I recently made a CMS with mySQL and PDO following a video tutorial from PHPAcademy on youtube.
I want to add an edit function to it though.
I have the page done, but not the PHP to update the data.
So, I'm wondering, how would I update data in the database with PDO and save the new data?
I have this:
$query = $pdo->prepare("UPDATE articles 'article_content'=? WHERE 'id' = ?");
$query->bindValue(1, $_POST['content']);
$query->bindValue(2, $_POST['id']);
$query->execute()
;
You have 2 issues:
"UPDATE articles SET `article_content`=? WHERE `id` = ?"
One you are missing SET.
Two you are using single quotes for column names;use backticks
You are missing the keyword SET in your query
It should be
$pdo->prepare("UPDATE articles SET `article_content`=? WHERE `id` = ?");
----^
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I'm attempting to make a simple web app. I'm at the stage of creating the user profile section of it, and I'm stuck at allowing the user to upload their own profile picture. please see below for the query I'm using.
$username = $_SESSION['username'];
$insertImage = $db->prepare("UPDATE `members` SET `profile_pic` = ('$dbDirectory') WHERE `username` = $username");
$insertImage->execute($imageArray);
I can't work out how to add the username session in to the query correctly. Currently I just get the error
"SQLSTATE[42S22]: Column not found: 1054 Unknown column 'VALUE' in
'where clause'".
If I change my query to this.
$insertImage = $db->prepare("UPDATE `members` SET `profile_pic` = ('$dbDirectory') WHERE `profile_pic` = `profile_pic`");
The same image directory path is inserted into every users 'profile_pic' row.
I'm most probably missing something extremely small here, but I just can't resolve this issue, so would greatly appreciate any guidance/advice. Thanks in advanced
Text variables should be wrapped in quotes ''
$insertImage = $db->prepare("UPDATE `members`
SET `profile_pic` = '$dbDirectory'
WHERE `username` = '$username'");
But you should really be using parameters in your prepared queries, to avoid SQL Injection, then you dont need to worry about quoting text variables as it all gets dont by the PDO class, for example
$stmt = $db->prepare("UPDATE `members`
SET `profile_pic` = :pic
WHERE `username` = :uname");
$stmt->execute( array(':pic'=> $dbDirectory, ':uname'=>$username') );
Or
$stmt = $db->prepare("UPDATE `members`
SET `profile_pic` = :pic
WHERE `username` = :uname");
$stmt->bindParam(':pic', $dbDirectory, PDO::PARAM_STR);
$stmt->bindParam(':uname', $username, PDO::PARAM_STR);
$stmt->execute();
I am trying to get the id of the last record inserted in an mssql database using pdo via php. I HAVE read many posts, but still can't get this simple example to work, so I am turning to you. Many of the previous answers only give the SQL code, but don't explain how to incorporate that into the PHP. I honestly don't think this is a duplicate. The basic insert code is:
$CustID = "a123";
$Name="James"
$stmt = "
INSERT INTO OrderHeader (
CustID,
Name
) VALUES (
:CustID,
:Name
)";
$stmt = $db->prepare( stmt );
$stmt->bindParam(':CustID', $CustID);
$stmt->bindParam(':Name', $Name);
$stmt->execute();
I have to use PDO querying an MSSQL database. Unfortunately, the driver does not support the lastinsertid() function with this database. I've read some solutions, but need more help in getting them to work.
One post here suggests using SELECT SCOPE_IDENTITY(), but does not give an example of how incorporate this into the basic insert code above. Another user suggested:
$temp = $stmt->fetch(PDO::FETCH_ASSOC);
But, that didn't yield any result.
If your id column is named id you can use OUTPUT for returning the last inserted id value and do something like this:
$CustID = "a123";
$Name="James"
$stmt = "INSERT INTO OrderHeader (CustID, Name)
OUTPUT INSERTED.id
VALUES (:CustID, :Name)";
$stmt = $db->prepare( stmt );
$stmt->bindParam(':CustID', $CustID);
$stmt->bindParam(':Name', $Name);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
echo $result["id"]; //This is the last inserted id returned by the insert query
Read more at:
https://msdn.microsoft.com/en-us/library/ms177564.aspx
http://php.net/manual/es/pdo.lastinsertid.php
I have a really simple procedure I need to do, and no matter how much I debug or simplify, the record is not updating in the dbase. Assume everything is correct in terms of connection, etc. Pulling this from php and doing a MySQL call in PHPMyAdmin results in a correct record update on the table. I've tried using/not using quotes around adminId.
Any ideas?
$sampleString = "343r34c3cc43";
//Need to store the customer ID from sub system
$stmt2 = $mysqli->prepare("
UPDATE
admins
SET
chargebeeId = '?'
WHERE
adminId='22'
");
$stmt2->bind_param('s',
$mysqli->real_escape_string($sampleString)
);
$stmt2->execute();
For reference, adminId will be dynamic, with a bind_param 'i' in the application.
change this
chargebeeId = '?'
to
chargebeeId = ?
try this
$sampleString = "343r34c3cc43";
$sampleString = $mysqli->real_escape_string($sampleString) ;
$stmt2 = $mysqli->prepare("UPDATE admins
SET chargebeeId = ?
WHERE adminId='22' ");
$stmt2->bind_param('s', $sampleString);
$stmt2->execute();
I try to make prepared statament using pdo. It is possible to put several updates atonce?
Ex:
sql1 = "Update product set large = '1large' where id = 1";
sql2 = "Update product set large = '2large' where id = 2";
sql3 = "Update product set large = '3large' where id = 3";
How to prepare sql1,sql2....sqlN in Pdo to execute faster?
I found an example but it works line by line (sql1, sql2 ....)
<?php
$stmt = $dbh->prepare("UPDATE product SET large = ':large' WHERE id = ':id'");
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->bindParam(':large', $large, PDO::PARAM_STR);
$stmt->execute();
?>
Unlike inserts, which can be grouped into a single statement, updates are specific to an existing entry in the database.
Dependant on the broader context of what you are doing you may find a question like this of interest for bulk updates using CASE, WHEN, THEN:
Question: Update multiple rows with one query?
I'm just migrating my code from mysql_query style commands to PDO style and I ran into a problem. THe old code looked like this :
$query_list_menu = "SELECT ".$_GET['section_name']." from myl_menu_hide_show WHERE id='".$_GET['id']."'";
And the updated code looks like below. Apparently it's not working. I store in $_GET['section_name'] a string that represents a field name from the database. But I think there is a problem when I pass it as a variable. Is the below code valid ? Thanks.
$query_list_menu = "SELECT :section_name from myl_menu_hide_show WHERE id=:id";
$result_list_menu = $db->prepare($query_list_menu);
$result_list_menu->bindValue(':section_name', $_GET['section_name'] , PDO::PARAM_STR);
$result_list_menu->bindValue(':id', $_GET['id'] , PDO::PARAM_INT);
$result_list_menu->execute();
If $_GET['section_name'] contains a column name, your query should be:
$query_list_menu = "SELECT " . $_GET['section_name'] . " from myl_menu_hide_show WHERE id=:id";
Giving:
$query_list_menu = "SELECT :section_name from myl_menu_hide_show WHERE id=:id";
$result_list_menu = $db->prepare($query_list_menu);
$result_list_menu->bindValue(':id', $_GET['id'] , PDO::PARAM_INT);
$result_list_menu->execute();
The reason is that you want the actual name of the column to be in the query - you'd changed it to be a parameter, which doesn't really make much sense.
I'll also add that using $_GET['section_name'] directly like this is a massive security risk as it allows for SQL injection. I suggest that you validate the value of $_GET['section_name'] by checking it against a list of columns before building and executing the query.
There is no good and safe way to select just one field from the record based on the user's choice. The most sensible solution would be to select the whole row and then return the only field requested
$sql = "SELECT * from myl_menu_hide_show WHERE id=?";
$stmt = $db->prepare($query_list_menu);
$stmt->execute([$_GET['id']]);
$row = $stmt->fetch();
return $row[$_GET['section_name']] ?? false;