I have the script that will write info to the database, but how can I have it print the variable "time" from the database after it updated the same query based on the email entered to write to database? This is for use with JSON.
<?php
if(!empty($_POST))
{
$dbhost = 'localhost';
$dbuser = 'casaange_testapp';
$dbpass = 'testapp1';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('casaange_volunteertest');
$email= $_POST['email'];
$time= $_POST['time'];
$sql = "UPDATE users SET time= '$time' WHERE email = '$email'";
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
if($retval){
$response["success"] = 1;
$response["message"] = "Update successful!";
die(json_encode($response));
}
//echo '{"success":1, "message":"Time added!"}';
mysql_close($conn);
}
else
{
?>
<form method="post" action="timeinsert.php">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Email:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td width="100">Time:</td>
<td><input name="time" type="text" id="time"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
I think what you want to know is whether the UPDATE query actually changed the value in the database?
You can use mysql_affected_rows() see how many rows changed as a result of your query - in your case it will be either 1 or 0.
If you need to return the time that you just put into the database, you can query the value that actually went into the database by selecting it back out with the email address as the key.
A few general observations about your code, if I may:
You must escape that POST data before putting it into an SQL query
like that. At best it'll be a source of bugs, worst a massive
security hole.
If you're writing new code, as you appear to be here, you should
consider using the newer MySQLi or PDO_MySQL extensions instead of
the old MySQL calls.
You can use json_encode to turn an associative PHP array into a JSON
object, instead of building a JSON string yourself.
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I wrote a code with a form:
<form method="post">
<table>
<tr>
<td style="text-align:right">Artista:</td>
<td><input type="text" name="artist" /></td>
</tr>
<tr>
<td style="text-align:right">Titulo:</td>
<td><input type="text" name="title" /></td>
</tr>
<tr>
<td style="text-align:right">Capa (link):</td>
<td><input type="text" name="cover" /></td>
</tr>
<tr>
<td colspan="2">
<center>
<input type="submit" style="margin-top:20px" />
</center>
</td>
</tr>
</table>
</form>
Then I wrote some php to get the info on form and put it on a mySQL database.
if (isset($_POST['submit'])){
$dbhost = 'HOST';
$dbuser = 'USER';
$dbpass = 'PASS';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
$artist = strtoupper($_POST[artist]);
$title = strtoupper($_POST[title]);
$cover = $_POST[cover];
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = "INSERT INTO 'MusicList'('artist', 'title', 'cover', 'votes') VALUES ('".$artist."', '".$title."', '".$cover."', 0)";
mysql_select_db('DATABASE_NAME');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "<center><h1>Success!</h1></center>";
mysql_close($conn);
}
However it seems something has gone wrong because it doesn't write anything on SQL. Can you tell me what did I wrote wrong?
Change the single quotes around MusicList to be backticks, and get rid of the single quotes around the column names like this:
$sql = "INSERT INTO `MusicList`(artist, title, cover, votes) VALUES ('".$artist."', '".$title."', '".$cover."', 0)";
SQL isn't expecting quotes here.
Also as Fred pointed out, you need to name your submit button, or else the if statement will always be false.
So something like:
<input type="submit" name="submit_button" style="margin-top:20px" />
and change the if statement to:
if (isset($_POST['submit_button'])){
I have a simple MYSQL DB where field_3 is a varchar Key value. I am trying to update database posting to two TIME fields called start and end.
However I keep getting this error
Notice: Undefined variable: empd_end in C:\xampp\htdocs\b1\update.php on line 25
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':12:00, end = WHERE field_3 = Berkay_Sebat#yahoo.com' at line 1
<html>
<head>
<title>Update a Record in MySQL Database</title>
</head>
<body>
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'root';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$emp_id = $_POST['emp_id'];
$emp_salary = $_POST['emp_salary'];
$emp_end= $_POST['emp_end'];
$sql = "UPDATE usezas ".
"SET start = $emp_salary, end = $empd_end".
"WHERE field_3 = $emp_id" ;
mysql_select_db('db1');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">EMAIL</td>
<td><input name="emp_id" type="text" id="emp_id"></td>
</tr>
<tr>
<td width="100">Start TIME</td>
<td><input name="emp_salary" type="text" id="emp_salary"></td>
</tr>
<tr>
<td width="100">END TIME</td>
<td><input name="emp_end" type="text" id="emp_end"></td>
</tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
You are missing a space after the value of end also, you will need to wrap your variables with a quotes like the query below.
$sql = "UPDATE usezas ".
"SET start = '$emp_salary', end = '$empd_end' ".
"WHERE field_3 = $emp_id" ;
However, your code is vulnerable to SQL injections. You sure prepare your query and should be using either PDO or MySQLi extensions not the old mysql_query extension.
you need to put your php vals to ''
$sql = "UPDATE usezas ".
"SET start = '$emp_salary', end = '$empd_end'".
" WHERE field_3 = '$emp_id'" ;
I am a PHP/MySQL Greenback here, and I have run into an issue with a simple form I am trying to feed into a MySQL database via PHP, that keeps feeding blank entries.
The form is live, connecting and feeding to the DB, however whenever I submit an entry, my confirmation echo's back that it Connected successfullyINSERT INTO db_name.events (eventname, eventprice, eventabout) VALUES ('', '', '') Works! even though the values were populated in the HTML form. Then when I log in and check the MySQL Database through PHPmyadmin I can see that it indeed created a new row in the table, but it is blank.
I have spent hours combing the syntax line by line and can't seem to find anything out of place and I have now added a bunch of troubleshooting steps in to try and solve it.
Any help is greatly appreciated!
The HTML form is as follows:
<form method="post" action="eventtestconnect.php"><table style="border: 0; margin-left: auto; margin-right:auto;text-align: left">
<tr>
<td>Event Name:</td>
<td><input name="name"></td>
</tr>
<tr>
<td>Event Price:</td>
<td><input name="price"></td>
</tr>
<tr>
<td>Event Description:</td>
<td><textarea name="description" cols="40" rows="5">
</textarea></td>
</tr>
</table>
<br><br>
<input type="submit" value="Submit">
</form>
And the PHP file that connects to this form is:
<?php
// connect to database
$dbhost = '111.111.11.111';
$dbuser = 'db_name';
$dbpass = 'pwpwpw';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
//select database
mysql_select_db("db_name", $conn);
if ($_POST)
{
// scrub inputs
$name = mysql_real_escape_string($conn, $_POST['name']);
$price = mysql_real_escape_string($conn, $_POST['price']);
$description = mysql_real_escape_string($conn, $_POST['description']);
// prepare query
$sql = "INSERT INTO db_name.events (eventname, eventprice, eventabout)
VALUES ('$name', '$price', '$description')";
// execute query
mysql_query($sql);
// close connection
mysql_close($conn);
echo $sql;
}
?>
Thanks in advance for any help, I have been browsing these forums grabbing help and tips. Seems like a great community!
You passing in the arguments to mysql_real_escape_string in the wrong order. It should be:
$name = mysql_real_escape_string($_POST['name'], $conn);
I am trying to make a simple form that checks based on the correct email. If the email is correct, it then updates the database with the new time. When I run it, I get a format error.. I am not an expert with PHP, so I may have missed something here...
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'user1';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$email= $_POST['email'];
$time= $_POST['time'];
$sql = "UPDATE users".
"SET time= $time".
"WHERE email = $email" ;
mysql_select_db('dbname');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Email:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td width="100">Time:</td>
<td><input name="time" type="text" id="time"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Your query has the wrong quotes.
<?php
if(isset($_POST['update']))
{
$dbhost = 'localhost';
$dbuser = 'user1';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('dbname');
$email= $_POST['email'];
$time= $_POST['time'];
$sql = "UPDATE users SET time= '$time' WHERE email = '$email'";
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Email:</td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td width="100">Time:</td>
<td><input name="time" type="text" id="time"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)
Footnotes:
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
Quick note(s)
You could shorten your code by doing the following all in one go:
$dbhost = 'localhost';
$dbuser = 'user1';
$dbpass = 'password';
$db = 'dbname';
$conn = mysql_connect($dbhost, $dbuser, $dbpass, $db);
so you won't have to use mysql_select_db('dbname'); but that's purely opinion-based/preference and will save you a few keystrokes at the same time.
Changing:
$email= $_POST['email'];
$time= $_POST['time'];
to:
$email= mysql_real_escape_string($_POST['email']);
$time= mysql_real_escape_string($_POST['time']);
will help add a bit of security until you get into prepared statements or PDO.
you don't have spaces in your sql script.
change $sql to:
$sql = "UPDATE users ".
"SET time= '$time' ".
"WHERE email = '$email'" ;
although this will work just fine:
$sql = "UPDATE users SET time= '$time' WHERE email = '$email'" ;
keep in mind, your page is vulnerable to sql injection because you have not escaped time and email.
I am trying to build a page that will allow the user to enter an employee number via a form and when they hit the "delete" button it will remove the corresponding record. The database is named "Crosshill", the Table is called "Employees" and the field I want to use is "employeeid".
It seems to connect fine to the DB, but the code below doesn't work. When you hit the "Delete" button it returns an error of:
Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE employeeid =' at line 1
Blockquote
<html>
<head>
<title>Delete an Employee</title>
</head>
<body>
<h3>Enter the Employee Number below to delete a record</h3>
<?php
if(isset($_POST['delete']))
{
$dbhost = '####';
$dbuser = '####';
$dbpass = '####';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$employeeid = $_POST['employeeid'];
$sql = "DELETE Employees ".
"WHERE employeeid = $employeeid" ;
mysql_select_db('Crosshill');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Employee ID</td>
<td><input name="employeeid" type="number" id="employeeid"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="delete" type="submit" id="delete" value="Delete">
</td>
</tr>
</table>
</form>
<?php
}
?>
</html>
It's DELETE FROM <table> WHERE <condition>, the FROM is missing in your query.
You are missing "from" after delete..
It should be as DELETE from Employees WHERE condition.
To avoid such situations always do one thing, just echo the sql query and using "exit" after the same to terminate the further execution of the program.
Copy the query from browser and run the same in phpmyadmin or whatever other tool you use..
That practice will help you to find out the root cause of the problem..