I have a really simple procedure I need to do, and no matter how much I debug or simplify, the record is not updating in the dbase. Assume everything is correct in terms of connection, etc. Pulling this from php and doing a MySQL call in PHPMyAdmin results in a correct record update on the table. I've tried using/not using quotes around adminId.
Any ideas?
$sampleString = "343r34c3cc43";
//Need to store the customer ID from sub system
$stmt2 = $mysqli->prepare("
UPDATE
admins
SET
chargebeeId = '?'
WHERE
adminId='22'
");
$stmt2->bind_param('s',
$mysqli->real_escape_string($sampleString)
);
$stmt2->execute();
For reference, adminId will be dynamic, with a bind_param 'i' in the application.
change this
chargebeeId = '?'
to
chargebeeId = ?
try this
$sampleString = "343r34c3cc43";
$sampleString = $mysqli->real_escape_string($sampleString) ;
$stmt2 = $mysqli->prepare("UPDATE admins
SET chargebeeId = ?
WHERE adminId='22' ");
$stmt2->bind_param('s', $sampleString);
$stmt2->execute();
Related
I'am currently working on a project and want to make a simple page where I can edit groups. I had everything working fine in XAMPP and tried uploading it to the server, but it won't affect any rows in the database.This is the statement:
UPDATE user_groups
SET name = 'TEST',
name_short = 'test',
color = 'green',
category = 'MMORPG'
WHERE id = 2
and:
Affected rows (UPDATE): 0
Is the answer. Creating new groups works fine (Local creating and editing works and I did not change anything in the statements since I uploaded both)
This is what the row looks like that I am trying to affect
EDIT:
$sql_update_info = "UPDATE user_groups SET name = '$new_title', name_short = '$new_short', color = '$new_color', category = '$new_cat' WHERE id = $group_id";
$query_update_info = mysqli_query($mysqli, $sql_update_info);
printf("Affected rows (UPDATE): %d\n", mysqli_affected_rows($mysqli));
echo '<br><span style="color:white;">'.$sql_update_info.'</span>';
Is what the PHP part looks like when clicked on the button.
1st : Try to use prepared statement to avoid sql injection.
2nd : Execute() will return true or false so based on that you need to handle the error like below.
$stmt = $mysqli->prepare("UPDATE user_groups SET name = ?, name_short = ?, color = ?, category = ? WHERE id = ?");
$stmt->bind_param('ssssi', $new_title, $new_short, $new_color, $new_cat, $group_id);
//The argument may be one of four types:
//i - integer
//d - double
//s - string
//b - BLOB
//change it by respectively
$r = $stmt->execute();
if(!$r){
echo $stmt->error;
}else{
$row_count= $stmt->affected_rows;
}
$stmt->close();
$mysqli->close();
First post, here it goes.
So this is the code that I have so far:
include('Connection/connect-test.php');
$selected1 = $_POST['selected'];
$sqlget = "SELECT paymentid FROM highschoolpayment WHERE hsgameid = '$selected1'";
$sqldata = mysqli_query($dbcon, $sqlget);
$sqlupdate = "UPDATE highschool SET paymentid = '$sqldata' WHERE hsgameid = '$selected1'";
mysqli_query($dbcon, $sqlupdate);
What I'm trying to do is grab the 'paymentid' from the 'highschoolpayment' table and store that value into the $sqldata variable (line 4). Then I want to update a value in the 'highschool' table using the value that I got from line 4 as well as a value that was pulled from a POST submission (line 6). I know for a fact that the first 3 lines execute as they should. It is after those lines when things become iffy. I don't see the form (reappear) like I normally would when everything else is working. To me, this indicates that the PHP has successfully run. I go to the 'highschool' table but I don't see the value (paymentid) that I am expecting to see. I personally can't think of a single reason why this wouldn't work, but, I am not that experienced in PHP or MySQL so I am open to any help that I can get.
I hope this makes sense without seeing the structure of the tables but if I need to post those, let me know. I've spent a couple hours trying to troubleshoot this problem but with no forward progress.
Thanks!
Assuming this query returns only one row:
$sqldata = mysqli_query($dbcon, $sqlget);
$row = mysqli_fetch_array($sqldata);
$paymentid = $row['paymentid']; // then use $paymentid in the next query
$sqlupdate = "UPDATE highschool SET paymentid = '$paymentid'
WHERE hsgameid = '$selected1'";
if(mysqli_query($dbcon, $sqlupdate)){
echo 'Update successfull';
} else {
echo 'Update query is wrong. The query generated was <br />'.$sqlupdate;
}
try like this,
include('Connection/connect-test.php');
$selected1 = $_POST['selected'];
$sqlupdate = "UPDATE highschool SET paymentid = (select paymentid FROM highschoolpayment WHERE hsgameid = '$selected1') where hsgameid = '$selected1'";
mysqli_query($dbcon, $sqlupdate);
you need to do fetch_assoc(), and while you are at it you should parameterize your query to make it more secure, good practice for the future. here is what your code should look like
$selected1 = $_POST['selected'];
$connect = mysqli_connect("localhost","user","pass","database");//i connect this way to my database
//the first statement that will get your paymentid
$stmt = $connect->prepare("SELECT paymentid FROM highschoolpayment WHERE hsgameid = ?")
mysqli_stmt_bind_param($stmt, 's', $selected1);//'s' is for string, 'i' for int, google rest
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){//it fetches each id
//the second statement that will use the payment id and update the database
$stmt2 = $connect->prepare("UPDATE highschool SET paymentid = ? WHERE hsgameid = ? ;")
mysqli_stmt_bind_param($stmt2, 'ss',$row['paymentid'], $selected1 );//'s' is for string, 'i' for int, google rest
$stmt2->execute();
$stmt2->close();
}
$stmt->close();
I just threw this quickly together, so if anyone sees something wrong don't hesitate to edit it or mark it down if completely wrong, Would rather that.
I try to make prepared statament using pdo. It is possible to put several updates atonce?
Ex:
sql1 = "Update product set large = '1large' where id = 1";
sql2 = "Update product set large = '2large' where id = 2";
sql3 = "Update product set large = '3large' where id = 3";
How to prepare sql1,sql2....sqlN in Pdo to execute faster?
I found an example but it works line by line (sql1, sql2 ....)
<?php
$stmt = $dbh->prepare("UPDATE product SET large = ':large' WHERE id = ':id'");
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->bindParam(':large', $large, PDO::PARAM_STR);
$stmt->execute();
?>
Unlike inserts, which can be grouped into a single statement, updates are specific to an existing entry in the database.
Dependant on the broader context of what you are doing you may find a question like this of interest for bulk updates using CASE, WHEN, THEN:
Question: Update multiple rows with one query?
I recently made a CMS with mySQL and PDO following a video tutorial from PHPAcademy on youtube.
I want to add an edit function to it though.
I have the page done, but not the PHP to update the data.
So, I'm wondering, how would I update data in the database with PDO and save the new data?
I have this:
$query = $pdo->prepare("UPDATE articles 'article_content'=? WHERE 'id' = ?");
$query->bindValue(1, $_POST['content']);
$query->bindValue(2, $_POST['id']);
$query->execute()
;
You have 2 issues:
"UPDATE articles SET `article_content`=? WHERE `id` = ?"
One you are missing SET.
Two you are using single quotes for column names;use backticks
You are missing the keyword SET in your query
It should be
$pdo->prepare("UPDATE articles SET `article_content`=? WHERE `id` = ?");
----^
I'm just migrating my code from mysql_query style commands to PDO style and I ran into a problem. THe old code looked like this :
$query_list_menu = "SELECT ".$_GET['section_name']." from myl_menu_hide_show WHERE id='".$_GET['id']."'";
And the updated code looks like below. Apparently it's not working. I store in $_GET['section_name'] a string that represents a field name from the database. But I think there is a problem when I pass it as a variable. Is the below code valid ? Thanks.
$query_list_menu = "SELECT :section_name from myl_menu_hide_show WHERE id=:id";
$result_list_menu = $db->prepare($query_list_menu);
$result_list_menu->bindValue(':section_name', $_GET['section_name'] , PDO::PARAM_STR);
$result_list_menu->bindValue(':id', $_GET['id'] , PDO::PARAM_INT);
$result_list_menu->execute();
If $_GET['section_name'] contains a column name, your query should be:
$query_list_menu = "SELECT " . $_GET['section_name'] . " from myl_menu_hide_show WHERE id=:id";
Giving:
$query_list_menu = "SELECT :section_name from myl_menu_hide_show WHERE id=:id";
$result_list_menu = $db->prepare($query_list_menu);
$result_list_menu->bindValue(':id', $_GET['id'] , PDO::PARAM_INT);
$result_list_menu->execute();
The reason is that you want the actual name of the column to be in the query - you'd changed it to be a parameter, which doesn't really make much sense.
I'll also add that using $_GET['section_name'] directly like this is a massive security risk as it allows for SQL injection. I suggest that you validate the value of $_GET['section_name'] by checking it against a list of columns before building and executing the query.
There is no good and safe way to select just one field from the record based on the user's choice. The most sensible solution would be to select the whole row and then return the only field requested
$sql = "SELECT * from myl_menu_hide_show WHERE id=?";
$stmt = $db->prepare($query_list_menu);
$stmt->execute([$_GET['id']]);
$row = $stmt->fetch();
return $row[$_GET['section_name']] ?? false;