I am new to php, in my sql table I have a row with these columns:
id, custid, name, value
id is auto increment, custid is unique value, name is a enable (status parameter) and value set to true or false.
Now I just want to select a case where
$sql = 'cu_id FROM table WHERE name = 'enable' AND value = 'true'' ;
in a PHP file, but my php file says, line has syntax error, at enable.
Can anyone please have a look what is it :)
use double quotes,
$sql = "cu_id FROM table WHERE name = 'enable' AND value = 'true'";
but the best way to do is to use prepared statement to avoid from sql injection.
You have following errors in your query:
You are using single quotes within single quotes. You can fix this by wrapping double quoting the query string and keeping single quotes for column values. Or you can choose to escape the single quotes used in the values with a backslash, e.g. \'enable\'
Your table name is one of MySQL reserved words i.e. table. When you use one of MySQL reserved words you need to quote them with backticks e.g `table`.
Please try the following:
$sql = "cu_id FROM `table` WHERE name = 'enable' AND value = 'true'";
Use double quotes and instead of using true and false you can use 1 and 0. With default value 0 or 1 as you wish so that query will look like. You can also replace value as status
$sql = "select cu_id FROM table WHERE name = 'enable' AND status = 0";
Pass your query with in the double coats, it is the best practice
$sql = "cu_id FROM table WHERE name = 'enable' AND value = 'true'" ;
Related
I am not able to update MySQL table using PHP. How can I do that?
I have tried by changing the order of double quotes.
$name=mysql_real_escape_string($_POST["steel"]);
$db->execute("UPDATE order SET need=$name WHERE raw-id='1'");
It should store $name in the database.
You should wrap your $name with single quote, because you are trying to pass a string into the SQL
$db->execute("UPDATE order SET need='$name' WHERE `raw-id`='1'");
You should wrap your {$name} with single quote and bracket to , because need row is a string into the SQL
$db->execute("UPDATE order SET need='{$name}' WHERE `raw-id`='1'");
You need to wrap your column name in back-ticks because it has a dash in it, e.g:
$db->execute("UPDATE order SET need = '$name' WHERE `raw-id` = 1");
By referring to the manual I think you should first prepare your
query and then use execute() method. Something like this:
$query = "INSERT INTO myCity (Name, CountryCode, District) VALUES (?,?,?)";
$stmt = $mysqli->prepare($query);
$stmt->execute();
I'm not a newbie to PHP but I have encountered a [seemingly] simple problem which I cannot figure out how to resolve.
MySQL throws error that the syntax is wrong.
My Statement is this:
if($value){
$query = "UPDATE ".$preuploads." SET words = '$words_amount' WHERE id= $sn_id";
$db->sql_query( $query ) or die( mysql_error() );
}
And then $words_amount is an integer, $sn_id is also an integer. They are double checked.
The statement when printed before execution is as follows:
UPDATE SET uploads words = '250' WHERE id= 8081
// edited, with the name of table added since the problem primarily was
// with the encapsulation and the name of table just was dropped in this question
// and not in the app
however words value ('250') is tested with integer data-type as well, but no change occurs and the error lingers on.
And the error thrown is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET words = '250' WHERE id= 8081' at line 1
If I understand your question (and preuploads is a table), then
$query = "UPDATE ".$preuploads." SET words = '$words_amount' WHERE id= $sn_id";
should be
$query = "UPDATE ".$preuploads." SET words = '".$words_amount."' WHERE id=".$sn_id;
Or, even better prepare and use bind_param,
$stmt = $mysqli->prepare("UPDATE ? SET words=? WHERE id=?");
$stmt->bind_param($preuploads, $words_amount, $snd_id);
$stmt->execute();
check your string ($words_amount) has any single quotes ' if it is then remove it by using this option on php $words_amount=string_replace("'","/'",$your_string_variable);
I have found two errors:
First, not encapsulation of the data should occur, thus:
$words_count should be left as is, not to be encapsulated with '
And the table and fields name should be encapsulated with backtick
I think your having problem with name of table. The syntax for update query is
UPDATE table_name SET words = '250' WHERE id= 8081
I am trying to update a column for a certain user with PHP/MySQL. What is the proper way for me to set that equal to a variable?
$style is equal to a value that is from a form (post).
When setting 'style' equal to a string value that is also in single quotes, I do not get an error. I only get an error when setting 'style' equal to a variable.
$query = "UPDATE `users`
SET `style` = $style
WHERE `id` = $userid;";
Thank you very much.
You still have to put quotes around the variable as they are needed to tell MySQL that is a string. Remember, the variables are interpolated before the query is sent to the MySQL server. So $style is replaced by it's value before the query is run.
$query = "UPDATE `users`
SET `style` = '$style'
WHERE `id` = $userid;";
This query had previously worked, now when it is run again we get Unknown Column in field list error.
The query works well if we do not use variables and set raw data. The columns match those in the database.
$update_order_id = "UPDATE order_tbl SET o_process=$process, o_payment=$payment, o_paymentType=$paymenttype WHERE o_id=$orderid AND o_active='1'";
You need wrap single quotes for the values in the query as
o_process='$process'
etc
So the query will be as below. For string values its necessary.
$update_order_id = "UPDATE order_tbl
SET o_process='$process',
o_payment='$payment',
o_paymentType='$paymenttype'
WHERE o_id= '$orderid' AND o_active='1'";
You might need to surround your variables with quotes, only integer columns doesn't need quotes.
$update_order_id = "UPDATE order_tbl SET o_process='$process', o_payment='$payment', o_paymentType='$paymenttype' WHERE o_id='$orderid' AND o_active='1'";
How can I increment an int in a cell of a MySQL database? I know that auto-increment is no use because I never want to add a new row, just update an existing one. I'm currently using this (POST var used for clarify, is verified in the real code):
$columnToUpdate = 'type'.$_POST['voteid'];
$query = "UPDATE myTable $columnToUpdate = $columnToUpdate+1 WHERE id=1;";
if(!mysql_query($query)) {
echo json_encode(array('success' => false, 'message' => 'Update failed: '.mysql_error()));
exit;
}
In the database I have 6 fields, id, type1, type2, type3, type4, type5, and a single row with id set to 1. The intention is to recieve a number (1-5), and build a reference to the correct column before updating the field. That results in Update failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=type4+1 WHERE id=1' at line 1, so I guess it's not getting the field value out properly before it increments.
Once this is working I'm also going to need to decrement a field in the same way, unless its value is 0. So for bonus points, can I do all this in one query or would it be better to split it up?
I think you've missed the keyword 'SET' from your query - try
$query = "UPDATE myTable SET $columnToUpdate = $columnToUpdate+1 WHERE id=1;";
Edit:
To do the "decrement unless it's zero" you could use something like:
UPDATE myTable SET $columnToUpdate =
CASE $columnToUpdate
WHEN 0 THEN 0
ELSE $columnToUpdate - 1
END CASE
WHERE id=1;`
For bonus points, to decrement:
$query = "UPDATE myTable SET '$columnToUpdate' = '$columnToUpdate'-1 WHERE id=1 AND '$columnToUpdate' > 0";
Besides the injection issues, it seems as if your workflow may need some work. Are you sure you want to choose the column that will be updated based on POST variable? It seems like you would specify the column and use the variable to find the record that needs to be updated:
IE:
"UPDATE myTable SET votes=votes+1 WHERE id=$post_variable;"
Again you should send the variable as a parameterized query to protect yourself from SQL injection.