I need some help with the php syntax for when user input is a variable in the request to the database.
The below manually enters values:
"UPDATE customer SET first_name= 'Me2' WHERE id = ' 13 ' ";
However i want the user to be able to enter values such as this:
"UPDATE customer SET first_name=".$edit_first_name.", WHERE id=".$edit_id."\"";
When i run the above it doesn't work as the first example script does.
An i'm assuming it's a syntax problem, an there is no display on the page to indicate the issue location. Please help
Your query is wrong. Don't insert , before WHERE & put single quotes around string value.
"UPDATE customer SET first_name='".$edit_first_name."' WHERE id=".$edit_id;
This is the final query:
$update="UPDATE customer SET first_name=".$edit_first_name." WHERE id=".$edit_id;
You miss simple quotes '' around your $edit_first_name as it is a string.
try this statement, maybe it could solve your problem:
"UPDATE customer SET first_name ='$edit_first_name' WHERE id='$edit_id'";
Related
I have to update the table if only the three values gets matched. I get a syntax error on trying this. What could be the reason?
$sql1="update target set updvalue='".$val3."' where Id ='".$b."'" AND MId ='".$c."'" AND DID ='".$f."'";
$res1=$this->db->query($sql1);
$sql1="update target set updvalue='".$val3."' where Id ='".$b."' AND MId ='".$c."' AND DID ='".$f."'";
$res1=$this->db->query($sql1);
use this
You can use Codeigniter query builder.
$this->db->where('Id',$b);
$this->db->where('MId',$c);
$this->db->where('DID',$f);
$upd_data['updvalue'] = $val3;
$res1=$this->db->update('target',$upd_data);
Let me know if it not works.
I think there are to many " between where Id and AND, that is, you have made a typo.
I'm working on a mailbox system for a game on Facebook. I have 2 inputs to a php script, with example input below:
$FriendIDs = "10000001,10002421,10132000,10074794,13523543"
$MailCode = "ReqGem"
and a table with the columns ID, Mailbox.
What I want to be able to do is concatenate whatever was originally in the Mailbox field, with MailCode, for each person in the FriendIDs.
I figured it was something like this, but I couldn't get it to work (my php/sql knowledge is pretty dire!):
mysqli_query($db, "UPDATE Save SET Mailbox = CONCAT(Mailbox,'$MailCode' . '_') WHERE 'id' IN $FriendIDs);
EDIT: I've just realized I need to add a new row if the FriendID isn't already in the table.
I'm guessing I need to start out with INSERT INTO and then use ON DUPLICATE KEY UPDATE, but I can't seem to get it to work. It's a bit trickier since the unique key is in an array, and I can't use WHERE id IN(ArrayOfValues) in an INSERT query.
Any help would be greatly appreciated!
You're close:
$FriendIDs = "10000001,10002421,10132000,10074794,13523543";
$MailCode = "ReqGem";
mysqli_query($db, "UPDATE Save SET Mailbox = CONCAT(Mailbox,'$MailCode' . '_') WHERE `id` IN($FriendIDs));
You just needed the parenthesis for IN() as it is a function.
Don't use single quotes for column names. Use ticks. Single quotes are for strings.
Okay I have a mysql php UPDATE which goes as follows:
mysql_query("UPDATE users SET imagelocation='uploads/.$fn'
WHERE username='$_SESSION[username]'");
it updates imagelocation with the following: uploads/...
Does anyone know what is wrong?
There are correction to made as below,
mysql_query("UPDATE users SET imagelocation='uploads/".$fn."'
WHERE username='".$_SESSION['username']."'");
First correction is imagelocation='uploads/".$fn."'.
Second Correction is username='".$_SESSION['username']."'");
Try-
mysql_query("UPDATE users SET imagelocation='uploads/$fn'
WHERE username='{$_SESSION['username']}'")
or die(mysql_error());
When using php vars inside double quotes you don't need to concat with . and array values need to be surrounded by curly brackets {}
First of all I'm a rookie to Programming, I created a PHP page to update a value from my mysql(myadmin) database, but the value is not updating. I also tried to retrieve values from database it's working just fine but this UPDATE code is not working! I don't know why, please check out my code below.
$qs=mysql_query("update staff set review=$newrate where name=$rateuser");
$resu=mysql_query($qs);
All variables are double defined, assigned with proper values, checked and I tested variables using echo, table name is also checked, it's all fine, but I think the problem is with Update query, I searched internet for the syntax but it's not different than mine. Please help me out
How are $newrate and $rateuser set?
mysql_query("UPDATE staff SET review = '".mysql_real_escape_string($newrate)."' WHERE name = '".mysql_real_escape_string($rateuser) ."'");
http://php.net/manual/en/function.mysql-real-escape-string.php
Try:
$qs=mysql_query("update staff set review='$newrate' where name='$rateuser'");
Do not use second line.
You probably just need some " around your values $newrate and $rateuser
But if you did an echo, why not actually echo for us what the query-string becomes?
You need single quotes around string values on your query:
$qs=mysql_query("update staff set review='$newrate' where name='$rateuser'");
(assuming both variables are strings)
My query below updates a record using variables to identify the data in the DB. I think my syntax is correct although it might be wrong. Also, I am absolutely sure that the variables have legitimate values in them. Why won't this query work?
UPDATE `databasename`.`".$tablename."` SET `stock` = '".$f."' WHERE `myerspark`.`item_id` ='".$g."' LIMIT 1
Thanks guys. Tom, yes I have tried that and it works fine. But it is frustrating because I echo all three variables at the end of the script and they all display legitimate values.
Hamish, how do I view these errors?
Jon_Darkstar, these variables are assigned in previous lines of code. Here is my entire code block:
//variables $f, $g, and $tablename assigned from POST variables in previous lines
mysql_select_db($database_Yoforia, $Yoforia);
mysql_query("UPDATE `yoforiainventory`.`".$tablename."` SET `stock` = '".$f."' WHERE `".$tablename."`.`item_id` ='".$g."' LIMIT 1 ");
mysql_close($Yoforia);
echo ($f);
echo ($tablename);
echo ($g);
Again, when i echo these variables, they all come out with good values.
I'm kind of confused what belongs to SQL, what belongs to PHP, where that string comes from, etc. What you have might be fine (if there is a double quote in front and end that i dont see.
I'd probably write it like this:
$sql = "UPDATE databasename.$tablename SET stock = '$f' WHERE myerspark.item_id = '$g' LIMIT 1"
$res = mysql_query($sql, $conn).....
you can backtick more stuff (and/or do mysql_real_escape) for 'extra safety;, but that covers the idea.
What is myerspark? i dont see how it relates to the query, that is probably you're real meaningful error, whether there is a syntax error or not. If myerspark is a seperate table from tablename then you've got an issue here, maybe a JOIN you ought to have?