I have 3 variables that contain a text string. I need to update them in the table, but out of the 20+ different variations of about 5 different scripts that I've tried out, it just doesn't update!
I want something like below script:
mysql_query("UPDATE $variable_1 SET $variable_2 = $q WHERE $variable_3 = $o")
or die(mysql_error());
Try this code:
mysql_query("UPDATE table_name SET field_name = '"
.$str_value."' WHERE $field_3 = '".$str_value.'")
or die(mysql_error());
Related
I am trying to update a record in my database with values pulled from an exploded array
$arr2 = explode(",",$_POST['hidden-tags']);
//echo $arr2[0];
//insert new rows into blog post
mysql_select_db($db, $db);
$insertq = mysql_query("UPDATE blog SET tags1 = $arr2[0],tags2 = $arr2[1],tags3 = $arr2[2], tags4 = $arr2[3], tags5 = $arr2[4] WHERE idblog = '$id' ",$dbconnet);
If I echo the values from my array one at a time it works great. Once I try to put them in the db the row turns up empty. Whats more the user may not of entered 5 items they may only have entered 1 but I dont think thats really the problem. To be honest I cant see why its currently failing at all.
I know I can save all values in one field but it will be easier as separate fieldsfor when I pull back and query later on.
if the data types of the columns are string, values must be wrap with single quotes as they are string literals. eg,
$insertq = mysql_query("UPDATE blog SET tags1 = '". $arr2[0] . "',....");
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
$insertq = mysql_query("UPDATE blog SET tags1 = $arr2[0],tags2 = $arr2[1],tags3 = $arr2[2], tags4 = $arr2[3], tags5 = $arr2[4] WHERE idblog = '$id' ",$dbconnet);
should be:
$insertq = mysql_query("UPDATE blog SET tags1 = '".$arr2[0]."',tags2 = '".$arr2[1]."',tags3 = '".$arr2[2]."', tags4 = '".$arr2[3]."', tags5 = '".$arr2[4]."' WHERE idblog = '".$id."' ,$dbconnet);
or the whole query is going to consider the variables names as part of the string
EDITED: i had the quotes inverted.
It should be like this :
$insertq = mysql_query("UPDATE blog SET tags1 = "'.$arr2[0].'",tags2 = "'.$arr2[1].'",tags3 = "'.$arr2[2].'", tags4 = "'.$arr2[3].'", tags5 = "'.$arr2[4].'" WHERE idblog = "'.$id.'" ",$dbconnet);
I think you might need to look at the datatypes of your table. If you are using varchar or text as data-types then single colon will be necessary.
$insertq = mysql_query("UPDATE blog SET tags1 =' $arr2[0]',tags2 = '$arr2[1]',tags3 = '$arr2[2]', tags4 = '$arr2[3]', tags5 = '$arr2[4]' WHERE idblog = '$id' ",$dbconnet);
Also if the idblog is integer then donot use single quotes.
hope this helps
Ok..I know how to get a data record from a MySql table...and I want to change data in that record and update the table.
My question is...can you actually manipulate that data from the result row, and subsequently use those in the update statement?
For example.
Let's say the table rows have 2 fields: Name, YearlyEarn.
And once a month I want to add that month's income to the YearlyEarn field for each person.
Assume we already did the Select statement for someone who's name is in $CurrentName.
And we then get their record.
$DataRow = mysql_fetch_array($result):
Can you do this:
$DataRow["YearlyEarn"] = $DataRow["YearlyEarn"] + $MonthEarn;
$query = "UPDATE EarnTable SET YearlyEarn = '$DataRow["YearlyEarn"]'
`WHERE Name = '$CurrentName'" ;
$UpdResult = mysql_query($query) or die(mysql_error());
OR.....should I put the data into intermediate fields, manipulate it..and then use those fields in the update statement?
You should use prepared statements, like PDO. The mysql_* is outdated. But if not doing so, you should consider changing your query from:
$query = "UPDATE EarnTable SET YearlyEarn = '$DataRow["YearlyEarn"]'`WHERE Name = '$CurrentName'" ;
to:
$query = "UPDATE EarnTable SET YearlyEarn = `" . $DataRow['YearlyEarn'] . "` WHERE Name = `$CurrentName`" ;
Yes, you can:
UPDATE EarnTable
SET YearlyEarn = YearlyEarn + 123
WHERE Name = 'abc'
You can use:
$query = "UPDATE EarnTable SET YearlyEarn = '$DataRow[YearlyEarn]' WHERE Name = '$CurrentName'" ;
When you're interpolating an array reference, the key is automatically quoted.
or:
$query = "UPDATE EarnTable SET YearlyEarn = '{$DataRow["YearlyEarn"]}' WHERE Name = '$CurrentName'" ;
Inside {...}, you can put any variable expression and it will be evaluated and interpolated.
I tried to use this php scipt to remove html tags from a table row.
(select the data, strip_tags the string and update the row)
I would be more than thankful for help to find whats wrong.
The "select" is working and i can "echo" or "print" the result and the "strip_tags" is also working.
But, the data is not updated to the table row ? Somthing wrong with the "update" lines?
<?php
include_once ("classes/config.php");
$sql = "SELECT * FROM group_profile WHERE indexer = 4300741";
$query = mysql_query($sql);
$result = #mysql_fetch_array($query);
$group_name = $result['group_description'];
$group_description = strip_tags($group_description, '<p>');
$sql1 = "UPDATE group_profile SET group_name = $group_description WHERE indexer = 4300741";
mysql_query($sql1);
#mysql_close();
?>
did you try this:
$sql1 = "UPDATE group_profile SET group_name = \'" . mysql_real_escape_string($group_description) . "\' WHERE indexer = 4300741";
The problem is here:
$group_name = $result['group_description'];
$group_description = strip_tags($group_description, '<p>');
You are using strip_tags on an undefined variable.
I am guessing you want something like:
$group_description = strip_tags($result['group_description'], '<p>');
And the you need to quote the variable in the sql statement:
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = 4300741";
Edit: It seems that escaped data comes back un-escaped from the database, so the correct line would be:
$group_description = mysql_real_escape_string(strip_tags($result['group_description'], '<p>'));
But prepared statements all the way is the way to go....
$group_description = strip_tags($result['group_description'], '<p>');
$sql1 = "UPDATE group_profile SET group_name = \"" . mysql_real_escape_string($group_description) . "\" WHERE indexer = 4300741";
This way, we strip tags from the right variable, and escape it before inserting into the DB.
It would be even better to use a prepared query. See a tutorial here: http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html
$group_description=mysql_real_escape_string($group_description);
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = '4300741'";
Another point to add to the UPDATE query not working, for debugging only add this to your query line to get a descriptive error message if their is a problem with the query:
mysql_query($query) or die(mysql_error());
Remove the or die after debugging the issue, it could help you resolve the problem, or at least confirm the update is failing because of a syntax error in the query. IE like people said the missing quotes.
$group_description is not in quotes, so it would be throwing an error and not updating. I would try this:
$group_description = addslashes(strip_tags($group_description, '<p>'));
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = 4300741";
Looks like you're missing quotes:
$group_description=mysql_real_escape_string($group_description);
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = 4300741";
I have 2 variables that contain a a string of text. I need to update them in the table, but out of the 20 + different variations of about 5 different scripts that I've tried out, it just doesn't update!
I can update using this:
mysql_query("UPDATE cart SET quantity = $q WHERE sessionid='" .session_id(). "' AND description = '$d'") or die(mysql_error());
but I am now working on a different page, where I need a slightly different update query. Which is:
UPDATE cart SET quantity = $q WHERE sessionid = $somethin AND description = $desc
And for that I have:
mysql_query("UPDATE cart SET quantity = $q WHERE sessionid = $o AND description = $d") or die(mysql_error());
(I have tried many variations with different quotes in different places for the above query, but nothing works!)
I have also tried:
$conn = mysql_connect("my01..com", "dbase", "2354ret345ert");
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'UPDATE cart
SET quantity="'.$q.'"
WHERE sessionid="$o" AND description = "$d"';
mysql_select_db('mysql_94569_dbase');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
That last one doesn't display any errors, in fact, it even tells me that it has successfully updated! But it's lying. It hasn't updated anything.
Can someone please help me out here, I am really getting sick of reading tutorial after turorial and never learning anything because they all have differnt syntax and none of it seems to work.
What I would like to do is:
UPDATE table SET columnname = $this WHERE thiscolumn = $this AND thiscolumn = $that
$this = $var
Thank you
You are missing the quotes in description and SessionID, do it like this:
mysql_query("UPDATE cart
SET quantity = '".$q."'
WHERE sessionid = '".$o."' AND description = '".$d."'");
In order to save you confusion, I would recommend start using concatenation operator (eg 'UPDATE '.$table .' SET ...')instead of writing variables directly to strings (eg. "UPDATE $table SET ...").
in this case your query would look like:
mysql_query("UPDATE cart SET quantity = ".$q." WHERE sessionid='" .session_id(). "' AND description = '".$d."'") or die(mysql_error());
This might help you to find problems with quotes and parenthesis quicker
BAD:
I had this query in php:
$query = "UPDATE users SET username = ".$nume." WHERE id = ".$userID;
That did this SQL:
UPDATE users SET username = elev WHERE id = 2
GOOD: For it to work I changed it to this php:
$query = "UPDATE users SET username = ".'"'.$nume.'"'." WHERE id = ".$userID;
That did this SQL:
UPDATE users SET username = "elev" WHERE id = 2
I have a query that looks like this:
$sql = "UPDATE tbl SET amt_field='amt_field+1' WHERE username='" .mysql_real_escape_string($_SESSION['username']). "'";
mysql_select_db('db',$con);
mysql_query($sql,$con);
I want to increment the value as easily as possible.
I have tried:
"UPDATE tbl SET amt_field='amt_field+1' WHERE
"UPDATE tbl SET amt_field='amt_field' + 1 WHERE
"UPDATE tbl SET amt_field='amt_field++' WHERE
I don't get error messages, but the value in my db does not increase either.
UPDATE tbl SET amt_field = amt_field + 1 WHERE ...
If you use the single quotes ', you're telling the enclosed value to be interpreted as a string You were probably thinking about the tick marks. This is also valid:
UPDATE tbl SET `amt_field` = `amt_field` + 1 WHERE ...
This must be used when the column (or table etc.) has a reserved name.
Hello did you initialize a new session. Below worked perfectly for me.
public static function insert_search($pdo)
{
#session_start();
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_SESSION['username'];
//$username = self::username();
$date = date('Y-m-d');
//Adding the total searches for the logged in user
$query = $pdo->query("UPDATE `users` SET `total_searches` = `total_searches` +1 WHERE username = '$username'");
}
/* What you could potentially do is the following.
Make sure if you're doing it the procedural way
you put #session_start(); at the top of the page */
#session_start();
$sql = "UPDATE tbl SET amt_field ='amt_field' +1 WHERE username ='" .mysql_real_escape_string($_SESSION['username']). "'";
mysql_select_db('db',$con);
mysql_query($sql,$con);