I have the following code to write the name and score of a player into a highscore table. How can I write the 'name' in uppercase into the database?
if(isset($_GET['name']) && isset($_GET['score'])) {
$name = strip_tags(mysql_real_escape_string($_GET['name']));
$score = strip_tags(mysql_real_escape_string($_GET['score']));
$checkExist = mysql_query("SELECT `name`, `score` FROM `$tbl_name` WHERE `name` = '$name'");
$row = mysql_fetch_assoc($checkExist);
if (mysql_num_rows($checkExist) > 0){
if ($score > $row['score']){
$sql = mysql_query("UPDATE `$tbl_name` SET `score` = '$score' WHERE `name` = '$name'");
} else {
// ERROR MSG: Your new score is lower.(not updating the database)
}
} else {
$sql = mysql_query("INSERT INTO `$tbl_name` (`id`,`name`,`score`) VALUES ('','$name','$score');");
}
$name = strtoupper(strip_tags(mysql_real_escape_string($_GET['name'])));
http://php.net/manual/en/function.strtoupper.php
Either use strtoupper() in PHP, or UPPER() in MySQL: both do exactly the same, it's up to you.
Related
I have this code but in my opinion it's too many lines. I'm new into programming so that's why I have questions.
I think there should be a shorter way to make it work without this if else loop, switch or is it ok like it's now?
if $total==21 then mysql_query("UPDATE user SET left = '20', $total==20 then left=19 and so on until the $total=1 and left=0.
if ($total==21 )
{
mysql_query("UPDATE `user` SET `left` = '20' WHERE `user` = 'user1' ") or die(mysql_error() );
}
else if ($total==20)
{
mysql_query("UPDATE `user` SET `left` = '19' WHERE `user` = 'user1' ") or die(mysql_error() );
}
....
else if ($total==1)
{
mysql_query("UPDATE `user` SET `left` = '0' WHERE `user` = 'user1' ") or die(mysql_error() );
}
else {
echo nl2br("0 left");
}
Merry Christmas !
First, look at How can I prevent SQL injection in PHP?, and then something like:
if($total > 0 && $total < 22) {
$left = $total - 1;
// prepare("UPDATE `user` SET `left` = ? WHERE `user` = 'user1'")
// bind_param('i', $left)
// execute()
}
You should be using PDO or Mysqli instead of the deprecated old mysql driver. This should solve your issue for now:
$total = (int) $total;
if ($total <= 0) {
echo '0 left';
} else {
$total--;
mysql_query("UPDATE `user` SET `left` = '$total' WHERE `user` = 'user1' ") or die(mysql_error() );
}
Notice how I am hardcoding the variable to be an integer, this way it wouldn't be venerable to injections (in the event it comes from the client side).
I'm currently working on a PHP/MySQL ranking system, but I've come into a problem with my CREATE TABLE statement.
Here's my code:
mysql_select_db("DB1");
$numrows = "SELECT COUNT( * ) FROM information_schema.tables WHERE table_schema = 'DB1'";
if($numrows > 1){
if($numrows > 2){
$table = rand(1, $numrows);
}else{
$table = rand(1, 2);
}
}else{
$table = rand(1, 1);
}
$checkForTable = mysql_query("SELECT 1 FROM $table LIMIT 1");
if($checkForTable){
$query = "INSERT INTO $table (name,score) VALUES($name, $score)";
$result = mysql_query($query);
mysql_select_db("DB2");
$query2 = "INSERT INTO Leaderboard (name,score) VALUES($name, $score)";
$result2 = mysql_query($query2);
mysql_select_db("DB1");
if($result && $result2){
echo "<h4 style='color:green;'>Your Score Has Been Inserted</h4><hr/>";
}else{
echo "<h4 style='color:red;'>We encountered an error while inserting your data </h4><hr/>";
}
}else{
$newtable = "CREATE TABLE $table (
id bigint AUTO_INCREMENT NOT NULL,
name varchar(255) NOT NULL,
score bigint(20) NOT NULL,
PRIMARY KEY('id')
)";
$result = mysql_query($newtable);
if($result){
$query = "INSERT INTO $newtable (name,score) VALUES($name,$score)";
$result = mysql_query($query);
mysql_select_db("DB2");
$query2 = "INSERT INTO Leaderboard (name,score) VALUES($name, $score)";
$result2 = mysql_query($query2);
mysql_select_db("DB1");
if($result && $result2){
echo "<h4 style='color:green;'>Your Score Has Been Inserted</h4><hr/>";
}else{
echo "<h4 style='color:red;'>We encountered an error while inserting your data </h4><hr/>";
}
}else{
echo "TableNotCreatedException: " . mysql_error();
}
}
When I try out the code I get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1 ( id bigint AUTO_INCREMENT NOT NULL, name varcha' at line 1
I've been trying to figure this out for a while but I've had no luck. Please Help!
That's because your $table variable contains a value 1 which you are using as table name and so your query becomes
CREATE TABLE 1(....
Per MySQL Documentation it says
Identifiers may begin with a digit but unless quoted may not consist
solely of digits.
Also, your quoting the column name as seen below
PRIMARY KEY('id')
It should rather be
PRIMARY KEY(`id`)
I have the following table:
CREATE TABLE list(
country TINYINT UNSIGNED NOT NULL,
name VARCHAR(10) CHARACTER SET latin1 NOT NULL,
name_index INT UNSIGNED NOT NULL,
UNIQUE KEY(country, name), PRIMARY KEY(country, name_index)) ENGINE = INNODB
I want to:
Given: ($country, $name, $new_index)
Check if a row with country = $country && name = $name exists.
If the row exists, get the index $index = name_index.
If the row doesn't exist, add it and then get the index.
I can do the following using many queries, but I am looking for an efficient way to do it, using only one query. Is this possible?
It's not possible with only one query.
You CAN do this:
$sql = "SELECT name_index FROM (your table) WHERE country = '$country' AND
name = '$name' LIMIT 1";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
if($numrows == 1) {
$row = mysql_fetch_row($query);
$index = $row[0];
} else {
$sql = "INSERT INTO (your table) (country, name)
VALUES('$country','$name')";
$query = mysql_query($sql);
$check = mysql_num_rows($query);
if($check > 0) {
$sql = "SELECT name_index FROM (your table) WHERE country = '$country' AND
name = '$name' LIMIT 1";
$query = mysql_query($sql);
$row = mysql_fetch_row($query);
$index = $row[0];
} else {
echo "Error occured while trying to insert new row";
}
}
Hope this helps :).
I want to update the database of the sort order column to increase its value by one if the the new value inserted into the database clashes with the value that is already in the database. May I know how should I go about doing it? Please help! Thanks!
Below is my code (I am not sure whether am I on the right track):
$result = mysql_query("SELECT sortorder FROM information ORDER BY id ASC;");
if($result >= 1 ){
$i=1;
while ($initialorder = mysql_fetch_assoc($result))
{
$initialorder = $initialorder["sortorder"];
if ($sortorder == $initialorder ){
$result6 = mysql_query("SELECT * FROM information
WHERE `sortorder` = '$sortorder'");
$row6 = mysql_fetch_array($result6);
$removethis1 = $row6['id'];
$result7 = mysql_query("UPDATE information
SET `sortorder`= ((SELECT `sortorder`
FROM (SELECT MAX(`sortorder`) AS
'$initialorder' FROM information) AS '$initialorder') + 1)
WHERE id='$removethis1'");
}
$query = "INSERT INTO `information`
(`id`,`page`,`description`,`status`,`sortorder`,`keyword`,`date_added`)
VALUES
('$id','$title','$description','$status',
'$sortorder','$keyword','$date_added')";
$result = mysql_query($query, $conn);
header('Location: index.php?status=1&title='.$title);
$i++; }
}
You can do this:
INSERT INTO ON `information`
...
DUPLICATE KEY UPDATE
sortorder = '".$sortorder + 1." '
I got a table named "Serials" with 5 comumns
Serial, Code, Name, Redeemed, Redeem_date
i am selecting some fields from that table with this query:
$query = "SELECT `Name`,`Redeemed`,`Redeem_date` FROM `Serials` WHERE `Serial` = '$serial' AND `Code` = '$code'";
$db->setQuery($query);
$db->query();
But i dont know how to pass these values in the following variables so i can use them in if statements later
$name= //retured value from column Name
$redeemed= //retured value from column Redeemed
$redeem_date= //retured value from column Redeem_date
just like this..
// Your query here..
$query = "SELECT `Name`,`Redeemed`,`Redeem_date` FROM `Serials` WHERE `Serial` = '$serial' AND `Code` = '$code'";
$db->setQuery($query);
$results = $db->query();
//fetch data and stored into variables
while($row = fetch_array($results)){
$name = $row['Name'];
$redeemed = $row['Redeemed'];
$redeem_date = $row['Redeem_date'];
}
try something like this :
<?php
$result = $db->query("SELECT `Name`,`Redeemed`,`Redeem_date` FROM `Serials` WHERE `Serial` = '$serial' AND `Code` = '$code'");
while (list($name, $redeemed, $redeem_date) = $result->fetch(PDO::FETCH_NUM)) {
// DO SOMETHING
}
?>
while ($row = $db->fetch()) {
$name= $row['name'];
$redeemed= $row['redeemed'];
$redeem_date= $row['redeem_date'];
}
this one might fetch your results and assign to vars