First of all I like to say that I'm super bad at this type of stuff so my code can be totally useless.
The mission is to create a system that will ask the user to scan two ID's, userID and itemID. After the scan has been successful I want these values to be transported to a PHP document.
Here I'd like to run a MySQL query which will update the value of userID where itemID match the database.
So my problem is that I get this message after running my query:
userID:202 itemID:8204 Could not update data: Query was empty. And ofc my database remains empty.
I think the problem is that the query can't read the $_GET variables. But I have no clue so please help me, Thanks!
This is my form:
<form id="checkin" name="checkin" action="test.php">
<input type="button" onclick="checkIn()" value="Check in Item">
</form>
The function:
<script>
function checkIn(){
var userID=parseInt(prompt ("Scan userid"), 10);
var itemID=parseInt(prompt ("Scan itemid"), 10);
if(userID!=null && itemID!=null){
window.location.href= "http://localhost/webapp/test.php?userID=" + userID + "&itemID=" + itemID;
alert ("working so far userID:"+ userID + " --- itemID:" + itemID);
}
}
</script>
At last the PHP:
$con = mysql_connect("localhost", "root", "", "book1");
$db = mysql_select_db('book1');
if (isset($_GET["userID"]) && isset($_GET["itemID"])) {
$userID1 = (int)$_GET["userID"];
$itemID2 = (int)$_GET["itemID"];
$test = "userID: ".$_GET["userID"]." "."itemID: ".$_GET["itemID"];
echo $test;
}
if (!$con) {
die('Could not connect: '.mysql_error());
}
$upd = mysql_query('UPDATE INTO booking SET userID ="$userID" WHERE ID ="$itemID');
$retval = mysql_query($upd, $con);
if (!$retval) {
die('Could not update data: '.mysql_error());
}
echo "Updated data successfully\n";
Invalid arguments # mysql_connect()
$con=mysql_connect("localhost", "root", "") or die ('Connection failed' . mysql_error());
$db = mysql_select_db('book1',$con);
UPDATE INTO need to change to UPDATE ....
Also you have userID assigned to variable $userID1 and itemID assigned to $itemID2. But in your query it is wrong. Query is updated now.
Mysql Manual
Also missing quotes at WHERE ID ="$itemID'
$upd = mysql_query("UPDATE booking SET userID ='$userID1' WHERE ID ='$itemID2'", $con);
P.S. Usage of mysql_* functions is not advised, instead use mysqli_*
Your DB connection string might looks mysqli_. In mysql_, you don't want to specify the DB Name as parameter.
$con=mysql_connect("localhost", "root", "", "book1");
This should be,
$con=mysql_connect("localhost", "root", "");
You add unnecessary INTO in UPDATE query..
Refer the manual
Try this,
UPDATE booking SET ....
instead of,
UPDATE INTO booking SET ....
You might also want to read this: Why shouldn't I use mysql_* functions in PHP?
Correct your connection as per manual and also correct Update syntax
Check PHP CONNECTION Manual
$con=mysql_connect("localhost", "root", "") OR die('Could not connect');
$db = mysql_select_db('book1',$con);
if(isset($_GET["userID"]) && isset($_GET["itemID"])){
$userID1= (int) $_GET["userID"];
$itemID2= (int) $_GET["itemID"];
$test = "userID: ". $_GET["userID"] . " " . "itemID: ". $_GET["itemID"];
echo $test;
}
$upd = mysql_query("UPDATE booking SET userID='".$userID."' WHERE ID=$itemID");
$retval = mysql_query( $upd);
if(! $retval){
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
}
#user3751216 the error of the "syntax" problem it's generated on this line
$upd = mysql_query("UPDATE booking SET userID='".$userID."' WHERE ID=$itemID");
$retval = mysql_query( $upd);
If you put your code like this, it should resolve the problem of the SQL syntax
$upd = ("UPDATE booking SET userID='".$userID."' WHERE ID=$itemID");
$retval = mysql_query( $upd);
Let me now if you already resolve the problem.
Related
BIt of a php/mysql noob here, hope someone can help.
Ok so i have a URL which has an id in the querystring like so: wwww.mysite.com/page1.php?id=1
What i want to do is connect to a table in the database and get the data from the columns on one row where the first column named ID equals the id number held in the querystring.
I then want to print the data from each column in different div's elsewhere on the page.
There's also the additional issue of what to do if there's no row in the table with the same id as the querystring, i'd want it to change the id in the querystring to 1 and load that rows data.
I had a little go, i know it connects ok but i have no idea if the rest is what i want:
<?php
$link = mysql_connect('Address', 'Database', 'Password');
if (!$link) {
die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = "select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per=".$_GET['ID']."";
echo $result['A'];
mysql_close($link);
?>
And then put this in the div's to print the data.
<?php echo $result['A']; ?>
Am i along the right lines or completely wrong?
$dbConnection = mysql_connect('Address', 'Database', 'Password');
if (!$dbConnection) {
die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = $dbConnection->prepare("select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per = ?");
$query->bind_param('s', $per);
$query->execute();
$result = $query->get_result();
<?php echo $result; ?>
use this code first to avoid SQL Injection second that's the way it should work in PHP first prepare the query second execute and only then show it.
Use mysql_query function in your code.
mysql_* functions is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used.
<?php
$link = mysql_connect('Address', 'Database', 'Password');
if (!$link) {
die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = "select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per=$per";
$result = mysql_query($query, $link) or die(mysql_error());
$row = mysql_fetch_assoc($result);
echo $row['A'];
mysql_close($link);
?>
This is my PHP code written for website. When I executed this, the query doesn't execute and doesn't show any error. I also checked data types of values that are to be inserted.
The database username and password and all credentials are correct. What could be the problem?
<?php
$password ='abcdef';
$host="localhost"; // Host name
$username="futureti_dsatya"; // Mysql username
$password="D2e3e4v1i"; // Mysql password
$db_name="futureti_db"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password,$db_name);
if(!$con)
{
die('Could not connect: '. mysql_error());
}
else
{
$res = mysqli_query($con,"insert into users values(55555623,'saran1','satya_saran',$password)");
if($res){
print("i am ok");
}
else{
print("bad");
}
}
?>
Wrap $pass in quotes (55555623,'saran1','satya_saran','$pass') as shown below with an explanation about "$password", and change mysql_error()); to mysqli_error()); those two functions don't mix and that is why you did not get the proper error messages to show up.
As already stated, you're using $password twice; change one of the variables to something else.
What you're presently doing is overwriting your $password variable.
I am assuming you want to enter abcdef into your DB. If so, then do this instead:
<?php
$pass ='abcdef';
$host = "localhost"; // Host name
$username = "futureti_dsatya"; // Mysql username
$password = "D2e3e4v1i"; // Mysql password
$db_name = "futureti_db"; // Database name
$tbl_name = "users"; // Table name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password,$db_name);
if ( !$con ) {
die('Could not connect: '. mysqli_error());
} else {
$res = mysqli_query($con, "insert into users values (55555623,'saran1','satya_saran','$pass' )");
if( $res ) {
print("i am ok");
} else {
print("bad");
}
}
?>
Also, inserting data into a table without telling it which columns to use is not a recommended method.
Use something to the effect of:
($con, "insert into users (column1, column2, column3, column4) values (55555623,'saran1','satya_saran','$pass' )
Sidenote: If the column for your first value isn't an (int) you will need to wrap that in quotes as well.
Also, if your first column is an AUTO_INCREMENT, you will need to remove the AUTO_INCREMENT from the column's type.
you dont get any error because you are making using mysql. not mysqli.
your code is wroking just wrap password . i guess the connection is not connecting.
replace this:
die('Could not connect: '. mysql_error());
to
die('Could not connect: '. mysqli_error()); //to see the error
I have a few string variables I am trying to insert them into my DB but I am having trouble because nothing is being inserted into the DB. I know the variables are populated. Since all variables are string I'm converting some of them to integers because those fields in the db table are type integer. I tried assigning the mysql_query to a variable and then check to return an error but it didn't display anything. I'm a bit new at PHP so I'm not sure what's wrong with my code below. I appreciate the help.
$connect = mysql_connect("localhost", "user", "pass");
if (!$connect) { die("Could not connect: ". mysql_error()); }
mysql_select_db("dbname");
mysql_query($connect,"INSERT INTO table1 (id, AU, TI, JO, VL, ISS, PB, SN, UR, DO, SP, EP, PY) VALUES ('NULL', '".$authors."', '".$title."', '".$journal."', '".(int)$volume."', '".(int)$issue."', '".$publisher."', '".$serial."', '".$url."', '".$doi."', '".(int)$startpage."', '".(int)$endpage."', '".(int)$year."')");
mysql_close($connect);
Try to debug your code, adding some more useful checks.
$link = mysql_connect("localhost", "user", "pass");
if (!$link) {
die("Could not connect: ". mysql_error());
}
$dbSelected = mysql_select_db("dbname", $link);
if (!$dbSelected) {
die ("Can't select db: " . mysql_error());
}
$result = mysql_query("YOUR_QUERY", $link);
if (!$result) {
die("Invalid query: " . mysql_error());
}
ps: you may want to use mysqly::query, just because mysql_query is deprecated
ps2: you should google about SQL Injection, since your statement doesn't look secure (unless those values are escaped somewhere)
NOTE: I just noticed that you are using a wrong order for the parameters on mysql_query($query, $link). You have put $link as first parameter.
I am trying to delete a record using php from a database. This is supposed to happen when I click a button, no error is displayed and the query appears on the screen but the record remains on the database
phpmyadmin gives me the following code to use: DELETE FROM 'the shop'.'customer' WHERE 'customer'.'CustomerID' = 8
<?php
$host="localhost"; // Host name
$tbl_name="customer"; // Table name
$db_user="root";
$db_pass="";
$connect = mysql_connect("$host", "$db_user", "$db_pass");
$db_name="the_shop"; // Database name
mysql_select_db("$db_name");
if (!$connect)
{
die("MySQL could not connect!");
}
if(isset($_GET['submit2'])){
$db_username = $_GET['username'];
$sql4 = "DELETE FROM 'the_shop'.'customer' WHERE 'customer'.'CustomerID' = 8"
or die('error deleting record');
mysql_query($sql4);
echo $sql4;
}
?>
I know this will only delete the record that has a CustomerID that = 8
my intention is that once this works I will replace CustomerID with Username and the '8' with the relevant variable that will be given a value via a form
any help is appreciated
You are using quotes instead of back tick
$sql4 = "DELETE FROM `the_shop`.`customer` WHERE `customer`.`CustomerID` = 8";
Moreover you don't need back ticks(In this case as you are not using any Reserved keywords here) as well as you are using die() at wrong place
Use this,It is working.
<?php
$host="localhost"; // Host name
$tbl_name="customer"; // Table name
$db_user="root";
$db_pass="";
$connect = mysql_connect("$host", "$db_user", "$db_pass");
$db_name="the_shop"; // Database name
mysql_select_db("$db_name",$connect);
if (!$connect)
{
die("MySQL could not connect!");
}
if(isset($_GET['submit2'])){
$db_username = $_GET['username'];
$sql4 = "DELETE FROM `the_shop`.`customer` WHERE `customer`.`CustomerID` = 8";
mysql_query($sql4,$connect) or die('error deleting record');
echo $sql4;
}
?>
Your statement is not correct. You use quoted instead of back ticks. But you can make your statement easier.
$sql4 = "DELETE FROM customer WHERE CustomerID = 8";
$sql4 = "DELETE FROM `the_shop`.`customer` WHERE `customer`.`CustomerID` = 8"
mysql_query($sql4);or die('error deleting record');
echo $sql4;
You don't need to specify which database to query in your query.
This will suffice:
DELETE FROM customer WHERE CustomerID = 8
The Mysql extension is deprecated. This means that it is no longer supported by PHP and should not be used. Try mysqli or pdo instead.
You can just use this. There is no need for you to specify the database.
delete from customer where CustomerID = 8
I'm trying to update a record in my database using the code below. I'm trying to change the product name but I am getting the following error:
Could not update data: Unknown column 'Earrings' in 'field list'
Code:
<?php
if(isset($_POST['update']))
{
$dbhost = 'databasehost';
$dbuser = 'username';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$ProductsID = $_POST['ProductsID'];
$ProductsName = $_POST['ProductsName'];
$sql = "UPDATE Products ".
"SET ProductsName = $ProductsName ".
"WHERE ProductsID = $ProductsID" ;
mysql_select_db('databasename');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
The query should be
$sql = "UPDATE Products ".
"SET ProductsName = '$ProductsName' ".
"WHERE ProductsID = $ProductsID" ;
You forgot to wrap $ProductName with quotations. Don't forget to do so when dealing with string values.
You want something like this:
ProductsName = '$ProductsName'
Also, be sure to escape that input, else you'll be subjected to SQL injections.
Your are trying to set the ProductsName to an existing column, add quotes to let sql interpret a value:
$sql = "UPDATE Products ".
"SET ProductsName = '$ProductsName' ".
"WHERE ProductsID = $ProductsID" ;
You are not sanitizing your data, so there is a good chance that your query could break depending on the value submitted, not to mention it leaves your database wide open for an attacker to manipulate via SQL Injection.
Please do not use mysql_ functions, as they are depricated. You should be using prepared statements, please see PDO and mysqli.
As for your answer, you need to put 'quotes' around the $variable