I am trying to do an Oracle insert statement on a PHP page but I am getting the error below. If I remove the semicolon from the statement, the page never loads (even though the insert on the backend should take a fraction of a second). Any tips would be greatly appreciated!
$sql_update = "
update schema.table set last_check_dt = (select sysdate from dual)
where id = (select id from schema.email where current_email = '" . $email . "');";
$stid = oci_parse($conn, $sql_update);
oci_execute($stid);
oci_commit($conn);
oci_close($conn);
Warning: oci_execute() [function.oci-execute]: ORA-00911: invalid character
$sql_update = "
update schema.table set last_check_dt = (select sysdate from dual)
where id = (select id from schema.email where current_email = '" . $email . "')";
Your SQL, when run through a OCI.. Don't need a semicolon as terminator.
Related
I need to update an entire column with new unique phone numbers that live in a second table. I seem to be on the right track... but my loop logic is faulty.
I'm returning the matches correctly as far as I can tell, but when I try to update the entire column in the table it inserts the last phone number in every single row.
$query = "SELECT matched.duns, matched.new_p1, users_data.temp_duns
FROM matched
INNER JOIN users_data ON temp_duns
WHERE temp_duns = duns LIMIT 10";
$result = mysqli_query($connection, $query);
foreach ($result as $key => $val) {
if($val['duns'] === $val['temp_duns']) {
$final_query = "UPDATE users_data SET phone_number = " . $val['new_p1'];
$final_result = mysqli_query($connection, $final_query);
echo $counter . "DUNS From matched: " . $val['duns'] . " DUNS From users_data: " . $val['temp_duns'] . " NEW PHONE: ". $val['new_p1']. "<br>";
}
}
I'm a total newb but any help would be appreciated.
Simply run an update query in one call without looping and in MySQL INNER JOIN can be used:
UPDATE user_data u
INNER JOIN matched m ON u.temp_duns = m.temp_duns
SET u.phone_number = m.new_p1;
Or for the limit of 10:
UPDATE user_data u
INNER JOIN (SELECT * FROM matched LIMIT 10) m ON u.temp_duns = m.temp_duns
SET u.phone_number = m.new_p1;
The problem is that your query doesn't have a WHERE clause, so it's updating every row.
"UPDATE users_data SET phone_number = " . $val['new_p1'];
You need to limit it to just the row that you want to update.
"UPDATE users_data SET phone_number = " . $val['new_p1'] . " WHERE some_id = " . $some_id;
You could probably do the whole thing in a single query.
UPDATE table_to_be_updated
JOIN table_with_value_we_need ON whatever_joins_them
SET table_to_be_updated.column_we_want_to_fill = table_with_value_we_need.value_we_need;
I need to eliminate the character (") from a column in my database. I can do in mysql command line by the following command:
mysql> UPDATE tName SET colName=REPLACE(colName, '"','');
and it works perfectly. Since i need run in php, i have used the following syntax in php but it dosent work :
$sql0 = "UPDATE tName SET colName=REPLACE(colName,'"','')";
if (mysqli_query($conn, $sql0)) {
$result0 = "Unwanted Character is removed ";
} else {
$result0 = "Error Filtering is Failed: " . $sql . "<br>" . mysqli_error($conn);
}
any Idea??
Try this one instead :
$sql0 = "UPDATE tName SET colName=REPLACE(colName,'\"','')";
notice there is a back slash :)
you have to escape double quotes inside double-quoted strings.
$sql0 = "UPDATE tName SET colName=REPLACE(colName,'\"','')";
if (mysqli_query($conn, $sql0)) {
$result0 = "Unwanted Character is removed ";
} else {
$result0 = "Error Filtering is Failed: " . $sql . "<br>" . mysqli_error($conn);
}
You can use quotes in REPLACE function as:
$one = '"';
$sql0 = "UPDATE tName SET colName = REPLACE(colName,'$one','')";
If you echo $sql0 result is:
UPDATE tName SET colName = REPLACE(colName,'"','')
I'm using PHP to send a query to Sql Server. The problem is, my "SELECT 1 AS updateResults" statement doesn't work if it's done after the UPDATE statement. A resource is returned to PHP but it doesn't have any rows.
Here's a simplified version of my query:
--SELECT 1 AS updateResults --if this is done before the UPDATE, a row gets returned
UPDATE theTable SET theValue = 'x' WHERE theRow = '5'
SELECT 1 AS updateResults --if this is done after the UPDATE, a row doesn't get returned
My UPDATE query is valid and does what it's supposed to do.
I've also tried the "SELECT 'updateResults' = 1" format and tried putting a ; at the end of each statement and it didn't make a difference.
Any ideas?
Here's the PHP code:
$updateSQL = "BEGIN TRANSACTION
DECLARE #result1 int
DECLARE #result2 int
--SELECT 1 AS updateResults --if this is here, the row gets returned
UPDATE theTable
SET endDate = '" . $endDate . "'
WHERE permitYear = '" . $permitYear . "'
UPDATE theTable
SET startDate = '" . $startDate . "'
WHERE permitYear = '" . $nextYear . "'
--Test to make sure both records were saved
SELECT #result1 = permitYear
FROM theTable
WHERE permitYear = '" . $permitYear . "'
AND endDate = '" . $endDate . "'
SELECT #result2 = permitYear
FROM theTable
WHERE permitYear = '" . $nextYear . "'
AND startDate = '" . $startDate . "'
if ((#result1 > 0) AND (#result2 > 0))
BEGIN
COMMIT TRANSACTION
SELECT 1 AS updateResults
END
ELSE
BEGIN
ROLLBACK TRANSACTION
SELECT 0 AS updateResults
END";
$updateRS = sqlsrv_query($con, $updateSQL);
if (!is_resource($updateRS)) {
//There was a problem. A resource wasn't returned. It never fails here
exit;
}
if (!sqlsrv_has_rows($updateRS)) {
echo ("fail for no rows returned");
exit;
}
$updateARR = sqlsrv_fetch_array($updateRS);
//It makes it here if the SELECT is done before the UPDATE
if ($updateARR['updateResults'] == '1') {
//success
}
else {
//save problem
}
Additional info: If I take out the 2 UPDATE statements it runs as expected and returns the updateResults row.
You should query select like this
SELECT * FROM table1 WHERE 'updateResults' = 1
I ended up doing this in two SQL statements rather than one. Here's what I did:
I took out the SELECT x AS updateResults lines from the $updateSQL then:
$updateSQL = ...(same as the question, without the SELECT x AS updateResults lines)...
sqlsrv_query($con, $updateSQL);
$testSQL = "
DECLARE #result1 int
DECLARE #result2 int
SELECT #result1 = permitYear
FROM theTable
WHERE permitYear = '" . $permitYear . "'
AND endDate = '" . $endDate . "'
SELECT #result2 = permitYear
FROM Transportation.dbo.PermitDate
WHERE permitYear = '" . $nextYear . "'
AND startDate = '" . $startDate . "'
if ((#result1 > 0) AND (#result2 > 0))
BEGIN
SELECT 1 AS updateResults
END
ELSE
BEGIN
SELECT 0 AS updateResults
END
";
$testRS = sqlsrv_query($con, $testSQL);
if (!is_resource($testRS)) {
//There was a problem. A resource wasn't returned
}
if (!sqlsrv_has_rows($testRS)) {
//fail for no rows
}
$testARR = sqlsrv_fetch_array($testRS);
if ($testARR['updateResults'] == '1') {
//success
}
else {
//fail - the changes were not saved
}
Did you try to reverse the order of the SELECT and UPDATE statements when they're part of the transaction? If not, I would try:
Instead of:
COMMIT TRANSACTION
SELECT 1 AS updateResults
Try:
SELECT 1 AS updateResults
COMMIT TRANSACTION
I didn't have "SET NOCOUNT ON" so the SQL messages such as "(1 row(s) affected)" were being returned before the SELECT results. My code should have been:
$updateSQL = "SET NOCOUNT ON
BEGIN TRANSACTION
...
This way the SQL messages would be supressed.
As a side note, after I figured out the issue I noticed the following: Even though I wasn't using a stored procedure for this, I noticed when you create a stored procedure in SQL Server Management Studio, it even puts the following in the template for you:
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
My part_no column has the following format: 000-00000-00 for all records.
I need to extract the five middle characters from part_no and place it in the core column when I create the record.
I can't get my script to work.
I'm not getting any errors. Just not working.
$order = "INSERT INTO cartons_added (add_time, type, part_no, add_type, add_qty, add_ref, add_by, add_notes)
VALUES
('$date',
'$_POST[type]',
'$_POST[part_no]',
'$_POST[add_type]',
'$_POST[add_qty]',
'$_POST[add_ref]',
'$_POST[add_by]',
'$_POST[add_notes]')";
$result = mysql_query($order);
$query2 = "select part_no from cartons_current";
$sel = mysql_query($query2);
$res = mysql_result($sel);
while($row = mysql_fetch_row($res)) {
$core_digits = split('-',$row[0]);
$core =$core_digits[1];
$query3 = "insert into cartons_current(core) values($core)";
$sel2 = mysql_query($query3);
}
You can update your cartons_current table based on your cartons_added table with something like:
INSERT INTO cartons_current(core)
SELECT SUBSTR(part_no, 5, 5) FROM cartons_added
You will probably want to limit that with a WHERE clause or maybe deal with what happens when this value is already in cartons_current (use either INSERT IGNORE or ON DUPLICATE KEY UPDATE)
You are right, the script has no error.
I think the problem is on your SQL that made you can't insert a new row, specifically on the table structure. Maybe you defined a PRIMARY KEY without AUTO_INCREMENT, defined a INDEX or UNIQUE key that is not the core key or there have some other key that did not have default value. Remember that you can't insert a row without defining all required field.
You script is selecting all part_no and for every part_no you are inserting a new row in the same table, so maybe there is the problem.
I think what you want is update every result to add they core value, you can do that with UPDATE as this code:
function getValue($value) {
return "'" . trim(mysql_real_escape_string($value)) . "'";
}
mysql_query('INSERT INTO `cartons_added` (`add_time`, `type`, `part_no`, `add_type`, `add_qty`, `add_ref`, `add_by`, `add_notes`)
VALUES (' .
getValue($date) . ', ' .
getValue($_POST[type]) . ', ' .
getValue($_POST[part_no]) . ', ' .
getValue($_POST[add_type]) . ', ' .
getValue($_POST[add_qty]) . ', ' .
getValue($_POST[add_ref]) . ', ' .
getValue($_POST[add_by]) . ', ' .
getValue($_POST[add_notes]) .
')');
$partNoQuery = mysql_query('SELECT `part_no` FROM `cartons_current`');
while($partNoResult = mysql_fetch_assoc($partNoQuery)) {
list($prefix, $core, $suffix) = explode('-', $partNoResult['part_no']);
mysql_query('UPDATE cartons_current SET `core` = \'' . $core . '\' WHERE `part_no` = \'' . $partNoResult['part_no'] . '\'');
}
I added getValue function to escape posted data to prevent SQL injection.
Try removing this
$res = mysql_result($sel);
And change your while to reference the main query resource
while($row = mysql_fetch_row($sel)) {
I don't understand your logic with your tables though. You're inserting data into the cartons_added table but then you're selecting from cartons_current?
Also, split is deprecated as of PHP 5.3.0
You said five middle "characters", so I'd add quotes around your variable like so:
$query3 = "insert into cartons_current(core) values('$core')";
(Also, there's only about a gazillion answers on SO about SQL injection, and using pdo)
INSERT INTO cartons_current(core)
SELECT
substr(part_no,position('-' IN part_no)+1,position('-' IN substr(part_no,position('-' IN part_no)+1))-1)
FROM cartons_added;
Really stuck on something. I'm trying to update a database and the code looks write - and if I echo it out and paste it directly into phpMyAdmin it works perfectly - but the code itself doesn't work... I have spend a day so far trying to figure out why it's not working and I'm completely out of ideas...
function restoreSession()
{
mysql_connect("theHost", "root", "rootPWD") or die(mysql_error());
mysql_select_db("myDatabase") or die(mysql_error());
$restore_cmd = 'UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = "' . $_SERVER['REMOTE_ADDR'] . '")';
$clean_up = "DELETE FROM `wp_dor_cart66_sessions` WHERE `ip_address` = \"" . $_SERVER['REMOTE_ADDR'] . "\" AND id NOT IN (SELECT id FROM ( SELECT id FROM `wp_dor_cart66_sessions` ORDER BY id DESC LIMIT 1 ) user_data )";
mysql_query($clean_up) or die('Query failed: ' . mysql_error());
$result = mysql_query($restore_cmd) or die('Query failed: ' . mysql_error());
echo "<br/>";
echo $restore_cmd;
echo "<br/>";
var_dump($result);
echo "<br/>";
print_r($result);
}
The resulting output looks like:
UPDATE wp_dor_cart66_sessions SET user_data =
(SELECT user_data FROM wp_dor_cart66_stored_sessions
WHERE ip_address = "196.54.110.24");
bool(true)
1
It doesn't appear to have any errors - but I just can't get it to update. If it didn't work in phpMyAdmin - I'd know there was something wrong with the SQL - but it seems right... I'm just really out of ideas - any help would be greatly appreciated!
Here are the statements again with some formatting:
$restore_cmd = '
UPDATE
wp_dor_cart66_sessions
SET
user_data = (
SELECT
user_data
FROM
wp_dor_cart66_stored_sessions
WHERE
ip_address = "' . $_SERVER['REMOTE_ADDR'] . '"
)
';
$clean_up = "
DELETE FROM
`wp_dor_cart66_sessions`
WHERE
`ip_address` = \"" . $_SERVER['REMOTE_ADDR'] . "\"
AND id NOT IN (
SELECT
id
FROM
(
SELECT
id
FROM
`wp_dor_cart66_sessions`
ORDER BY
id DESC
LIMIT
1
) user_data
)
";
$restore_cmd = 'UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = \"' . $_SERVER['REMOTE_ADDR'] . '\")';
need to escape the quotation marks
Looks like quoting error, Try this:
"UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = '" . $_SERVER['REMOTE_ADDR'] . "')";
If could be that you have multiple results in your SELECT.
What if you do ...
$restore_cmd = 'UPDATE wp_dor_cart66_sessions SET user_data = (SELECT user_data FROM wp_dor_cart66_stored_sessions WHERE ip_address = "' . $_SERVER['REMOTE_ADDR'] . '" LIMIT 1)';
... note the LIMIT 1
Are you sure that the first query is not deleting all the matching rows?
I don't understand the "user_data" part at the end of the first query. But I would check the number of affected rows after each query to see if query is doing any affect on data and if it is, is it doing well or there's just some logical mistake.