I'm having problems with an INT field. The thing is when I print the value on screen is OK but when I update the database register adds one more.
$today = date('Y-m-d H:i:s');
$query = "SELECT id_ad, ad_printed FROM ads WHERE (ad_type = \"990x90\" OR (ad_type = \"728x90\" OR ad_type = \"250x90\")) AND ad_date_start <= \"$today\" AND ad_date_finish >= \"$today\"";
$result = mysqli_query($link, $query);
while ($row = mysqli_fetch_array($result)) {
$new_value = $row['ad_printed'] + 1;
$curr_id = $row['id_ad'];
$query_upd = "UPDATE ads SET ad_printed = '".$new_value."' WHERE id_ad = '".$curr_id."' LIMIT 1;";
$upd = mysqli_query($link, $query_upd);
}
Does anybody know what could be happened?
I.E. If the original value is 26, the new value must be 27. The $new_value is 27 but it registers as 28... :(
if you like to increase a value in sql don't wrap the column value into quotes, otherwise sql handle the column value as a string. please make sure your column type is correct like integer and not varchar
UPDATE ads SET ad_printed = (ad_printed + 1) WHERE id_ad = '".$curr_id."' LIMIT 1;
//edit
if you pass variables directly into sql please look at the mysqli_real_escape_string function to prevent sql injections.
http://de2.php.net/manual/de/mysqli.real-escape-string.php
Related
I am writing a Php 5 and Mysql 5 page counter script. When a student having id as 'visitorid' visits a page having id 'pageid' (both int(11)) the page counter tries to log the visit in 'visitors' database. But counter is not updating in mysql db, instead the visit_counter int(4) turns to 0.Whats wrong with my code? visitdate is datetime.
<?php
$pageid = 101;
$visitorid = 234;
$sql = "SELECT * FROM visitors
WHERE pageid = ".$pageid."
AND visitorid = ".$visitorid;
$temp = mysql_query($sql) or die("Error 1.<br>".mysql_error());
$data = mysql_fetch_array($temp);
// visit_counter is a field in table
if(($data['visit_counter']) != NULL){
echo "Entery exists <br>";
// Tried below version also
$visit = " SET visit_counter = visit_counter+1";
//$visit_counter = $data['visit_counter'];
//$visit = " SET visit_counter = ".$visit_counter++ ;
// Valid SQL
// UPDATE `visitors`
// SET visit_counter = visit_counter+1
// WHERE pageid = 101 and visitorid=234
// This manual sql query updates in phpmyadmin
$sql = "UPDATE visitors ".$visit."
AND visitdate = NOW()
WHERE pageid = ".$pageid."
AND visitorid = ".$visitorid;
$temp = mysql_query($sql) or die("ERROR 3.<br>".mysql_error());
//No error is displayed on above query.
} else {
//first entry
$visit_count = "1";
$sql = "INSERT INTO visitors
(`pageid`,`visitorid`, `visitdate`, `visit_counter`)
VALUES ('".$pageid."','".$visitorid."', NOW(), '".$visit_count."')";
$temp = mysql_query($sql);
//first entry is inserted successfully
//and visit_counter shows 1 as entry.
}
?>
Can anyone tell me whats wrong with this code?
Oh! I got answer by myself. Sometimes just little errors make us go crazy..
I made a mistake in udate query.. rather than using and I should have user a comma instead. .. working well now!
So this is the code I have so far, I'm leaving out the code I used to connect to the database since that's not important and isn't the problem.
$id = strip_tags(mysql_real_escape_string($_GET['id']));
$sql_value = "SELECT value FROM table";
$sql = mysql_query("UPDATE table SET value='[idk what to do here]' WHERE id='$id'");
so the $id selects the id from the url or API and the $sql_value selects the values from the table.
I want the value in the same row as the id specified to increment by 1
E.G.
id = 0, value = 0;
id = 1, value = 0;
id = 2, value = 0;
id = 3, value - 0;
If in the API I type: "id=2"
I want the PHP script to increment the corresponding "value" by 1
E.G.
id = 0, value = 0;
id = 1, value = 0;
id = 2, value = 1;
id = 3, value - 0;
Assuming that your value field is an INT. You can do that by:
"UPDATE table SET value=value+1 WHERE id='$id'"
But i strongly recommend you to take a look at mysqli or PDO and start to make prepared statements to handle the data. See more here:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/pdo.prepare.php
Use:
$sql = mysql_query("UPDATE table SET value=value+1 WHERE id='$id'");
As long as the value is an int this will work:
UPDATE table SET value=value + 1 WHERE id='$id'
UPDATE tablename t SET value = ( t.value+1 ) WHERE t.id = '$id'
Do you want?
"UPDATE table SET value=value+1 WHERE id='$id'"???
I have this query which no matter what $relocation['persons_id'] is, updates residents to 1.
The following code will in this example echo 11,13, but set residents to 1:
$query = $db->prepare('UPDATE `apartments` SET `residents` = :persons_id AND `occupation_date` = :occupation_date WHERE `id` = :apartments_id');
echo $relocation['persons_id']."<br>\n";
$query->bindParam(':persons_id', $relocation['persons_id']);
$query->bindParam(':occupation_date', $relocation['occupation_date']);
$query->bindParam(':apartments_id', $relocation['apartments_id']);
$query->execute();
The field residents has the datatype varchar(200).
Can you please explain what i am doing wrong?
The problem lies here
SET `residents` = :persons_id AND `occupation_date` = :occupation_date
which means, for the operator precedence
UPDATE `apartments` SET `residents` = (:persons_id AND `occupation_date` = :occupation_date) WHERE `id` = :apartments_id
so residents is updated to a boolean value (0/1).
Maybe you want use ,
UPDATE `apartments` SET `residents` = :persons_id, `occupation_date` = :occupation_date WHERE `id` = :apartments_id
I have been trying to do this for hours now, and I can't quite get my head round it. I have a table called "requests" that has the columns "deletekey" and "deleted". "deletekey" is a random unique number (data-type text), and "deleted" is by default set to 0 (data-type boolean), and when the user inputs the deletekey, it changes "deleted" to 1.
But I can't get it to work.
Here is the code I have, and I have no idea what I'm doing wrong:
$key = $_GET["delkey"];
$link = mysqli_connect("localhost","username","password","dbname");
$query = 'UPDATE requests SET deleted = True WHERE deletekey = "$key"';
$result = $link->query($query);
This should help, and will also provide protection against SQL injection:
$link = mysqli_connect("localhost","username","password","dbname");
$key = $link->real_escape_string($_GET["delkey"]);
$query = sprintf("UPDATE requests SET deleted = 1 WHERE deletekey = '%s'", $key);
$result = $link->query($query);
Shouldn't it be WHERE deletekey = '$key', then? The deleted field could NEVER equal whatever's in $key, since deleted is a simple boolean, and $key is probably an int/char/varchar-type thing.
Note that you are vulnerable to SQL injection attacks. Stop working on this sort of code until you've learned about the problem and how to avoid it.
Its deletedkey = "$key" right ? and not deleted = "$key" :
$key = $_GET["delkey"];
$link = mysqli_connect("localhost","username","password","dbname");
$query = 'UPDATE requests SET deleted = true WHERE deletedkey = "$key"';
$result = $link->query($query);
Try this?
$link = mysqli_connect("localhost","username","password","dbname");
$key = $link->real_escape_string($_GET["delkey"]);
$query = "UPDATE `requests` SET `deleted` = true WHERE `deletedkey` = $key";
$result = $link->query($query);
$query = 'UPDATE requests SET deleted = 1 WHERE deletekey = "$key"';
the query is a string. And to add a variable to a string you need to type
$query = 'UPDATE requests SET deleted = True WHERE deleted = '".$key."';
the difference is how to make a variable put into the string. You have to do like this in php.
$query = "randomtext ". $randomvar ." ";
where the important point is to ". $var ." inside the string. This i similar to javas "+ var +"
I need to copy the value in a column named TEAM from one row into another row. Both rows need to have the same team name. This is my query that doesn't work:
$query = "UPDATE profiles SET team = (SELECT team FROM profiles WHERE id = '$coach_id') WHERE id = '$player_id'";
I have tried removing single quotes, removing "FROM profiles", changing value to table.value, tried to give a newdata.clan alias, and I have even tried changing the values to integers instead of parameters. Nothing works, and this is what I get:
Error: You have an error in your SQL
syntax; check the manual that
corresponds to your MySQL server
version for the right syntax to use
near 'WHERE id = '') WHERE id = ''' at
line 3
$query1 = "SELECT team FROM profiles WHERE id = '$coach_id'";
/* get the value of the first query and assign it to a variable like $team_name */
$query2 = "UPDATE profiles SET team = '$team_name' WHERE id = '$player_id'";
Also, you should surround your PHP variables in curly braces:
$query = "UPDATE profiles SET team = \"(SELECT team FROM profiles WHERE id = '{$coach_id}')\" WHERE id = '{$player_id}'";
From the MySQL manual:
"Currently, you cannot update a table
and select from the same table in a
subquery."
Source: http://dev.mysql.com/doc/refman/5.0/en/update.html
Use the method that FinalForm wrote:
<?
$coach_id = 2;
$player_id = 1;
$query1 = "SELECT team FROM profiles WHERE id = '$coach_id'";
$rs = mysql_query($query1);
if ($row = mysql_fetch_array($rs)) {
$team_name = $row['team'];
$query2 = "UPDATE profiles SET team = '$team_name' WHERE id = '$player_id'";
mysql_query($query2);
// Done, updated if there is an id = 1
} else {
// No id with id = 2
}
?>