay SET date = '$day1' WHERE id = '$id'";
Another way to do it by concatenate :
$sql = "UPDATE essay SET date = ".$day1." WHERE id = ".$id;
Unless an SQL field is an integer type or similar numeric type, data written to it should be quoted in an insert statement. In this case, your $day1 is something like "2019-04-18" so your SQL should read:
$sql = "UPDATE essay set date = '$day1' where id = $id";
The single quote should allow the query to succeed. Note that debugging this sort of thing is fairly easy, but isn't taught in some tutorials; if the query fails, try logging or echoing the MySQL(i) error:
$query = $db->query($sql);
if (!$query) echo $db->error;
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
$query = "update admin set username = $username and password = $password where id = 1;
Any alternative to use this code with php?
You need to use quotes around the variables.
Try this:
$query = "UPDATE admin SET username = '".$username."', password = '".$password."' WHERE id = 1";
Hope this helps.
Peace! xD
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
When I use these statements works:
$sql = "UPDATE nametable SET column = '$number' WHERE username = '$text'";
$result = mysql_query($sql, $link) or die(mysql_error());
But, when I change 'column' to 'option1' like this:
$sql = "UPDATE nametable SET '$option1' = '$number' WHERE username = '$text'";
The query doesn't work. What's wrong with $option1? :/
Thanks!
column names must not be enclosed by quotes '
$sql = "UPDATE nametable SET " . $option1 . " = '$number' WHERE username = '$text'";
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I'm developing a mobile application for android and I'm trying to compare a variable on the phone to a variable already in the database, so that I can insert it if it's new and update it if it already exists.
$name_check = $_POST['Name'];
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = $name_check");
if($result && mysqli_num_rows($result) > 0)
{
// Update entry
}
This code doesn't seem to work as this block is skipped over and goes to my else block where a new entry is written, so I end up with loads of entries instead of updating one.
I have another field in the table called "Level", and when I compare against that it seems to work, which just confuses me further.
If anyone has any insight into how to do this or why it's not working for me I'd be very grateful.
Use quotes:
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = '$name_check'");
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = '".$name_check."'");
This should work fine
Use this:
$result = mysqli_query($con, "SELECT * FROM Data WHERE Name = '" . $name_check . "'");
I want to update an already existing table it only has email and I want to add first name and last name does this code work to do so?
UPDATE table
SET fname='$fname', lname='$lname'
WHERE email= '$_SESSION['email'].';
Or can I also use this
$sql="INSERT INTO $tbl_name(fname, lname)VALUES( '$fname, $lname')" WHERE email= '$_SESSION['email'].';
Your UPDATE has a syntax error (problem with apostrophes.)
INSERT will not update but multiply rows. That is not what you want to have.
Here is my suggested query:
$sql="UPDATE table SET fname='$fname', lname='$lname' WHERE email='".$_SESSION["email"]."'" ;
Fix your quotes, like so:
$sql="INSERT INTO $tbl_name(email) VALUES ( '" . $email . "') WHERE email = '" . $_SESSION['email'] . "'";
Try like this: In case of simple Update Query
$user_email = $_SESSION['email'];
$fname = 'Thierry';
$lname = 'Henry';
UPDATE table
SET fname='$fname', lname='$lname'
WHERE email= '$user_email';
Insertion is not a good idea here. It might duplicate your records.
If you want to be more specific than Go like this: Just providing your general syntax. No real time Syntax:
$user_email = $_SESSION['email'];
$fname = 'Thierry';
$lname = 'Henry';
$check_user = 'SELECT * FROM table WHERE email = "user_email"';
if($check_user)
{
YOUR UPDATE QUERY
}
else
{
YOUR INSERT QUERY
}
In case you are using mysql_ functions you should also escape the input:
$email = mysql_real_escape_string($_SESSION['email']);
Disclaimer for idiots: This does not imply I suggest to use mysql_* functions. Use mysqli or PDO instead.
You should also check against NULL and empty values in your query.
$sql = "REPLACE INTO " . $table . "
SET email='" . $email . "'
WHERE email='" . $email . "'
AND email IS NOT NULL
AND email != ''";
From http://dev.mysql.com/doc/refman/5.0/en/replace.html:
REPLACE works exactly like INSERT, except that if an old row in the
table has the same value as a new row for a PRIMARY KEY or a UNIQUE
index, the old row is deleted before the new row is inserted.
Please don't downvote if this doesn't exactly fit, just use INSERT or UPDATE with the same syntax then.