I have been tasked to regenerate every class code, but there are over 4,000 and I'd rather not do that manually. I decided to make a test database with the same structure just to mess with it before I actually began messing with the live server.
I am having an issue trying to run the same query multiple times. I'd like to run it multiple times because I have a randomly generated string (that is also being generated every time this runs) that needs to replace other strings.
Any help, guys?
for ($i = 0; $i < 8; $i++) {
$password = str_rand();
$sql = "UPDATE test "
. "SET classCode = '$password'".
. "WHERE id = '$i'";
}
mysql_select_db('workshe3_worksheetwonder');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "All codes regenerated successfully.";
mysql_close($conn);
}
Your code should look like this
mysql_select_db('workshe3_worksheetwonder');
for ($i = 0; $i < 8; $i++) {
$password = str_rand();
$sql = "
UPDATE test
SET classCode = '$password'
WHERE id = '$i'";
$retval = mysql_query($sql, $conn) or die('Could not update data: ' . mysql_error());
}
echo "All codes regenerated successfully.";
mysql_query() is the function that needs to go in the loop, as it's the thing that's actually doing the updating. Your $sql is just a string with the command in it. If you don't run the mysql_query() in your loop then your string just gets overwritten without being used.
mysql_ functions are deprecated, meaning you shouldn't really use them for new code. There are some examples of alternative protocols if you follow that link.
Related
I am trying to figure out will MySQL be enough for my use case. I tried inserting 100 000 rows into my local mysql server, which went fine. I saw that DB started to get populated with the data.
Then I run same insert script agains the Google Cloud SQL. Everything seemed also fine, but for some reason DB stopped inserting entries after the 67667 entry even though the response from the DB was that the insertion was successful.
Does MySQL has some kind of limitation, or what may cause this kind of behavior?
My test script:
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$conn->select_db($database);
$insertData = '';
for ($i = 0; $i < 100000; $i++) {
$insertData .= "INSERT INTO table (isin) VALUES ('".uniqid()."');";
}
if ($conn->multi_query($insertData) === true) {
echo "New records created successfully";
} else {
echo "Error: <br>" . $conn->error;
}
$conn->close();
My test table has only two columns, id and the isin number.
Try using mysql Batch insert for e.g.
INSERT INTO tbl_name (a,b,c) VALUES(1,2,3),(4,5,6),(7,8,9);
Build this part i.e. (1,2,3),(4,5,6),(7,8,9) in your loop and then use only one INSERT query
Try this way :
$val = "";
for ($i = 0; $i < 100000; $i++) {
$val .= "('".uniqid()."'),";
}
$val = rtrim($val,",");
$insertData = "INSERT INTO table (isin) values $val";
$conn->query($insertData);
I'm attempting to run a while statement that will set a column in a mysql database, based on a uniqueID.
I've done this many times, and I'm not sure what I am doing wrong this time.
Basically, it works properly until I actually tell it to save the table. Here is my code
$alertAdmin = mysqli_query($con, "SELECT * FROM tickets WHERE notified='0'");
$tcheckNotifs = mysqli_num_rows($alertAdmin);
if($tcheckNotifs > 0) {
echo "test<br><br>";
while($row = mysqli_fetch_array($alertAdmin))
{
$Unique = $row['UniqueID'];
echo $Unique.' ';
$sql = "UPDATE tickets SET `notified`='1' WHERE `UniqueID`='$Unique'";
//mysqli_query($con, $sql);
}
}
And this works for echoing the UniqueID, and it echos the correct one. The problem comes in when I uncomment the mysqli_query($con, $sql);
in which case, nothing inside the loop is echo'd, but it DOES save the database.
For example:
Lets say this while statement loops through and finds 3 iterations of rows that have notified equal to 0 (UniqueID's 29, 26, 25), while the mysqli_query is commented, it will display these numbers on the page just fine. But as soon as I uncomment it, the database will save but it does not display any of the rest of the while loop on the page.
I need this desperately, because I plan to send a desktop notification at the same time the loop is played.
FOLLOW UP:
It also does not display the echo "test<br><br>"; on the page when the query is uncommented either.
Another follow up:
The query is saving all the data like its meant to. The problem is nothing else inside the tcheckNotifs IF statement are showing (echo's and such), like they aren't being executed. Almost like the end of the while statement is executing before anything else, including the "test" echo before the while statement.
Could anyone help me figure out why this isn't working as expected?
Here is all of my current code, with some suggestions from you guys added in, but still not working properly.
The while statement will save the query, but no other output is shown on the page.
$configs = include("config.php");
$con = mysqli_connect($configs['SQL-Host'], $configs['SQL-User'], $configs['SQL-Pass'], $configs['SQL-Database']) or die("Error " . mysqli_error($con));
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$alertAdmin = mysqli_query($con, "SELECT * FROM tickets WHERE notified='0'");
$tcheckNotifs = mysqli_num_rows($alertAdmin);
if($tcheckNotifs > 0) {
echo "test<br><br>";
flush(); ob_flush();
while($row = mysqli_fetch_array($alertAdmin))
{
$Unique = $row['UniqueID'];
echo $Unique.' ';
updateTickets($con, $Unique);
}
echo "test<br><br>";
}
function updateTickets($con, $id){
$sql = "UPDATE tickets SET notified=1 WHERE UniqueID=$id";
mysqli_query($con, $sql);
}
FINAL UPDATE
With the help of Alex Andrei as well, we moved to PDO
$dsn = 'mysql:dbname=domains;host=localhost';
$user = 'root';
$password = '';
try {
$db = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
$st = $db->prepare('SELECT UniqueID FROM tickets WHERE notified=0');
$st->execute();
$result = $st->fetchAll(PDO::FETCH_ASSOC);
foreach($result as $d){
echo $d['UniqueID'] . "<br/>";
$id = $d['UniqueID'];
$st = $db->prepare("UPDATE tickets SET notified=1 WHERE UniqueID=$id");
$st->execute();
}
SECOND UPDATE
Try putting your query in a variable and run the loop like this...
while($row = mysqli_fetch_array($alertAdmin))
{
$Unique = $row['UniqueID'];
echo $Unique.' ';
$sql = "UPDATE tickets SET notified=1 WHERE UniqueID=$Unique";
$update = mysqli_query($con, $sql);
}
UPDATE
There is a chance the query runs first like you said. Maybe you can create an independent function to run the query and call the function from inside the while loop.
function updateTickets($con, $id){
$sql = "UPDATE tickets SET notified=1 WHERE UniqueID=$id";
mysqli_query($con, $sql);
}
And your loop would look like this...
while($row = mysqli_fetch_array($alertAdmin))
{
$Unique = $row['UniqueID'];
echo $Unique.' ';
updateTickets($con, $Unique);
}
ORIGINAL ANSWER
I would modify your query like this...
$sql = "UPDATE tickets SET notified=1 WHERE UniqueID=$Unique";
You do not need all the back ticks nor single quotes here. Might be causing an issue.
Also, I assume 1 is an integer so no need to quote that.
The Fix: PDO OF COURSE!
$configs = include("config.php");
$dsn = 'mysql:dbname='.$configs['SQL-Database'].';host='.$configs['SQL-Host'].'';
$user = $configs['SQL-User'];
$password = $configs['SQL-Pass'];
try {
$db = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
$st = $db->prepare('SELECT UniqueID FROM tickets WHERE notified=0');
$st->execute();
$result = $st->fetchAll(PDO::FETCH_ASSOC);
foreach($result as $d){
echo $d['UniqueID'] . "<br/>";
$id = $d['UniqueID'];
$st = $db->prepare("UPDATE tickets SET notified=1 WHERE UniqueID=$id");
$st->execute();
}
$sql = "UPDATE tickets SET notified='1' WHERE UniqueID='$Unique'";
The error I think it's here. You can't use $Unique between single quotes (although you already are between double quotes).
Try to fixing this replacing the line with:
$sql = "UPDATE tickets SET `notified`='1' WHERE `UniqueID`=$Unique";
Firstly in your query you are passing a string in: ...WHERE "UniqueID"="$Unique" because of the quotes around your php variable. So your query looks like this: WHERE UniqueID = "10". Not a big deal but generally if your looking up a number your should drop the quotes.
And i suspect something is causing your query in the loop to fail, so add something to check for errors:
if(!$queryResult){
echo $con->error;
}
Run the loop and see if something is causing errors in your query. But really you should get rid of most of the backticks you have in your queries.
I'm having to convert my inspection app to MySQLi but have been having many issues doing so since Amazon EC2 updated their MySQL
With not knowing much about php/mysql to begin with, I'm at a loss. Most of my searches have been way beyond what I understand.
This is what the file used to look like.
<?php
include("connect.php"); // Connect to RDS
$query="SELECT id, username, oldurl, homedata, clientemail, general_info, company_name, company_hours, company_phone, company_support_email, beyondscope FROM inspector WHERE username='{$_SESSION['username']}' ";
$result=mysql_query($query);
$num = mysql_num_rows ($result);
$username = mysql_result($result,$i,"username");
$oldurl = mysql_result($result,$i,"oldurl");
$homedata = mysql_result($result,$i,"homedata");
$clientemail = mysql_result($result,$i,"clientemail");
$general_info = mysql_result($result,$i,"general_info");
$company_name = mysql_result($result,$i,"company_name");
$company_hours = mysql_result($result,$i,"company_hours");
$company_phone = mysql_result($result,$i,"company_phone");
$company_support_email = mysql_result($result,$i,"company_support_email");
$beyondscope = mysql_result($result,$i,"beyondscope");
mysql_close();
?>
This is what I have so far. One error I'm getting line 17 has unexpected ',' (comma), even that every line has the same setup.
Thanks in advance for any help with this.
<?php
include("connect.php"); // Connect to RDS
$query="SELECT id, username, oldurl, homedata, clientemail, general_info, company_name, company_hours, company_phone, company_support_email, beyondscope FROM inspector WHERE username='{$_SESSION['username']}' ";
$result=mysqli_query($GLOBALS["___mysqli_ston"], $query);
$num = mysqli_num_rows($result);
$username = mysqli_fetch_array($result,$i,"username");
$oldurl = mysqli_fetch_array($result,$i,"oldurl");
$homedata = mysqli_fetch_array($result,$i,"homedata");
$clientemail = mysqli_fetch_array($result,$i,"clientemail");
$general_info = mysqli_fetch_array($result,$i,"general_info");
$company_name = mysqli_fetch_array($result,$i,"company_name");
$company_hours = mysqli_fetch_array($result,$i,"company_hours");
$company_phone = mysqli_fetch_array($result,$i,"company_phone");
$company_support_email = ($result,$i, "company_support_email");
$beyondscope = mysqli_fetch_array($result,$i,"beyondscope");
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
?>
UPDATE: To add connect.php
<?php
$hostname='.rds.amazonaws.com';
$user='username';
$pass='password';
$dbase='dbasename';
$connection = ($GLOBALS["___mysqli_ston"] = mysqli_connect("$hostname" , "$user" , "$pass"))
or die ("Can't connect to MySQL");
$db = ((bool)mysqli_query( $connection, "USE " . $dbase)) or die ("Can't select database.");
?>
I've taken the liberty of rebuilding a bit on how you fetch your values, this should be a bit more easier to read and (in my opinion) a better structure. Also, you can specify the database in your connection, like this (just makes for easier reading, up to you really).
$connection = mysqli_connect($hostname, $user, $pass, $dbase);
if (!$connection) {
echo "An error occurred connecting to the database.";
exit;
}
Below is how your query could look. This will loop through all the results, and put them into the variables, only if we actually have a result.
<?php
include "connect.php"; // Connect to RDS
$query = "SELECT id, username, oldurl, homedata, clientemail, general_info, company_name, company_hours, company_phone, company_support_email, beyondscope FROM inspector WHERE username='{$_SESSION['username']}' ";
if (!$result = mysqli_query($connection, $query)) {
// An error occured, do something
// This means no results could be fetched
}
$num = mysqli_num_rows($result);
if (!$result) { // This means that we only fetch if we have a result
while($row = mysqli_fetch_assoc($result)) {
// Fetching all the rows
$username = $row['username'];
$oldurl = $row['oldurl'];
$homedata = $row['homedata '];
$clientemail = $row['clientemail'];
$general_info = $row['general_info'];
$company_name = $row['company_name'];
$company_hours = $row['company_hours'];
$company_phone = $row['company_phone'];
$company_support_email = $row['company_support_email'];
$beyondscope = $row['beyondscope'];
}
}
?>
JFYI.
There is absolutely no point in converting your inspection app to MySQLi the way it offered in the other answer.
The only point in such a conversion is to make your queries safe while with such a direct conversion it remained congenially vulnerable. So, you might saved yourself a lot of trouble by leaving this code alone, with exactly the same outcome.
Proper way is described in this answer, but you will have to find another volunteer to write a code for you.
I am having an issue with my SQL Update script.
It prints "Motto Changed" but doesn't update the row. My code is all correct according to many tutorials. Please Help
$sql="UPDATE loadout SET motto='".$_POST['motto']."' WHERE steamid='".$steamid."'";
UPDATE AGAIN:
<?php
require "../requires/php/steam.php";
$dbhost = '**';
$dbname = 'battlefield';
$dbuser = 'battlefield';
$dbpass = '**';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
$authserver = bcsub( SteamID(), '76561197960265728' ) & 1;
$authid = ( bcsub( SteamID(), '76561197960265728' ) - $authserver ) / 2;
$steamid = mysql_real_escape_string("STEAM_0:$authserver:$authid");
$motto = mysql_real_escape_string($_POST['motto']);
mysql_select_db($dbname, $con);
$sql="UPDATE loadout SET motto='{$motto}' WHERE steamid='{$steamid}'";
if (!mysql_query($sql, $con))
{
die('Error: ' . mysql_error());
}
echo "Motto Changed";
if (!mysql_query($sql, $con))
{
die('Error: ' . mysql_error());
}
$n = mysql_affected_rows();
echo"Motto changed on {$n} row(s)";
mysql_close($con)
?>
Never interpolate $_POST variables directly into SQL strings. You can't trust $_POST variables, they may easily contain characters that modify your SQL syntax, and that's what causes SQL injection vulnerabilties.
The weird thing is that you create an escaped version as $motto and then you never use it (as per comment from #Arth).
Always escape strings that you interpolate into SQL, even if you think they are "safe." For example, your $steamid contains only literal text that you control, plus a couple of integers. That should be safe, but what if some other developer changes the format of a steamid next year? If you escape it, you can't go wrong.
$steamid = mysql_real_escape_string("STEAM_0:$authserver:$authid");
$motto = mysql_real_escape_string($_POST['motto']);
$sql="UPDATE loadout SET motto='{$motto}' WHERE steamid='{$steamid}'";
Of course, the best practice is to use query parameters. You are using PHP's deprecated mysql extension, which doesn't support query parameters. But I understand if you're not ready to rewrite a lot of code to switch to PDO. When you are, follow examples in How can I prevent SQL-injection in PHP?
Another issue: if you want to know if the UPDATE affected rows, don't assume it did just because the UPDATE didn't return an error. It's not an error if your condition in your WHERE clause simply matched zero rows. It's also not an error if the UPDATE matched a row, but the motto already contained the string you tried to set.
After the UPDATE, check the number of affected rows:
if (!mysql_query($sql, $con))
{
die('Error: ' . mysql_error());
}
$n = mysql_affected_rows();
echo "Motto changed on {$n} row(s)";
I have my code below to update a my MySQL database, it's running but is not updating the database when I check rcords using phpmyadmin. plae hlp me.
$database = "carzilla";
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$manufacturerTable = $_POST[vehicleManufacturer];
$numberToSearch = $_POST[vehicleIdNo];
$engineType = $_POST[engineType];
$engineCC = $_POST[engineCC];
$year = $_POST[year];
$numberofDoors = $_POST[numberofDoors];
$tireSize = $_POST[tireSize];
$chasisNumber = $_POST[chasisNumber];
$vehicleMake = $_POST[vehicleMake];
$price=$_POST[price];
mysql_select_db("$database", $con);
$sql = mysql_query("UPDATE $manufacturerTable SET username='vehicleMake',
engineType='$engineType', engineCC='$engineCC', year='$year', chasisNo='$chasisNumber', numberOfDoors='$numberofDoors' ,numberOfDoors='$numberofDoors', tireSize='$tireSize', price='$price' WHERE `index` ='$id'");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo 'record has been successfuly';
mysql_close($con);
?>
Take a good look at your query. You are referring to PHP variables in several different fashions in the same statement. In the query $manufacturerTable is just $manufacturerTable, you encase a few others in single quotes, some of which you remove the $ from, others you do not. I know I preach this far too often, but you should really look into using prepared statements. They take all the guess work out of using variables in your queries, and they prevent you from being victimized by injection hacks. But the short answer here is that you are not referencing your variables correctly in the query.
Sometimes putting the variables directly in the syntax can cause issues. Have you tried to use concatenation for the query.
$query = "UPDATE ".$manufacturerTable." SET username='vehicleMake', engineType='."$engineType."', engineCC='".$engineCC."', year='".$year."', chasisNo='".$chasisNumber."', numberOfDoors='".$numberofDoors."' ,numberOfDoors='".$numberofDoors."', tireSize='".$tireSize."', price='".$price."' WHERE index =".$id;
$sql = mysql_query($query); # this should be put in the if else
If index is number based you do not need the '' surrounding it. Plus is username='vehicleMake' or is it a variable. if it is a variable, add the $ or use concatenation like the rest. Your SQL check should be something like follows.
if (mysql_query($query))
{
echo 'record has been successfuly';
} else {
die('Error: ' . mysql_error() . ' | ' . $query);
}
The reason you export the query is so you can try it manually to make sure it works and what error you may be getting. phpMySQL can show a different error then the mysql_error() at times
Plus you should be escaping all input that is user entered using mysql_escape_string() or mysql_real_escape_string()