Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 9 years ago.
Improve this question
I am trying to get my page to update a DB when there is $_GET data.
However even when www.myurl.com?status= is blank the page updates the DB with nothing.
Here is my code
$status=$_GET["status"];
$sql="UPDATE users SET status =$status WHERE personID='$user'" or die(mysql_error());
mysql_query($sql);
Can anyone help? I am trying to get the page to do nothing if the URL is just www.myurl.com
if(!empty($_GET['status']) { // Check if `status` is not empty
$sql="UPDATE users SET status = $_GET['status'] WHERE personID='$user'";
mysql_query($sql); // Continue with sql query
}
empty - http://us2.php.net/empty
isset - http://us2.php.net/isset
Make use of empty() in PHP to achieve this.
if(!empty($_GET["status"])) //<--- Control to the inside will be passed only if the status variable is not empty
{
$status=$_GET["status"];
$sql="UPDATE users SET status =$status WHERE personID='$user'" or die(mysql_error());
mysql_query($sql);
}
That was the first thing. Secondly you are using an obsolete deprecated API i.e. the mysql_* functions. You need to switch over to PreparedStatements.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
When I use a variable in my WHERE clause of Update the updation doesnt take place.
$eventid=$_GET['id'];
$sql = "UPDATE events SET name=:name WHERE id=:id";
$q = $conn->prepare($sql);
$q->execute(array(':name'=>$name,':id'=>$eventid));
When I echo $_GET['id'] I get the correct value.
$_GET['id'] is the value I have passed from another page
People are saying you're vulnerable to sql injection attacks because you're passing an id via a $_GET parameter to an update statement where you directly use the $_POST superglobal.
In order to make it more secure, you could start by passing the ID via $_POST as well, and not using $_POST directly in your SQL.
But that's not the question you asked.
I would hazard to guess it's not updating because you're passing ID as a string, which it probably isn't.
Try changing
WHERE id='".$_GET['id']."'");\
to
WHERE id=".$_GET['id']."");
Save your query to a string variable so you can debug what are you sending to db MySQL. Then try to run the result query direct on the db.
$DBcon->query(#strSQL);
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Improve this question
I have two PHP files: A.php and B.php. A passes $id to B using POST and B can get $id the first time but I need to jump back to B again using Header. This time the parameter gets lost.
How can I pass the parameter when I use Header to jump back?
You must Use $_REQUEST instead of $_POST so it will work in both case . and when you use header to jump back again use query string with same name.
you can pass id variable in the query string when you redirect.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
I had tried to find last inserted id in php, but I am unable to get.
It displays value 0.
This is my code:
require_once "../config.php";
$query = "call experience_insert('$uid','$title','$cname','$sdate','$edt')";
$result = $connection->ServerDb->query($query);
$id = $connection->ServerDb->insert_id;
You should post the relevant sections of the stored procedure you're calling. It should have a return statement that gives back the ID. Keep in mind there are weird gotchas with MySQL stored procedures and last_insert_id() as well.
http://dev.mysql.com/doc/refman/5.7/en/stored-routines-last-insert-id.html
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I am busy with an employee record project and would like to know if it is possible at all to have my project update the database via links?
Let me explain.
Within the editing of an employee I would like to add a menu with a couple of links. These links will only be used by our employers. The will (if the above mentioned is possible) be able to click on the link "dismissed", then that should update the database by means of changing the field "Employed_Status" to "0".
I could really use the help from professionals as I am still at the "Very beginner" stage. Thanks in advance.
Use $_GET like
if(isset($_GET['status']) and $_GET['status']=='dismiss' and isset($_GET['empId']))
{
$sql="Update employee SET Employed_Status=0
WHERE Emp_id=".(int)$_GET['empId'];// if empid is integer
// or use WHERE Emp_id=".mysql_real_escape_string($_GET['empId']);
// execute query $sql
}
calling link like, http://example.com/page.php?empId=1&status=dismiss
Edit Page:
Dismissed
Activate
action.php
$val=$_REQUEST['val'];
$sql = "UPDATE employee SET status = ? WHERE id = ?";
$q = $conn->prepare($sql);
$q->execute(array($val,$empid));
You can do this by transferring values from query string to tha page
<td><a href="insert.php?id=?"<?php echo (int) $_GET['id'] ?> >insert</a></td>
and on insert.php
extract this values using get method as:
$id = $_GET["id"];
Also extract other values in similar manner and then fire your insert query with these values.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 9 years ago.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Improve this question
I have a Wordpress site and a front end posting form on it.
When form is submitted, the user gets link to his email with unique string (example 432879374982) saved as a custom field and post gets status "pending":
http://www.mysite.com/verify.php?verify=432879374982
I now want to change status to "published" when user click on a link.
I know that I should use GET parameter, and check if the string is saved in database, and publish the post where there is a match in db, but dont know how to code this.
EDIT:
Made it working!
In the landing page- on wordpress I created a page named "verify" and in template (php) I included code from #Bora- only the database connection has to be established before and it changes the status of a post.
Status has to be set as "publish", not "published"
Try something like following codes:
$verify = $mysqli->real_escape_string($_GET['verify']); // escape GET var
$query = "SELECT * FROM table WHERE code = '$verify'"; // Build query
if ($result = $mysqli->query($query)) { // Check return query
while ($row = $result->fetch_assoc()) { // Fetch Row
$query = "UPDATE table SET status = 'published' WHERE code = '$verify'"; // Update query
$mysqli->query($query); // Run query
}
$result->close(); // free result set
}