Where to put the _DB_Prefix_ and the $id_manufacturer? - php

I've the following code:
$query = "UPDATE `'._DB_PREFIX_.'specific_price` sp SET sp.`from`=NOW(), sp.`to`=DATE_ADD(NOW(), INTERVAL 19 HOUR)
INNER JOIN `'._DB_PREFIX_.'product` p ON (sp.id_product = p.id_product)
WHERE p.`id_manufacturer` = '.(int)$id_manufacturer";
//Run the Query
$result = mysql_query($query);
?>
I know I have to modify the location and usage of _DB_PREFIX And $id_manufacturer but where and how?
I admit that I'm quite lost right now and some help would be highly appreciated.
Thank you in advance


// define variable for database prefix
// you can also use simple php variable here instead of using constant
define(_DB_PREFIX_, "database-name");
// filter data
$id_manufacturer = (int)$id_manufacturer;
// prepare query
$query = "UPDATE "._DB_PREFIX_."specific_price sp
SET sp.`from`=NOW(), sp.`to`=DATE_ADD(NOW(), INTERVAL 19 HOUR)
INNER JOIN "._DB_PREFIX_."product p USING id_product
WHERE p.id_manufacturer = $id_manufacturer";
//Run the Query
$result = mysql_query($query);
Note: Do NOT use above mentioned code in any production system. Please consider this just as tutorial. Its very high time to start using PDO or mysqli. You can google it and get more information about it.

Related

Query works in phpmyadmin but same query won't return in PHP script

This is NOT a duplicate. None of the already existing threads have the same problem as me.
I have a database that stores athlete performances. It contains sessions, each session has sets, each set has "tables" (such as 4x100m, 12x50m and so on), and each table has times. I also have a table for athletes. Each athlete has an ID, each time links with the athlete through the AthleteID. Every session, set, timetable and time also have each unique IDs, used to link them with each other.
I want to make it so that when passing a session ID, it will return all the athletes that have at least 1 time in that session. I made a page that gets requests and the session ID is passed as GET search data (will make it POST later on). The request system works fine, but the problem is in the query. To do it I used inner joins to connect each table. This is my query (it is not the fastest method, but that's for another thread):
$q = "SET #evID = " . $method['sessID'] . ";";
$q .= "SELECT `athletes`.* FROM `events`
INNER JOIN `sets` ON `sets`.`EventID` = `events`.`EventID`
INNER JOIN `timetables` ON `timetables`.`SetID` = `sets`.`SetID`
INNER JOIN `times` ON `times`.`TableID` = `timetables`.`TableID`
INNER JOIN `athletes` ON `athletes`.`ID` = `times`.`AthleteID`
WHERE `events`.`EventID` = #evID
AND `times`.`TimeID` IN(
SELECT MIN(`TimeID`)
FROM `times`
WHERE `TableID` IN(
SELECT `TableID`
FROM `timetables`
WHERE `SetID` IN(
SELECT `SetID`
FROM `sets`
WHERE `EventID` = #evID
)
)
GROUP BY `AthleteID`
)";
Every single time I ran that in phpmyadmin it returned all the athletes, and the data was correct. However, when I run it in my script, the query value is false (such as if there is an error). I tried debugging like this:
$r = $db -> query($q);
var_dump($q);
var_dump($r);
var_dump($db->error);
The query is returned just fine (only difference is lack of newline characters), and when I copy what's returned in phpmyadmin the data is just the same. The rest however:
bool(false)
string(228) "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT `athletes`.* FROM `events` INNER JOIN `sets` ON `sets`.`EventID` = `...' at line 1"
Other users with the same problem have not really gone that far to find out if they're wrong, but I have. This post is not a duplicate, and I didn't find any solutions online. Could this be a problem with the amount of queries in a single string? (There is one for setting #evID and one for the actual selection). Please explain the solution and methods kindly as I'm only 13 and still learning...

As #NigelRen has suggested, please use parameterized prepared statement.
Assuming that
$sessionid is storing the value for EventID, and assuming that this variable is of integer type; and
$conn is the connection
Then for Mysqli, you can use:
//$q = "SET #evID = " . $method['sessID'] . ";";
$sql = "SELECT `athletes`.* FROM `events`
INNER JOIN `sets` ON `sets`.`EventID` = `events`.`EventID`
INNER JOIN `timetables` ON `timetables`.`SetID` = `sets`.`SetID`
INNER JOIN `times` ON `times`.`TableID` = `timetables`.`TableID`
INNER JOIN `athletes` ON `athletes`.`ID` = `times`.`AthleteID`
WHERE `events`.`EventID` = ?
AND `times`.`TimeID` IN(
SELECT MIN(`TimeID`)
FROM `times`
WHERE `TableID` IN(
SELECT `TableID`
FROM `timetables`
WHERE `SetID` IN(
SELECT `SetID`
FROM `sets`
WHERE `EventID` = ?
)
)
GROUP BY `AthleteID`
)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ii", $sessionid, $sessionid);
$stmt->execute();
$result = $stmt->get_result(); // get the mysqli result
$row = $result->fetch_assoc(); // fetch data
// do other things you want , such as echo $row['fieldname1'];

Using php functions in mysql update queries

$sql2 ="UPDATE table1,table2 SET table2.password2 = ".password_hash(."table1.password1".,PASSWORD_DEFAULT)." WHERE table1.username = table2.username";
I am trying to use Php functions in Mysql update queries instead of iteration, but it doesn't seem to work. Please let me know if there is anyway I can achieve this without iteration, if with Stored procedures I can, please give a small example as I have never made a stored procedure before, thanks in advance

The below code is working good for you :) .
$sql2 ="UPDATE table1,table2 SET table2.password2 = '".password_hash("table1.password1",PASSWORD_DEFAULT) ."' WHERE table1.username = table2.username";

Try With This Below Query:
"UPDATE table2 SET table2.password2 = (SELECT '".password_hash("table1.password1",PASSWORD_DEFAULT) ."'from table1 WHERE table1.username = table2.username)"

You are missing single quote, You can try like this
$pass = password_hash("table1.password1",PASSWORD_DEFAULT);
$sql2 ="UPDATE table1,table2 SET table2.password2 = '$pass' WHERE table1.username = table2.username";

Wordpress: using $wpdb->get_results instead of mysqli_query causes empty var

I'm trying to translate a query built with mysqli_query in a wordpress query.
The problem is that using $wpdb->get_results I'm getting no results at all. I've even tried with $wpdb->query and $wpdb->get_var with any results too.
$MYSQLi contains the database informations as you can imagine
Of course all the variables are fine! They have the correct values inside.
The old query
$check_last_conversation = mysqli_query($MYSQLi,"select * from vp_pms_messages inner join vp_pms_group_users on vp_pms_messages.id = vp_pms_group_users.message_id and vp_pms_messages.group_id = vp_pms_group_users.group_id where vp_pms_group_users.from_username = '".mysqli_real_escape_string($MYSQLi,$session_username)."' and vp_pms_group_users.from_del = '".mysqli_real_escape_string($MYSQLi,'0')."' or vp_pms_group_users.to_username = '".mysqli_real_escape_string($MYSQLi,$session_username)."' and vp_pms_group_users.to_del = '".mysqli_real_escape_string($MYSQLi,'0')."' group by vp_pms_messages.group_id ".$order_data_by_this." desc limit 8");
The Wordpress one
$check_last_conversation = $wpdb->get_results("select * from ".$wpdb->prefix."vp_pms_messages inner join ".$wpdb->prefix."vp_pms_group_users on ".$wpdb->prefix."vp_pms_messages.id = ".$wpdb->prefix."vp_pms_group_users.message_id and ".$wpdb->prefix."vp_pms_messages.group_id = ".$wpdb->prefix."vp_pms_group_users.group_id where ".$wpdb->prefix."vp_pms_group_users.from_username = '".$session_uid."' and ".$wpdb->prefix."vp_pms_group_users.from_del = '0' or ".$wpdb->prefix."vp_pms_group_users.to_username = '".$session_uid."' and ".$wpdb->prefix."vp_pms_group_users.to_del = '0' group by ".$wpdb->prefix."vp_pms_messages.group_id ".$order_data_by_this." desc limit 8");
Could it be some encoding issue? Cn you give me some directions? Thanks.

I assume your wp table prefix is vp_. If that's so, by doing $wpdb->prefix."vp_pms_messages you will get vp_vp_pms_messages which is non-existent table. Same goes for other tables. You can also check your php error logs as well as use plugin called Query Monitor to see if there are any error and other debugging

Have you set global $wpdb in your function?
If it's not that, then check the value $wpdb->last_error after the call to see what the issue may be.

mysqli and passing a query as parameter - no results

This is my code:
$sql = $_POST['sql'];
....
$result = $mysqli->query($sql);
This does not return any results. So i echoed the $sql variable and this is the result:
SELECT o.entity_id, o.increment_id FROM sales_flat_order o JOIN sales_flat_order_payment p ON o.entity_id = p.parent_id JOIN sales_flat_order_address a ON o.entity_id = a.parent_id WHERE a.country_id = \'DE\' ORDER BY o.entity_id DESC LIMIT 10;
Now, when I assign this to the $sql variable directly, it works. What could be the problem?
Thanks

Well, first you could test $result and output the last error with $mysqli->error when it's false, that would give you details on what's wrong.
Secondly, you should NOT execute a query that's coming from POST or GET parameter, that's how you allow anyone to do anything on your database with sql injection. That's a big security breach.
Thirdly, the issue is probably on POST encoding (note the quotes \'DE\') so if you urldecode and/or stripslashes your $sql it would probably work

PHP & MySQL: How can I use "SET #rank=0;" in $query=

In my PHP file, I use this line to pull data from my mySQL database:
$query = "SET #rank=0; SELECT #rank:=#rank +1 as rank, Blah Blah...";
If I check the SELECT statement in phpMyAdmin's SQL window (without $query= ) it works fine.
But, if I use it in PHP, then I get an error. It doesn't like the "SET #rank=0;" bit. Is there a way to use "SET #rank=0;" when it's in "$query=" ? Is there a workaround?
The rest of the code is standard stuff for pulling data from a db:
public function getmyData() {
$mysql = mysql_connect(connection stuff);
$query = "SELECT #rank:=#rank +1 as rank, formatted_school_name, blah blah";
$result = mysql_query($query);
$ret = array();
while ($row = mysql_fetch_object($result)) {
$tmp = new VOmyData1();
$tmp->stuff1 = $row-> stuff1;
$tmp->stuff2 = $row->stuff2;
$ret[] = $tmp;
}
mysql_free_result($result);
return $ret;
}
Update: I'm trying to use Amerb's suggestion of using multi-query. I concatenated the query like so:
$query = "SET #rank = 0";
$query .= "SELECT #rank:=#rank +1 as rank...
I changed the result to:
$result = $mysqli_multi_query($query);
But, it's failing for some reason. I'm on a machine running PHP 5.2. Any suggestions?

This guy here seems to have a way of setting the variable in the same query to zero. I don't have MySQL set on up on this machine to try it, though.
Here's the query he suggests in his blog post:
select #rownum:=#rownum+1 ‘rank’, p.* from player p, (SELECT #rownum:=0) r order by score desc limit 10;
(Is there some homework assignment coming due somewhere having to do with computing ranks? This is the third question I've seen on this in two days.)
Are you checking for duplicate scores?

Try executing it as 2 separate successive queries.

You have to enable the use of multiple queries in one, but i forgot how do do this at the moment. It's a security feature.

Use mysql_multi_query() or rather mysqli_multi_query() instead of mysql_query()

Categories