Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I believe it has to be simple, but I'm totally green in SQL.
I will include pictures of the database so it will be easier to imagine.
I use it in my PHP code that is accessed by Flash to enter data into the database.
This is my code which doesn't work:
$sql = "SELECT * FROM users
WHERE username = '$username' AND password = '$password'
INSERT INTO users (contactlist) VALUES ('$xmlcontactlist1')";
I want the data from variable $xmlcontaclist1 were entered to 'contactlist' column but to specific User (based on their Name and Password). Somehow when the code was doing something it was creating NEW empty space in the database with just contactlist instead of adding it for each user.
Database Screenshot
Try this one:
$sql = "UPDATE users
SET contactlist = '$xmlcontactlist1'
WHERE username = '$username'
AND password = '$password'";
But this is a bad practice. You can get SQL injections with this code. Read this post here to prevent this: How can I prevent SQL injection in PHP?
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 1 year ago.
Improve this question
When I put a number myself the database gets updated to Success but when I try to access the same number from $_POST It complete the transaction but doesn't affect the rows even thought it's using the same number.
Example of a query that works perfectly and updates the database
$sql = "UPDATE `transactions` SET `status` ='Success' WHERE `transactions`.`txn_id` = 65765756";
Example of a query that doesn't work
$sql = "UPDATE `transactions` SET `status` ='Success' WHERE `transactions`.`txn_id` = ".$_POST['m_payment_id'];
First, check what's in the value, and make sure it is the same as what you are manually entering.
var_dump($_POST['m_payment_id'])
Second, the code without any other checks is a SQL injection vulnerability.
You could convert the value into an integer to protect against this, e.g. intval($_POST['m_payment_id'])
Ideally though, you would be using bindings.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 years ago.
Improve this question
I'm a begginer to PHP and I want to know how can I fetch some text from the corresponding ID and store it as a variable in PHP.
The table is like
ID----NAME----ACCOUNT----PASSWORD
1----name1----accont1----password2
2----name2----accont2----password2
3----name3----accont3----password3
Now if I want to get the account2 as text and save it in an variable (say acc2) then what should I do. Assuming that I have connection information in connect.php.
Edit: I want to select the account2 using the ID like from ID 2 select account.
Thanks In Advance!!!
Assuming you use MySQL, the table is named users and you are using PDO, this would get what you need:
$stmt = $conn->query("SELECT * FROM users WHERE ID = 2");
$row = $stmt->fetch()
$account = $row['ACCOUNT']
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I am a beginner in PHP and SQL. I have been trying to delete rows in SQL table using the following code but it doesn't work. Please help.
<?php
/*
DELETE.PHP
Deletes a specific entry from the 'db' table
*/
// connect to the database
include('connect-db.php');
// check if the 'id' variable is set in URL, and check that it is valid
// get id value
$id = $_GET['id'];
// delete the entry
$result = mysql_query("DELETE FROM db WHERE 'Report No.'= '$id'")
or die(mysql_error());
// redirect back to the view page
header("Location: view.php");
// if id isn't set, or isn't valid, redirect back to view page
{
header("Location: view.php");
}
?>
Apply backticks(`) around table field name "Report No." (its not standard way to define a table field name)
Try this
$result = mysql_query("DELETE FROM db WHERE `Report No.`= '$id'");
Fix your query by removing single quote of name table:
$result = mysql_query("DELETE FROM db WHERE `Report No.`= '$id'");
Make sure that you type right for Report No. column name. Actually for naming Report No. is not recommended.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I have a bit of a problem with a script I'm writing.
$sql ="UPDATE users SET adagio = 1 WHERE username = '$_SESSION[username]'";
The main problem here is that, while I've tested that
this part of the code will run
I've successfully connected to the correct server
3) $_SESSION[username] gives me the the correct username,
the database isn't updated when I run the code. adagio is a boolean (well, a tinybit, really), and I've uploaded my phpMyAdmin screen of the database here:
(http://imgur.com/HUFdx0p)
I'm not entirely sure why it isn't working, and although I've searched online and found similar threads, there wasn't a fix in any thread that worked for me. I'm wondering if one of you could possibly see what I'm doing wrong here?
Edit extra:
if(($_POST['adagio']) == 1){
$sql ="UPDATE users SET adagio = 1 WHERE username = '$_SESSION[username]'";
}
$_SESSION[username] is almost certainly a string so it must be in quotes:
$sql ="UPDATE users SET adagio = 1 WHERE username = '$_SESSION[username]'";
FYI, MySQL would be happy to tell you about SQL errors if you check for them. You should be using the appropriate error reporting functions in whatever MySQL library you are using.
Can you try this.
if (1 == $_POST['adagio']) {
$sql = sprintf ( "UPDATE users SET adagio = 1 WHERE username = '%s'", mysql_escape_string($_SESSION['username']) );
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I need to insert image row from table 'users2' to 'allbets'. But suddenlly this code don't working and I don't know why.. What is wrong with this?
$q2 = $pdo->prepare('INSERT INTO allbets (image) SELECT users2.image FROM users2 WHERE username = ?');
$q2->bindValue(1, $_SESSION['name']);
$q2 -> execute();
This code did not suddenly stop working, it never could have worked with its present query syntax. Change the query to this -
$q2 = $pdo -> prepare('INSERT INTO allbets (user, bet, komanda, teams, cof, data, image) VALUES ($user, $bet, $komanda, $teams, $cof, $data, (SELECT `users2`.`image` FROM `users2` WHERE `username` = ?));
Do yourself a service and error checking to your PHP code and to your PDO. This will let you know where to look when errors occur.