This is something I have been trying to figure out for a bit, it is the most simplest of queries that does not seem to want to work for me (only in php mysqli, works in console sql)
First I am using a prepared statement, merely looking for a match on a specialized id (from another service) to update the relation to use my primary key for easier searching on my end.
The query is as follows:
$query = "SELECT id
FROM {$this->config->dbprefix}{$table}
WHERE sf_id = ?
LIMIT 1";
I use this as one line, I split it up for better readability here
I then check that the prepare statement is valid (I do this in multiple places and it works everywhere else.
if(!($ret = $this->dbo->prepare($query))){
//handle error, this part is never called
}else{
//everything is fine, code in here is below
}
Up to here everything seems fine. Checking table and prefix manually shows they are working and referencing the proper table.
$ret->bind_param('s',$id);
$ret->execute();
$ret->bind_result($retId);
$ret->fetch();
$count = $ret->num_rows;
The problem is here, the query always returns 0 for the num_rows. Checking the query manually and trying it in console returns 1 result as it should. So far with it being such a simple query I just cannot wrap my head around why it would work elsewhere, but not here. I am sure this is the proper way to build it (I have many other queries structured similar).
Is there any kind of confusion I may be experiencing? Something easy to miss that could cause a query like this to not return results?
EDIT:
I have attempted further error handling, and trying an if test on execute does not trigger an error, though I will try more.
To expand I have a raw output of the $query variable and the id variable. By combining them and manually attempting the query in console I get the proper result. My thoughts are on somehow the prepare statement is escaping, causing the string variable $id to not properly match. Though that is just speculation.
You need to call store_result() before trying to access num_rows. Without it, the statement handle does not know how many rows are in the result set.
$ret->bind_param('s',$id);
$ret->execute();
$ret->bind_result($retId);
$ret->store_result();
$count = $ret->num_rows;
// perhaps add error handling based on number of rows here
$ret->fetch();
Related
This is odd. I'm running a query with just a single INSERT, preceded by a SET statement. The query looks something like this:
SET #discount:=(SELECT discount * :applyDiscount FROM fra_cus WHERE customerID=:customerID AND franchiseID=:franchiseID);
INSERT INTO discounts_applied (unitID, franchiseID, customerID, amount)
VALUES(:unitID, :franchiseID, :customerID, #discount * :price);
It appears that if I prepare these as two separate PDO queries, lastInsertID() works fine... but if I prepare them and execute them in the same statement, lastInsertID() returns nothing.
It's not the end of the world, but it's annoying. Anyone know why this would be the case? For the record, there's a reason I need to define #discount as a variable (pertains to triggers on one of the tables). Also this is all taking place within a larger transaction.
First of all, I would strongly recommend to run every query in a distinct API call. This is how an Application Programming Interface is intended to work.
It won't only prevent situations like this but also will make your code a multitude times more readable and maintainable.
And it will make your code much safer too. You can run multiple statements in a single call only at the expense of the native prepared statements. However virtual this vulnerability is, why taking chances at all?
Why not to make a regular SELECT query instead of SET, get the resulting value into a PHP variable and then use it among other variables, just through a placeholder? I don't see any reason why there should be such a complex way to deal with simple data.
In case I failed to convince you, the reason is simple. You are running two queries, and the first one doesn't trigger any insert ids. And obviously, you need this query's metadata (errors, affected rows, whatever), not the other one's first. So you get it. And to get the second'query's metadata you have to ask a database for it. The process is explained in my article: Treating PHP delusions - The only proper PDO tutorial: Running multiple queries with PDO. Basically PDOStatement::nextRowset() is what you need.
Hey I am trying to get the max id from in my database using a one line of code.
Have this code that is working, however I know that there is a better way to do without using three line of code. One more thing I am using xammp for my database.
$result = #mysqli_query($connection, "SELECT MAX(Cust_ID) FROM customer");
$row = mysqli_fetch_row($result);
$getlastID = $row[0];
I was hoping that someone can help me, please.
The fact is, with mysqli there are three steps to what you are doing. If you were using PDO, you could use fetchColumn to combine the last two steps into one.
Just for the sake of argument, you can actually combine those three lines of code into one, by wrapping the query in the fetch row and dereferencing the result directly:
$id = mysqli_fetch_row(mysqli_query($connection, 'SELECT MAX(Cust_ID) FROM customer'))[0];
I would not recommend doing it this way, though. It will be easier to debug your script if each of these instructions is executed in a separate statement. Less code is generally better, but not at the expense of maintainability.
Incidentally, you should avoid using the error control operator (#). If there are errors, you want to know about them so you can handle them rather than ignoring them. There may be some valid uses for it, but this is probably not one of them.
I have written a PHP OO class which will update 4 fields of a certain row in a table. For now the row is decided by a constant (user with name 'jip')
I have corrected the query in a previous post here, so i'm pretty sure the query itself is fine. So, there must be some sort of error within the class itself. Probaply the vars don't reach the query somehow. I have been looking for hours, but can't find the problem. I have linked both files of the class, since i downt know where the error is, the values just don't show up in the database. If anyone would like to check them, (s)he'd make my entire week! SO here is the link and i hope someone is willing to help :)
UpdateForm.php: http://pastebin.com/dUaZPrn6
Update.class.php: http://pastebin.com/6mnL4DzE
Try replacing mysqli_real_escape_string($conn, $variable) with
$conn->real_escape_string($variable);
For example,
$conn->real_escape_string($this->Lengte_update);
You're using the object-oriented style, so you can't use the procedural escape function. See the docs on mysqli::real_escape_string.
Edit:
The query isn't being executed. You assign the query to $query, but you need to call
$conn->query($query);
For anything to happen in the database.
So, I almost have my delete function working, I have the page loading correctly without any fatal errors but it's still not doing the trick.
Here is the portion of my while loop:
echo "<a href='http://www.###$#%##%#.org/Profile.php?id=".$prof->id."'>";
echo " delete";
echo "</a>";
And here's the portion of my query which is obviously wrong:
$query = "UPDATE `ProfileComments` SET `status` = 'dead' WHERE `id` = '".$prof->id."' LIMIT 1";
So, how do I get this to delete the comment on the page? And mark the status dead in the database?
From your sql it looks like you are doing a soft delete, which is fine. Your select statement needs to exclude comments that have a status of 'dead'
SELECT columns FROM ProfileComments WHERE status != 'dead' AND id = {$prof->id}
Of course that's a guess without seeing how you populate prof->id when you generate the link.
There's a couple of other problems with your post though:
As others have suggested, you should use parameterized queries otherwise you leave yourself open to sql injections
You shouldn't be doing the delete via a get request (using a naked anchor). Either do the delete using AJAX or via a form. Modifying server data via a get is a bad practice.
Just because you're not seeing fatal errors, your code doesn't have to behave like you want it to.
Examine the content of $prof->id by, inside of the loop, putting it through var_dump and then die, this will let you control what the property holds at the moment you want to print it out.
The same thing applies in your query, var_dump to see what it contains.
Not seeing more of your code (and not knowing your experience level), I'm not sure where you actually need help, so forgive me if my question/advice is obvious and too basic for you:
How is $prof->id getting populated in Profile.php? Are you pulling it off of the request (like so: $id = $_REQUEST["id"])?
And as Michael said, do please use parameterized queries. (If you don't care about children, at least think of the kittens!)
Your SQL statement looks fine, and the html code is fine too. To locate the problem
You need to make sure your SQL is getting the right parameter, the id in this case. just echo it out, if the id is missing or wrong you know $prof->id needs fixing.
also check the link dumped by your php, again does it contain the right id?
Make sure you don't have any errors before you execute the SQL, basically make sure that SQL query statement is called. and make sure your db connection is live.
When mysql statement is wrong it won't throw a fatal error, you need to print the error yourself by mysql_error().
I have a column called views in my table A. I want to increment the views column like so:
UPDATE A set views = views + 1 WHERE ID = blabla LIMIT 1;
This seems like the way to do it, at least to me.
Or so I thought.
Seems like when I (from PHP) do:
$views = get_viewcount($id);
$views++:
save_viewcount($id, $views); //here we just update views with the $views variable
This always works. But carries the penalty of an extra roundtrip to the DB with the get_viewcount and then incrementing it in PHP and sending it back. It always works.
The SQL statement above "sometimes" works. I know - I too hate the word "sometimes" in programming - but put another way, I cannot say WHEN but at times it doesn't increment it when I do it in SQL directly in one go.
Suggestions?
You need to isolate the bug in your system. It is very unlikely to be a problem with MySQL.
I would suggest running a ton of tests, and looking at database logs, etc. It is most likely the query is simply not getting executed due to some logic in your system, or due to the request dying/ending before it reaches the query.
You must be doing something wrong.
If you tell mysql:
UPDATE foo SET views = views+1 WHERE id = 1337;
it will increment it.
Try it on the command line.
Whatever code you're using to run the sql is failing, not the sql statement itself.
And what's the point of LIMIT=1 on an UPDATE query?
What I recommend doing is to set PHP to echo out the query it's running, the result it's getting back, etc., etc. Everything you possibly can. Look at SQL logs if applicable to see what queries are being run on what tables. Basically you need to see exactly where the fail point it.
When you state that the SQL statement sometimes works, is that on a basis of being called from your code, or being called via a mysql (assuming that is what you are using) prompt? If it's the prior, have you tried running it in a command prompt to see if you get the same result as your code? If not, then you can rule out the database and start looking specifically at your code.
Good luck!
I would look at where and when you do your BEGIN TRANSACTION / COMMIT processing.
It could be you are not checking the SQL return code and missing a "DEADLOCK" warning.