For some reason I can't get UPDATE to work, after hours of googling I can't seem to find a working code.
$stmt = $con->prepare("UPDATE user_settings SET accept_emails = ? WHERE user= '$user'");
$stmt->bind_param('s', '0');
$stmt->execute();
$stmt->close();
Trying to update via Ajax, keeps returning 500 Server Error. Should I just use the old MySQL way?
i am pretty sure you can't use a literal in bind only variables.
This is what you should use.
$var="0";
$stmt = $con->prepare("UPDATE user_settings SET accept_emails = ? WHERE user=?");
$stmt->bind_param('ss',$var,$user);
$stmt->execute();
$stmt->close();
Related
I have the following update statement which does execute successfully but with no value change in the table.
$name = "John Doe"; //to update into John Stack
$chenna = "Mz"; $reg = 25; $km = 3;
$dbh = PDO Object
$stmt = $dbh->prepare("UPDATE `hl_customer` SET `name`=:hming, `address`=:chenna
WHERE `regd`=:regd AND `kum`=:km");
$stmt->bindParam(':hming', $name, PDO::PARAM_STR);
$stmt->bindParam(':chenna', $hmun, PDO::PARAM_STR);
$stmt->bindParam(':regd', $reg, PDO::PARAM_INT);
$stmt->bindParam(':km', $km, PDO::PARAM_INT);
$stmt->execute();
$affected = $stmt->rowCount();
Another tested code:
$stmt = $dbh->prepare("UPDATE `hl_customer` SET `name`=?, `address`=?
WHERE `regd`=? AND `kum`=?");
$stmt->execute([$name, $hmun, $reg, $km]);
$affected = $stmt->rowCount();
$stmt = $dbh->query("UPDATE `hl_customer` SET `name`='$name', `address`='$chenna'
WHERE `regd`='$reg' AND `kum`='$km'");
In order to update I kept changing the $name variable, yet there was no affected row. The row count always return 0. I did tested in both phpmyadmin(latest version) and mysql Workbench(latest) and the problem is still there. Then I tested again in mysql console, and it works as expected. But why is it not working in the code shown above, phpmyadmin and workbench. What could be the problem? Is my code wrong? I used mysql 8.0.12, php 5.6.* and php 7.1.*.
I did test it again without parameterized query, still it did not work. Now I begin to think that it is a kind of bug in php.
Thanks
Well i don't see anything wrong with your code try and verify if the number of columns in your table matches the number of paramaters you have because you said it works when you drop the last parameter
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 5 years ago.
This little piece of code should be very easy basic coding, yet it doesn't work. The problem is within the INSERT / UPDATE code, because if I delete those and just echo simple text inside of the if/else code everything works just fine.
This is the code I have, whichs gives a HTTP ERROR 500.
$sql2 = mysqli_query($mysqli, "SELECT * FROM koppel WHERE userid = ".$_GET['userid']." AND msgid = ".$_GET['msgid']."");
$row = mysqli_fetch_assoc($sql2);
$check = $_GET['check'];
$msgid = $_GET['msgid'];
$userid = $_GET['userid'];
$ja = 'ja';
$nee = 'nee';
$tabel_content = $row['check'];
$tabel_id = $row['id'];
if ($tabel_content == $ja){
$stmt = $mysqli->prepare("UPDATE koppel SET check = ? WHERE id = ?");
$stmt->bind_param('si',
$nee,
$tabel_id);
$stmt->execute();
$stmt->close();
} elseif ($tabel_content == $nee){
$stmt = $mysqli->prepare("UPDATE koppel SET check = ? WHERE id = ?");
$stmt->bind_param('si',
$ja,
$tabel_id);
$stmt->execute();
$stmt->close();
} else {
$stmt = $mysqli->prepare("INSERT INTO koppel(userid,
msgid,check) VALUES (?, ?, ?)");
$stmt->bind_param('iis', $userid,
$msgid,
$check);
$stmt->execute();
$stmt->close();
}
What am I missing?
I don't see any error there, but make sure $mysqli is a valid mysqli connection to your database.
To debug your problem, try checking your server error logs (they will show the cause of your 500 error, and in which line) or try removing each part of your code until you understand exactly which line is failing.
You can also move all your "execute" and "close" calls to be below the if/elseif/else structure, as it always gets executed, to avoid repeating code.
Also "tabel" should be spelled "table".
I have a sql statement to update confirm code and code in the database. I'm using bind param to bind the variables. It worked fine for my select and insert sql statements. However, it keeps giving me this error:
Fatal error: Uncaught Error: Call to a member function bind_param() on boolean
when I tried to execute the update query. I tried to search on every forums possible but found no answers and I hope someone could maybe spot my mistake. I'm having issues with $query1. Both code and confirmcode are varchar and not integer.
$username = $_GET['username'];
$code = $_GET['code'];
$confirmcode = "1";
$updatecode ="0";
$query=$con->prepare("SELECT username, code FROM customer_detail WHERE username ='$username'");
$query->execute();
$query->bind_result($checkusername, $checkcode);
$query->fetch();
$query1=$con->prepare("UPDATE customer_detail SET code=?, confirmcode=? WHERE username = ?"); //error
$query1->bind_param('sss',$username, $updatecode, $confirmcode); //error
$query1->execute();
The problem is that MySQLi can't run multiple queries at once, because it uses ubuffered queries. You'll need to close the first statement before you can run another. Add the following line after $query->fetch();.
$query->close();
This being said, your first query isn't guarded against SQL injection, because you use the variable directly in the query. Adding proper placeholders for your query, the final code would look like this
$query = $con->prepare("SELECT username, code FROM customer_detail WHERE username =?");
$query->bind_param('s', $username);
$query->execute();
$query->bind_result($checkusername, $checkcode);
$query->fetch();
$query->close();
$query1 = $con->prepare("UPDATE customer_detail SET code=?, confirmcode=? WHERE username = ?");
$query1->bind_param('sss',$username, $updatecode, $confirmcode);
$query1->execute();
$query1->close();
Try below code. Basically, you need to bind the params in the same order in which the placeholders (?) appear in the sql.
$query=$con->prepare("SELECT username, code FROM customer_detail WHERE username = ?");
$query->bind_param('s', $username);
$query->execute();
$query->bind_result($checkusername, $checkcode);
$query->fetch();
$query1=$con->prepare("UPDATE customer_detail SET code=?, confirmcode=? WHERE username = ?");
$query1->bind_param('sss', $updatecode, $confirmcode, $username);
$query1->execute();
Have you tried tis?
$query1->bind_param('iis', $updatecode, $confirmcode, $username);
I have a really simple procedure I need to do, and no matter how much I debug or simplify, the record is not updating in the dbase. Assume everything is correct in terms of connection, etc. Pulling this from php and doing a MySQL call in PHPMyAdmin results in a correct record update on the table. I've tried using/not using quotes around adminId.
Any ideas?
$sampleString = "343r34c3cc43";
//Need to store the customer ID from sub system
$stmt2 = $mysqli->prepare("
UPDATE
admins
SET
chargebeeId = '?'
WHERE
adminId='22'
");
$stmt2->bind_param('s',
$mysqli->real_escape_string($sampleString)
);
$stmt2->execute();
For reference, adminId will be dynamic, with a bind_param 'i' in the application.
change this
chargebeeId = '?'
to
chargebeeId = ?
try this
$sampleString = "343r34c3cc43";
$sampleString = $mysqli->real_escape_string($sampleString) ;
$stmt2 = $mysqli->prepare("UPDATE admins
SET chargebeeId = ?
WHERE adminId='22' ");
$stmt2->bind_param('s', $sampleString);
$stmt2->execute();
I am trying to select from a mySQL table using prepared statements. The select critera is user form input, so I am binding this variable and using prepared statements. Below is the code:
$sql_query = "SELECT first_name_id from first_names WHERE first_name = ?";
$stmt = $_SESSION['mysqli']->prepare($sql_query);
$stmt->bind_param('s', $_SESSION['first_name']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == '1') {
$stmt->bind_result($_SESSION['first_name_id']);
$stmt->fetch();
} else {
$stmt->close();
$sql_query = "INSERT INTO first_names (first_name) VALUES (?)";
$stmt = $_SESSION['mysqli']->prepare($sql_query);
$stmt->bind_param('s', $_SESSION['first_name']);
$stmt->execute();
$_SESSION['first_name_id'] = $_SESSION['mysqli']->insert_id;
}
$stmt->close();
Obviously my code is just determining whether or not the first_name already exists in the first_names table. If it does, it returns the corresponding ID (first_name_id). Otherwise, the code inserts the new first_name into the first_names table and gets the insert_id.
The problem is when a user enters a name with an escape character ('Henry's). Not really likely with first names but certainly employers. When this occurs, the code does not execute (no select or insert activity in the log files). So it seems like mySQL is ignoring the code due to an escape character in the variable.
How can I fix this issue? Is my code above efficient and correct for the task?
Issue #2. The code then continues with another insert or update, as shown in the code below:
if (empty($_SESSION['personal_id'])) {
$sql_query = "INSERT INTO personal_info (first_name_id, start_timestamp) VALUES (?, NOW())";
} else {
$sql_query = "UPDATE personal_info SET first_name_id = ? WHERE personal_info = '$_SESSION[personal_id]'";
}
$stmt = $_SESSION['mysqli']->prepare($sql_query);
$stmt->bind_param('i', $_SESSION['first_name_id']);
$stmt->execute();
if (empty($_SESSION['personal_id'])) {
$_SESSION['personal_id'] = $_SESSION['mysqli']->insert_id;
}
$stmt->close();
The issue with the code above is that I cannot get it to work at all. I am not sure if there is some conflict with the first part of the script, but I have tried everything to get it to work. There are no PHP errors and there are no inserts or updates showing in the mySQL log files from this code. It appears that the bind_param line in the code may be where the script is dying...
Any help would be very much appreciated.
you should validate/escape user input before sending it to the db.
checkout this mysql-real-escape-string()