I have a simple MYSQL DB where field_3 is a varchar Key value. I am trying to update database posting to two TIME fields called start and end.
However I keep getting this error
Notice: Undefined variable: empd_end in C:\xampp\htdocs\b1\update.php on line 25
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':12:00, end = WHERE field_3 = Berkay_Sebat#yahoo.com' at line 1
<html>
<head>
<title>Update a Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$emp_id = $_POST['emp_id'];
$emp_salary = $_POST['emp_salary'];
$emp_end= $_POST['emp_end'];
$sql = "UPDATE usezas ".
"SET start = $emp_salary, end = $empd_end".
"WHERE field_3 = $emp_id" ;
mysql_select_db('db1');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">EMAIL</td>
<td><input name="emp_id" type="text" id="emp_id"></td>
</tr>
<tr>
<td width="100">Start TIME</td>
<td><input name="emp_salary" type="text" id="emp_salary"></td>
</tr>
<tr>
<td width="100">END TIME</td>
<td><input name="emp_end" type="text" id="emp_end"></td>
</tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
You are missing a space after the value of end also, you will need to wrap your variables with a quotes like the query below.
$sql = "UPDATE usezas ".
"SET start = '$emp_salary', end = '$empd_end' ".
"WHERE field_3 = $emp_id" ;
However, your code is vulnerable to SQL injections. You sure prepare your query and should be using either PDO or MySQLi extensions not the old mysql_query extension.
you need to put your php vals to ''
$sql = "UPDATE usezas ".
"SET start = '$emp_salary', end = '$empd_end'".
" WHERE field_3 = '$emp_id'" ;
Related
I'm trying to have a form to update a table in my SQL database but I'm getting this error
If my Client ID field has "7020" as the value and the Proof field as "test" I get this error: Could not update data: Unknown column 'test' in 'field list'
</head>
<body>
<?php
if(isset($_POST['update']))
{
$dbhost = 'xxxxxxxx';
$dbuser = 'xxxxx';
$dbpass = 'xxxxxxxxxxxxxxxxxxxxxxxx';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$clientid = $_POST['clientid'];
$proof = $_POST['proof'];
$sql = "UPDATE penalties ". "SET Proof = $proof " ."WHERE client_id = $clientid AND type='ban'";
mysql_select_db('b3bot');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Client ID</td>
<td><input name="clientid" type="text" id="clientid"></td>
</tr>
<tr>
<td width="100">Proof</td>
<td><input name="proof" type="text" id="proof"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
The sql query you are trying to execute should be wrong. As I see, the query right now looks like:
UPDATE penalties SET Proof = sth WHERE client_id = test AND type='ban'
should be like:
UPDATE penalties SET Proof = 'sth' WHERE client_id = 'test' AND type='ban'
(note the quotes)
I tried to update a MySQL database table (online) with a php function, but everytime that i click on "button update" it answers me:
Could not update data: Unknown column '$username' in 'where clause'
can somebody help me with this error or only suggest me the correct way to resolve it?
here is it the code:
<html>
<head>
<title>Update Name of my_table in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'dbuser';
$dbpass = 'dbpassword';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$username = $_POST['username'];
$name = $_POST['name'];
$sql = 'UPDATE tbl_user SET name = $name WHERE username = $username';
mysql_select_db('my_table');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Usrename</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td width="100">Name</td>
<td><input name="name" type="text" id="name"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
and here is it my_table columns:
id | username | password | email | name
Chane this line of query You missing single quete around your variable.
$sql = 'UPDATE tbl_user SET name = $name WHERE username = $username';
to this
$sql = "UPDATE tbl_user SET name = '$name' WHERE username = '$username'";
$sql="UPDATE tbl_user SET name = '".$name."' WHERE username = '".$username."'"
There is matter of quotes i think so this will work better because name and username fields contain string. concating string is better solution when you work with string
I am trying to make a simple form that checks based on the correct email. If the email is correct, it then updates the database with the new time. When I run it, I get a format error.. I am not an expert with PHP, so I may have missed something here...
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'user1';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$email= $_POST['email'];
$time= $_POST['time'];
$sql = "UPDATE users".
"SET time= $time".
"WHERE email = $email" ;
mysql_select_db('dbname');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Email:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td width="100">Time:</td>
<td><input name="time" type="text" id="time"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Your query has the wrong quotes.
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'user1';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('dbname');
$email= $_POST['email'];
$time= $_POST['time'];
$sql = "UPDATE users SET time= '$time' WHERE email = '$email'";
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Email:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td width="100">Time:</td>
<td><input name="time" type="text" id="time"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)
Footnotes:
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
Quick note(s)
You could shorten your code by doing the following all in one go:
$dbhost = 'localhost';
$dbuser = 'user1';
$dbpass = 'password';
$db = 'dbname';
$conn = mysql_connect($dbhost, $dbuser, $dbpass, $db);
so you won't have to use mysql_select_db('dbname'); but that's purely opinion-based/preference and will save you a few keystrokes at the same time.
Changing:
$email= $_POST['email'];
$time= $_POST['time'];
to:
$email= mysql_real_escape_string($_POST['email']);
$time= mysql_real_escape_string($_POST['time']);
will help add a bit of security until you get into prepared statements or PDO.
you don't have spaces in your sql script.
change $sql to:
$sql = "UPDATE users ".
"SET time= '$time' ".
"WHERE email = '$email'" ;
although this will work just fine:
$sql = "UPDATE users SET time= '$time' WHERE email = '$email'" ;
keep in mind, your page is vulnerable to sql injection because you have not escaped time and email.
I am trying to build a page that will allow the user to enter an employee number via a form and when they hit the "delete" button it will remove the corresponding record. The database is named "Crosshill", the Table is called "Employees" and the field I want to use is "employeeid".
It seems to connect fine to the DB, but the code below doesn't work. When you hit the "Delete" button it returns an error of:
Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE employeeid =' at line 1
Blockquote
<html>
<head>
<title>Delete an Employee</title>
</head>
<body>
<h3>Enter the Employee Number below to delete a record</h3>
<?php
if(isset($_POST['delete']))
{
$dbhost = '####';
$dbuser = '####';
$dbpass = '####';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$employeeid = $_POST['employeeid'];
$sql = "DELETE Employees ".
"WHERE employeeid = $employeeid" ;
mysql_select_db('Crosshill');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Employee ID</td>
<td><input name="employeeid" type="number" id="employeeid"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="delete" type="submit" id="delete" value="Delete">
</td>
</tr>
</table>
</form>
<?php
}
?>
</html>
It's DELETE FROM <table> WHERE <condition>, the FROM is missing in your query.
You are missing "from" after delete..
It should be as DELETE from Employees WHERE condition.
To avoid such situations always do one thing, just echo the sql query and using "exit" after the same to terminate the further execution of the program.
Copy the query from browser and run the same in phpmyadmin or whatever other tool you use..
That practice will help you to find out the root cause of the problem..
I am trying to delete information from a database via a php script but am am getting an error.
When we enter the employee ID, the ID should be deleted. However, it doesn't delete and I get an error.
<html>
<head>
<title>Delete a Record from MySQL Database</title>
</head>
<body>
<?php
if (isset($_POST['delete'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
$emp_id = $_POST['emp_id'];
$sql = "DELETE employee " .
"WHERE emp_id = $emp_id";
mysql_select_db('test');
$retval = mysql_query($sql, $conn);
if (!$retval) {
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
} else { ?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Employee ID</td>
<td><input name="emp_id" type="text" id="emp_id"></td>
</tr>
<tr>
<td width="100"></td>
<td></td>
</tr>
<tr>
<td width="100"></td>
<td>
<input name="delete" type="submit" id="delete"
value="Delete">
</td>
</tr>
</table>
</form>
<?php } ?>
</body>
The error I get is:
Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE emp_id = 1' at line 1
The right syntax is here: http://dev.mysql.com/doc/refman/5.0/en/delete.html
You need to say delete from
$sql = "DELETE **from** employee ".
"WHERE emp_id = $emp_id" ;
It should be
$sql = "DELETE from employee ".
"WHERE emp_id = $emp_id" ;
Your query is DELETE EMPLOYEE
What you need is DELETE FROM EMPLOYEE, that should do if the table structure is normal.
It's just a syntax error!
Look, you don't want to DELETE ALL the table employee, but just one line where emp_id = $emp_id"
So that's why you need to say that you want to DELETE FROM the TABLE employee, all the rows where emp_id = $emp_id" !