Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I'm trying to do in-place editing way in my site.
Now I set up all the things I need.
When the user clicks Submit, it will send the id of the div element (what kind of content) and the new value to update.
Here's my code:
if($pedit = $mysqli->prepare("UPDATE `accounts` SET ? = ? WHERE `id`= ? ")){
$pedit->bind_param("sss", $id, $value, $_SESSION["user_id"]);
$pedit->execute();
$pedit->free_result();
$pedit->close();
}
I don't know why it doesn't update the information.
$id = the row that change: description, fullname, email etc.
$value = the new information about $id. User can update his profile information.
The code doesn't show me any kind of error but still doesn't update.
You can't specify a column name as a parameter in a prepared statement. You'll instead have to substitute column names into the statement before preparing it. Don't forget to whitelist editable column names to make sure no unwanted SQL gets executed.
<?php
$accounts_editable_cols = array(
'name'=>true, 'street'=>true, 'city'=>true,
'region'=>true, 'postal'=>true, 'phone'=>true
);
// prevent SQL injection by whitelisting column names
if (!array_key_exists($id, $accounts_editable_cols)) return false;
$pedit = $mysqli->prepare("UPDATE `accounts` SET $id = ? WHERE `id`= ? ")
if ($pedit) {
$pedit->bind_param("ss", $value, $_SESSION["user_id"]);
$pedit->execute();
$pedit->free_result();
$pedit->close();
}
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 1 year ago.
Improve this question
When I put a number myself the database gets updated to Success but when I try to access the same number from $_POST It complete the transaction but doesn't affect the rows even thought it's using the same number.
Example of a query that works perfectly and updates the database
$sql = "UPDATE `transactions` SET `status` ='Success' WHERE `transactions`.`txn_id` = 65765756";
Example of a query that doesn't work
$sql = "UPDATE `transactions` SET `status` ='Success' WHERE `transactions`.`txn_id` = ".$_POST['m_payment_id'];
First, check what's in the value, and make sure it is the same as what you are manually entering.
var_dump($_POST['m_payment_id'])
Second, the code without any other checks is a SQL injection vulnerability.
You could convert the value into an integer to protect against this, e.g. intval($_POST['m_payment_id'])
Ideally though, you would be using bindings.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 4 years ago.
Improve this question
$statement = $pdo->prepare("UPDATE config SET (name, value) VALUES(:name, :value) WHERE id = 1");
Hello, i need your Help, i know her is a syntax error but i dont know what is the syntax error.
Can you Help
Separate assignments for the set:
UPDATE config
SET name = :name,
value = :value
WHERE id = 1;
The syntax for UPDATE has not changed in MySQL and has never (to the best of my knowledge) included a VALUES clause. The documentation is pretty clear on the subject. If you don't think the documentation is clear, you can provide feedback on it.
Here is a full code:
$id = 1;
$sql = "UPDATE config SET `name`=?, `value`=? WHERE id=?";
$stmt= $dpo->prepare($sql);
$stmt->execute([$name, $value, $id]);
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
I am a beginner in PHP and SQL. I have been trying to delete rows in SQL table using the following code but it doesn't work. Please help.
<?php
/*
DELETE.PHP
Deletes a specific entry from the 'db' table
*/
// connect to the database
include('connect-db.php');
// check if the 'id' variable is set in URL, and check that it is valid
// get id value
$id = $_GET['id'];
// delete the entry
$result = mysql_query("DELETE FROM db WHERE 'Report No.'= '$id'")
or die(mysql_error());
// redirect back to the view page
header("Location: view.php");
// if id isn't set, or isn't valid, redirect back to view page
{
header("Location: view.php");
}
?>
Apply backticks(`) around table field name "Report No." (its not standard way to define a table field name)
Try this
$result = mysql_query("DELETE FROM db WHERE `Report No.`= '$id'");
Fix your query by removing single quote of name table:
$result = mysql_query("DELETE FROM db WHERE `Report No.`= '$id'");
Make sure that you type right for Report No. column name. Actually for naming Report No. is not recommended.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I have an SQL piece of code that every time a user inserts a name creates a new column with the name (and this part works fine). I also want it to add a row to that column with the respective comment given by the user. I don't see why this add row statement won't work.
$value = mysql_real_escape_string($_POST['name']);
$comment = mysql_real_escape_string($_POST['comment']);
$add = mysql_query("ALTER TABLE Names ADD $value Text NOT NULL");
$sql = mysql_query("INSERT INTO Names VALUES $comment");
Try with
$sql = mysql_query("INSERT INTO Names (`$value`) VALUES ('$comment')") or die(mysql_error());
You need to specify the column list.
Ideally you should start using PDO or an ORM to be able to work and debug easier
Try this:
$value = mysqli_real_escape_string($db, $_POST['name']);
$comment = mysqli_real_escape_string($db, $_POST['comment']);
$add = mysqli_query($db, "ALTER TABLE Names ADD '{$value}' Text NOT NULL");
$sql = mysqli_query($db, "INSERT INTO Names({$value}) VALUES('{$comment}')");
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
How should I make a sql update query only IF a value of the table is equal to "something"?
I would not want to use case because I don't have any "else" statement and it is regulated by another simple value of the table, so there are no more cases.
EDIT: Since there is so much need to see one single line of code because certainly my question has no answer this way, I'll leave it here:
$query = "IF seen=1 UPDATE something SET other_thing = 100 WHERE yet_another_thing= 'outro' ";
You use a where statement:
update t
set foo = bar
where value = 'something';
Looking at everyone's answers, here is the code for YOU.
$query = "UPDATE something SET other_thing = 100 WHERE yet_another_thing= 'outro' AND seen = 1";
This is where use use a WHERE clause:
UPDATE
SomeTable
SET
field = 1234
WHERE
anotherField = 5678
UPDATE tablename SET updatevalue = 'value' WHERE avalue = 'something'