I am tying to update table status after success run the if condition and my condition is work well. I try to echo something inside if condition and its work. But update sql cannot function after I run through all the code. I have no idea where goes wrong of my code. I had try several time to echo different value inside if condition and there is no problem to print out all the things.
This is php code:
<?
require_once "lib/base.inc.php";
$arrResult = $oAdminEmail->getQueEmail();
for($i=0; $i<count($arrResult); $i++)
{
$email = $arrResult[$i]['contact_email'];
$name = $arrResult[$i]['contact_first']." ".$arrResult[$i]['contact_last'];
$message = $arrResult[$i]['message'];
$subject = $arrResult[$i]['subject'];
$sendMail = $eMailer->sendEDM($email,$name,$subject,$message);
$iId = $arrResult[$i]['id'];
if ($sendMail)
{
$update['status'] = 1;
$update_edm = $oAdminEmail->updateEmailStatus($update,$iId);
}
}
?>
This is sql statement :
function updateEmailStatus($record, $iId)
{
global $db;
$bResult = false;
if(empty($iId)) return $bResult;
$record['send_timestamp'] = date("Y-m-d H:i:s", time());
$sUpdRecordList = $db->cpsFldUpdtSQLSeg($record);
$stmt = "UPDATE "._CONST_TBL_EMAIL_OUTGOING." SET ".$sUpdRecordList." WHERE id =".$iId;
if(!$db->Execute($stmt)) return $bResult;
return true;
}
Just replace your sql statement. If you pass string value to sql and it must be put '' to cover your string value.
This is your sql statement :
$stmt = "UPDATE "._CONST_TBL_EMAIL_OUTGOING." SET ".$sUpdRecordList." WHERE id =".$iId;
Copy this code and replace to your sql :
$stmt = "UPDATE "._CONST_TBL_EMAIL_OUTGOING." SET ".$sUpdRecordList." WHERE id ='".$iId."'";
Related
I have a table with columns that allow null values and has a default null value. On update, if the field is empty (not data inserted) my script inserts 0 instead of null. I have gone through similar questions as mine and i have tried the advice given but am still not able to fix my issue. Here's my code
<?php
if (isset($_POST['submit'])) {
# process the form
$student_id = $_POST["student_id"];
$subject_id = $_POST['subject_id'];
if (is_null($_POST["test1"])){$test1 = null;} else {$test1 = $_POST["test1"];}
if (is_null($_POST["test2"])){$test2 = null;} else {$test2 = $_POST["test2"];}
if (is_null($_POST["test3"])){$test3 = null;} else {$test3 = $_POST["test3"];}
for($i=0; $i < count($student_id); $i++) {
$studentid = mysqli_real_escape_string($connection, $student_id[$i]);
$subjectid = mysqli_real_escape_string($connection, $subject_id);
$test_1 = mysqli_real_escape_string($connection, $test1[$i]);
$test_2 = mysqli_real_escape_string($connection, $test2[$i]);
$test_3 = mysqli_real_escape_string($connection, $test3[$i]);
$query = "UPDATE fullresult SET test1='{$test_1}', test2='{$test_2}', test3='{$test_3}' WHERE student_id={$studentid} AND subject_id={$subjectid}";
$result = mysqli_query($connection, $query);
}
}
?>
When i echo the query, this is what i see and am wondering why i still get 0 inserted
UPDATE fullresult SET test1=' 10', test2=' ', test3=' ' WHERE student_id=51 AND subject_id=2
is_null does not return true for an empty string. Try changing your if statements to something like this:
$test1 = trim($_POST["test1"])
if (!strlen($test1)) $test3 = null;
You could use
ctype_digit
to check if there are numeric characters in it.
The function
mysqli::real_escape_string -- mysqli_real_escape_string — Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
(Source: http://php.net/manual/en/mysqli.real-escape-string.php)
Since you want to have null inside the database you should rewrite the code
if (is_null($_POST["test1"])){$test1 = null;} else {$test1 = mysqli_real_escape_string($connection, $_POST["test1"]);}
to have the values escaped only if needed (which is in case you have a value in $_POST)
What about
if (isset($_POST['submit'])) {
# process the form
$student_id = $_POST["student_id"];
$subject_id = $_POST['subject_id'];
# only retrieve FILLED IN answers
$tests = array();
if(isset($_POST["test1"]) && strlen($_POST["test1"])) $tests['test1'] = $_POST["test1"];
if(isset($_POST["test2"]) && strlen($_POST["test2"])) $tests['test2'] = $_POST["test2"];
if(isset($_POST["test3"]) && strlen($_POST["test3"])) $tests['test3'] = $_POST["test3"];
if(!empty($tests)){ # if there were no answers, there's no point in updating the database
for($i=0; $i < count($student_id); $i++) {
$studentid = mysqli_real_escape_string($connection, $student_id[$i]);
$subjectid = mysqli_real_escape_string($connection, $subject_id);
# now let's build the "SET" part of the query
$set = array();
foreach($tests as $key => $value) $set[]=mysqli_real_escape_string($key)."='".mysqli_real_escape_string($value)."'";
$set = implode(', ',$set);
# ...and finally update
$query = "UPDATE fullresult SET {$set} WHERE student_id={$studentid} AND subject_id={$subjectid}";
$result = mysqli_query($connection, $query);
}
}
}
The point of this approach is that if you don't include a key=>value pair in your UPDATE query, it will be filled in with its default value.
You must set 'null' word, not null value.
if (is_null($_POST["test1"])){$test1 = 'null';} else {$test1 = $_POST["test1"];}
if (is_null($_POST["test2"])){$test2 = 'null';} else {$test2 = $_POST["test2"];}
if (is_null($_POST["test3"])){$test3 = 'null';} else {$test3 = $_POST["test3"];}
At the end of this code there is a INSERT INTO statement that doesn't do anything. My connection.php is OK because I have used the same file in other projects and they work.
I am actually inserting a lot more data, but I was trying to find the problem out so I've removed a lot of variable from the INSERT statement.
<?php
include("connection.php");
include("functions.php");
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES,false);
date_default_timezone_set('Asia/Dhaka');
$mobile = (string)$_GET["mobile_number"];
$promo = (string)$_GET["promo_code"];
$type = (string)$_GET["type"];
$type_no = (($type=="imei") ? (string)$_GET["imei"] : (string)$_GET["udid"]);
$ip = (string)$_SERVER['REMOTE_ADDR'];
$signup_date = date("Y-m-d");
$q1 = "SELECT * FROM vbClient WHERE clCustomerID = :mobile";
$chk_mob_switch = $dbh->prepare($q1);
$chk_mob_switch->bindParam(':mobile', $mobile);
$chk_mob_switch->execute();
if ($chk_mob_switch->rowCount() == 0) {
$q2 = "SELECT * FROM api_db WHERE type_no = :type_no";
$chk_imei_bknd = $dbh->prepare($q2);
$chk_imei_bknd->bindParam(':type_no', $type_no);
$chk_imei_bknd->execute();
if ($chk_imei_bknd->rowCount() == 0) {
$validation_code = (string)generateValidationCode(6);
$request_id = (string)generateRequestID(15);
$q3 = "INSERT INTO api_db (mobile) VALUES (:mobile)";
$ins_info_bknd = $dbh->prepare($q3);
$ins_info_bknd->bindParam(':mobile', $mobile);
$ins_info_bknd->execute();
}
To check for errors I am using a function like the following:
function chkSyntax($dbh, $stmt, $query) {
$stmt = $dbh->prepare($query);
if (!$stmt) {
echo "\nPDO::errorInfo():\n";
print_r($dbh->errorInfo());
}
}
And then I'm calling it like this:
chkSyntax($dbh, $chk_mob_switch, $q1);
What am I doing wrong?
So I have this piece of code that is not returning anything (the echo returns nothing and should be returning two rows):
<?php
include "connection.php";
$cliente = $_POST["cliente"];
$select = "SELECT CLIENTE, NOMCLI FROM CLIX1 WHERE NOMCLI LIKE ? ORDER BY NOMCLI";
$stmt = odbc_prepare($con, $select);
//preparing the array for parameter
$prep_array = array();
$prep_array[] = "'%$cliente%'";
$rs = odbc_execute($stmt, $prep_array);
$nombres = array();
$clienteIDS = array();
//if prepare statement is successful
if($rs)
{
$i = 0;
while($row=odbc_fetch_array($stmt))
{
$cliente_id = trim($row["CLIENTE"]);
$nombre = utf8_encode(trim($row["NOMCLI"]));
$nombres[$i] = $nombre;
$clienteIDS[$i] = $cliente_id;
$i++;
}
echo json_encode($nombres) . "|" . json_encode($clienteIDS);
}
else
{
echo "error";
}
odbc_close($con);
?>
I know the problem is not the parameter pass on the odbc_execute() because even if I do this, it doesn't return anything(with %mich% it should display two rows):
$rs = odbc_execute($stmt, array("%mich%"));
Do you see anything wrong in this code?
Please let me know and thanks in advance.
UPDATE ------
I made the changes on the code that were suggested on the answer below and I am getting a new error now:
Warning: odbc_execute(): Can't open file %mich%
Where mich is the text entered to search on the database.
I found the following that may relate: ODBC prepared statements in PHP
$prep_array = array();
$prep_array[] = "'%$cliente%'";
$rs = odbc_execute($stmt, $prep_array);
I think the Double Quotes might be causing an issue.
I called my update sql every time run the php file and it return true statement but record cannot update perfectly. I want to know that where my code goes wrong? Please help me and I will appreciate it. Thanks in advance.
This is my php code in event-listing.php:
$update_event_list = $event->updateeventlist($type = 1);
This is my sql statement in Event.inc.php :
function updateeventlist($type){
global $db;
$stmt = "SELECT * FROM "._CONST_TBL_EVENT." WHERE type = ".$type;
if($rs = $db->Execute($stmt)){
while($rsa = $rs->FetchRow())
{
if($rsa['start_date'] < strtotime("now")){
$updateEvent = "UPDATE "._CONST_TBL_EVENT." SET type = 2 WHERE id = ".$rsa['id'];
}
}
}
return true;
}
I have tried to echo out the statement and it return true statement that I want.
You need to add execute function after the update query.
$rs = $db->Execute($updateEvent);
Query execution missing after your update Query
function updateeventlist($type){
global $db;
$stmt = "SELECT * FROM "._CONST_TBL_EVENT." WHERE type = ".$type;
if($rs = $db->Execute($stmt)){
while($rsa = $rs->FetchRow())
{
if($rsa['start_date'] < strtotime("now")){
$updateEvent = "UPDATE "._CONST_TBL_EVENT." SET type = 2 WHERE id = ".$rsa['id'];
$db->Execute($updateEvent);
}
}
}
return true;
}
Below are some points that i observed in your code:-
You are not executing the update query. You are just making the query as string but not executing.
Even if you none of the records is updated or fetched you still get "true", because there is no condition to specify when to return false if it fails.
$stmt = "SELECT * FROM "._CONST_TBL_EVENT." WHERE type = ".$type;
if($rs = $db->Execute($stmt))
{
if( $rs has atleast one row rows )
{
while($rsa = $rs->FetchRow())
{
if($rsa['start_date'] < strtotime("now")){
$updateEvent = "UPDATE "._CONST_TBL_EVENT." SET type = 2 WHERE id = ".$rsa['id'];
$db->Execute($updateEvent); // this line was missing in you code
}
}
}
else
{
return false;
// $rsa has empty rows
}
}
else // execution of query fails for any reason
{
return false;
}
I am writing a script to access a specific detail about the user and I was hoping to make the database query be function.
function connectUser($ip) {
$q = "SELECT * FROM users where ID='$ID'";
$s = mysql_query($q);
$r = mysql_fetch_array($s);
}
But when I try and use it it will not access the row the way I want it to.
$user = '999';
connectUser($user)
echo $r['name'];
But if I put echo $r['name']; in the function it will work.
your function is not returning anything. add return $r['name'] at the end of function.
then echo connectUser($user);
thare are 2 major problems in your code
the function doesn't return anything and you don't assign it's result to a variable.
Your variables doesn't match. $ip doesn't seem the same variable with $ID
so, this one would work
function connectUser($id) {
$q = "SELECT * FROM users where ID=".intval($id);
$s = mysql_query($q);
return mysql_fetch_array($s);
}
$user = '999';
$r = connectUser($user)
echo $r['name'];
That's because the variable $r isn't being returned by the function, so it's never being set outside of the function. Here's what you should have:
function connectUser($ip) {
$q = "SELECT * FROM users where ID='$ip'";
$s = mysql_query($q);
return mysql_fetch_array($s);
}
And then outside have:
$user = '999';
$r = connectUser($user)
echo $r['name'];
You might also want to take a look at this question: prepared statements - are they necessary
This function is not working,
as you did not supplied the database connection into function,
and you did not return anything (PHP will return NULL)
Please understand what is variable scope first,
and the function
A workable example, can be like :-
function connectUser($db, $ip)
{
$q = "SELECT * FROM users where ID='$ID'"; // vulnerable for sql injection
$s = mysql_query($q, $db); // should have error checking
return mysql_fetch_array($s); // value to be returned
}
How to use :-
$db = mysql_connect(...);
$res = connectUser($db, "some value");