My goal is to recieve 2 strings, an IP and UUID, and look in the database. If the UUID is already there, it adds the IP onto a list of IPs in the database. If not, it makes a new row in the database with that UUID and IP. Purpose is tracking user activity (Nothing malicious)
Code:
<?php
$cip = $_POST['ipaddr'];
$cid = $_POST['id'];
$conn = mysqli_connect('localhost', '*****', '*****', '*****');
$query = mysqli_query($conn, "SELECT * FROM sls WHERE asid='".$cid."'");
if(mysqli_num_rows($query) > 0){
$sql = "SELECT asid, ips FROM sls WHERE asid=$cid";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$cipdata = $row["ips"];
}
$sql = "UPDATE sls SET ips='$cipdata , $cip' WHERE id=2";
mysqli_query($conn, $sql);
} else {
$sql = "INSERT INTO sls (asid, ips) VALUES ('$cid', '$cip')";
mysqli_query($conn, $sql);
}
?>
Right now, it just adds a new row for every IP, regardless of UUID.
What did I do wrong?
-- Edit: Fixed typo, now it just adds the first IP, but after that does not add any more to the row.
Perhaps there is a small typo on this line:
$query = mysqli_query($con, "SELECT * FROM sls WHERE asid='".$cid."'");
Did you mean $conn, not $con? As in:
$query = mysqli_query($conn, "SELECT * FROM sls WHERE asid='".$cid."'");
Your connection param is $conn so just used this in every query command. some where you are using $con and somewhere $conn.
Check your code.
Related
This question already has answers here:
How to change mysql to mysqli?
(12 answers)
Closed 4 years ago.
I am facing an error as I'm about to launch my PHP files to a free web hosting site. The error showing up is given below:
And below is the code for my project.
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysql_query($sql) or die("Error: " . mysql_error()); //this is error on line 42
$row = mysql_num_rows($query);
I'm not sure what the errors are as I am self-taught on PHP. hopefully you guys can point out what change i should make. Thanks in advance!
First, as you suggest in the title, use mysqli for security reasons, or even better, PDO.
With mysqli: (updated)
$stmt = $conn->prepare("SELECT COUNT(*) FROM user WHERE staff_id = :staff_id AND password = :password");
$res = $stmt->execute(["staff_id" => $staff_id, "password" => $password);
$row = mysqli_num_rows($res);
With PDO:
$stmt = $conn->prepare("SELECT COUNT(*) FROM user WHERE staff_id = :staff_id AND password = :password");
$res = $stmt->execute(["staff_id" => $staff_id, "password" => $password);
$row = $res->fetchColumn();
$conn being your database link. The PDO version assumes you don't need the rows but just the count. In case someone tells you to, don't use rowCount on SELECT query, that's not reliable.
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysql_query($sql) or die("Error: " . mysql_error()); //this is error on line 42
$row = mysql_num_rows($query);
try this one
$sql= "SELECT * FROM user WHERE staff_id='$staff_id' AND password='$password'";
$query = mysqli_query($con, $sql) or die("Error: " . mysqli_error($con)); // $con is the connection to database like // $con = mysqli_connect("localhost","my_user","my_password","my_db");
$row = mysqli_num_rows($query);
<?php
session_start();
//get the location name/address.
$address = $_POST['table'];
$_SESSION['myaddress'] = $address;
$username = $_SESSION['username'];
//connection details.
$sev_host = "localhost";
$sev_username = "root";
$sev_password = "";
$sev_db = "mydata";
//Connecting server with db.
$conn = mysqli_connect($sev_host, $sev_username, $sev_password, $sev_db);
if (!$conn) {
die("Error : " . mysqli_connect_error());
}
//Check if the table exist, and if not then create the table
$pre_check = "select location from users where username='$username";
$result_pre_check = mysqli_query($conn, $pre_check);
$pre_remove = "delete from $result_pre_check where username='$username'";
mysqli_query($conn, $pre_remove);
$pre_insert = "update users set location='$address' where username='$username'";
mysqli_query($conn, $pre_insert);
$sql = "CREATE TABLE $address (id int(6) unsigned auto_increment primary key, username varchar(255) not null, src varchar(255) not null)";
$sql2 = "INSERT INTO $address (id, username, src) VALUES ('', '$username', '')";
mysqli_query($conn, $sql);
mysqli_query($conn, $sql2);
?>
This is my php code, and I seem to have a problem in it. This code is attached to a button and runs when it is clicked, but it's not giving me the required result. As you can see that I am deleting a row on $pre_remove statement, but when the code runs everything works except that the required row is not removed from the table.
The code works fine and it doesn't give out any debug errors. Any ideas?
The reason this doesn't work lies within your query on $pre_remove
A good way to debug your code, would be to use functions like var_dump, print_r etc. to see what your variables actually contains.
In this specific case, the problem lies within delete from $result_pre_check
$result_pre_check is not a variable. Again, you can do a var_dump($result_pre_check) to see what this variable is / contains.
Your query to delete a user based on username would however work if it was:
$pre_remove = "delete from users where username='$username'";
You can try something like this,
$pre_remove = "DELETE FROM users WHERE username IN (
SELECT location FROM users WHERE username='$username'
)";
mysqli_query($conn, $pre_remove);
instead of ,
$pre_check = "select location from users where username='$username";
$result_pre_check = mysqli_query($conn, $pre_check);
$pre_remove = "delete from $result_pre_check where username='$username'";
mysqli_query($conn, $pre_remove);
I am attempting to post a column into my database here as a test and I am unable to do so. I've used the code below and it doesn't seem to be posting. Unless I am missing a trick with PHPmyAdmin I cannot seem to get it working. Any chance anyone could help? Thanks in advance!
<?php
$link = mysqli_connect("XXXX", "XXXX",
"XXXX", "XXXX");
if (mysqli_connect_error ()) {
die("The connection has failed");
}
$query = "INSERT INTO `users` (`email`, `password`)
VALUES('owen#owen.com', 'hfudhf8ahdfufh')";
mysqli_query($link, $query);
$query = "SELECT * FROM users";
if($result = mysqli_query($link, $query)) {
$row = mysqli_fetch_array($result);
echo"Your Email is ".$row["email"];
echo" and your Password is ".$row["password"];
}
?>
The problem is that you're only fetching one row of results. Unless the table was empty before you ran the script, there's no reason to expect that row to be the one that you just added.
If the table has an auto-increment ID field, you can fetch that row:
$query = "SELECT * FROM users WHERE id = LAST_INSERT_ID()";
So im fairly new to coding, and have just started on a project for fun.
I try to build a RPG game, and i have got to the point where players can fight and take damage. So i want to add a passive health regeneration.
So i was thinking that i would use a conjob to request a php file every 10min and update all players HP with +10.
What i have got with my very poor MySQL knowlege is;
<?php
/*
* hp_reg.php, auto updater +10hp to players.
*/
//DATABAS CONNECTION
$dbserver="my";
$dbusername ="db";
$dbpassword ="conection";
$db ="information";
//CREATE CONNECTION
$conn = new mysqli($dbserver, $dbusername, $dbpassword, $db);
$query = "SELECT health FROM users";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($query);
$newhp = $result + 10;
$sql = "INSERT INTO users(health) VALUES ($newhp)";
Wich clearly will not work at all!
Any tips on what to change in order to get it to work?
All pointers are much appreciated.
$sql = "UPDATE users SET health = health + 10";
Updated Code
<?php
/*
* hp_reg.php, auto updater +10hp to players.
*/
//DATABAS CONNECTION
$dbserver="my";
$dbusername ="db";
$dbpassword ="conection";
$db ="information";
//CREATE CONNECTION
$conn = new mysqli($dbserver, $dbusername, $dbpassword, $db);
$sql = "UPDATE users SET health = health + 10";
$result = mysqli_query($conn, $sql);
To increase the health column of all users by 10, you can execute the following query:
UPDATE users SET health = health + 10
Assuming:
you want update health of One user;
each user have an unique id;
the unique id is stored in your database as userID (if not, change it with your correct field name);
you have to try in this way:
$query = "SELECT health FROM users WHERE userID='$userID'";
$result = mysqli_query( $conn, $query );
$row = mysqli_fetch_assoc( $query );
$newhp = $row['health'] + 10;
$query = "UPDATE users SET health='$newhp' WHERE userID='$userID'";
$result = mysqli_query( $conn, $query );
At last, take a look to how preventSQL-injection in PHP and how check if your result is empty
I am trying to display a record from my database, however the page appears blank and doesn't display the data I am expecting. The code follows below:
<?php
$mysqli = new mysqli(localhost, root, USERPASS, DBNAME);
$query = "SELECT * FROM usertable WHERE userID= '" . $_SESSION["sess_uid"] . "'";
$result = mysqli_query($mysqli, $query);
$row = mysqli_fetch_row($result);
echo $row['userQuestion'];
?>
Any help would be appreciated.
Thanks
<?php
// there need to be strings arguments here
$mysqli = new mysqli('localhost', 'root', USERPASS, DBNAME);
// sql injection friendly query
$query = "SELECT * FROM `usertable`
WHERE `userID`='{$_SESSION["sess_uid"]}' LIMIT 1;";
// do we have a result
if($result = mysqli_query($mysqli, $query)){
// fetch a single row
if($row = mysqli_fetch_row($result)){
// print the record
var_dump($row);
}
}
?>
You need to wrap 'localhost' and 'root' as strings.
mysqli_fetch_row returns a numerical array.
You can print the content of the record using var_dump or use mysqli_fetch_assoc instead.