I have encountered an error and I do not know what is wrong with my code. Can someone help me?
Error: UPDATE users SET voornaam = Test, achternaam = Test2, mail = test#test.com, tel = ,adres = , geslacht = man, bestuur = 0, tc = 0, ic = 0, jec = 0, rvr = , instructeur = 0, webmaster = 0 WHERE id = 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'adres = , geslacht = man, bestuur = 0, tc = 0, ic = 0, jec = 0, rvr = , instruct' at line 1
$id = $_GET['u'];
$sql = "UPDATE users SET voornaam = $voornaam, achternaam = $achternaam,
mail = $mailadres, tel = $tel, adres = $adres, geslacht = $geslacht,
bestuur = $bestuur, tc = $tc, ic = $ic, jec = $jec, rvr = $rvr,
instructeur = $instructeur, webmaster = $webmaster WHERE id = ".$id."";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
You should have something like:
$sql = "UPDATE `users`
SET `voornaam` = '$voornaam',
`achternaam` = '$achternaam',
`mail` = '$mailadres',
`tel` = '$tel',
`adres` = '$adres',
`geslacht` = '$geslacht',
`bestuur` = '$bestuur',
`tc` = '$tc',
`ic` = '$ic',
`jec` = '$jec',
`rvr` = '$rvr',
`instructeur` = '$instructeur',
`webmaster` = '$webmaster'
WHERE id = '".$id."'";
This way you are protected if there are empty fields anywhere. You should also make sure you sanitize all the entries you wish to insert in the database.
You must quote ANY string like 'xxxx' else empty strings are missing and string with spaces are see as 2 strings achternaam= van mueller is wrong but achternaam = 'van mueller' is ok and also achternaam=''
You need add quote ' around the updated value, like
$sql = "UPDATE users SET voornaam = '$voornaam', achternaam = '$achternaam', mail = '$mailadres', tel = '$tel', adres = '$adres', geslacht = '$geslacht', bestuur = '$bestuur', tc = '$tc', ic = '$ic', jec = '$jec', rvr = '$rvr', instructeur = '$instructeur', webmaster = '$webmaster' WHERE id = '".$id."'";
If you are not sure that your variables are set before your query, then check them before you create sql query with isset:
if (!isset($a)) {
$a = ''
}
and put your variables in quote:
$sql = "UPDATE users SET voornaam='$voornaam', achternaam='$achternaam',
mail='$mailadres', tel='$tel', adres='$adres', geslacht='$geslacht',
bestuur='$bestuur', tc='$tc', ic='$ic', jec='$jec', rvr='$rvr',
instructeur='$instructeur', webmaster='$webmaster' WHERE id='".$id."'";
Related
I'm trying to create a sign up form, it was working fine until I tried to add md5 to the password field set, I'm not sure why the Query failed. Any help would be much appreciated.
function sign_up(){
if(isset($_POST['register'])){
$c_email = escape_string($_POST['c_email']);
$c_name_first = escape_string($_POST['c_name_first']);
$c_name_last = escape_string($_POST['c_name_last']);
$c_pass = escape_string($_POST['c_pass']);
$c_image = escape_string($_FILES['c_image']['name']);
$c_image_tmp = escape_string($_FILES['c_image']['tmp_name']);
$c_address = escape_string($_POST['c_address']);
$c_address_details = escape_string($_POST['c_address_details']);
$c_city = escape_string($_POST['c_city']);
$c_state = escape_string($_POST['c_state']);
$c_zip = escape_string($_POST['c_zip']);
$c_contact = escape_string($_POST['c_phone']);
move_uploaded_file($c_image_tmp, "customer/customer_images/$c_image");
$query = query("SELECT customer_id FROM customers WHERE customer_email = '{$c_email}'");
confirm($query);
if(mysqli_num_rows($query) > 0){
set_message("This email or username is taken");
}else {
$insert_c = query("INSERT INTO customers (customer_firstname,customer_lastname,customer_address,c_addr_details,customer_email,customer_pass,customer_state,customer_city,customer_zip,customer_phone,customer_image) VALUES ('$c_name_first','$c_name_last','$c_address','$c_address_details','$c_email','$c_pass','$c_state','$c_city','$c_zip','$c_contact','$c_image')");
confirm($insert_c);
}
$query = "UPDATE user SET 'customer_pass' = '".md5(md5(last_id()).$c_pass)."' WHERE 'customer_id' = '".last_id()."'";
$send_update_query = query($query);
confirm($send_update_query);
set_message_success("Sign up successful!");
}
}
Try
$query = 'UPDATE user SET customer_pass = '.md5(md5(last_id()).$c_pass).' WHERE customer_id = '.last_id();
Check you string when you use " or '
So i have a table with a row, click on 'bearbeiten', i get to a formula where i can fill in the changed name or whatever, and then everything changes instead of only the fields i wrote something in and the rest stays.
So if i would only change name and click on save, every other field in the table goes blank.
I tried it with WHERE already, and read that POST is a good method but i think i can change it with making a few changes in the $sql statement, just don't know what.
<?php
//if(isset($...)
if($_GET['aktion'] == "speichern")
{
$ID = $_GET['ID'];
$Anrede = $_GET['Anrede'];
$Nachname = $_GET['Nachname'];
$Vorname = $_GET['Vorname'];
$Geburtsdatum = $_GET['Geburtsdatum'];
$Telefonnummer = $_GET['Telefonnummer'];
$Email = $_GET['Email'];
$sql = "UPDATE Adressbuch SET Anrede = '$Anrede', Nachname = '$Nachname',Vorname = '$Vorname', Geburtsdatum = '$Geburtsdatum', Telefonnummer = '$Telefonnummer', Email = '$Email' ORDER BY ID DESC LIMIT 1";
echo 'Zurueck zum Adressbuch<br>';
require_once ('konfiguration.php');
$db_erg = mysqli_query($db_con, $sql)
or die("Anfrage fehlgeschlagen: " . mysqli_error($db_con));
exit;
}
How about:
Just update the column, if you variable is not blank, else update it with the same value as the record already has.
UPDATE Adressbuch
SET Anrede = CASE WHEN '$Anrede' != '' THEN '$Anrede' ELSE Anrede END
,Nachname = CASE WHEN '$Nachname' != '' THEN '$Nachname' ELSE Nachname END
,Vorname = CASE WHEN '$Vorname' != '' THEN '$Vorname' ELSE Vorname END
,Geburtsdatum = CASE WHEN '$Geburtsdatum' != '' THEN '$Geburtsdatum' ELSE Geburtsdatum END
,Telefonnummer = CASE WHEN '$Telefonnummer' != '' THEN '$Telefonnummer' ELSE Telefonnummer END
,Email = CASE WHEN '$Email' != '' THEN '$Email' ELSE Email END
ORDER BY ID DESC LIMIT 1
Use as and see if it works. Thanks.
<?php
require_once ('konfiguration.php');
//if(isset($...)
if($_GET['aktion'] == "speichern")
{
$ID = $_GET['ID'];
$Anrede = $_GET['Anrede'];
$Nachname = $_GET['Nachname'];
$Vorname = $_GET['Vorname'];
$Geburtsdatum = $_GET['Geburtsdatum'];
$Telefonnummer = $_GET['Telefonnummer'];
$Email = $_GET['Email'];
//use where in your query to update the particular row
//in below query id = your column in database table
$sql = "UPDATE Adressbuch SET Anrede = '$Anrede', Nachname = '$Nachname',Vorname = '$Vorname', Geburtsdatum = '$Geburtsdatum', Telefonnummer = '$Telefonnummer', Email = '$Email' WHERE id='$ID'";
$db_erg = mysqli_query($db_con, $sql) or die("Anfrage fehlgeschlagen: " . mysqli_error($db_con));
echo 'Zurueck zum Adressbuch<br>';
exit;
}
?>
Use POST method instead of GET.
I want to change data from a database but I keep getting errors and I just cannot find the mistake I made..
Here's the code:
if(isset($_POST['id'])) {
if(is_numeric($_POST['id'])) {
$change = pg_query($db, "SELECT * FROM azubi3 WHERE id = ".$_POST['id']."");
echo $change;
if($auto == "") {
$auto = "false";
}
else { $auto = "true"; }
$change = pg_query($db, "UPDATE azubi3 SET vorname = '".$_POST['prename']."', nachname = '".$_POST['name']."', auto = ".$auto.", auto_id = ".$_POST['auto_id'].", schuh_id = ".$_POST['schuh_id']." WHERE id = ".$_POST['id']."");
}
else { echo "ID muss eine Zahl sein!"; }
}
And that's the error i get:
Warning: pg_query(): Query failed: ERROR: syntax error at or near "," LINE 1: ...achname = 'Mustermüller', auto = false, auto_id = , schuh_id... ^ in /srv/www/htdocs/azubi2/test3.php on line 82
First thing your sql is vulenrable to injection, you should correct it.
For the sake of your question :
false is a reserved keyword, please use string around it:
$change = pg_query($db, "UPDATE azubi3 SET vorname = '".$_POST['prename']."', nachname = '".$_POST['name']."', auto = '".$auto."', auto_id = ".$_POST['auto_id'].", schuh_id = ".$_POST['schuh_id']." WHERE id = ".$_POST['id']."");
I am having some problems with checking if the field is empty or not in SQL using PHP without using mysql_fetch_array().
I have this code:
date_default_timezone_set('Asia/Taipei');
$remarks = $_POST['remarks'];
$date_added = date ("Y-m-d");
$time_added = date ("h:i:s a");
$lname = $_SESSION['user']['last_name'];
$fname = $_SESSION['user']['first_name'];
$minitial = $_SESSION['user']['middle_initial'];
$con = mysqli_connect("localhost", "root", "", "thisdb");
if(empty(`TIME_IN_1`)) {
$query = "INSERT INTO time_logs (LAST_NAME, FIRST_NAME, MIDDLE_INITIAL, DATE, TIME_IN_1, TIME_IN_1_REMARKS) VALUES('$lname', ' $fname', '$minitial', '$date_added', '$time_added', '$remarks')";
}
else {
$query = "UPDATE time_logs SET TIME_IN_2 = '$time_added' where LAST_NAME = '$lname' AND DATE = '$date_added'";
}
$save = mysqli_query($con, $query);
header("Location: time_in_complete.php");
What I basically want to accomplish is if the TIME_IN_1 field is empty, the data will be added there. If it is not empty, then the data will be added to the TIME_IN_2.
Apprently, this line:
if(empty(`TIME_IN_1`))
doesn't seem to work.
$first_query = "SELECT TIME_IN_1 FROM time_logs WHERE LAST_NAME = '" . $lname . "' AND FIRST_NAME = '" . $fname . "'";
$data = mysqli_query($con, $first_query);
$num_row = mysqli_num_rows($data);
if($num_row == 0) {
$query = "INSERT INTO time_logs (LAST_NAME, FIRST_NAME, MIDDLE_INITIAL, DATE, TIME_IN_1, TIME_IN_1_REMARKS) VALUES('$lname', ' $fname', '$minitial', '$date_added', '$time_added', '$remarks')";
}
else {
$query = "UPDATE time_logs SET TIME_IN_2 = '$time_added' where LAST_NAME = '$lname' AND DATE = '$date_added'";
}
$save = mysqli_query($con, $query);
header("Location: time_in_complete.php");
Try a query like:
SELECT TIME_IN_1 from time_logs where LAST_NAME = '$lname' AND DATE = '$date_added'
Then:
// Default to true and set this false if we find a value
$bIsEmpty = true;
// Check if any rows match
if ($result->num_rows > 0){
// Yes a row matches, so check if we have a value
$row = $result->fetch_object();
if ($row->TIME_IN_1 != "")
$bIsEmpty = false;
}
if ($bIsEmpty === true){
// Do your insert
} else {
// Do your update
}
i have a web service that show me this error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0', date_de_naissance = '1988-02-02', lieu_de_naissance = ' at line 4{"items":[["succes"]]}
<?php
include('settings.php');
mysql_connect($host,$user,$password);
mysql_select_db($base);
mysql_query('SET CHARACTER SET utf8');
$id_patient = $_GET['id_patient'];
$nom = $_GET['nom'];
$prenom = $_GET['prenom'];
$Sexe = $_GET['Sexe'];
$date_de_naissance = $_GET['date_de_naissance'];
$lieu_de_naissance = $_GET['lieu_de_naissance'];
$adresse = $_GET['adresse'];
$latitude = $_GET['latitude'];
$longitude = $_GET['longitude'];
$telephone = $_GET['telephone'];
$email = $_GET['email'];
$situation_familiale = $_GET['situation_familiale'];
$profession = $_GET['profession'];
$numero_securite_sociale = $_GET['numero_securite_sociale'];
$taille = $_GET['taille'];
$poids = $_GET['poids'];
$groupe_sanguin = $_GET['groupe_sanguin'];
$allergies = $_GET['allergies'];
$antecedents_chirurgicaux = $_GET['antecedents_chirurgicaux'];
$antecedents_medicaux = $_GET['antecedents_medicaux'];
$antecedents_familiaux = $_GET['antecedents_familiaux'];
if ($id_patient!= NULL )
{
$req = "UPDATE patient SET nom = '".$nom."' , prenom = '".$prenom.", Sexe = '".$Sexe."',
date_de_naissance = '".$date_de_naissance."',
lieu_de_naissance = '".$lieu_de_naissance."',
adresse = '".$adresse."',
latitude = '".$latitude."',
longitude = '".$longitude."',
telephone = '".$telephone."',
email = '".$email."',
situation_familiale = '".$situation_familiale."',
profession = '".$profession."',
numero_securite_sociale = '".$numero_securite_sociale."',
taille = '".$taille."',
poids = '".$poids."',
groupe_sanguin = '".$groupe_sanguin."',
allergies = '".$allergies."',
antecedents_chirurgicaux = '".$antecedents_chirurgicaux."',
antecedents_medicaux = '".$antecedents_medicaux."',
antecedents_familiaux = '".$antecedents_familiaux."'
WHERE id_patient = '".$id_patient."' ";
$sql=mysql_query($req);
echo mysql_error();
$items = array("items" => NULL);
$items["items"][] = array("succes");
echo json_encode($items,JSON_UNESCAPED_UNICODE);
}
else{$items = array("items" => NULL);
$items["items"][] = array("erreur");
echo json_encode($items,JSON_UNESCAPED_UNICODE);}
?>
A closing quote was missing.
$req = "UPDATE patient SET nom = '".$nom."' , prenom = '".$prenom."', Sexe = '".$Sexe."',