I can update my columns dynamically, but I dont know how to update it with set values (stupid I know)
This is my sql code that updates the columns with set values:
if (isset($_POST['delete'])) {
$sql = 'UPDATE users SET user_deletion_date = NOW(), user_deleted_by = '.$_SESSION['id'].', deleted = Y
WHERE user_id = ?';
if ($stmt->prepare($sql)) {
// bind the query parameters
$stmt->bind_param('i', $_GET['user_id']);
// bind the result to variables
$stmt->bind_result($user_id, $user_deletion_date, $user_deleted_by, $deleted);
// execute the query, and fetch the result
$done = $stmt->execute();
$stmt->fetch();
}
}
if ($done) {
header('Location: update_users_confirm.php');
exit;
}
this doesn't update the table at all, I know that the issue is with my bind_param, could someone please help
Michael B's answer is mostly likely the solution. Change the $_GET to $_POST
Related
on my first UPDATE statement, im trying to have my WHERE value contain the variable $couponCode but it does not work as of now. This is so that the correct row updates depending on what the input is. any help would be appreciated.
if ($couponCode == $coupons_db3['coupon_code']){
echo $couponCode;
$stmt = $db->prepare('UPDATE promocode_3 SET used = 1 WHERE coupon_code ='.$couponCode);
$stmt = $db->prepare('UPDATE usr_customer_profile SET packageid = 3 WHERE usrcustomerid = :usrcustomerid');
$stmt->bindValue(':usrcustomerid', $_SESSION['usrcustomerid'], PDO::PARAM_INT);
$stmt->execute();
break;
}
You need to bind the couponCode as well.
if ($couponCode == $coupons_db3['coupon_code']){
echo $couponCode;
$stmt = $db->prepare('UPDATE promocode_3 SET used = 1 WHERE coupon_code =:couponCode');
$stmt->bindValue(':couponCode', $couponCode, PDO::PARAM_STR);
$stmt->execute();
$stmt = $db->prepare('UPDATE usr_customer_profile SET packageid = 3 WHERE usrcustomerid = :usrcustomerid');
$stmt->bindValue(':usrcustomerid', $_SESSION['usrcustomerid'], PDO::PARAM_INT);
$stmt->execute();
break;
}
Edit
Please ignore.. #Bira's answer is more accurate
Try this:
$stmt = $db->prepare("UPDATE promocode_3 SET used = 1 WHERE coupon_code ='".$couponCode."'");
you missed the quote in coupon code value.
P.S. I don't know which database you are using. Please mention that next time. :)
This should work but it's not an ideal case for a prepared statement because in case of prepared statements you should give parameters only at the time of execution.
"prepare" should only compile an sql statement and parameters should be passed later on.
I am trying to insert data into my db using PDO. I have been successful until now but the following error has happened to me and I do not know the reason.
My goal is to insert data into three different tables at once ussing transactions. In the last two tables the records come from multiple checkboxes and store them as an array is not an option. I have been successful in storing the multiple values from the checkboxes when I only use first two queries but as soon as I add the third query in the transaction only the last value from the while is included into the database.
It's very strange because when I save the data into the user and language table using the while it works fine including all data but when I added the third query. The program stops working as I intended and the data base only receive the last record for both language and education table.
I get the following data from a html form and I send it to the class:
if($_POST){
// set values to object properties
$user->firstname=$_POST['firstname'];
$user->lastname=$_POST['lastname'];
$user->user_id=$_SESSION['user_id'];
// Data for the language table, second query in class function
while(list($key,$value) = each($_POST['language']))
{$user->language=$value;}
while(list($key,$value) = each($_POST['level']))
{$user->level=$value;}
// Data for the education table, third query in class function
while(list($key,$value) = each($_POST['studies']))
{$user->studies=$value;}
while(list($key,$value) = each($_POST['insti']))
{$lawyer->institution=$value;}
while(list($key,$value) = each($_POST['from']))
{$user->from_start=$value;}
while(list($key,$value) = each($_POST['to']))
{$user->to_end=$value;}
// create the user
if($user->registeruser()){
echo "<div class=\"alert alert-info\">";
echo "Registration completed, thank you. In the following 24 hours a member of our team will contact you. ";
echo "</div>";
}else{
echo "<div class=\"alert alert-danger\" role=\"alert\">Unable to register. Please try again.</div>";
}
}
The class function is written as follow:
function registeruser(){
try {
$this->conn->beginTransaction();
$query = "UPDATE
users
SET
firstname = :firstname,
lastname = :lastname,
WHERE
id = :id";
// prepare query statement
$stmt = $this->conn->prepare($query);
// bind variable values
$stmt->bindParam(':firstname', $this->firstname);
$stmt->bindParam(':lastname', $this->lastname);
$stmt->bindParam(':id', $this->user_id);
// execute the query
$stmt->execute();
$query = 'INSERT INTO language (user_id,language,level) VALUES (?,?,?)';
$stmt = $this->conn->prepare($query);
$stmt->bindParam(1, $this->user_id);
$stmt->bindParam(2, $this->language);
$stmt->bindParam(3, $this->level);
$stmt->execute();
$query = 'INSERT INTO education (user_id,studies,school,from_start,to_end) VALUES (?,?,?,?,?)';
$stmt = $this->conn->prepare($query);
$stmt->bindParam(1, $this->user_id);
$stmt->bindParam(2, $this->studies);
$stmt->bindParam(3, $this->institution);
$stmt->bindParam(4, $this->from_start);
$stmt->bindParam(5, $this->to_end);
$stmt->execute();
$this->conn->commit();
return true;
} catch (Exception $e) {
$stmt->rollBack();
return false;
}
}
Thank you in advance.
PD: There is not error from db or php code. The problem is that the second and third query in the transaction are not inserting the multiple values from checkboxes into the DB, only the last. When I only include two queries into the transaction all values from the checkboxes are included the different table.
I don't know why this query won't return a value because when I copy the "echoed" portion into phpmyadmin I do get a record returning:
echo $_GET["cname"];
// Query template
$sql = 'SELECT C.cid FROM `Contact` C WHERE C.email="'.$_GET["cname"].'"';
echo $sql;
// Prepare statement
$stmt = $conn->prepare($sql);
$stmt->execute();
$stmt->bind_result( $res_cid);
echo $res_cid;
$res_cid is apparently 0, but I don't know why because when I paste that query manually into phpmyadmin I do get a value... So why doesn't it return anything?
As already mentioned in the comments - you should make sure your code is secured. You better use the bindparam for that.
As for your question - after you execute your query and bind_result you should also fetch to get the actual value from the database, based on your query:
// Prepare statement
$stmt = $conn->prepare($sql);
$stmt->execute();
$stmt->bind_result( $res_cid);
// Fetch to get the actual result
$stmt->fetch();
echo $res_cid;
I'm trying to update MySQL table recored by any calculated form values in php, but it doesn't work. May you help me please thank you.
You should use mysqli with prepared statements, like so.
I hope this is enough for you, you gave me nothing to work with so...
<?php
//Get the form value and ID of the database record to update
$value = $_POST['value']; // Value submitted by a form element (replace this with whatever you want to change)
$id = $_POST['id']; //ID, could be of the user etc. (this will be a primary key inside the database) (does not have to be submitted via POST, I assume you know this already)
//Establish a new mysql connection
$mysqli = new mysqli($db_host,$db_user,$db_pass,$db_name);
//Set up a query
$query = "UPDATE table SET column_one=? WHERE id=?";
//Prepare the statement
$stmt = $mysqli->prepare($query);
//Bind the parameters
// 'si' = in the order of submitted valurs (column_one=? and id=?) (column_one is s and id is i, s is for string, i is for integer) (this defines what types of variables we are sending)
$stmt->bind_param('si', $value, $id);
//Execute the query
if($stmt->execute()){
//Get the amount of affected rows
$affected = $stmt->affected_rows(); //Should only be 1, but if your ID or whatever you're using to define which parts of the DB to update is not unique, then it can go higher ofc.
//Show success
echo "Database updated, $affected rows affected";
}else{
//Show error
echo "Error, say that this is shown, on stack overflow, as there's obviously something wrong.";
}
//Close the stmt/mysqli stuff
$stmt->close();
$mysqli->close();
I am trying to select from a mySQL table using prepared statements. The select critera is user form input, so I am binding this variable and using prepared statements. Below is the code:
$sql_query = "SELECT first_name_id from first_names WHERE first_name = ?";
$stmt = $_SESSION['mysqli']->prepare($sql_query);
$stmt->bind_param('s', $_SESSION['first_name']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == '1') {
$stmt->bind_result($_SESSION['first_name_id']);
$stmt->fetch();
} else {
$stmt->close();
$sql_query = "INSERT INTO first_names (first_name) VALUES (?)";
$stmt = $_SESSION['mysqli']->prepare($sql_query);
$stmt->bind_param('s', $_SESSION['first_name']);
$stmt->execute();
$_SESSION['first_name_id'] = $_SESSION['mysqli']->insert_id;
}
$stmt->close();
Obviously my code is just determining whether or not the first_name already exists in the first_names table. If it does, it returns the corresponding ID (first_name_id). Otherwise, the code inserts the new first_name into the first_names table and gets the insert_id.
The problem is when a user enters a name with an escape character ('Henry's). Not really likely with first names but certainly employers. When this occurs, the code does not execute (no select or insert activity in the log files). So it seems like mySQL is ignoring the code due to an escape character in the variable.
How can I fix this issue? Is my code above efficient and correct for the task?
Issue #2. The code then continues with another insert or update, as shown in the code below:
if (empty($_SESSION['personal_id'])) {
$sql_query = "INSERT INTO personal_info (first_name_id, start_timestamp) VALUES (?, NOW())";
} else {
$sql_query = "UPDATE personal_info SET first_name_id = ? WHERE personal_info = '$_SESSION[personal_id]'";
}
$stmt = $_SESSION['mysqli']->prepare($sql_query);
$stmt->bind_param('i', $_SESSION['first_name_id']);
$stmt->execute();
if (empty($_SESSION['personal_id'])) {
$_SESSION['personal_id'] = $_SESSION['mysqli']->insert_id;
}
$stmt->close();
The issue with the code above is that I cannot get it to work at all. I am not sure if there is some conflict with the first part of the script, but I have tried everything to get it to work. There are no PHP errors and there are no inserts or updates showing in the mySQL log files from this code. It appears that the bind_param line in the code may be where the script is dying...
Any help would be very much appreciated.
you should validate/escape user input before sending it to the db.
checkout this mysql-real-escape-string()