Well I have that code:
$query="INSERT INTO ".$db_prefix."members (badges) VALUES ('$id_badge') WHERE id_member = '$user_id'";
And PHP drop me that error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id_member = '1'' at line 1
What can I do? :/
SORRY FOR EVERY PERSON WHO HAS REPLY TO ME I WAS WORNG WITH THE $QUERY, I HAVE EDITED TO THE CORRECT QUERY, NOW YOU CAN ANSWER ME. THANKS. :D
To every person that have voted me down, I'm starting in mysql... ¬¬
Try it like
$query="UPDATE ".$db_prefix."members SET badges = '$id_badge' WHERE id_member = '$user_id'";
You need to UPDATE the table not INSERT.And Try to avoid mysql_* statements due to the entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_*, is officially deprecated as of PHP v5.5.0 and will be removed in the future.
There are two other MySQL extensions that you can better Use: MySQLi and PDO_MySQL, either of which can be used instead of ext/mysql.
You can't use WHERE in INSERT INTO. Use UPDATE command:
$query = "UPDATE " . $db_prefix . "members SET badges = '" . $id_badge . "' WHERE id_member = '" . $user_id . "'";
You are doing wrong do not insert data just update it
#mysql_query("UPDATE ".$db_prefix."members SET badges = '".$id_badge."' WHERE member_id='".$user_id."'");
$query = "UPDATE '".$db_prefix."members'
SET badges=$id_badge
WHERE id_member =".$user_id;
try putting up below line:
$query = mysql_query("SELECT `badges` FROM ".$db_prefix." members WHERE `id_member` = ".(int)$id_del_usuario."");
your second query:
$query="INSERT INTO ".$db_prefix."members SET (badges) VALUES (".$id_badge.") WHERE `id_member` = ".$user_id."";
Related
I have a Mysql Database named user. Here is a picture:
I want to change the Username of the user "dodlo.rg" programmatically.
Actually, I have the PHP-Version 7.1. And this is a part of my PHPCode:
EDITED CODE:
$newName= $_POST["changeT"];
$userId = $_POST["userId"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1"
Thanks in advance.
The problem lies in 2 parts.
Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error.
Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error.
Therefore your working code should be:
$newName= $_POST["changeT"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. (eg. where user_id = 35 instead of where username = 'dodlo.rg' ).
Lastly, but quite important this code might be vulnerable to sql injections. You need to use prepared statements.
You have to convert this query into two parts
$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";
How to use php var as same as column name in php mysql ?
When access to this site
www.example.com/test.php?column=member_no&id=5
I will get $_GET['column'] = member_no and $_GET['id'] = 5
Then when i test below code why data not update ?
$sql = "UPDATE table SET '".mysql_real_escape_string($_GET['column'])."' = '0' WHERE id = '".mysql_real_escape_string($_GET['id'])."' ";
$dbQuery = mysql_query($sql);
Use of Mysql Field name in PHP has its own convention, you can't use ' for a filed name, You need to use ` or left blank.
$sql = "UPDATE table SET `".mysql_real_escape_string($_GET['column'])."` = '0' WHERE id = '".mysql_real_escape_string($_GET['id'])."'";
$dbQuery = mysql_query($sql);
Note: mysql_* is depreciated in upper level PHP version and removed
from PHP 7.*, So please avoid use them and start with mysqli_* or
PDO.
I want to select one field (MessageCounter) from my database. Its type is int(11). And I want to increase it.
Here's how I try to select it:
$q = "SELECT MessageCounter FROM " . TBL_USERS . " WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
then I try to add 1 to it:
$messagecount = $result + 1;
$field = "MessageCounter";
$q = "UPDATE " . TBL_USERS . " SET " . $field . " = '$messagecount' WHERE username = '$username'";
return mysql_query($q, $this->connection);
And in the database it updates to 19. If I add other number instead of 1, say 3, I get 21. So the $result is somehow equal to 18.
HOWEVER, if I try to update the database with the same unchanged result - it updates the field to 0.
Does anyone have any idea what is happening?
You cannot add 1 to $result - first you need to fetch the value out of it:
$row = mysql_fetch_row($result);
$messagecount = $row[0] + 1;`
BTW - at this stage of learning, you should abandon the deprecated mysql_ functions and switch to mysqli or PDO instead. Do it right now.
mysql_query() returns a Resource and not a normal variable on which you can perform addition operation.
and as n-dru suggested you should switch to PDO or mysqli coz mysql extension is deprecated in PHP 5.5.0 and it's removed from PHP 7.0.0.
read here
I have php script like this
$query = "select * where userid = 'agusza' ";
$result = mysql_query($query) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
echo $result;
}
when I execute, the result like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where userid = 'agusza'' at line 1
But when I run that sql in sqlserver, it running well
Anybody has solution ?
$query = "select * from table_name where userid = 'agusza' ";
See the corrections I have made. You haven't used the right syntax for SELECT query
You didn't select a table using FROM. Without that, it does not know which table you are selecting data from.
You should also stop using mysql as it is deprecated. Use mysqli or PDO as they are safer.
You are also echoing the wrong variable in your while loop, try this:
while ($row = mysql_fetch_array($result) {
echo $row['column_name'];
}
$query = "select * from table where userid = 'agusza'";
Right now, you're not telling which table SQL should look in.
You should format your query like so:
select * from `TableName` where userid='agusza'
In your query below you doesnt state the database table where you should get that data using FROM
$query = "select * where userid = 'agusza' "; // instead of this
$query = "select * FROM declaredtable where userid = 'agusza' "; used this
i am relatively new in php.The problem that i am facing while i inserting values into 'leave' table of my database. the error is given below..
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where lid = 4' at line 1
and here is my code
<?php
include_once 'config.php';
$accept = "accepted";
mysql_query("insert into `leave` (`action`) values ('$accept') where lid = ".$_GET['id'] , $dbCon ) or die(mysql_error());
header('location: admin_leave.php');
?>
You need to use update for this not insert
mysql_query("update leave set `action` ='$accept' where lid = ".$_GET['id'] , $dbCon ) or die(mysql_error());
and don't use mysql_* they are depreciated link: http://php.net/manual/en/function.mysql-db-query.php . Use either PDO/mysqli
INSERT can't use with WHERE, may be you are looking for UPDATE
mysql_query("UPDATE `leave` SET `action`='$accept' where lid = ".$_GET['id'] , $dbCon ) or die(mysql_error());
Your queries are full open for SQL Injection. Start using Mysqli OR PDO with prepared statement.