I am trying to insert rating in database and calling average of that given rating from database
<?PHP
$connection = mysqli_connect("localhost", "akdnaklnd", "lfnlfns","faknfns");
$game = $_POST['game'];
$post_rating = $_POST['rating'];
$find_data = mysqli_query( "SELECT * FROM rates WHERE game='$game'");
while($row = mysqli_fetch_assoc($find_data)){
$id=$row['id'];
$current_rating = $row['rating'];
$current_hits=$row['hits'];
}
$new_hits = $current_hits + 1;
$update_hits= mysqli_query("UPDATE rates SET hits = '$new_hits' WHERE id='$id'");
$pre_rating= $current_rating + $post_rating;
$new_rating = $pre_rating / $new_hits;
$update_rating = mysqli_query("UPDATE rates SET rating ='$new_rating' WHERE id='$id'");
header("location : average.php");
?>
try to debug it by removing all the MySQL stuffs from code and keep redirection code with no space ie .
header("location:average.php");
if it works then there must be an error on your MySQL query. try adding error check after execution each MySQL query operations. Hope that will help you finding the breakpoint where your execution terminates before redirection statement.
Add $connection param to mysqli_query like this:
$find_data = mysqli_query($connection, "SELECT * FROM rates WHERE game='$game'");
Delete space symbol after "location" before colon: header("location: average.php");
Firstly you need not to select data you can directly write your update query like this.
Please make sure you pass variable instead of string for better practise use double and single quotes and dott too.
Most important pass connection variable.
$update_hits= mysqli_query($connection,"UPDATE rates SET hits = hits+1 WHERE id='".$id."'");
Try echo $update_hits if it give one then query successful else there is issue.
For that you can use error log
if (!$result) {
$errorQuery = $update_hits;
throw new Exception(mysqli_error($connection));
$errorMessage = mysqli_real_escape_string($connection,$e->getMessage());
echo $errorMessage;
exit();
}
else{
echo "Success";
}
Related
I created an background working script, that updates my database table on a condition.
Here is my main script:
<?php
require_once('conn.php');
$query = "SELECT * FROM user WHERE id = '" . $_COOKIE['username'] . "'";
$data = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($data);
if($row['ehp'] > $row['required_ehp']) {
// The 'ehp' column is greater than 'required_php'
$calc = $row['ehp'] % $row['required_ehp'];
$new = $row['required_ehp'] * 12;
$new_lvl = $row['level'] + 1;
$query2 = "UPDATE user set level = '$new_lvl', ehp = '$calc', required_ehp = '$new'";
mysqli_query($dbc, $query2);
echo 'query successful';
} else {
echo 'query unsuccessful' . mysql_error();
}
echo $row['ehp'] % $row['required_ehp'];
echo $row['required_ehp'];
?>
The error message I am getting from this script is:
query unsuccessful
Warning: Division by zero in H:\AppServ\www\sp\userlevel.php on line 21
I don't know what's is wrong. Please help me.
Here is the database column's image.
Since you see query unsuccessful, that means that the line if($row['ehp'] > $row['required_ehp']) is false.
In the line echo 'query unsuccessful' . mysql_error(); there is no mysql error, therefore you only see the line query unsuccessful.
Also you get the devision by 0 warning. This is caused by the line echo $row['ehp'] % $row['required_ehp'];. It seems $row['required_ehp'] is 0.
Summing this all up, perhaps the data you expect to be in $row is not what you are expecting. Maybe the cookie data is incorrect?
Also, putting the cookie data straight into the query is a horrible idea, and easily to hack.
Okay I found out my mistake it was just that in id in my database, I was searching for the username column. Sorry to bother you all.
Each time "Removed!!!" is the result.... $na is declared in au.php ... Perhaps the DELETE query might be having problem..
<?php
date_default_timezone_set('Asia/KolKata');
$xyz = date(DATE_RFC2822);
include "../au.php";
$conn = mysql_connect('localhost', 'local', 'local');
mysql_select_db('sol_index', $conn);
$sid = $_GET['sid'];
$qqq = "SELECT * FROM $sid WHERE (one = '$na' AND three = 'liked')";
if (mysql_query($qqq)){
mysql_query("DELETE FROM $sid WHERE (one='$na' AND three='liked')");
echo "Removed!!!";
} else {
mysql_query("INSERT INTO $sid (one, three) VALUES ('$na', 'liked')");
echo "Liked!!!";
}
?>
Thanks for the cordination and help !!
Each time "Removed!!!" is the result
Rightly so.
$qqq = "SELECT * FROM $sid WHERE (one = '$na' AND three = 'liked')";
if (mysql_query($qqq)){
mysql_query("DELETE FROM $sid WHERE (one='$na' AND three='liked')");
echo "Removed!!!";
}
That if is incorrect, it will always return true as long as the query is valid, even if there is no data. You need to run that check on the number of records or the records themselves, and not just on the execution. For example You have to fetch data from that result and run your check on that.
How can I prevent SQL injection in PHP?
<?php
require ("db/db.php");
$c_id = ($_POST['c_id']);
$c_title = ($_POST['c_title']);
$c_content = ($_POST['c_content']);
// echo place
$sql = mysql_query("UPDATE content
SET c_id = $c_id, c_title = $c_title, c_content = $c_content
WHERE c_id = $c_id");
header("location: index.php");
?>
This is my code.
when the header goes to the index, nothig has changed in the fields that are presented here.
i tried to echo the variables at the "echo place" and they all returned correct,
so i know that they are POSTed to the page.
i guess the error are in the SQL UPDATE statement, but PHP does not return any error to me,
it just goes directly to the index.php.
when i try to run the SQL in phpmyadmin, whith value 1 instead of the variable, it changes all the fields to 1, so there it works.
1) You should use mysql_real_escape_string()
2) why your are updating the id of a table? you also need to change your query
3) use quotes in your php variable
Try like this:
require ("db/db.php");
$c_id = mysql_real_escape_string($_POST['c_id']);
$c_title = mysql_real_escape_string($_POST['c_title']);
$c_content = mysql_real_escape_string($_POST['c_content']);
// echo place
$sql = mysql_query("UPDATE content
SET c_title = '$c_title', c_content = '$c_content'
WHERE c_id = $c_id limit 1") or die(mysql_error());
header("location: index.php");
You should switch to mysqli or PDO since mysql_* are outdated and will be removed.
Just to be sure, try this code (As I don't know the variables content, I put all of those with "'"
$sql = <<<SQL
UPDATE content
SET c_id='{$c_id}', c_title='{$c_title'}, c_content='{$c_content}'
WHERE c_id='{$c_id}'
SQL;
$query = mysql_query($sql);
var_dump($query);
And if the $query returns true, put the header('Location: index.php"); again
I am having issues with php and mysql once again. I have a database setup with the table users and I want to make a SELECT COUNT(*) FROM users WHERE {value1} {value2} etc...but the problem is that the 3 fields I want to compare are not in order in the table and when trying the SELECT query, the result vairable($result) is NOT returned properly(!$result). Is there a way to check multiple fields in a mysql table that have fields in between them? Here is an example of what I want to accomplish:
A mysql table called users contains these fields: a,b,c,d,e,f,g,h,i,j,k,l and m.
I want to make a SELECT COUNT(*) FROMusersWHERE a='$_SESSION[user]' and d='$_SESSION[actcode]' and j='$_SESSION[email]' but the statement in quotes is my query and it always executes the if (!$result) { error("An error has occurred in processing your request.");} statement. What am I doing wrong? On the contrary, whenever I try the statement using only one field, ex a, the code works fine! This is an annoying problem that I cannot seem to solve! I have posted the code below, also note that the error function is a custom function I made and is working perfectly normal.
<?php
include "includefunctions.php";
$result = dbConnect("program");
if (!$result){
error("The database is unable to process your request at this time. Please try again later.");
} else {
ob_start();
session_start();
if (empty($_SESSION['user']) or empty($_SESSION['password']) or empty($_SESSION['activationcode']) or empty($_SESSION['email'])){
error("This information is either corrupted or was not submited through the proper protocol. Please check the link and try again!");
} elseif ($_SESSION['password'] != "password"){
error("This information is either corrupted or was not submited through the proper protocol. Please check the link and try again!");
} else {
$sql = "SELECT * FROM `users` WHERE `username`='$_SESSION[user]' and `activationcode`='$_SESSION[activationcode]' and `email`='$_SESSION[email]'";/*DOES NOT MATTER WHAT ORDER THESE ARE IN, IT STILL DOES NOT WORK!*/
$result = mysql_query($sql);
if (!$result) {
error("A database error has occurred in processing your request. Please try again in a few moments.");/*THIS IS THE ERROR THAT WONT GO AWAY!*/
} elseif (mysql_result($result,0,0)==1){/*MUST EQUAL 1 OR ACCOUNT IS INVALID!*/
echo "Acount activated!";
} else {
error("Account not activated.");
}
}
}
ob_end_flush();
session_destroy();
?>
Try enclosing your $_SESSION variables in curly brackets {} and add or die(mysql_error()) to the end of your query -
$sql = "SELECT * FROM `users` WHERE `username`='{$_SESSION['user']}' and `activationcode`='{$_SESSION['activationcode']}' and `email`='{$_SESSION['email']}'";/*DOES NOT MATTER WHAT ORDER THESE ARE IN, IT STILL DOES NOT WORK!*/
$result = mysql_query($sql) or die(mysql_error());
store your session value in another varibles then make query , i think
it's work proper
$usr=$_SESSION['user'];
$acod=$_SESSION['activationcode'];
$eml=$_SESSION['email'];
$sql = "SELECT * FROM `users` WHERE `username`='$usr' and `activationcode`='$acod' and `email`='$eml'";
$result = mysql_query($sql) or die(mysql_error());
I want to be able to add and update certain information. Now it was all working fine untill I found out the script no longer works when there's quotation marks in the text being sent to the database.
So I've done some research and found out I had to use the mysql_real_escape_string() function to ignore the quotation marks. I've done this but the script now isn't working at all anymore. I think the problem lies in the query part but i don't see the problem. Below is the code:
<?php
if(isset($_POST['bevestiging']))
{
$ID = (int)$_GET['ID'];
$titel = mysql_real_escape_string($_POST['Titel']);
$ondertitel = mysql_real_escape_string($_POST['ondertitel']);
$wanneer = mysql_real_escape_string($_POST['wanneer']);
$datum = mysql_real_escape_string($_POST['datum']);
$afbeelding = mysql_real_escape_string($_POST['afbeelding']);
$intro = mysql_real_escape_string($_POST['intro']);
$main = mysql_real_escape_string($_POST['main']);
$query = "UPDATE voorstellingen
SET '$titel','$ondertitel','$wanneer','$datum','$afbeelding','$intro','$main'
WHERE id = $ID";
mysql_query($query) or die('Error, bewerken van voorstelling is mislukt');
$query ="FLUSH PRIVILEGES";
echo"De voorstelling is succesvol bewerkt";
}
else{
$ID = (int)$_GET['ID'];
$query="SELECT * FROM voorstellingen WHERE id = $ID";
$result = mysql_query($query) or die('Error, bewerken van voorstelling is mislukt');;
?>
your update query should be like:
$query = "UPDATE voorstellingen SET title = '".$titel."' .....";
See: UPDATE Syntax
mysql_real_escape_string function returns FALSE on errors. You can check the return type of the below line
$titel = mysql_real_escape_string($_POST['Titel']);
to see if it succeeds or not. You do not need to check the next lines. If there is error on first function call, it will very probably mean that no SQL connection is present before invoking the function. Because a MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned.
If the above suggestion does not solve your issue , please elaborate what error exactly are you facing and on which line.