In my php script for a gallery, I need to update my table.
I am using the following code, but the code does nothing:
mysql_query(' "update gallery_photos set photo_caption = replace(photo_caption,"\\\'","\'") "');
Can you tell me how to get it to work or point me in the right direction?
Try
mysql_query("UPDATE gallery_photos SET photo_caption = REPLACE(photo_caption,'\\\'','\'') ");
You have the escaping and ' and " mixed in a wrong way.
The thing is, there are two unescapings: Once in PHP, then in MySQL.
So '\\\\' becomes "\\" in PHP and then "\" in MySQL.
And now I found out that even StackOverflow spoils it for us as it unescapes too. So to write "\\" here I had to write "\\\\" :)
Try this with removing single quotes at start and end.
mysql_query("update gallery_photos set photo_caption = replace( photo_caption,'\\\'','\'') ");
try doing this
$que = mysql_query("select * from gallery_photos");
$fet = mysql_fetch_object($que);
$pc = $fet->photo_caption;
$pc2 = replace($pc,"'\\\'","'\'") ;
$update = mysql_query("update gallery_photos set photo_caption='$pc2'");
if (!$update) {
echo "Error : <br>";
echo "".mysql_error()."";
}else {
echo "Updated ..!!";
}
Related
Require("dbconnect.php");//works is used on other another page
echo $Customer_id;//Displays correctly
Can anyone help?
First Check that use session variable is getting the data or not.
If the Customer id is of varchar then you are missing single inverted comma in where clause.
session_start();
$Customer_id = $_SESSION['id'];
Require("dbconnect.php");//works is used on other another page
$sql = "SELECT Job_id FROM Job";
$sql.= " WHERE Job_Customer_id = '$Customer_id'";
$stmt = $dbh->query($sql);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$Job_id = $row['Job_id'];
echo $Customer_id;//Displays correctly
echo $Job_id;//Curently dose not display anything
Change the $sql.= line to this:
$sql.= " WHERE Job_Customer_id = '$Customer_id'"
with the ' around $Customer_id.
I am trying to print out some topic information, but it is not going so well. This is my query:
SELECT * FROM topics WHERE id='$read'
This doesn't work. I've echo'ed the $read variable, it says 1. So then if I do like this:
SELECT * FROM topics WHERE id='1'
It works perfectly. I don't get what is the problem. There's no hidden characters in $read or anything else like that.
Try like this:
$query = "SELECT * FROM topics WHERE id='" . $read . "'"
ID is normally a numeric field, it should be
$id = 1;
$query = "SELECT * FROM topics1 WHERE id = {id}"
If you are using strings for some reason, fire a query like
$id = '1';
$query = "SELECT * FROM topics1 WHERE id = '{$id}'"
SELECT * FROM topics WHERE id=$read
it consider it as string if you put i single quotes
I wonder why all the participants didn't read the question that clearly says that query with quotes
SELECT * FROM topics WHERE id='1'
works all right.
As for the question itself, it's likely some typo. Probably in some other code, not directly connected to $read variable
try
$query = sprintf("SELECT * FROM topics WHERE id='%s';",$read);
Also remember to escape the variable if needed.
Looks like you might have an issue with the query generation as everyone else is pointing to as well. As Akash pointed out it's always good to build your query in to a string first and then feed that string to the MySQL API. This gives you easy access to handy debugging techniques. If you are still having problems try this.
$id = 1;
$query = "SELECT * FROM `topics1` WHERE `id`={$id}";
echo ": Attempting Query -> {$query}<br />";
$res = mysql_query($query, $dblink);
if($res <= 0)
die("The query failed!<br />" . mysql_error($dblink) . "<br />");
$cnt = mysql_num_rows($res);
if($cnt <= 0)
{
$query = "SELECT `id` FROM `topics1`";
echo "No records where found? Make sure this id exists...<br />{$query}<br /><br />";
$res = mysql_query($query, $dblink);
if($res <= 0)
die("The id listing query failed!<br />" . mysql_error($dblink) . "<br />");
while($row = mysql_fetch_assoc($res))
echo "ID: " . $row['id'] . "<br />";
}
This will at least let you monitor between calls, see what your query actually looks like, what mysql says about it and if all else fails make sure that the ID you are looking for actually exists.
try with this : SELECT * FROM topics WHERE id=$read
I tried to use this php scipt to remove html tags from a table row.
(select the data, strip_tags the string and update the row)
I would be more than thankful for help to find whats wrong.
The "select" is working and i can "echo" or "print" the result and the "strip_tags" is also working.
But, the data is not updated to the table row ? Somthing wrong with the "update" lines?
<?php
include_once ("classes/config.php");
$sql = "SELECT * FROM group_profile WHERE indexer = 4300741";
$query = mysql_query($sql);
$result = #mysql_fetch_array($query);
$group_name = $result['group_description'];
$group_description = strip_tags($group_description, '<p>');
$sql1 = "UPDATE group_profile SET group_name = $group_description WHERE indexer = 4300741";
mysql_query($sql1);
#mysql_close();
?>
did you try this:
$sql1 = "UPDATE group_profile SET group_name = \'" . mysql_real_escape_string($group_description) . "\' WHERE indexer = 4300741";
The problem is here:
$group_name = $result['group_description'];
$group_description = strip_tags($group_description, '<p>');
You are using strip_tags on an undefined variable.
I am guessing you want something like:
$group_description = strip_tags($result['group_description'], '<p>');
And the you need to quote the variable in the sql statement:
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = 4300741";
Edit: It seems that escaped data comes back un-escaped from the database, so the correct line would be:
$group_description = mysql_real_escape_string(strip_tags($result['group_description'], '<p>'));
But prepared statements all the way is the way to go....
$group_description = strip_tags($result['group_description'], '<p>');
$sql1 = "UPDATE group_profile SET group_name = \"" . mysql_real_escape_string($group_description) . "\" WHERE indexer = 4300741";
This way, we strip tags from the right variable, and escape it before inserting into the DB.
It would be even better to use a prepared query. See a tutorial here: http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html
$group_description=mysql_real_escape_string($group_description);
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = '4300741'";
Another point to add to the UPDATE query not working, for debugging only add this to your query line to get a descriptive error message if their is a problem with the query:
mysql_query($query) or die(mysql_error());
Remove the or die after debugging the issue, it could help you resolve the problem, or at least confirm the update is failing because of a syntax error in the query. IE like people said the missing quotes.
$group_description is not in quotes, so it would be throwing an error and not updating. I would try this:
$group_description = addslashes(strip_tags($group_description, '<p>'));
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = 4300741";
Looks like you're missing quotes:
$group_description=mysql_real_escape_string($group_description);
$sql1 = "UPDATE group_profile SET group_name = '$group_description' WHERE indexer = 4300741";
<?php
require('dbconnect.php');
$indexno = $_POST['indexno'];
$cevap = $_POST['cevap'];
$cevapdate = gmdate("Y-m-d\TH:i:s\Z");
$query = "UPDATE soru
SET cevap = '$cevap',
cevapdate = '$cevapdate'
WHERE `index` = '$indexno'";
$link = mysql_query($query);
if(!$link) {
die('not worked: ' . mysql_error());
} else {
mysql_close($con);
echo 'worked';
}
?>
Outcome of this php code is "Worked." but there is no change in the database. The thing is Im trying to update the cevap and cevapdate fields on a row by index id.
You need to remove the single quotes from aroud the index. You should not put single quotes around a column name while writing a query. Write your query this way -
$query = "UPDATE soru SET cevap = '$cevap', cevapdate = '$cevapdate' WHERE index = '$indexno'";
You have to escape your rows/table with backticks, not single-quotes.
$query = "UPDATE `soru`
SET `cevap` = '$cevap', `cevapdate` = '$cevapdate'
WHERE `index` = '$indexno'";
Also, you should escape your user input to prevent SQL injections.
I have a problem with integers in MySQL. I am trying to update a cell which stores an integer. However, I have problem with the type of that cell. Actually it is type is set to int but when I retrive the data I always get 0 and I belive it is because of the problem about how I am trying to get it. Here is my code sample;
function updateNumb($username) {
$query = "SELECT `num` FROM `profiles` WHERE `nick`='" . $username . "'";
$result = mysql_query($query, $this->conn) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$row['num'] = $row['num'] + 1;
$numb = (int)$row['num'] + 1;
//here I update the data.
$query = "UPDATE `profiles` SET `num`=" . $numb . " WHERE `nick`='".$username."'";
mysql_query($query, $this->conn) or die(mysql_error());
return $numb;
}
Can it be because of mysql_fetch_array stuff? Or how could I overcome this problem?
replace partisayisi with num
There is nothing wrong with the code you provided, maybe it's not doing what you really need, for example num is incremented twice, but there are no visible mistakes that would make it return 0, at least not in what we can see.
Make sure you provide valid username, try to echo your query before sending to mysql to see what it really looks like, maybe try this query yourself in mysql client or phpmyadmin to see what's going on.
Also if the only thing you need is to increment num for some user you can do it in one update, you don't need to use select to get that number:
UPDATE profiles set num=num+1 WHERE nick='somenick'