Php: how to make variables work in mysql instructions - php

i am trying to make a last online system and this is the code that (should) run after the login
$name = $user['username']
mysql_query("UPDATE users SET last_activity = now() WHERE username = $name");
$message = "Connected";
normally, If i type this code in php tags the name is displayed
echo $user['username']
but it seems that this variable in the mysql_query doesn't work
why?
how should I set "$name" to make it work?

You must use quotes in '$name'.
Try:
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");

You need quotes around your variables
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");

The problem here is that you need to quote a string in a mysql query so your query should be
"UPDATE users SET last_activity = now() WHERE username = \"$name\""
However I would still caution against direct query manipulation like this for many reasons. Have you looked into using a library like PDO http://www.php.net/manual/en/book.pdo.php?

You have to concatenate the query with the variable like
mysql_query("UPDATE users SET last_activity = now() WHERE username = '" . $name . "');

I solved by myself using another variable
with this code in index.php everything worked :)
mysql_query("UPDATE users SET last_activity = now() WHERE uid = {$user['uid']}");

Related

Updating SQL using PHP - Error

Right so i have php code to update a SQL table. If i replace $_GET['emailID'] with a number say 1 the database IS updated. But otherwise no update. What seems to be wrong here
Table: emails
Fields: mailbox, emailID
$query = 'UPDATE `emails` SET `mailbox`=\'trash\' WHERE `emailID`='.(int)$_GET['emailID'];
Do like this
$query = "UPDATE `emails` SET `mailbox`='trash' WHERE `emailID`=".intval($_GET['emailID']);
Can you try this,
$query = 'UPDATE `emails` SET `mailbox`=\'trash\' WHERE `emailID`="'.(int)$_GET['emailID'].'" ';
Value of attribut must be selected by single quotes. Try this:
$query = "UPDATE `emails` SET `mailbox` = 'trash' WHERE `emailID` = '" . intval($_GET['emailID']) . "'";
$query = "UPDATE `emails` SET `mailbox`='trash' WHERE `emailID`= ".$_GET['emailID'];
Try this one sure it will work

updating mysql field with variable not working

So I am using CONCAT to combine 2 strings together and want to update a TEXT field in my database by adding a new string onto the end of the existing string.
// This code works great. will add "EXTRA" at end of the feed.
$insert = ("update $username set feed = CONCAT(feed, 'EXTRA')");
mysql_query($insert);
// This code doesn't work. not sure what to change in the variable area?
$extra = "EXTRA";
$insert = ("update $username set feed = CONCAT(feed, '$extra')");
mysql_query($insert);
I tried many variations of the variable declaration but can't seem to get it to work like i can when i just write in a string. any help or insight is appreciated.
thanks!
I think you mixed up your SQL here:
"update $username set feed = CONCAT(feed, 'EXTRA')"
$username = TABLE NAME ??
And looks like you probably want to update a field WHERE it equals a certain $username which would be:
"update TABLENAME set feed = CONCAT(feed, '$extra') WHERE username = '$username'"
Look example query:
UPDATE table_name SET field1 = CONCAT(field1, "new data" ) WHERE field2 = value;
and adjust to your needs.
To get the word 'EXTRA' at the end of feed I think you need to do something like this:
$insert = ("update $username set feed = CONCAT(feed, '" . $extra . "')");

Unable to figure out syntactical error in MySQL statement

I know this is a short question but i can't figure out the syntactical error in this line:
$insert = mysql_query("UPDATE user SET userName = '$username_change' WHERE userID = '$_SESSION['userid']' ");
I know the problem is with $_SESSION variable but don't what, if anything, i need to escape or alter for the statement to work.
Try wrapping your array variables within curly brackets:
UPDATE user SET userName = '$username_change' WHERE userID =
'{$_SESSION['userid']}'
Also think about moving away from the mysql_* functions.
try:
$insert = mysql_query("UPDATE user SET userName = '".$username_change."' WHERE userID = ".$_SESSION['userid']);
Try this
UPDATE user SET userName = '$username_change' WHERE userID = "'.$_SESSION['userid']."' "

Syntax on this MySQL query might be wrong

Is there something wrong with the syntax on this MySQL query?
Thanks in advance,
John
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = ".$row['username']."");
EDIT: Okay, per Pekka's request, I echoed out the actual query value, and that gave me some ideas. Now I'm using this:
$ttquery = "Update login SET ttemail = 1 WHERE username = ".$row['username']."";
and I get this error: Unknown column 'admin' in 'where clause'. "admin" is the first username that meets the condition I want to run this query for... it's not the name of a field. Any ideas on why I'm getting the error?
EDIT: Here is the MySQL echoed MySQL query if that helps:
Update login SET ttemail = 1 WHERE username = admin
You probably need single quotes around username
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
If you're using sprintf, you would have:
$ttquery = sprintf("Update login SET %1$s = '1' WHERE username = '%2$s'", $row['ttemail'],$row['username']);
Update login SET ttemail = 1 WHERE username = admin
In SQL, strings are surrounded by single quotes and table/column names are unquoted. You need to fix your PHP code so you generate this:
Update login SET ttemail = 1 WHERE username = 'admin'
Try to make sure you understand basic SQL before banging your head against PHP ;-)
try this
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = '" . $row['username'] ."'"
i.e., username='[your value]'
This should work:
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
man, be careful about sql injections.
Also, why call sprintf() if you dont actually use it?

Updating SQL database using PHP

I am trying to make a password retrieval system on my site, and I am having problems updating the password reset field in my database. I have tried everything, but nothing seems to work.
This is my code so far:
$passwordreset = md5(mt_rand()) . md5(mt_rand()) . md5(mt_rand());
$con = mysql_connect("localhost","XXX","XXX");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
mysql_query("UPDATE members SET passwordreset = $passwordreset WHERE id = $id");
When I try to insert the data I get the error:
Error: Query was empty
Any help would be appreciated,
Thanks.
Not sure it's the only problem, but I'm guessing your passwordreset field is a string, in the database -- to store a concatenation of several md5, which are strings, it has to.
So, there should be quotes arround the value you put in this field, in the SQL query :
mysql_query("UPDATE members SET passwordreset = '$passwordreset' WHERE id = $id");
And, in a general case, you should escape your string values with mysql_real_escape_string :
mysql_query("UPDATE members SET passwordreset = '"
. mysql_real_escape_string($passwordreset)
. "' WHERE id = $id");
It won't change anything here, as there is no quote in a md5... But it's a good practice to always do it, to never find yourself in a situation where it was necessary and you didn't do it.
I am not sure, if you get an empty query error for this, but you need ticks around the values:
mysql_query("UPDATE members SET passwordreset = '$passwordreset' WHERE id = '$id'");
I guess the backticks around the names of the columns are missing, try:
mysql_query("UPDATE members SET `passwordreset` = '$passwordreset' WHERE `id` = '$id'");
Are the two line breaks after $passwordreset intentional? Can you try removing them?

Categories