I have this DB table reset_attempts and inside it has an
id : int(10) auto_increment
reset_counter : int(10) default 1
reset_time : timestamp current_timestamp
ip : varchar(255)
and I have this simple php code
$sql = "SELECT * FROM reset_attempts WHERE ip = '$ip'";
$query = mysqli_query($db_conx, $sql);
$num_rows = mysqli_num_rows($query);
$row = mysqli_fetch_array($query);
$reset_counter = $row['reset_counter'];
$reset_time = $row['reset_time'];
if ($num_rows == 0) {
$sql = "INSERT INTO reset_attempts (reset_counter, reset_time, ip) VALUES ('1',now(),'$ip')";
$query = mysqli_query($db_conx, $sql);
} else if ($num_rows == 1) {
$reset_counter = $reset_counter + 1;
$sql = "UPDATE reset_attempts SET reset_counter = '$reset_counter', reset_time = now() WHERE ip = '$ip'";
$query = mysqli_query($db_conx, $sql);
}
This is just a piece of whole php file..this is only the problem code..of course it has the db connection and I take the ip correctly..The problem is when I hit submit it will execute the first if statement, it executes correctly except that the reset_counter value it passes it to DB always as zero and all the other fields are correctly.
When it executes the second if statement again it's not updating the reset_counter field and set it to zero. I don't know where is the problem. Maybe is so simple and I can't see it because I am searching it so much! Anyway thanks in advance!
As per discussion in comments (between the OP and I), the shown snippet of code works on its own and have determined that something else is causing this (in unshown full code).
Let's consider this question to be closed, until the rest of the (OP's) code can be investigated further.
Last two comments between OP and I:
Me: Ok, this is probably going to be my last suggestion, because I don't know what else could be causing this. Can you try and run that snippet on its own (your posted code), without the rest of your code, and see if it will work on its own? If it does work, then you'll know right away that something else in your full code is causing this.
OP: You are right..it was the last thought that did not came to my mid trying it pfff..the snippet works fine on it's own...so it's something else in my code as you said.. :/ I am sorry for that I didn't test it from start...at least now I know what to search..!
For the first time there is no record in the database for that ip so $row['reset_counter'] has value zero and you enter the value zero in the database. Then when you again submit then it fetches the same value from the database and as it enters 0 for reset_counter so when you do
$row = mysqli_fetch_array($query);
$reset_counter = $row['reset_counter'];
It fetches that row with 0 for reset_counter and update it to again zero
Update
Add these this inside else statement if you need it anywhere in your code otherwise remove this too
$reset_time = $row['reset_time'];
And remove
reset_counter = $row['reset_counter'];
Use this code
$sql = "SELECT * FROM reset_attempts WHERE ip = '$ip'";
$query = mysqli_query($db_conx, $sql);
$num_rows = mysqli_num_rows($query);
$row = mysqli_fetch_array($query);
if ($num_rows == 0) {
$sql = "INSERT INTO reset_attempts (reset_counter, reset_time, ip) VALUES ('1',now(),'$ip')";
$query = mysqli_query($db_conx, $sql);
} else if ($num_rows == 1) {
$reset_time = $row['reset_time'];
$sql = "UPDATE reset_attempts SET reset_counter = reset_counter+1, reset_time = now() WHERE ip = '$ip'";
$query = mysqli_query($db_conx, $sql);
}
I don't know exactly what goes wrong in your code but I think you are using too much PHP and too little MySQL. I have a couple of changes I would propose
First, most times you would do the update, right? Then I would just skip the SELECT, do the UPDATE and then ask the driver for number of rows updated. If it's 0 then do the INSERT.
Second. When you do the update just increment inside MySQL, no need to do that in PHP.
UPDATE reset_attempts SET reset_counter = reset_counter+1, reset_time = now() WHERE ip = '$ip';
Otherwise two parallel calls your page might just count as one in the database.
Third, if you reset_counter isn't already an integer change it. From your code it looks like it's a char or varchar and it just doesn't make any sense to store a counter as text.
Related
The portion that is trying to delete duplicate entries in the database seems incorrect. So I suppose I am asking what would be the correct way to do that in this example. I am not totally new to PHP , but this is beyond me. If you could please tell me what is wrong and how to fix that would be greatly appreciated.
Now on to what I am trying to accomplish. I have a multidimensional array filled with values that is generated by a function. What I am trying to do is if there is a value in the array that already exists in the database delete it. Code:
enter code here
if(is_array($items)){
$values = array();
foreach($items as $row => $value){
$rsn = mysqli_real_escape_string($connect, $value[0]);
$rank = mysqli_real_escape_string($connect, $value[1]);
$values[] = "('', '$rsn', '$rank', '')";
$sql = "SELECT id FROM users WHERE rsn = :rsn";
$query = $conn->prepare($sql);
$query->execute(array(":rsn" => $value[0]));
$results = $query->rowCount();
while($deleted = $query->fetch(PDO::FETCH_ASSOC)){
$sql = "DELETE FROM users WHERE id = :id";
$query = $conn->prepare($sql);
foreach($deleted as $delete){
$query->execute(array(':id' => $delete));
}
}
}
//user_exists_delete($conn, $rsn);
$sql = "INSERT INTO users(id, rsn, rank, points) VALUES ";
$sql .= implode(', ', $values);
if(!empty($rank)&& !empty($rsn)){
if(mysqli_query($connect, $sql)){
echo "success";
}else{
die(mysqli_error($connect));
}
}
}
EDIT: I have got it partially working now, just need it to delete all dupes instead of only one. I edited code to reflect changes.
There are a couple problems, if you didn't strip much of your original code and if you don't need to do more than just what you shown why not just send a delete instruction to your database instead of checking validity first?
You have
//Retrieve ID according to rsn.
$sql = "SELECT id FROM users WHERE rsn = :rsn ";
//Then retrieve rsn using rsn??? Useless
$sql = "SELECT rsn FROM users WHERE rsn = :rsn ";
//Then delete using ID, retrieved by rsn.
$sql = "DELETE FROM users WHERE id = :id";
All those could simply be done with a delete using rsn...
$sql = "DELETE FROM users WHERE rsn = :rsn";
The row won't be deleted if there are no rows to delete, you don't need to check in advance. If you need to do stuff after, then you might need to fetch information before, but if not, you can use that while still checking the affected rows to see if something got deleted.
Now, we could even simplify the script by using only one query instead of one per user... We could get all rsn in an array and then pass it to the DELETE.
$sql = "DELETE FROM users WHERE rsn in :rsn";
//Sorry not exactly sure how to do that in PDO, been a while.
I fixed it I just omitted the WHERE clause in the delete statement so all records are being deleted before that insert gets ran again.
First post, here it goes.
So this is the code that I have so far:
include('Connection/connect-test.php');
$selected1 = $_POST['selected'];
$sqlget = "SELECT paymentid FROM highschoolpayment WHERE hsgameid = '$selected1'";
$sqldata = mysqli_query($dbcon, $sqlget);
$sqlupdate = "UPDATE highschool SET paymentid = '$sqldata' WHERE hsgameid = '$selected1'";
mysqli_query($dbcon, $sqlupdate);
What I'm trying to do is grab the 'paymentid' from the 'highschoolpayment' table and store that value into the $sqldata variable (line 4). Then I want to update a value in the 'highschool' table using the value that I got from line 4 as well as a value that was pulled from a POST submission (line 6). I know for a fact that the first 3 lines execute as they should. It is after those lines when things become iffy. I don't see the form (reappear) like I normally would when everything else is working. To me, this indicates that the PHP has successfully run. I go to the 'highschool' table but I don't see the value (paymentid) that I am expecting to see. I personally can't think of a single reason why this wouldn't work, but, I am not that experienced in PHP or MySQL so I am open to any help that I can get.
I hope this makes sense without seeing the structure of the tables but if I need to post those, let me know. I've spent a couple hours trying to troubleshoot this problem but with no forward progress.
Thanks!
Assuming this query returns only one row:
$sqldata = mysqli_query($dbcon, $sqlget);
$row = mysqli_fetch_array($sqldata);
$paymentid = $row['paymentid']; // then use $paymentid in the next query
$sqlupdate = "UPDATE highschool SET paymentid = '$paymentid'
WHERE hsgameid = '$selected1'";
if(mysqli_query($dbcon, $sqlupdate)){
echo 'Update successfull';
} else {
echo 'Update query is wrong. The query generated was <br />'.$sqlupdate;
}
try like this,
include('Connection/connect-test.php');
$selected1 = $_POST['selected'];
$sqlupdate = "UPDATE highschool SET paymentid = (select paymentid FROM highschoolpayment WHERE hsgameid = '$selected1') where hsgameid = '$selected1'";
mysqli_query($dbcon, $sqlupdate);
you need to do fetch_assoc(), and while you are at it you should parameterize your query to make it more secure, good practice for the future. here is what your code should look like
$selected1 = $_POST['selected'];
$connect = mysqli_connect("localhost","user","pass","database");//i connect this way to my database
//the first statement that will get your paymentid
$stmt = $connect->prepare("SELECT paymentid FROM highschoolpayment WHERE hsgameid = ?")
mysqli_stmt_bind_param($stmt, 's', $selected1);//'s' is for string, 'i' for int, google rest
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc()){//it fetches each id
//the second statement that will use the payment id and update the database
$stmt2 = $connect->prepare("UPDATE highschool SET paymentid = ? WHERE hsgameid = ? ;")
mysqli_stmt_bind_param($stmt2, 'ss',$row['paymentid'], $selected1 );//'s' is for string, 'i' for int, google rest
$stmt2->execute();
$stmt2->close();
}
$stmt->close();
I just threw this quickly together, so if anyone sees something wrong don't hesitate to edit it or mark it down if completely wrong, Would rather that.
I have developed a game with Javascript and when the user finishes it, I must save his record in a database. Here you see the code:
$temp = $_POST['playername']; //username
$text = file_get_contents('names.txt'); //list with all usernames
//this text file contains the names of the players that sent a record.
$con=mysqli_connect("localhost","username","pass","my_mk7vrlist");
if (stripos(strtolower($text), strtolower($temp)) !== false) {
//if the username is in the list, don't create a new record but edit the correct one
mysqli_query($con, "UPDATE `my_mk7vrlist`.`mk7game` SET `record` = '".$_POST['dadate']."' WHERE `mk7game`.`playername` = ".$temp." LIMIT 1 ");
} else {
//The username is not in the list, so this is a new user --> add him in the database
mysqli_query($con, "INSERT INTO `mk7game` (`playername`,`record`,`country`,`timen`) VALUES ('".$_POST['playername']."', '".$_POST['dadate']."', '".$_POST['country']."', '".$_POST['time_e']."')");
file_put_contents("names.txt",$text."\n".$temp);
//update the list with this new name
}
//Close connection
mysqli_close($con);
When I have a new user (the part inside my "else") the code works correctly because I have a new row in my database.
When the username already exists in the list, it means that this player has already sent his record and so I must update the table. By the way I cannot edit the record on the player that has alredy sent the record.
mysqli_query($con, "UPDATE `my_mk7vrlist`.`mk7game` SET `record` = '".$_POST['dadate']."' WHERE `mk7game`.`playername` = ".$temp." LIMIT 1 ");
It looks like this is wrong, and I can't get why. I am pretty new with PHP and MySQL.
Do you have any suggestion?
You're missing quotes around $temp in the UPDATE statement:
mysqli_query($con, "UPDATE `my_mk7vrlist`.`mk7game`
SET `record` = '".$_POST['dadate']."'
WHERE `mk7game`.`playername` = '".$temp."'
^ ^
LIMIT 1 ") or die(mysqli_error($con));
However, it would be better to make use of prepared statements with parameters, rather than inserting strings into the query.
Escape your user input!
$temp = mysqli_real_escape_string($con, $_POST['playername']);
Make sure to stick your mysqli_connect() above that
$select = mysqli_query($con, "SELECT `id` FROM `mk7game` WHERE `playername` = '".$temp."'");
if(mysqli_num_rows($select))
exit("A player with that name already exists");
Whack that in before the UPDATE query, and you should be good to go - obviously, you'll need to edit it to match your table setup
I've been doing a lot of research but I guess I still didn't find the answers. This is a seat reservation and I'm not so good in php and mysql. So here's my code:
reservation.php code:
<?php
mysql_connect("localhost","root","") or die (mysql_error());
mysql_select_db('seat_reservation') or die (mysql_error());
$insert = mysql_query("INSERT INTO reservation (chair_status, room_id, chair_number) VALUES (0, 400, 05)");
?>
</td>
<div id="popupContact">
<a id="popupContactClose">x</a>
<center><form method = "POST" action="reserve.php">
<?php
$query = mysql_query("SELECT chair_status FROM reservation WHERE room_id = '400' AND chair_number = '05'");
while($row = mysql_fetch_array($query)) {
$_SESSION['roomno'] = $row['room_id'];
$_SESSION['chairnum'] = $row['chair_number'];
}
?>
reserve.php code:
<?php
$name = $_POST['student_name'];
$stud_id = $_POST['stud_id'];
$room_id = $_SESSION['roomno'];
$chair_num = $_SESSION['chairnum'];
mysql_connect("localhost", "root", "") or die (mysql_error());
mysql_select_db('seat_reservation') or die (mysql_error());
$query = mysql_query("SELECT chair_status FROM reservation WHERE room_id = '$room_id' AND chair_number = '$chair_num'");
if($query == 0)
{
$insert = mysql_query("UPDATE reservation SET chair_status = 1, student_name = '$name', stud_id = '$stud_id' WHERE room_id = '$room_id' AND chair_number = '$chair_num'");
}
else
die ("Sorry, seat taken! <br />Redirecting...<meta http-equiv='refresh' content=2;reservation.php>");
?>
my problem is that, when I reserve a seat, it tells me that the seat is taken even if the chair_status field is 0. When I checked the DB, it successfully inserted with chair_status of 0. I don't know which part is wrong. I really need your help, thank you!
In reservation.php, you SELECT only chair_status but then try to access $row['room_id'] and $row['chair_number']: neither are in the resultset. However, both are already known since they were fixed in the WHERE clause of the query, therefore one could use those values without resorting to the MySQL query.
Even if you wanted to use such a query to set the $_SESSION variables, it is daft to loop over the resultset overridding those variables with each result. Better to LIMIT the query and use only one resulting record.
However, you probably wanted to output form elements rather than set $_SESSION variables in order that the user can then choose which of the available seats they wish to reserve? In which case, you probably meant to include chair_status = 0 in your filter criteria.
The return value of the mysql_query function is a resource identifier; comparing this against 0 in reserve.php is probably not what you had intended. Perhaps you wanted mysql_num_rows instead?
Please stop writing new code with the ancient MySQL extension: it is no longer maintained and the community has begun the deprecation process. Instead you should use either the improved MySQLi extension or the PDO abstraction layer.
Please avoid putting variables (and especially those which come from your user) into your SQL, which makes you vulnerable to SQL injection. You should instead use prepared statements, with which your variables can be passed to MySQL as parameters that do not get evaluated for SQL. Read about Bobby Tables for more information.
You probably mean if (mysql_num_rows($query) == 0) {. The way it is your are checking if there is an error with the query, not the number of rows returned. Check the docs for more information.
Also, this might be optional, but use braces to enclose your else statement. And it might be better to use mysqli instead of mysql_... functions as mentioned in your comments. Or just escape the user input before adding it to the query string.
use mysql_num_rows for checking if records exist..
$query = mysql_query("SELECT chair_status FROM reservation WHERE room_id = '$room_id' AND chair_number = '$chair_num'");
$rows = mysql_num_rows($query);
if($rows == 0)
{
$insert = mysql_query("UPDATE reservation SET chair_status = 1, student_name = '$name', stud_id = '$stud_id' WHERE room_id = '$room_id' AND chair_number = '$chair_num'");
}
I am trying to perform a update/insert into query for MySQL. Should insert, if not already in database.
However, it will not update. My db connection is good. I cannot figure it out.
$sql = "UPDATE jos_bl_paid SET u_id='$uid', m_id = '$mid', t_id = '$cus', pd = '1', paypal_payment='$txn',p_date=NOW() WHERE u_id = '$uid' AND '$mid' = m_id ";
$test45 = mysql_affected_rows();
if ($test45 == 0) {
$sql = "INSERT INTO jos_bl_paid(paypal_payment,u_id,m_id,pd,t_id,p_date)VALUES('$txn','$uid','$mid','1','$cus',NOW())";
if (!mysql_query($sql)) {
error_log(mysql_error());
exit(0);
}
echo 'Yes';
}else{
echo 'No';
}
From the code you are showing you aren't even running the update query. You need to put
if (!mysql_query($sql)) {
error_log(mysql_error());
exit(0);
}
before the line
$test45 = mysql_affected_rows();
for that to even return what you want
I would make these into one statement using the ON DUPLICATE KEY UPDATE mysql command. I would guess that your problem is that the insert may be failing because of some unique key set in you schema even though the actual uid doesn't yet exist so the update also fails. Can you post exactly what error message you get?
check your last value in update query i found an error there and have fixed it from my side
try this
$sql = mysql_query("UPDATE jos_bl_paid SET u_id='$uid',m_id = '$mid', t_id = '$cus', pd = '1', paypal_payment='$txn',p_date=NOW() WHERE u_id = '$uid' AND m_id = '$mid'") or die(mysql_error());
Answer is updated try the updated one
From the code you posted, it appears that you're setting the $sql string to an update statement, but not executing it before checking for the number of affected rows.
You'll probably need to call mysql_query($sql) before checking mysql_affected_rows();
Otherwise you're not telling the database to update anything.
If the new values in update are the same as old one mysql won't update the row and you will have mysql_affected_rows be 0. If you have primary key on fields u_id, m_id you can use INSERT ON DUPLICATE UPDATE http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
If you don't have such you may use the count query:
SELECT count(*) FROM jos_bl_paid WHERE u_id = '$uid' AND '$mid' = m_id
To decide if you should update or insert new one.