I am currently trying to run a query where the current value of a mysql table column increase itself by 1... Let me show this with mysql query example
$sql = mysql_query("UPDATE `table` SET quantity=quantity+1 WHERE id='$id'");
I am unable to do this in PDO prepared statement...
$sql = "UPDATE `table` SET quantity=:quants+1 WHERE id=:userid";
$sql_prep = $db->prepare($sql);
$sql_prep->bindParam(":quants", what will i write here??);
$sql_prep->bindParam(":userid", $id);
$sql_prep->execute();
Help needed..! Thanks
You don't need to pass that as a parameter, just do:
$sql = "UPDATE `table` SET quantity=quantity+1 WHERE id=:userid";
$sql_prep = $db->prepare($sql);
$sql_prep->bindParam(":userid", $id);
$sql_prep->execute();
You don't need the to protect quantity as you're just augmenting a value already in the db.
$sql = "UPDATE `table` SET quantity=quantity+1 WHERE id=:userid";
You can also drop the bind line for the :quants
$sql_prep = $db->prepare($sql);
// NOT NEEEDED --> $sql_prep->bindParam(":quants", what will i write here??);
$sql_prep->bindParam(":userid", $id);
$sql_prep->execute();
Prepared statements are for protecting data being inserted from the outside into your db via your query.
Related
This question already has answers here:
PDO multiple queries
(1 answer)
PDO Transaction statement with insert and fetch output error
(1 answer)
Closed 1 year ago.
$sql = "INSERT INTO book (bookname) values('kkkkkkkkk');
SET #bookid = LAST_INSERT_ID();
INSERT INTO paper (papername) values('hhhhhhh');
SET #paperid = LAST_INSERT_ID();
UPDATE author SET bookid = #bookid, paperid = #paperid WHERE id = 11;
SELECT #bookid as bookid, #paperid as paperid FROM DUAL;"
$stmt = $pdoConnect->prepare($sql);
$stmt->execute();
$numofnewParn =$stmt->rowCount();
if($numofnewParn>0){
$newParentDt = $stmt->fetch(PDO::FETCH_ASSOC);
print_r($newParentDt);
}
I have set of inserts with LAST_INSERT_ID assigned to respective parameters.
Later, updating a table with the parameters.
until $stmt->execute(); is not problem.
My question is can I continue the query by adding SELECT and fetch the data like $stmt->fetch(PDO::FETCH_ASSOC)?
or does it not make sense? if so, is there any source?
because above code does not print out.
You need to use PDOStatement::nextRowset see here to move onto the next queries result in your multi statement... however a cleaner setup would be to break this down into single statement queries and use PHP variables to save your bookid and paperid values:
<?php
$sql = "INSERT INTO book (bookname) values('kkkkkkkkk');"
$stmt = $pdoConnect->prepare($sql);
$stmt->execute();
$bookid = $pdoConnect->lastInsertId();
$sql = "INSERT INTO paper (papername) values('hhhhhhh');"
$stmt = $pdoConnect->prepare($sql);
$stmt->execute();
$paperID = $pdoConnect->lastInsertId();
$sql = "UPDATE author SET bookid = $bookid, paperid = $paperid WHERE id = 11;"
$stmt = $pdoConnect->prepare($sql);
$stmt->execute();
When I'm using mysqli_query, website after submitting the form reloads with visible change, but if I use mysqli_multi_query to change more than one table, page display "No result" (or whatever I have set to display if there's no result), but if I then reload website manually, everything has been changed, which means the records are updated in the database. I need to change the page and get back again or refresh to see the result.
For example:
$query = "UPDATE tools SET quantity=quantity+$quantity WHERE id = $tools;";
$query .= "UPDATE tools SET quantity=quantity-$quantity_edit WHERE id = $tools;";
$query .= "UPDATE rent SET quantity=$quantity_edit WHERE id=$rent_id;";
mysqli_multi_query($db, $query);
If I submit the form with this code, the result will be "No result", but If I reload the page, I will see result e.g. changed value. But if I do this:
$query = "UPDATE tools SET quantity=quantity+$quantity WHERE id = $tools;";
$query2 = "UPDATE tools SET quantity=quantity-$quantity_edit WHERE id = $tools;";
$query3 = "UPDATE rent SET quantity=$quantity_edit WHERE id=$rent_id;";
mysqli_multi_query($db, $query);
mysqli_multi_query($db, $query2);
mysqli_multi_query($db, $query3);
It will work as I expect it, after submitting the form, page will show result.
Don't use mysqli_multi_query(). It is a special function, which has a very narrow use case that doesn't apply in your case.
You must use prepared statements instead.
You have 3 separate queries, so you need to prepare and execute 3 statements. This is the correct way to execute your SQL statements:
$stmt = $db->prepare('UPDATE tools SET quantity=quantity + ? WHERE id = ?');
$stmt->bind_param('ss', $quantity, $tools);
$stmt->execute();
$stmt = $db->prepare('UPDATE tools SET quantity=quantity - ? WHERE id = ?');
$stmt->bind_param('ss', $quantity_edit, $tools);
$stmt->execute();
$stmt = $db->prepare('UPDATE rent SET quantity = ? WHERE id = ?');
$stmt->bind_param('ss', $quantity_edit, $rent_id);
$stmt->execute();
$query = "UPDATE INTO Sanctions SET (idNumber, lastName,firstName, section,sanction,expireDate) VALUES('$idNumber','$lastName', '$firstName','$section','$sanction', '$dueDate') WHERE id= '$id'";
Wrong
$query = "UPDATE INTO Sanctions
SET (idNumber, lastName,firstName, section,sanction,expireDate)
VALUES('$idNumber','$lastName', '$firstName','$section','$sanction', '$dueDate')
WHERE id= '$id'";
Correct way:
$query = "UPDATE Sanctions
SET idNumber = '{$idNumber}',
lastName = '{$lastName}', ....
WHERE id = '{$id}'";
The INTO command is not valid for UPDATE query. You need to assign the table equals to (=) values for every column you want to edit.
Notes:
These query are not well secured, please use prepared statement insted. :)
I am writing php to update a user's balance, but my UPDATE query seems to be throwing an error when it is executed.
$student = $database->quote($_POST ["studentID"]);
$amount = $database->quote($_POST ["update_balance"]);
//sets query to update user balance
$query = "UPDATE `User` SET `balance`= (`.$amount.`) WHERE `userID`= (`.$student.`)";
//excecutes the query
$database->exec($query);
The 'studentID' and 'update_balance' are names of input fields being captured in the HTML.
remove (`. things . and run sql query
$query = "UPDATE `User` SET `balance`= '$amount' WHERE `userID`= '$student'";
You should use prepared statements as it's considered much safer than any string escaping mechanism:
$statement = $somePdoInstance->prepare("UPDATE user SET balance = :balance WHERE userId = :user_id");
$statement->execute(array(
"balance" => $amount, // the values from POST
"user_id" => $student
));
Now your update query should work fine and it's much safer.
i have to get data from one table from my database, BUT after getting the data, i have to access another table to get more data using the id found in the first query.
Here is my code:
$query = "SELECT id,name,datetime FROM table1 WHERE id=?";
if($stmt=mysqli_prepare($mysqli,$query)){
mysqli_stmt_bind_param($stmt,"i",$_SESSION['id']);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt,$id,$name,$datetime);
while(mysqli_stmt_fetch($stmt)){
$query2 = "SELECT id FROM table2 WHERE id=?";
if($stmt2=mysqli_prepare($mysqli,$query2)){
mysqli_stmt_bind_param($stmt2,"s",$id2);
mysqli_stmt_execute($stmt2);
mysqli_stmt_store_result($stmt2);
$num = mysqli_stmt_num_rows($stmt2);
}
The code does not work, i know i can't do that. I'm new with mysqli, in MySQL it works, but in MySQLi don't.