The problem is on :soundid if I type manually soundid='soundidfromPOST' received from POST, the row is updated, but with soundid=:soundid ... nothing. Why?
PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION and error_reporting enabled.
public function save($args) {
$userid = Controller::getUserConnection();
if ($userid) {
$soundid = $_POST['soundid'];
$track_title = $_POST['track_title'];
$track_artist = $_POST['track_artist'];
$track_album = $_POST['track_album'];
$track_genre = $_POST['track_genre'];
$track_description = $_POST['track_description'];
$played = 1;
$statement = $this->_db->prepare("UPDATE sounds SET title=:track_title, artist=:track_artist, album=:track_album, genre_id=:track_genre, description=:track_description, played=:played WHERE soundid=:soundid AND userid=:userid AND ip=:ip");
$statement->bindParam(':soundid',$soundid,PDO::PARAM_STR);
$statement->bindParam(':userid',$userid,PDO::PARAM_INT);
$statement->bindParam(':track_title',$track_title,PDO::PARAM_STR);
$statement->bindParam(':track_artist',$track_artist,PDO::PARAM_STR);
$statement->bindParam(':track_album',$track_album,PDO::PARAM_STR);
$statement->bindParam(':track_genre',$track_genre,PDO::PARAM_INT);
$statement->bindParam(':track_description',$track_description,PDO::PARAM_STR);
$statement->bindParam(':ip',$_SERVER['REMOTE_ADDR'],PDO::PARAM_STR);
$statement->bindParam(':played',$played,PDO::PARAM_INT);
$statement->execute();
echo 'saved!';
}
}
I would do the following to make it cleaner and because you don't need to bind everything explicitly (please note I didn't use all your variables):
Assign all your post data that you want to use in the query to an array:
$data = array(
'userid' => $userid,
'sounddid' => $_POST['soundid'],
'track_title' => $_POST['track_title'],
'track_artist' => $_POST['track_title'],
'ip' => $_SERVER['REMOTE_ADDR'],
);
Write you query:
$sth = $this->_db->prepare("
UPDATE sounds SET
title = :track_title,
artist = :track_artist
WHERE soundid = :soundid
AND userid = :userid
AND ip = :ip
");
Pass in your data array to be executed:
$result = $sth->execute($data);
Related
PHP 7.2.21
Database is on MS SQL, and the database connection is working
I have found and read sqlsrv_num_rows Not Returning Any Value. I have updated the $options based on the solution, but my code still does not return any results.
If I run the query in SQL, I get 8 records, so I know the data is there.
$sql = "SELECT * FROM Question WHERE Category = 'HD';";
$params = array();
$options = array( "Scrollable" => 'keyset' );
$stmt = sqlsrv_query( $conn, $sql, $params, $options );
if( $stmt === false ) { reportSQLError($sql, $params); }
$maxHDQ = sqlsrv_num_rows($stmt);
The code itself is ok and should work. What are the values for $stmt and $maxHDQ?
It is suddenly working
I just removed 'HD' from the query and added it to $params and this seems to have resolved everything.
I am not sure why it is working this way as the final query sent to SQL comes out the same either way I run it, however it does work.
$sql = "SELECT * FROM Question WHERE Category = ?;";
$params = array('HD');
$options = array( 'Scrollable' => 'buffered' );
$stmt = sqlsrv_query( $conn, $sql, $params, $options );
if( $stmt === false ) { reportSQLError($sql, $params); }
$maxHDQ = sqlsrv_num_rows($stmt);
i want to store the posted parameters to my function in an array,
i am using slim 3
My question
is the request->getparam('') how i should get the parameters
posted ?
should i bind them ? if so to what should i bind them since i am
not using :Adminusera :Adminuserb :Adminuserc anywhere
is there a way i could place for example this in my array value :Adminusera instead of $userA ?
my code:
//IS THIS HOW I GET THE POSTED PARAMETERS To My Function ?
$userA = $request->getParam('usera');
$userB = $request->getParam('userb');
$userC = $request->getParam('userc');
$sql = "SELECT *FROM admins";
try {
$db = new db();
$db = $db->connect();
$stmt = $db->prepare($sql);
$stmt->bindParam(':Adminusera', $userA);
$stmt->bindParam(':Adminuserb', $userB);
$stmt->bindParam(':Adminuserc', $userC);
$stmt->execute();
$admin = $stmt->fetch(PDO::FETCH_OBJ);
$db = null;
if(!empty($admin)){
$newUsers = array('a' => $userA, 'b' => $userB, 'c' => $userC);
print_r($newUsers);
}
}
Turns out i don't need to use bindparam i could just do it like this
$userA = $request->getParam('usera');
$userB = $request->getParam('userb');
$userC = $request->getParam('userc');
$sql = "SELECT *FROM admins";
try {
$db = new db();
$db = $db->connect();
$stmt = $db->prepare($sql);
$stmt->execute();
$admin = $stmt->fetch(PDO::FETCH_OBJ);
$db = null;
if(!empty($admin)){
$newUsers = array('a' => $userA, 'b' => $userB, 'c' => $userC);
print_r($newUsers);
}
}
thus i need to send the post request to my function using x-www-form-urlencoded
$app->get('/view/appointment/:databaseID/:userID/:appointmentID', function($databaseID, $userID, $appointmentID) use($app) {
$params['databaseID'] = $databaseID; //$request->getAttribute('databaseID');
$id = $userID; //$request->getAttribute('userID');
$date = $appointmentID; //$request->getAttribute('appointmentID');
$sql = "SELECT imapt_date, imapt_start_time, imapt_end_time, imapt_patient_id, imapt_procedure
from im_ap_timetable inner join im_practioner on
im_ap_timetable.impract_id=im_practioner.impract_id inner join
im_users_cd on im_practioner.user_id=im_users_cd.user_id
where im_users_cd.user_id = :id and im_ap_timetable.imapt_date = :date";
try {
$db = getDB($params['databaseID']);
$stmt = $db->prepare($sql);
$query = compact('id');
$stmt->execute($query);
$patient = $stmt->fetchAll(PDO::FETCH_ASSOC);
$status = array('success' => '200');
echo json_encode(compact('patient','status'));
} catch (Exception $e) {
$status = array('error' => $e->getMessage());
echo json_encode(compact('status'));
}
});
You have two placeholders: :id and :date.
But you bind only one - :id.
You need to bind :date too. In your case it is:
$query = compact('id', 'date');
You may use the bindParam method to bind the parameters to your SQL query.
http://php.net/manual/en/pdostatement.bindparam.php
You may also pass them into an array within your execute method.
$stmt->execute($query, [':id' => $id, ':date' => $date]);
I have a problem with my query, it returns nothing.
if($champ == "type_id")
{
$bdd = new PDO("mysql:dbname=maruecondi_db;host=localhost","root","");
$request = $bdd->prepare('SELECT * FROM type_commercant WHERE type=:old');
$request->execute(array(':old' => $old));
while($row = $request->fetch())
{
$bdd1 = new PDO("mysql:dbname=maruecondi_db;host=localhost","root","");
$request1 = $bdd1->prepare('UPDATE commercant SET type_id=:type_id WHERE id=:id');
$request1->execute(array(':type_id' => $row['id'],':id' => $id));
}
}
I'm getting variables from ajax request (JQUERY) and i initialize them before, i avoid you the code.
Other requests on the page works.
I have currently no way to see if somethings got wrong, due to ajax call. (No php orange boxes / pdo message)
I tried to solve to problems, and i discovered that we go into the if.
I deleted the first query which contains the while, i replaced $row['id'] by a value, and i worked.
Since the beginning, i keep copying and pasting the connection to my database so no problem.
So my problem is here:
$request = $bdd->prepare('SELECT * FROM type_commercant WHERE type=:old');
$request->execute(array(':old' => $old));
while($row = $request->fetch())
I don't see what i've done wrong...
$request = $bdd->prepare('SELECT * FROM type_commercant');
$request->execute();
while($row = $request->fetch())
This works, so i tried this:
$request = $bdd->prepare('SELECT * FROM type_commercant');
$request->execute();
while($row = $request->fetch())
{
if($row['type'] == $old)
{
$request1 = $bdd->prepare('UPDATE commercant SET type_id=:type_id WHERE id=:id');
$request1->execute(array(':type_id' => $row['id'],':id' => $id));
}
}
We don't go in the condition if($row['type'] == $old), but i delete this condition, and when i replace with something like this:
while($row = $request->fetch())
{
$request1 = $bdd->prepare('UPDATE commercant SET adresse=:type_id WHERE id=:id');
$request1->execute(array(':type_id' => $row['id'],':id' => $id));
}
It works... i checked $row['type'], $row['id'], $old in array(':type_id' => $row['id'], all variable got the string attented. So what's the problem?
Thanks in advance !
Hmm, how to say that...
I was updating the data with the old data i explain myself:
$bdd = new PDO("mysql:dbname=maruecondi_db;host=localhost","root","");
$request = $bdd->prepare('SELECT id FROM type_commercant WHERE type=:old');
$request->execute(array(':old' => $old));
was getting the old ID from type_commercant, and i was doing this:
$request1 = $bdd1->prepare('UPDATE commercant SET type_id=:type_id WHERE id=:id');
$request1->execute(array(':type_id' => $row['id'],':id' => $id));
So i replaced the old ID by... the old ID.
Sorry for that mistake, thanks anyway for reading me and trying so solve this problem :D
Try to call PDO::exec() for doing UPDATE or DELETE .
$bdd = new PDO("mysql:dbname=maruecondi_db;host=localhost","root","");
if($champ == "type_id")
{
$stmt = $bdd->prepare('SELECT * FROM type_commercant WHERE type=:old');
$stmt->execute(array(':old' => $old));
$rows = $stmt->fetchAll();
// Uncomment this to know what you get
// var_dump($rows);
foreach ( $rows as $row ) {
$bdd->exec(
"UPDATE commercant
SET type_id = " . $bdd->quote($row['id']) .
" WHERE id = " . $bdd->quote($id)
);
}
}
You can use this code for debugging.
var_dump( $bdd->errorInfo() );
Don't get me wrong PDO is great but what I don't like about it, is how variables are placed far away from the place they belong inside the SQL statement. Meaning I have a query like:
$stmt = $dbh->prepare("SELECT * FROM users WHERE email = ? AND pass = ?");
The variables that are replacing the ? are always far away some lines below:
$stmt->bindParam(1, $email);
$stmt->bindParam(2, $pass);
If you have a lot of parameters this can get quite ugly. Using :email instead of ? does not make it much better. Sometimes you see the parameters as array in the same methode like:
$db->query("SELECT * FROM users WHERE email = ? AND pass = ?",
array($email, $pass));
A little bit better but with 10 variables it is still ugly. You practically create a variable ? you only use once. Also code highlighting is not supported for this pseudo variable.
I think it would be nicer to have it like this
$db->prepare("SELECT * FROM user WHERE email = ", $email, " AND pass = ", $pass);
You could even include the parameters of binParam() like this:
$db->prepare_new(
"SELECT * FROM user WHERE email = ", array($email, PDO::PARAM_STR),
" AND pass = ", $pass);
I wounder if there is a library that supports this type of style. Do you know one?
If always every even parameter will be parameter you can do it like this:
class MyPDO extends PDO {
public function prepareQuery() {
$query_str = "";
$params = array();
foreach(func_get_args() as $key => $param) {
if( $key % 2 == 0 ) {
$query_str .= $param;
}
else {
$params[] = $param;
$query_str .= ' ? ';
}
}
$prepared = $this->prepare($query_str);
foreach( $params as $key => $param ) {
$prepared->bindParam( $key+1, $param );
}
return $prepared;
}
}
and then you can use it as you wanted:
$db = new MyPDO( .. );
$db->prepareQuery("SELECT * FROM user WHERE email = ", $email, " AND pass = ", $pass);
PS: not tested - just a concept
A lot of the point of having ? and :email is that you can reuse the query multiple times. For example:
$stmt = $pdo->prepare("SELECT true FROM user WHERE email = :email");
$stmt->execute(array($email1));
$stmt->execute(array($email2));
// etc.
Having specific variables in the query removes this functionality entirely.
If you wanted, you could always extend or comprise PDO, though:
class DB {
private $pdo;
public function executeQuery($query, $args) {
$stmt = $this->pdo->prepare($query);
$stmt->execute($args);
}
}
$db->executeQuery("SELECT true FROM user WHERE email = :email", array($email1));
This hides the functionality of PDO that you dislike.
UPDATE:
This is an unusual way of doing things, but it seems to be what you're after:
$pdo->query("SELECT true FROM user WHERE email = " . $pdo->quote($email));
http://us2.php.net/manual/en/pdo.quote.php
You could put something similar to this into a function:
$stmt = $dbh->prepare("SELECT * FROM users WHERE email = :email AND pass = :pass");
$arr = array(
'email' => 'test#test.com',
'pass' => 'secret'
);
foreach($arr as $key => $val){
$stmt->bindParam(':'.$key, $val);
}
Example:
function myBindParams($stmt, $bindings){
foreach($bindings as $key => $val){
$stmt->bindParam(':'.$key, $val);
}
return $stmt;
}
$stmt = $dbh->prepare("SELECT * FROM users WHERE email = :email AND pass = :pass");
$arr = array(
'email' => 'test#test.com',
'pass' => 'secret'
);
$stmt = myBindParams($stmt, $arr);