Hi i'm just wondering if this is possible
$pass_esc = mysql_real_escape_string($pass);
$user_esc = mysql_real_escape_string($user);
$query = "UPDATE users SET user_password = PASSWORD('$pass_esc') WHERE user_name = '$user_esc'";
I don't know if its just me or it is really not possible because everytime i use this i get an error and if i use this
$pass_esc = $pass;
$user_esc = $user;
$query = "UPDATE users SET user_password = PASSWORD('$pass') WHERE user_name = '$user_esc'";
it's fine on my end.
You forgot to put $.
Old query.
$query = "UPDATE users SET user_password = PASSWORD('$pass_esc') WHERE user_name = 'user_esc'";
New query:
$query = "UPDATE users SET user_password = PASSWORD('$pass_esc') WHERE user_name = '$user_esc'";
Related
I'm having issues with making a page where only band members can access their own band pages.
Each band in my band table has four columns $bandm1 $bandm2 $bandm3 and $bandm4.
I tried to make a script that drew the session username, and then drew the band_id from the url, and that was successful. but when i tried:
the script didn't work. is it a problem with my AND/OR statements?
EDIT:
here's my full code:
$user = $_SESSION['user_name'];
$get_user = "
select *
from users
where user_name = '$user'
";
$run_user = mysqli_query($con,$get_user);
$row=mysqli_fetch_array($run_user);
$user_name = $row['user_name'];
if(isset($_GET['band_id'])) {
$band_id = mysqli_real_escape_string($con, $_GET['band_id']);
if (ctype_alnum($band_id)){
$q = "SELECT * FROM bands WHERE band_id = '$band_id' ";
$r = mysqli_query($con, $q);
if($r){
while($row=mysqli_fetch_array($r)){
$band_id = $row['band_id'];
$band_name = $row['band_name'];
}
}
}
?>
FROM bands
WHERE band_id = '$band_id'
and (bandm1 = $user_name) OR (bandm2 = $user_name)
OR (bandm3 = $user_name) OR (bandm4 = $user_name)
it works, BUT when i replace the select with:
SELECT * FROM bands WHERE band_id = '$band_id' and (bandm1 = $user_name) OR (bandm2 = $user_name) OR (bandm3 = $user_name) OR (bandm4 = $user_name)";
it stops working
Try adding parentheses to your query:
SELECT * FROM bands WHERE band_id = '$band_id' and ( (bandm1 = $user_name) OR (bandm2 = $user_name) OR (bandm3 = $user_name) OR (bandm4 = $user_name) )
Edit :
You probably need some quotes around these variables, not sure how your script is built, but something like this :
$query = "SELECT * FROM bands WHERE band_id = '".$band_id."' and ( bandm1 = '".$user_name."' OR bandm2 = '".$user_name."' OR bandm3 = '".$user_name."' OR bandm4 = '".$user_name."' )";
I want to select the highest value in a table:
$max = "SELECT MAX(pid) FROM pic";
Then pass that value into a PHP variable:
$results_max = $conn->query($max);
$highest_val = $results_max->fetch_assoc();
To then use again in a SQL insert statement:
$sql_update = "UPDATE users
SET username = '$username', pid = '$highest_val'
WHERE username = '$username'";
However i tested out the value i got from my first select statement ($highest_val) and it returns "Array". Does anyone know what I am doing wrong?
Edit:
$sql_update = "UPDATE users
SET username = '$username', pic_id = '$highest_val[pid]'
WHERE username = '$username'" ;
You need to create alias of MAX(pid);
$max = "SELECT MAX(pid) as pid FROM pic";
Now you fetch max pid using
$results_max = $conn->query($max);
$highest = $results_max->fetch_assoc();
$highest_val =$highest['pid'];// pass column name here
And your Update query would be
$sql_update = "UPDATE users
SET username = '".$username."', pid = '".$highest_val."'
WHERE username = '".$username."'";
I'm trying to make an last activity function for an website. but i can't get it to work. I hope you guys can help me out here.
this is my query:
$last_activity_query = "UPDATE users_table SET user_name = '$user_name' WHERE 'date_last_inlog' = NOW()";
$result_update = mysql_query($last_activity_query);
$last_activity_update = mysql_fetch_array($result_update);
this is an print screen of my database table:
I want to store this update in the last row.
Thanks in advance!
i've changed my script now but its still not changing anything in my database table.
this is the change:
if (isset($_REQUEST['inlog_submit'])){//checks if form is submitted
$user_name = $_REQUEST['username_input'];//request username from inlog_form
$password = $crypt;//gets enqrypted pass
//$tbl_name="user_table"; // Table name
$query = "SELECT * FROM users_table WHERE user_name= '$user_name' AND password='$password'";//query stored in var
$last_activity_query = "UPDATE users_table SET 'date_last_inlog' = NOW() WHERE user_name = '$user_name'";
$result = mysql_query($query);//var with result of query
$result_update = mysql_query($last_activity_query);
if ($user_name = mysql_fetch_array($result)){//checks inlog data from form with the $result query
$_SESSION['user_name'] = $user_name[user_name];//creates session with username
$_SESSION['password'] = $password[password];//creates session with password
$last_activity_update = mysql_fetch_array($result_update);
header ('Location: admin.php');//when login is correct redirect to specified page
}else{
$error_inlog = 10;//when inlog data is incorrect this error will show
}
}
?>
Your SQL query is in the wrong order.
$last_activity_query = "UPDATE users_table SET 'date_last_inlog' = NOW() WHERE user_name = '$user_name'";
Your logic is incorrect. Use this:-
"UPDATE users_table SET 'date_last_inlog' = NOW() WHERE user_name = '$user_name'";
You are using this :-
UPDATE users_table SET user_name = '$user_name' WHERE 'date_last_inlog' = NOW()
You are trying to update user_name column where the date_last_inlog column value is equal to the current time which is logically incorrect.
How do I select a value from a database where username is based on the session?
This is what I have so far:
$query = mysql_query ("select id from CUSTOMER where username = .$_SESSION['username'] ");
If username is in session cookie then grab the username like this
$username = $_SESSION['username'];
$escuname = mysql_real_escape_string($username);
$query = mysql_query("select id from CUSTOMER where username = '".$escuname."' LIMIT 1");
$query = mysql_query("select id from CUSTOMER where username = '".$_SESSION['username']."'");
Session variable in your query wasn't parsed properly. You could fix it using curly bracers syntax:
$query = mysql_query( "select id from CUSTOMER where username = '{$_SESSION[ "username" ]}'" );
or concatenate it using dot operator:
$query = mysql_query ( "select id from CUSTOMER where username = '" . $_SESSION[ "username" ] . "'" );
You can find more about parsing strings in PHP manual.
The function is supposed to update the values in the database.
Here is the code:
//Functions
//Function to Update users networth
function update_net($name)
{
//Get worth & balance at the time
$sql_to_get_worth_balance = "SELECT * FROM user WHERE username = '$name'";
$sql_query = mysql_query($sql_to_get_worth_balance);
while ($rows = mysql_fetch_assoc($sql_query))
{
$worth = $rows['worth'];
$balance_ = $rows['cash_balance'];
}
//Get net_worth now
$new_net_worth = $worth + $balance;
//Update net_worth
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
$sql_worth_query = mysql_query($sql_worth);
}
It is used here:
//Get username
$username = $_SESSION['username'];
if (isset($username))
{
//Update networth
$update_worth = update_net($username);
You probably want a WHERE clause on the end of this query:-
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
e.g.
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth' WHERE username = '$name';
You're forgetting the where name=$name part in the update query (which will update the entire table!)
I hope your $name can never hold user entered data because your sql is vulnarable to injection.
Maybe:
//Update net_worth
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
$sql_worth_query = mysql_query($sql_worth);
Should Read:
//Update net_worth
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
$sql_worth_query = mysql_query($sql_for_new_worth);
May be you should commit transaction?