Mysql Query Update From php - php

Hi to everyone i have a problemn with a query in PHP to Update records.
<?php
include('../webcgo/script/cox.php');
$query = $cox->query("SELECT cf_id FROM offerte;");
while ($idx = mysqli_fetch_array($query)) {
$check = '<button class="uk-button" onclick="location.href=\'http://localhost/chartscript/remRegola.php?dis=2&id=' . $idx['cf_id'] . '\'">OK</button>';
$query_check = 'UPDATE offerte SET check=\'' . $check . '\' WHERE cf_id=' . $idx['cf_id'].';';
if ($queryx = $cox->query($query_check) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $cox->error;
}
}
mysqli_close($cox);?>
The result:
Error updating record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check='


check is a MySQL reserved keyword. If you're going to use it in your query you must wrap it in backticks:
$query_check = 'UPDATE agoragroup_chronoforms_data_inserimento_offerte_prod SET `check`=\'' . $check . '\' WHERE cf_id=' . $idx['cf_id'].';';

Related

Trying to transfer json from a table to anther php

I have a problem and I don't know how to solve it. I want to transfer a json to another table and I get a syntax error.
This is my output
INSERT INTO saved_cmd ('id_user','value','store','totalPrice','hour','type_payement') VALUES ('11','"{\"lenght\":0,\"produits\":[{\"id\":29,\"name\":\"Tarte au fraise\",\"count\":1,\"price\":2,\"totalPrice\":2},{\"id\":28,\"name\":\"rose des sables\",\"count\":0,\"price\":2,\"totalPrice\":0}]}"','6','2.00','13:00','caisse')
===================================================
Error: INSERT INTO saved_cmd ('id_user','value','store','totalPrice','hour','type_payement') VALUES ('11','"{\"lenght\":0,\"produits\":[{\"id\":29,\"name\":\"Tarte au fraise\",\"count\":1,\"price\":2,\"totalPrice\":2},{\"id\":28,\"name\":\"rose des sables\",\"count\":0,\"price\":2,\"totalPrice\":0}]}"','6','2.00','13:00','caisse')<br>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id_user','value','store','totalPrice','hour','type_payement') VALUES ('11','"{\' at line 1
I tried to encode my json but i have the same problem
and this is my php
$state = $row['states'];
$id_user = $row['id_user'];
$value = ($row['value']);
$panier = json_encode($value);
$store = $row['store'];
$totalPrice = $row['totalPrice'];
$hour = $row['hour'];
$type_payement = $row['type'];
if ($row['states'] != 4) {
$states = $state + 1;
$sql = "UPDATE cmd SET states = $states WHERE id = '$id'";
if ($conn->query($sql)) {
echo "good:up";
}
} else {
$sql = "INSERT INTO saved_cmd ('id_user','value','store','totalPrice','hour','type_payement') VALUES ('$id_user','$panier','$store','$totalPrice','$hour','$type_payement')";
echo $sql . "\n\n\n===================================================\n\n\n";
if ($conn->query($sql) === true) {
echo "good:save";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}

I got mysqli error 1064 but i don't know why

I want to post this data from android client and i tested it with postman and status code was 200. But i have a mysqli error and it's:
Error:
((1064) You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id=' at line 1)
i don't know what is my codes problem and SELECT part works correctly
<?php
$id = $_POST['id'];
$isLiked = $_POST['isLiked'];
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$connection = mysqli_connect($host, $username, $password, $database);
$query = "SELECT likes FROM posts WHERE id=$id";
$result = mysqli_query($connection, $query);
$array = mysqli_fetch_assoc($result);
$likes = $array['likes'];
if ($isLiked == true) {
$updateQuery = "UPDATE posts SET likes=" . $likes++ . " WHERE id=$id";
} else {
$updateQuery = "UPDATE posts SET likes=" . $likes-- . " WHERE id=$id";
}
if (!$connection->query($updateQuery)) {
echo "query failed: (" . $connection->errno . ") " . $connection->error;
}
mysqli_query($connection, $updateQuery);
if (!$connection->query($updateQuery)) {
echo "query failed: (" . $connection->errno . ") " . $connection->error; // It returns that 1064 error
}
mysqli_query($connection, $updateQuery);

I see 3 possible mistakes.
First mistake, the $id can be empty.
And 2nd mistake can be $likes++ need be ++$likes, because you doesn't sum it with ++ after of the variable, im referring too to --$likes.
The 3rd mistake is your code is vulnerable to MySQL injection, i recommend make a prepared statement.
Link to prepared statement example and explanation: https://www.w3schools.com/php/php_mysql_prepared_statements.asp

PHP and Mysql error "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version"

I am trying to code a little log thing for my Home automations script but then I got this error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 2
My SQL is:
INSERT INTO
logsa (timeb, msg, actionb)
VALUES
('12-05-2018 02:29:38pm',
'Succesfully send a trigger to https://maker.ifttt.com/trigger/test/with/key/xxxxxxxxxxxxxxxxxxxxxxxx With name test',
'https://maker.ifttt.com/trigger/test/with/key/xxxxxxxxxxxxxxxxxxxxxxxx'
and my code is:
$logmsg = ("Succesfully send a trigger to " . $row["actiona"] . " With name " . $row["namea"]);
date_default_timezone_set("Europe/Stockholm");
$date = date("d-m-Y");
$time = date("h:i:sa");
$fulldate = ($date . " " . $time);
$actiona = $row["actiona"];
$sql = "INSERT INTO logsa (timeb, msg, actionb)
VALUES ('$fulldate', '$logmsg', '$actiona'";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}

Change the timeb data value $fulldate to use a valid date time format like this
$fulldate = date('Y-m-d H:i:s');
MySQL and mariaDB expect DATETIME columns to be stored in a very specific format and yours was invalid.
Also you should be using prepared and parametrised queries [link] to avoid SQL Injection attacks like this
$logmsg = ("Succesfully send a trigger to " .
$row["actiona"] .
" With name " .
$row["namea"]);
date_default_timezone_set("Europe/Stockholm");
$fulldate = date('Y-m-d H:i:s');
$actiona = $row["actiona"];
$sql = "INSERT INTO logsa (timeb, msg, actionb) VALUES (?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('sss', $fulldate, $logmsg, $actiona );
$result = $stmt->execute();
if ($result) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}

SQL Syntax Error id suddenly equals zero

Does anybody know what could be wrong here?
<?php
$q = intval($_GET['q']);
echo $q." "; // $q=2
$d = $_GET['d'];
echo $d." "; //$d=3priority
$m = preg_replace('/[0-9]+/', '', $d);
echo $m." "; //$m = priority
$s = intval($_GET['d']);
echo $s;// $s = 3
$sql = "UPDATE form SET $m = $q WHERE id = $s";
$result = $conn->query($sql);
if ($conn->query($sql) === TRUE) {echo "das";}
else{
echo "Error: " . $sql . "<br>" . $conn->error;
}
?>
I get the Error Message :
UPDATE form SET = 0 WHERE id = 0 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near '= 0 WHERE id = 0' at line 1
However if I echo the $m/$q/$s/$d thy show the right values. But somehow they get changed to 0 in the sql statement.
Would be nice if you could help me out :)

Try This
$sql = "UPDATE form SET" . $m . "=" . $q . " WHERE id =" . $s;

Getting a Value to use in an update script in php

I am trying to pass a value from a select into an update script. I have a page that keeps a members information. I would like to keep the user name and password on a different table. However I am having problems getting the id from the member table to pass to the user id table. Here is what I am doing. The first query is working fine and adding the member information to the member table. It is where I try to do the select and the second update is where I am having problems.
$user_id;
$sql = "INSERT INTO member_contact (mem_first_name, mem_last_name, mem_address_1, mem_address_2, mem_city, mem_state, mem_zip, mem_phone, mem_email)
VALUES ('$_POST[mem_fn]','$_POST[mem_ln]','$_POST[mem_add1]','$_POST[mem_add2]','$_POST[mem_city]','$_POST[mem_st]','$_POST[mem_zip]','$_POST[mem_ph]','$_POST[mem_email]')";
if ($conn->query($sql) === TRUE) {
//echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$selsql = "select mem_id into $user_id from member_contact
where mem_first_name = '$_POST[mem_fn]'
and mem_last_name = '$_POST[mem_ln]'";
if ($conn->query($selsql) === TRUE) {
echo 'mem_id';
} else {
echo "Error: " . $selsql . "<br>" . $conn->error;
}
$insql = "insert into user_info (mem_id, user_id, user_pass)
values('$user_id','$_post[us_id]','$_post[us_pass]')";
if ($conn->query($insql) === TRUE) {
echo 'User name added';
} else {
echo "Error: " . $insql . "<br>" . $conn->error;
}
$conn->close();
Here is the error I am getting with this code.
Error: select mem_id into from member_contact where mem_first_name = 'Andy' and mem_last_name = 'D'
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from member_contact where mem_first_name = 'Andy' and mem_last_name = 'D'' at line 1User name added
Thanks for any help.

Categories