For some reason I am can not update my database. Can anyone spot what I am doing wrong ?
Here is the code.
.......
session_start();
$user = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
.......
if ($errorMessage == "") {
// ---- ---- ---- ---- ---- ---- ---- ---- ---- ----- CHECKING SERVER
include('connect.php');
if (isset($user)) {
$sql = "UPDATE hookers ".
"SET user= ´$user´".
"WHERE email= ´$email´" ;
mysqli_query($con, $sql) or die("Can´t find user". mysql_error());
print "user updated";
mysqli_close($con);
}
}
connect.php file
$host = 'localhost';
$username = 'root';
$password = '';
$db = 'putas';
$con = mysqli_connect($host, $username, $password) or die("Can´t connect to server");
mysqli_select_db($con, $db) or die("Can´t connect to database");
Whenever I run the script it prints "Can´t find user". The variables $user & $email have the right data as I have checked it.
I would appreciate any help you guys can provide me.
Thanks in advance.
Oliver Tangari
You need to change all instances of ´ to '.
Your Sql Query Will Be like this:--
$sql = "UPDATE hookers ".
"SET `user`= '$user'".
"WHERE `email`= '$email'" ;
Hope it helps you...
Use ' single quote not `
$sql = "UPDATE hookers ".
"SET user= '$user'".
"WHERE email= '$email'" ;
As already mentioned the problem is ´
Why don't you use PDO and parameter binding instead? This won't give you this type of errors in the future.
<?php
// configuration
$dbtype = "sqlite";
$dbhost = "localhost";
$dbname = "test";
$dbuser = "root";
$dbpass = "admin";
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
// new data
$user = 'Belén Esteban';
$email = 'belenesteban#telecinco.es';
// query
$sql = "UPDATE hookers
SET user=?
WHERE email=?";
$q = $conn->prepare($sql);
$q->execute(array($user,$email));
?>
Related
Please be gentle with me i have just recently trying to learn PHP/SQL.
The problem is that the first query is ALWAYS TRUE when it shouldn't (base on what i know).
The query simply state to get the 'username' where betakey=$betakey provided by user. The fact that my datebase columns is still empty except column betakey doesn't make that query statement true at all.
Please help, maybe i am missing some knowledge on this.
<?php
header('Access-Control-Allow-Origin: *');
$firstName = $_GET['rfirstname'];
$lastName = $_GET['rlastname'];
$username = $_GET['rusername'];
$password = $_GET['rpass'];
$betakey = $_GET['rkey'];
$host="localhost"; // Host name
$db_username="**"; // Mysql username
$db_password="**"; // Mysql password
$db_name="**"; // Database name
$conn = mysqli_connect("$host", "$db_username", "$db_password","$db_name");
if (!$conn){
die ("Error: ".mysqli_connect_error());
}
$query1 = "SELECT username='$username' FROM users2 WHERE betakey='$betakey';";
$result_1 = mysqli_query($conn,$query1);
if(mysqli_num_rows($result_1) > 0){
echo 'Beta key is used';
}else{
$query2 = "UPDATE users2 SET firstName='$firstName',lastName='$lastName',username='$username',password='$password' WHERE betakey='$betakey'";
echo 'Registration Successful';
}
mysqli_close($conn);//Close off the MySQL connection to save resources.
?>
You have plenty of problems in your code. Let me help you fix some of them
You should learn how to properly open mysqli connection. You need to enable error reporting and set the correct charset.
You should never concatenate PHP variables into SQL query. Always use parameterized prepared statements instead of manually building your queries.
Your first SQL query has an error. username='$username' is meaningless and wrong. If all you want to do is check existence use COUNT(1) or something similar.
Here is my take on your fixed code:
<?php
header('Access-Control-Allow-Origin: *');
$firstName = $_GET['rfirstname'];
$lastName = $_GET['rlastname'];
$username = $_GET['rusername'];
$password = $_GET['rpass'];
$betakey = $_GET['rkey'];
$host = "localhost"; // Host name
$db_username = "**"; // Mysql username
$db_password = "**"; // Mysql password
$db_name = "**"; // Database name
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli($host, $db_username, $db_password, $db_name);
$conn->set_charset('utf8mb4');
$stmt = $conn->prepare("SELECT COUNT(username) FROM users2 WHERE betakey=?");
$stmt->bind_param('s', $_GET['rusername']);
$stmt->execute();
$result_1 = $stmt->get_result();
$used = $result_1->fetch_row()[0];
if ($used) {
echo 'Beta key is used';
} else {
$stmt = $conn->prepare("UPDATE users2 SET firstName=?, lastName=?, username=?, password=? WHERE betakey=?");
$stmt->bind_param('sssss', $firstName, $lastName, $username, $password, $betakey);
$stmt->execute();
echo 'Registration Successful';
}
I have a problem using LIKE with PHP variables. I would like to select, based on a username, what matches the username in the DB. Here is my code:
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "1234";
$dbname = "coffeecorner";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
$user = $_SESSION['username'];
$sql = "select username ";
$sql .= "from add_reservation";
$sql .= "where username like" . $user;
$result = mysqli_query($connection, $sql);
if(!$result)
{
die("database query fail!" . mysqli_error($connection));
}
Error
database query fail! You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'likeipin' at line 1
Any help would be appreciated!
You need quotes around the username. Also, if you're using LIKE to match a pattern, you should have wildcards in it.
$sql .= "where username likem '%$user%'";
But it's better to use a parametrized query.
$sql = 'SELECT username
FROM add_reservation
WHERE username like ?';
$user_pattern = "%$user%";
$stmt = mysqli_prepare($connection, $sql);
mysqli_stmt_bind_param($stmt, "s", $user_pattern);
$result = mysqli_stmt_execute($stmt);
if (!$result) {
die("database query fail!" . mysqli_error($connection));
}
You neeed to add a little a space after like :
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "1234";
$dbname = "coffeecorner";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
$user = $_SESSION['username'];
$sql = "select username ";
$sql .= "from add_reservation";
$sql .= "where username like " . $user;
$result = mysqli_query($connection, $sql);
if(!$result)
{
die("database query fail!" . mysqli_error($connection));
}
check the error message :
database query fail!You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'likeipin' at line 1
the word like is stuck with the username forming a single string likeipin ; it should be like ipin meaning $sql .= "where username like " . $user;
Be carefull on session, session_start should be used before accessing session variable.
You can use this query string : $sql = "SELECT username FROM add_reservation
WHERE username LIKE '%". mysql_real_escape_string($user) ."%'" or this one :
$sql = "SELECT username FROM add_reservation
WHERE username LIKE '%".$user."%'"
Hope it help.
after a few hours thinking and trying i have found the solution. this a the new code. We need to input a braces () on it;
if(session_id()=='' || isset($_SESSION['username'])){
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "1234";
$dbname = "coffeecorner";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
$user = $_SESSION['username'];
$sql = "(SELECT * FROM add_reservation WHERE username like '$user')";
$result = mysqli_query($connection, $sql);
if(!$result)
{
die("database query fail!" . mysqli_error($connection) . mysqli_errno($connection));
}
Hope it helped !
I'm getting an error saying Undefined variable: con,
the connection of the database is on the other php file, (include() is already on top of the code). I just don't know how to call the $con
if (isset($_POST['update_profile']))
{
if (isset($_POST['first_name']))
{
$first_name = mysqli_real_escape_string($con, $_POST['first_name']);
$sql = mysqli_query($con, "UPDATE tbl_fbusers SET fname = '$first_name' WHERE email = '$email_to_connect'");
}
if (isset($_POST['last_name']))
{
$last_name = mysqli_real_escape_string($con, $_POST['last_name']);
$sql = mysqli_query($con, "UPDATE tbl_fbusers SET lname = '$last_name' WHERE email = '$email_to_connect'");
}
if (isset($_POST['contact']))
{
$contact = mysqli_real_escape_string($con, $_POST['contact']);
$sql = mysqli_query($con, "UPDATE tbl_fbusers SET contact = '$contact' WHERE email = '$email_to_connect'");
}
}
here is the other php file
class Users {
public $table_name = 'tbl_fbusers';
function __construct(){
//database configuration
$dbServer = 'localhost'; //Define database server host
$dbUsername = 'root'; //Define database username
$dbPassword = ''; //Define database password
$dbName = 'db_zalian'; //Define database name
//connect databse
$con = mysqli_connect($dbServer,$dbUsername,$dbPassword,$dbName);
if(mysqli_connect_errno()){
die("Failed to connect with MySQL: ".mysqli_connect_error());
}else{
$this->connect = $con;
}
}
Thanks!
Defining $con as a GLOBAL variable is a terrible idea...
I suggest to make a file (eg. connection.php) that will contain the $con variable that is not in a function, and then include the connection.php to your other php files. It's more secure and easier, and you won't get to any troubles.
Since you have a class you need to initialize user class.
$user = new Users();
and then
$con = $user->connect;
Here you can run your sql like:
$contact = mysqli_real_escape_string($con, $_POST['contact']);
$sql = mysqli_query($con, "UPDATE tbl_fbusers SET contact =......... etc.
you need to define $con as global:
global $con
$con = mysqli_connect($dbServer,$dbUsername,$dbPassword,$dbName);
This program is meant to delete a record when given the id.
php:
if ($_GET['type']=="file"){
$servername = "localhost";
$username = "****";
$password = "****";
$dbname = "****";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (mysqli_connect_error($conn)) {
die("Connection failed: " . mysqli_connect_error($conn));
}
$sql = "SELECT id,user, FROM CreationsAndFiles WHERE id =".$_GET['id']." LIMIT 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
if ($row['user'] == $login_session){
$sql = "DELETE FROM CreationsAndFiles WHERE id=".$_GET['id'];
if(mysqli_query($conn, $sql)){echo "deleted";}
}
mysqli_close($conn);
//header("location: index.php?page=CreationsAndFiles");
}
the header is type=file&id=9
there is a record where id=9
It for no apparent reason will not work.
Your SQL syntax is wrong;
SELECT id,user, FROM CreationsAndFiles...
^ extra comma
should be simply
SELECT id,user FROM CreationsAndFiles...
You may want to sanitize your input though, for example simply entering type=file&id=id will most likely do bad things.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
How do i actually update the values of table using PHP ? This code is not showing any error and its not updating either.
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'DB';
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
if(mysqli_connect_error())
{
die("couldn't connect" . $conn->connect_error());
}
echo ("connected successfully");
$id = $_POST['Id'];
$name = $_POST['Name'];
$dept = $_POST['Department'];
$update = "update info set Name='$name', Department='$dept' where Id='$id'";
if($conn->query(update) === TRUE) {
echo ("Data updated successfully");
}
else
{
echo ("Data cant be updated" . $conn->error());
}
$conn->close();
?>
Hope this one help you!
$update = "update info set Name='".$name."', Department='".$dept."' where Id='".$id."'";
Check this part of your code:
if($conn->query(update) === TRUE) {
where it should be:
if($conn->query($update) === TRUE) {
Make sure that you are using the correct credentials (host, username, password, database name) according to your MySQL database.
Also your table name and column name should be correct which are being used in your query.
Make sure that there is a match with your condition part of your query (... WHERE Id='$id'). Check it by running a query in your PhpMyAdmin page, or Search the ID, which is also the one you try to input in your form.
Make sure that the name of the passed variables ($_POST[]) are correct.
Be case sensitive.
Try changing your connection into:
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
/* CHECK CONNECTION */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
Other way to execute your query is to simply:
mysqli_query($conn,$update);
Recommendation:
You should escape the values of your variables before using them into your query by using mysqli_real_escape_string() function:
$name = mysqli_real_escape_string($conn,$_POST["Name"]);
Or better, so you won't need to worry about binding variables into your query and as well prevent SQL injections, you should move to mysqli_* prepared statement:
if($stmt = $conn->prepare("UPDATE info SET Name=?, Department=? WHERE Id=?")){
$stmt->bind_param("ssi",$_POST['Name'],$_POST['Department'],$_POST['Id']);
$stmt->execute();
$stmt->close();
}
$update = "update info set Name='".$name."', Department='".$dept."' where Id='".$id."'";
mysql_query($update);
$update = "update info set Name='".$name."',set Department='".$dept."' where Id='".$id."'";
if this is not help please provide form code.
Try this
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'DB';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
if(!$conn)
{
die("ERROR CONNECTING TO DATABASE!");
}
echo "Connected Successfully";
$id = $_POST['Id'];
$name = $_POST['Name'];
$dept = $_POST['Department'];
$update = "update info set Name='$name', Department='$dept' where Id='$id'";
$qry = mysqli_query($conn,$update);
if(!$qry) {
echo "Error Updating Details".mysqli_error($conn);
}
else
{
echo "Data updated successfully";
}
mysqli_close($conn);
?>
(Optional) Use secure things. Change to this for more secure.
$id = mysqli_real_escape_string($conn,$_POST['Id']);
$name = mysqli_real_escape_string($conn,$_POST['Name']);
$dept = mysqli_real_escape_string($conn,$_POST['Department']);