I am converting from mysqli to PDO and very much a beginner with this. Here is my update statement for my database 'users'
public function pdo_update_test() {
$sql = "UPDATE users SET visible_password = ?, hashed_password = ?, ";
$sql .="temp_hashed_password = ?, email = ?, first_name= ?, last_name = ?, ";
$sql .="position = ?, location = ?, city = ?, country = ?, institution = ? ";
$sql .="interests = ?, profile_comment = ? WHERE id =" . $this->id;
$query = $handler->prepare($sql);
$result = array($visible_password, $hashed_password, $temp_hashed_password, $email,
$first_name, $last_name, $position, $location, $city, $country, $institution,
$interests, $profile_comment);
$query->execute($result);
if (($query = $handler->prepare($sql)) === false) {
print_r($handler->errorInfo());
}
if ($query->execute($result) === false) {
print_r($query->errorInfo());
}
}
I am using ? rather than nameholders because once I have this working I am going to try to make it abstract so I can use it in all the classes in my site and I have found it easier with ? than nameholders. When I run the following it fails to work. I am sure an obvious error on my part but I can't seem to see the issue....
$user = new User();
$user->id= 256;
$visible_password = "Bob";
$user->pdo_update_test();
I have found a solution to make the whole thing dynamic. I won't presume that its going to be helpful for others (as I am the beginner) but i though I would post it anyway....
If you see problems or have criticisms please let me know
public function pdo_update_test(){
$attributes = $this->attributes();
$attribute_pairs = array();
foreach($attributes as $key => $value) {
if(isset($value))
$attribute_pairs[] = "{$key}='{$value}'";
}
$sql = "UPDATE ".self::$table_name." SET ";
$sql .= join(", ", $attribute_pairs);
$sql .= " WHERE id=". $this->id;
$query = $handler->prepare($sql);
$query->execute(array());
}
What you need is to create SET statement for the query dynamically. To make it contain only actual fields you have values for.
So, for the code given, it should produce a query
UPDATE users SET visible_password = ? WHERE id = ?
-- but not one you wrote above with all the fields listed
and it is not PDO related problem - it's rather just basic string manipulation, every PHP user is supposed to be able to write. If you can't, you can refer to PDO tag wiki for the code to adopt.
To make it work your code have to be like this
$user = new User();
$user->id= 256;
$data = array('visible_password' => "Bob");
$user->pdo_update_test($data);
where pdo_update_test will create the above SQL query out of $data array
Related
I have an app that is written using procedural PHP. I've created an insert page where I take a buck of addresses and pass them as an array and insert them in the database. There I have the id of the row and then an orderId, the address type, and the address. Now I want to be able to update a specific one. Until now I've come up with the following:
// update new supplier order
function updateSupplierOrder($conn, $orderDate, $datePickup, $dateDelivery, $timePickup, $timeDelivery, $car, $carType, $goodsDescription, $paletChange, $paletNo, $supplier, $orderObservation, $paymentDate, $value, $addressPickup, $addressDelivery, $userid, $orderID) {
$sql1 = "UPDATE suppliersOrders SET supplierId = ?, date = ?, datePickup = ?, timePickup = ?, goodsDescription = ?, dateDelivery = ?, timeDelivery = ?, carType = ?, carNo = ?, paletChange = ?, paletNo = ?, value = ?, invoice = ?, observations = ?, operator = ? WHERE id = ?;";
$stmt1 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt1, $sql1)) {
header ("location: ../suppliersOrders?error=failedupdateorder");
exit();
}
mysqli_stmt_bind_param($stmt1, "isssssssisisssii", $supplier, $orderDate, $datePickup, $timePickup, $goodsDescription, $dateDelivery, $timeDelivery, $carType, $car, $paletChange, $paletNo, $value, $paymentDate, $orderObservation, $userid, $orderID);
mysqli_stmt_execute($stmt1);
mysqli_stmt_close($stmt1);
for ($i=0; $i<count($addressPickup); $i++) {
$address = $addressPickup[$i];
$type = '1';
$sql2 = "UPDATE suppliersOrdersAddress SET address = ?, operator = ? WHERE orderId = ? AND addressType = ?;";
$stmt2 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt2, $sql2)) {
header ("location: ../suppliersOrders?error=failedupdateaddress");
exit();
}
mysqli_stmt_bind_param($stmt2, "siii", $address, $userid, $orderID, $type);
mysqli_stmt_execute($stmt2);
mysqli_stmt_close($stmt2);
}
for ($i=0; $i<count($addressDelivery); $i++) {
$address = $addressDelivery[$i];
$type = '2';
$sql2 = "UPDATE suppliersOrdersAddress SET address = ?, operator = ? WHERE orderId = ? AND addressType = ?;";
$stmt2 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt2, $sql2)) {
header ("location: ../suppliersOrders?error=failedupdateaddress");
exit();
}
mysqli_stmt_bind_param($stmt2, "siii", $address, $userid, $orderID, $type);
mysqli_stmt_execute($stmt2);
mysqli_stmt_close($stmt2);
}
header("location: ../suppliersOrders-edit.php?id=$orderID");
}
But this will update all the addresses of an order and a type. How can I update based on the id from the table, this will make sure that the right address is updated.
Help would be appreciated.
I found a solution to the issues. The simplest way to be able to update the row that I needed was to add the id value from the row in an array and do the update based on the WHERE clause that had the id value. This way I was able to update just the needed value/row.
(Sorry for my English writing)
This is my coding for insert data
$insertChecklist = 'INSERT INTO checklists(`ADMIN_ID`, `COMPUTER_ID`) VALUES(?, ?);';
$stmtChecklist = $connection->prepare($insertChecklist);
$stmtChecklist->bind_param('ii', $_POST['ADMIN_ID'], $_POST['COMPUTER_ID']);
$isInsert = $stmtChecklist->execute();
$lastInsertId = mysqli_insert_id($connection);
$stmtChecklist->close();
$insertInstalledProgram = 'INSERT INTO checklist_programs(`CHECKLIST_ID`, `PROGRAM_ID`) VALUES(?, ?);';
$stmtProgramId = $connection->prepare($insertInstalledProgram);
$stmtProgramId->bind_param('ii', $lastInsertId, $programId);
foreach ($_POST['PROGRAM_ID'] as $program)
{
$programId = $program;
$stmtProgramId->execute();
}
$stmtProgramId->close();
$connection->close();
if ($isInsert) {
// echo($lastInsertId);
header('Location: OverViewCheckList.php');
exit(0);
}
And I need to change this Insert into to Update
I don't know how. Please help :(
Thank you.
It is not clear what you really want
maybe something like that:
$updateChecklist = 'UPDATE checklists SET `ADMIN_ID` = ?, `COMPUTER_ID` = ? WHERE id = ?';
$stmtChecklist = $connection->prepare($insertChecklist);
$stmtChecklist->bind_param('iii', $_POST['ADMIN_ID'], $_POST['COMPUTER_ID'], $_POST['ID']);
$res = $stmtChecklist->execute();
I insert data into a table called 'roster'. The first column (id_roster) is an id using mysql auto-increment.
I run a SELECT to find the id_roster
I use this id_roster to insert it into a table 'roster_par_membre' along with other data
if ($insert_stmt = $mysqli->prepare("INSERT INTO `roster`(`nom_roster`, `description_roster`, `id_organisation`, `created_by`, `creation_date`,`modified_by`) VALUES (?, ?, ?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssiisi', $roster_name, $description_roster, $organisation_id, $user_id, $creation_date, $user_id);
if (!$insert_stmt->execute()) {
$reponse = 'Sorry, a database error occurred; please try later';
} else {
// if INSERT OK -> create a new line in roster_membre table
//1. get the roster_id
$sql = "SELECT r.id_roster
FROM roster r
WHERE r.nom_roster = ?
LIMIT 1";
$stmt = $mysqli->prepare($sql);
if ($stmt) {
$stmt->bind_param('s', $roster_name);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
$stmt->bind_result($id_roster);
$stmt->fetch();
$level = 1;
//2. create a line with the roster_id and insert the membre as level 1
$insert_stmt = $mysqli->prepare("INSERT INTO `roster_par_membre`(`id_membre`, `id_roster`, `level`, `modified_by`) VALUES (?,?,?,?)");
$insert_stmt->bind_param('iiii', $user_id, $id_roster, $level, $user_id);
$insert_stmt->execute();
$reponse = 'success';
}
So far the code is working but it is not very nice.
Is there a way when we create a new line in a table to directly return a value (id with auto-increment) to be used in a sql query (to insert data into a second table)? or maybe to merge the two query (the two INSERT) in one statment?
short edit: it is an AJAX $response the return value (JSON)
Ok,solution:
//1. get the roster_id
$sql = "SELECT r.id_roster
FROM roster r
WHERE r.nom_roster = ?
LIMIT 1";
$stmt = $mysqli->prepare($sql);
if ($stmt) {
$stmt->bind_param('s', $roster_name);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
$stmt->bind_result($id_roster);
$stmt->fetch();
Just need to replace all this part by
$id_roster = $mysqli->insert_id;
nice and easy. THANKS to albanx
these are the functions I used for query on projects that I do not want to use any framework (just php):
/**
*
* Executes query methods
* #param string $query the query string
* #param array $vals array of values
* #param bool $show show the query
* #return int/array/false
*/
function q($query, $vals=array(), $show_query=false)
{
$conn = new mysqli(...)
$offset = 0;
foreach ($vals as $v)
{
$cv = $conn->real_escape_string($v);//escape the value for avoiding sql injection
$fv = ($v===NULL) ? 'NULL':"'".$cv."'"; //if value is null then insert NULL in db
$qpos = strpos($query, '?', $offset);//replace the ? with the valeue
$query = substr($query, 0, $qpos).$fv.substr($query, $qpos+1);
$offset = $qpos+strlen($cv)+1;
}
$result = $conn->query($query);
if($show || $result===false) echo $query."<br>";
$rows = array();
if($result===true)
{
return $conn->affected_rows;
}
else if($result===false)
{
return false;
}
else
{
while ($row = $result->fetch_array(MYSQLI_ASSOC) )
{
$rows[]=$row;
}
}
return $rows;
}
function lastid()
{
return $this->qval("SELECT LAST_INSERT_ID()");
}
Usage example:
q('INSERT INTO USER(name, email) VALUES(?,?)', array('admin','admin#admin.com'));
$id = lastid();
I'm starting with mysql prepared statements and I can't advance due to an error that I don't understand. Here's my function to update de db:
public function updateUserData($user_label,$user_alliance, $score, $rank, $timestamp, $user_id, $db_object){
$sql='UPDATE users SET label = ?, alliance = ?, points = ?, position = ?, modified = ?, WHERE user_id = ?';
$label = $user_label;
$alliance = $user_alliance;
$points = $score;
$position = $rank;
$modified = $timestamp;
$user_id_q = $user_id;
$stmt = $db_object->prepare($sql);
if($stmt === false) {
trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $db_object->error, E_USER_ERROR);
}
$stmt->bind_param('ssiiii',$label,$alliance,$points,$position,$modified,$user_id_q);
/* Execute statement */
$stmt->execute();
echo $stmt->affected_rows;
$stmt->close();
}
Here's how I use it:
//Get user Data
$user = new user();
$page_clasif = $user->getPagClasif($ch,$url_clasif);
$user_label = $user->findPlayerName($page_clasif);
$user_alliance = $user->findAllianceName($page_clasif);
$rank = $user->findRank($page_clasif);
$score = $user->findScore($page_clasif);
$user_id = $user->findPlayerId($page_clasif);
$version = $user->findVersion($page_clasif);
$user_universe = $user->findUniverse($page_clasif);
//Get install date as timestamp
$core = new core();
$timestamp = $core->dateAsTimestamp();
//Update User
$user->updateUserData($user_label,$user_alliance,$score,$rank,$timestamp,$user_id,$conn);
Here's the error:
PHP Fatal error: Wrong SQL: UPDATE users SET label = ?, alliance = ?, points = ?, position = ?, modified = ?, WHERE user_id = ? Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_id = ?'
Any ideas?
Thanks in advance.
You have a superfluous comma before the WHERE keyword:
$sql='UPDATE users SET label = ?, alliance = ?, points = ?, position = ?, modified = ?, WHERE user_id = ?';
// remove this comma --^
Working on my first OOP app and I am having some trouble accessing the values of an array returned by a public function within my class. Here is the function -
//Process new transaction
public function addTransaction($amount, $payee, $category, $date, $notes) {
global $db;
//Check to see if payee exists in Payee table
$checkPayee = $db->prepare("SELECT * FROM payees WHERE name = ?");
$checkPayee->execute(array($payee));
$checkPayeeNum = $checkPayee->fetchColumn();
$payeeDetails = $checkPayee->fetch();
if ($checkPayeeNum < 1) {
$insertPayee = $db->prepare("INSERT INTO payees (name, cat) VALUES(?, ?)");
$insertPayee->execute(array($payee, $cat));
} else {
if ($payeeDetails['cat'] == "") {
$updatePayee = $db->prepare("UPDATE payees SET cat=? WHERE name=?");
$updatePayee->execute(array($cat, $payee));
}
}
//Process the transaction
$proc = $db->prepare("INSERT INTO transactions (amount, payee, cat, date, notes) VALUES (?, ?, ?, ?, ?)");
$proc->execute(array($amount, $payee, $cat, $date, $notes));
//Prepare array for JSON output
$todaysTrans = $this->fetchDailyTotal();
$weeklyTotal = $this->fetchWeeklyTotal();
$accountBalance = $this->balanceAccount();
$jsonOutput = array("dailyTotal" => $todaysTrans, "weeklyTotal" => $weeklyTotal, "accountBalance" => $accountBalance);
return $jsonOutput;
}
Instantiating the object is not the issue, trying to figure out how to access the $jsonOutput array. How would one accomplish this?
Thanks!
// In some other PHP file...
include 'YourClass.php';
$yourObject = new YourClass();
$returnedArray = $yourObject->addTransaction(...);
// Access the returned array values
echo 'Daily Total: ', $returnedArray['dailyTotal'], "\n";
echo 'Weekly Total: ', $returnedArray['weeklyTotal'], "\n";
echo 'Account Balance: ', $returnedArray['accountBalance'], "\n";
Also, for what it's worth, it's very confusing for you to be returning a PHP array called $jsonOutput, as it's not JSON encoded, which is what most developers will expect it to be. If you're wanting it to be JSON encoded, use json_encode() (see here for more info).