Update query not working with GET
$key = mysql_real_escape_string($_GET['key']) ;
$pass = mysql_real_escape_string(trim($_POST['pass'])) ;
$key1="UPDATE login SET pass = '" . $pass . "' WHERE
(key_id = '" . $key . "')";
the variable is passed like this newpassword.php?key=5384f
echo $key; variable does not yield any result ? what could be wrong?
for some reason it's updating all the other passwords except the one where key exists.
It was a dumb mistake, I figured the error; I was posting to same page using <?php echo $_SERVER['PHP_SELF']?> . After posting to the page I was trying to retrieve the key using get and then trying to run the update query with it. This was not working as after post the url will change and key would be gone.
The solution was to capture the key value first and store it into the form as an invisible text item first and then post it to update.
Related
:) So i want to make a form with multiple inputs that are stored in the database with a unique id for every single input. My prblem is that if I save only one dynamic input the unique id is saved to my database but if i try for more than one it cant be saved. I tried many things but it dosent working. Can samone help.
PHP code
$values=array();
for($i=0 ;$i < count($_POST['fields']); $i++) {
$supply_unique_id=uniqid();
$values[] = '("' . $_POST['fields'][$i] . '","' . $supply_unique_id . '")';
}
$sql="INSERT INTO supplies (supply,supply_unique_id)
VALUES " . implode(',', $values);
$result = $conn->query($sql);
The problem was coming from uniqid() function it was duplicating the entry for key 'supply_unique_id' so I changed it to uniqid(rand(), true). It also works with md5() function. So this is the only thing I changed $supply_unique_id=uniqid(rand(), true);
I have a query which is not inserting if i use the where clause, without the where clause it inserts data. this is weird and I have never seen it happen before in WAMP
$key=substr(md5(rand(0, 1000000)), 0, 5);
$key1="INSERT INTO login(key_id) VALUES('$key')
WHERE (email_id = '" . mysql_real_escape_string($_POST['email_id']) . "')"
if(mysql_query($key1))
{
$message = 'User Added!.';
echo "<SCRIPT>
alert('$message');
location='forgotpassword.php';
</SCRIPT>";
}
If I echo $_POST['email_id'] it does return valid result
INSERT and WHERE do not mix.
when INSERTing, you are creating a new record.
WHERE is used with SELECTing DELETEing or UPDATEing, when you have to specify a filter which rows you want to SELECT, DELETE or UPDATE.
if you want to INSERT a row, do not use WHERE.
if you want to change a row, use
$key1="UPDATE login SET key_id = '$key' WHERE
(email_id = '" . mysql_real_escape_string($_POST['email_id']) . "')";
Insert is only used on creating new record and where clause is only used if want to set any condition it is used with like select,update,delete.
Try this it will help:-
$key1="update login set key_id ='$key' WHERE
(email_id = '" . mysql_real_escape_string($_POST['email_id']) . "')";
I know #Franz-Gleichmann is already explained very well, whats wrong in your code.
You need to use UPDATE for updating data modified code:
$key1 = "UPDATE login SET key_id = '$key' WHERE
(email_id = '" . mysql_real_escape_string($_POST['email_id']) . "')";
Now i am adding two more points:
Please use mysqli_* or PDO, because mysql_* is deprecated and not available in PHP 7.
You missed the termination semi colon on the same line, i hope this is typo error.
Here is a function I have in my php file
function deleteLocation() {
global $con;
$val = $_POST['id'];
$escaped = mysqli_real_escape_string($con,$val);
$sql = "DELETE FROM settings WHERE value = '".$escaped."'";
if(!mysqli_query($con,$sql)){
die("Query failed:" . mysqli_error($con));
} else {
die("DELETE FROM settings WHERE value = '".$escaped."' / num rows affected: " . mysqli_affected_rows($con));
}
}
Here is the text that is returned on the page
DELETE FROM settings WHERE value = 'asdasd ' / num rows affected: 0
If I take the first part, and run it on my phpmyadmin page,
DELETE FROM settings WHERE value = 'asdasd '
it will correctly delete the row, but as you can see from the output, 0 rows are affected when the script is run on the page.
If anyone can help to fix this I will be very grateful.
PS: The connection string and user permissions are indeed set up correctly, because every other function in this file works properly
EDIT: Got it, the space at the end of the string was a newline character that was sent from my javascript.
I tried re-creating your problem on my machine and the only time I get the same message as you is when that item was already deleted from the table (or when it wasn't there in the first place)
This was a pretty unique situation, so I don't know how much this would help other people but,
I had an array of strings that all had \n at the end, so I had to do
str[value] = str[value].trim();
foreach value in the array. It turns out that this was not a php problem, but rather js
I've setup an EE template with PHP enabled and set the PHP Parsing Stage as Input. I would expect the following code to update the database correctly, but nothing happens:
<?php
$ids= "{last_segment}";
$userId = "{member_id}";
$sql = "UPDATE table SET column = '" . $ids . "' WHERE member_id = '" . $userId . "'";
$this->EE->db->query($sql);
?>
If I echo my query it looks correct, and in fact if I run it in PHPMyAdmin it works fine. Is there something I'm missing? Do I need to modify the PHP Parsing Stage?
Thanks in advance!
Looks like you may just need parentheses after "EE":
$this->ee()->db->query($sql);
Also, I'm not sure if you need $this...
http://ellislab.com/expressionengine/user-guide/development/usage/database.html
Hey I am currently trying to insert a global variable to a table. The other values I pass are variables too but they get sent correctly.
Here is my query. my error handling does not capture anything
$result = mysql_query("INSERT INTO IPmanagement (userId, NameUsed, EmailUsed, IPStatus, Ip) VALUES ('" .$masterUserId . "', '" . $Entry['LeadName'] . "', '" . $Entry['LeadEmail'] . "', '0', '" . $ip . "')") or die(ErrorException("Function 6", "Error when processing the current lead. your data is unaffected and if the proccess continues please contact an Admin.", mysql_error(),$_SERVER['REMOTE_ADDR'], CurrentPath(), $masterUserId));
my variable that is global defined before the function is
$masterUserId = "1";
I tried echoing the variable before it sends and it echos out correctly YET my table holds a value of 0.
here is a screenshot of how I have my table setup.
Click for Larger Image
Any idea what is going on. I am rather stumped and tried writing this same code different ways and it still gives me same issue. Also $masterUserId will always be an int value
Edit: also would like to mention the variable is different .php that contains the varaiable and database login information. It is being included at the top. (don't know if that is relevant)
Because you are not inserting IP STATUS.Which is not null
\
You should either set this to null or enter some value to it.
If you are using query in a function than use like this
function (){
//than define
$globat $masterUserId;
// use the global defination
// than use this variable with global value
}
Do not use mysql_*. Replace them with mysqli_* or PDO::.
Did you try to echo the mysql_query()? Do this. Replace mysql_query("..."); with die("..."); and put it in the phpMyAdmin and try executing.
And in your table, I see that IP Status is a NOT NULL. So that might throw an exception. Use a default value in the table.
And yeah, what do you get the result as in mysql_error()?
Why ''' or "' in query?
I have cleaned up query with PHP function sprintf and using NULL for EntryID(Autoincrement)
$query = sprintf("INSERT INTO IPmanagement (EntryID,userId, NameUsed, EmailUsed, IPStatus, Ip) VALUES (NULL,%s,%s,%s,'0',%s)",
$masterUserId , $Entry['LeadName'] , $Entry['LeadEmail'] , $ip ));
$result = mysql_query($query);
You should also use MySQLi or PDO