Okay so this problem is really boggeling my mind... I have a MYSQL query I want to make so that my php program can access and update the database with lat and long coordinates of a user and im getting issues...
This is non working code:
$currUsername = strtolower($_SESSION['username']);
$sql= "UPDATE users SET pos_Lat=$latitude, pos_Long=$longitude WHERE username=$currUsername";
$result = mysql_query($sql, $link);
The working code
$currUsername = "email_that_is_returned"
$sql= "UPDATE users SET pos_Lat=$latitude, pos_Long=$longitude WHERE username=$currUsername";
$result = mysql_query($sql, $link);
Is this because session returns data that is not able to be placed inside a query?
Check whether the session was started or not. if not started then add the following code to your page and then check its working or not.. i thing your session does not return any value.. so start session by using the code session_start();
session_start();
$currUsername = strtolower($_SESSION['username']);
$sql= "UPDATE users SET pos_Lat=$latitude, pos_Long=$longitude WHERE username=$currUsername";
$result = mysql_query($sql, $link);
You can check what type of data it is returning.
print $_SESSION['username'].
Also there is a chance to break the SQL query if the $_SESSION['username'] returns data with spaces. Make sure the SQL query not failing even if the $_SESSION['username'] contains spaces and singlequotes etc..
Related
I am writing a php script to edit the values in my database and I have the following line:
mysqli_query($con, "UPDATE Child
SET current_points = ('$points' - '$point_value')
WHERE Reward.child_username = '$username'
AND Reward.reward_name = '$reward'");
This doesn't throw any errors but is not updating the database. username, points, point_value and reward are all read in variables. Could someone please tell me where I am going wrong?
Have the following code that's executed when a script is ran. (I've just changed the login for display purposes).
<?php
$conn = mysql_connect("localhost", "root", "pw123");
mysql_select_db("test_db", $conn);
$sql = "INSERT INTO test_table (fname)
VALUES ('$fname')";
mysql_query($sql);
mysql_close($conn);
?>
I've edited the code down slightly so it doesn't show every value I'm trying to enter, but essentially, everything is entering as a blank value, or in the case of numerical inputs is defaulting to 0. I can't seem to figure out why this is. The variables are definitely not blank before hand as I've got them out putting on the web page to test as such.
For reference I assign $fname a value when the input box is changed using :
fname = $("#fname").val();
(Posted on behalf of OP):
Solved this myself anyway, instead of executing the MySQL statements in the initial page that user enters data, I moved it to the secondary web page, which opens once a user has submitted their information.
$fname is empty in your script and you need declarate the variable before:
$fname = 'David';
$sql = "INSERT INTO test_table (fname) VALUES ('$fname')";
:)
So what I am trying to do is a very basic and straight way of inserting a record into mysql db.
It is just something I have done few times before, however for some reason it is not working with me this time.
So in the following couple of lines of code I will show my code, which basically do the following
1- Check if the user exists in the DB (An existing user is a user with the same email)
2- If the user exists in the DB then it sends an http response with a status code of 409 which means duplication.
(Anyway note that this works perfectly, which implies the connection was made successfully to the DB, and it was able to retrieve any exact user, if any)
3- If the user does not exist it should be inserted in the DB (Here is the problem)
My Code
//Checking if the user exist
$result = mysql_query("SELECT * FROM $table_name WHERE email='".$post_email."'",$con) or die ('Error: '.mysql_error ());
$num_rows = mysql_num_rows($result);
if($num_rows > 0){
// Close Connection
mysql_close($con);
echo "409";
}
else{
mysql_query("INSERT INTO samam_users (username,password,email) VALUES ('ALI','AHMED','amsh-1992#hotmail.com')",$con);
// Select the record
$user_id = mysql_insert_id();
$result = mysql_query("SELECT * FROM $table_name WHERE email='".$post_email."'",$con) or die ('Error: '.mysql_error ());
// Close Connection
mysql_close($con);
echo "200 " . $result['username'];
}
I googled the possible solutions for this issue, however all similar issues I went through were because of syntax errors.
Any suggestions? Thanks in advance :)
What is the exact error message you are getting? Copy/paste that here, please.
Also, the only odd thing I see is that you are doing the SELECT commands with a variable $table_name, and in the INSERT command you are hard-coding a table name..? Maybe that's it?
INSERT INTO samam_users ...
just put the same table name variable there?
INSERT INTO $table_name ...
Let me know if this helps. :)
$sql = "INSERT INTO samam_users (username,password,email) VALUES ('ALI','AHMED','amsh-1992#hotmail.com')";
if(!mysql_query($sql,$con)) {
die(mysql_error());
}else {
echo 'inserted succesfully';
}
mysql_error() will give you information about why your query isn't working - allowing you to debug it.
Also don't use mysql_*, it's going to be deprecated and there are much better more secure options like MySQLi or preferably PDO
I think you have to put all the values in INSERT command in double quotes instead of single quote
I have been programming for a while but pretty new to PHP. I am have run into a problem. My site has a login/register screen and once logged into the account, I am trying to echo information from the users database entry. For example if I want to display the content "Balance" I have been trying the following code:
<?php
$data = mysql_query("SELECT * FROM users WHERE username=username") or die(mysql_error());
while($info = mysql_fetch_array( $data ))
{
Print $info['balance'];
}
?>
The idea is that the script will query the database using the username stored in the session then goto the named field.
When there is only one registered user, it appears to work, however; once multiple users enroll, it echoes the value from ALL users (ex. $7.50$10.12).
Thanks for your help in resolving this issue!
Currently you are not comparing the username to a variable, but you are comparing it to itself, which means it will always be true.
<?
$username = $_SESSION['username'];//or other methods like $_POST['username'] or $_GET['username'], depending on how you intend to get the username;
$data = mysql_query("SELECT * FROM users WHERE username='$username'") or die(mysql_error());
while($info = mysql_fetch_array( $data ))
{ Print $info['balance']; }
?>
You neet to make sure the $username is escaped (if comes from user input) as well as start using mysqli or pdo instead of mysql.
And, of course, I'm assuming you are using session_start() somewhere and actually assigning the username to the session.
Hope this helps!
I need to match up a users name with a value inside a database, so I want to insert the users name that is saved in a cookie. The function is pretty simple. The cookie is stored correctly and I can echo it. My insert script also works cause I can insert other things. But for some reason I cannot insert a cookies value.
This is pretty much what I'm trying to do:
$username = $_COOKIE['username'];
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
or die('error');
$query1 = "INSERT INTO Gallery (username) VALUES('$username')";
$data1 = mysqli_query ($dbc, $query1) or die('error1');
mysqli_close($dbc);
Is there something I'm missing? I tried using sessions, but no luck.
I also made the cookie accessible throughout the whole domain.
There are (at least) two problems here.
You copy the value of the cookie to a variable called $user but use a variable called $username to try to insert data into the database
You don't perform any kind of sanity check on the cookie data (which is data provided by the browser and thus tainted) before using in an SQL query. This is an invitation to Little Bobby Tables.
Possibly try changing your query to this...
$query1 = "INSERT INTO Gallery (username) VALUES(" . mysql_escape_string($_COOKIE['username']) . ")";