It has been awhile since I have messed with for loops and was wondering if this is possible:
Here is what I have:
$mn = $_POST['mnpoints'];
$mi = $_POST['mipoints'];
$in = $_POST['inpoints'];
$wi = $_POST['wipoints'];
These grab numbers from a form once the submit button is clicked it will the use the following code to update the MySQL database
for ($i = 0; $i <=4; $i++ )
{
mysql_query("UPDATE " . $db_table . " SET `score` = `score` + <VARIABLE HERE> WHERE id=$i") or die (mysql_error());
}
What would be the best way to accomplish this? I can always change the variables to be $m1 - $m4 and the just use $m$i
Just wondering if there is another way or a better way
Thanks
Put your variables into an array:
$values = array($mn, $mi, $in, $wi);
Then iterate over it using foreach, or index it using $i.
Note: Your code is vulnerable to SQL injection attacks. I strongly suggest you read up on mysqli, prepared statements etc.:
http://php.net/manual/en/book.mysqli.php
The mysql interface is officially deprecated and should not be used anymore.
How does 'mnpoints' and 'inpoints' etc... relate to "score"?If you're just looking at dumping all those values and adding them togetherm, then:
$score = $mn + $mi + $in + $wi;
$sql = "UPDATE ... SET score=score+$score";
function bulkUpdateSingleColumn($table, $id_column, $update_column, array &$idstovals){
$sql = "update $table set $update_column = CASE $id_column ";
foreach($idstovals as $id=>$val){
$sql .= " WHEN '$id' THEN '$val' \n";
}
$sql .= " END
WHERE $id_column in (" . implode(',', array_keys($idstovals)) . ")";
//debugging info
echo '<small>'.$sql.'</small>';
$idstovals=array();
db_query($sql);
done();
}
Related
I am trying to be lazy (or smart): I have 7 checkboxes which correlate with 7 columns in a MySQL table.
The checkboxes are posted in an array:
$can = $_POST['can'];
I've created the following loop to dump the variables for the MySQL insert:
for($i=1;$i<8;$i++){
if($can[$i] == "on"){
${"jto_can".$i} = 'Y';
}
else{
${"jto_can".$i} = 'N';
}
}
print_r($jto_can1.$jto_can2.$jto_can3.$jto_can4.$jto_can5.$jto_can6.$jto_can7);
This correctly outputs:
YYNYYYY
However, when I attempt to use those variables in my MySQL update, it doesn't accept the changes.
mysqli_query($db, "UPDATE jto SET jto_can1 = '$jto_can1', jto_can2 = '$jto_can2', jto_can3 = '$jto_can3', jto_can4 = '$jto_can4', jto_can5 = '$jto_can5', jto_can6 = '$jto_can6', jto_can7 = '$jto_can7' WHERE jto_id = '$id'")or die(mysqli_error($db));
Can anyone explain why the print_r displays the variables whereas MySQL update does not?
Stick with the array, and form the query dynamically:
$sql = 'UPDATE jto SET ';
$cols = array();
foreach( range( 1, 7) as $i) {
$value = $_POST['can'][$i] == 'on' ? 'Y' : 'N'; // Error check here, $_POST['can'] might not exist or be an array
$cols[] = 'jto_can' . $i . ' = "' . $value . '"';
}
$sql .= implode( ', ', $cols) . ' WHERE jto_id = "' . $id . '"';
Now do a var_dump( $sql); to see your new SQL statement.
this is not a mysql problem. mysql will only see what you put into that string. e.g. dump out the query string BEFORE you do mysql_query. I'm guessing you're doing this query somewhere else and have run into scoping problems. And yes, this is lazy. No it's not "smart". you're just making MORE work for yourself. What's wrong with doing
INSERT ... VALUES jto_can1=$can[0], jto_can2=$can[1], etc...
Generating the statement elements
I am trying to create an MSSQL prepared statement in a generic way.
Basically, I loop trough the fields, and add them to the prepared SQL string and to the reference parameter (scroll down to see the code).
This results in (names removed):
Prepared query: :
INSERT INTO table
([field],[field],[field],[field],[field],[field],[field],[field],[field],[field],[field],[field],[field],[field],[field],VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)
and
sPrepStatement:
return array(&$aLine[0],&$aLine[1],&$aLine[2],&$aLine[3],&$aLine[4],&$aLine[5],&$aLine[6],&$aLine[7],&$aLine[8],&$aLine[9],&$aLine[10],&$aLine[11],&$aLine[12],&$aLine[13],&$aLine[14]);
Preparing the statement
I've tried the following 4 approaches to get this to work with the sqlsrv_prepare statement:
$oSQLStmnt = sqlsrv_prepare($dbhandle, $sPreppedSQL, eval($sPrepStatement));
$fReturnPrepVals = function(){ return eval($sPrepStatement); } ;
$oSQLStmnt = sqlsrv_prepare($dbhandle, $sPreppedSQL, $fReturnPrepVals);
$oSQLStmnt = sqlsrv_prepare($dbhandle, $sPreppedSQL,$aPrepValues);
$oSQLStmnt = call_user_func_array('sqlsrv_prepare',array($dbhandle,$sPreppedSQL, eval($sPrepStatement)));
This either does not work, or inserts blanks into the database.
This is the loop that executes the SQL:
foreach ($aLines as $iLineNum => $sLine) {
$aLine = explode('|', $sLine);
print_r($aPrepValues);
print_r(eval($sPrepStatement));
sqlsrv_execute($oSQLStmnt);
}
The eval($sPrepStatement) works just fine, which makes sense. But I assume it is 'parsed too early' to work in the prepare statement. It should actually only be parsed as the query is executed, but I'm at a loss how to achieve that.
Code for the generation of sql statements:
<?php
//Setup the basic query
$sSql = "INSERT INTO " . $sQName . "\n";
$sFieldNames = "(";
$sValues = "VALUES(";
//This will be evalled to prepare the query, so inserting will be easy.
$sPrepStatement = "return array(";
//FieldIndex to keep track of the current column number
$iFI = 0;
$aLine = array();
foreach ($aSQLQueries[$sQName]['fields'] as $sFieldName => $sQ) {
$sFieldNames .= "[" . $sFieldName . "],";
$sValues .= "?,";
//Init the $aLine var to prevent errors
$aLine[$iFI] = '';
//This will be evalled, so no "" as that would parse it directly
//The values wil be passed by reference
$sPrepStatement .= '&$aLine[' . $iFI . '],';
//Different approach
$aPrepValues[] = &$aLine[$iFI];
$iFI++;
}
$sFieldNames = substr($sFieldNames, 0, -1) . ")";
$sValues = substr($sValues, 0, -1) . ")";
$sPrepStatement = substr($sPrepStatement, 0, -1) . ");";
$sPreppedSQL = $sSql . $sFieldNames . " " . $sValues;
I ended up making it work with PDO, only to find that it could not handle millions of imports at a time, so I eventually used CSV import
Long before I knew anything - not that I know much even now - I desgined a web app in php which inserted data in my mysql database after running the values through htmlentities(). I eventually came to my senses and removed this step and stuck it in the output rather than input and went on my merry way.
However I've since had to revisit some of this old data and unfortunately I have an issue, when it's displayed on the screen I'm getting values displayed which are effectively htmlentitied twice.
So, is there a mysql or phpmyadmin way of changing all the older, affected rows back into their relevant characters or will I have to write a script to read each row, decode and update all 17 million rows in 12 tables?
EDIT:
Thanks for the help everyone, I wrote my own answer down below with some code in, it's not pretty but it worked on the test data earlier so barring someone pointing out a glaring error in my code while I'm in bed I'll be running it on a backup DB tomorrow and then on the live one if that works out alright.
I ended up using this, not pretty, but I'm tired, it's 2am and it did its job! (Edit: on test data)
$tables = array('users', 'users_more', 'users_extra', 'forum_posts', 'posts_edits', 'forum_threads', 'orders', 'product_comments', 'products', 'favourites', 'blocked', 'notes');
foreach($tables as $table)
{
$sql = "SELECT * FROM {$table} WHERE data_date_ts < '{$encode_cutoff}'";
$rows = $database->query($sql);
while($row = mysql_fetch_assoc($rows))
{
$new = array();
foreach($row as $key => $data)
{
$new[$key] = $database->escape_value(html_entity_decode($data, ENT_QUOTES, 'UTF-8'));
}
array_shift($new);
$new_string = "";
$i = 0;
foreach($new as $new_key => $new_data)
{
if($i > 0) { $new_string.= ", "; }
$new_string.= $new_key . "='" . $new_data . "'";
$i++;
}
$sql = "UPDATE {$table} SET " . $new_string . " WHERE id='" . $row['id'] . "'";
$database->query($sql);
// plus some code to check that all out
}
}
Since PHP was the method of encoding, you'll want to use it to decode. You can use html_entity_decode to convert them back to their original characters. Gotta loop!
Just be careful not to decode rows that don't need it. Not sure how you'll determine that.
I think writing a php script is good thing to do in this situation. You can use, as Dave said, the html_entity_decode() function to convert your texts back.
Try your script on a table with few entries first. This will make you save a lot of testing time. Of course, remember to backup your table(s) before running the php script.
I'm afraid there is no shorter possibility. The computation for millions of rows remains quite expensive, no matter how you convert the datasets back. So go for a php script... it's the easiest way
This is my bullet proof version. It iterates over all Tables and String columns in a database, determines primary key(s) and performs updates.
It is intended to run the php-file from command line to get progress information.
<?php
$DBC = new mysqli("localhost", "user", "dbpass", "dbname");
$DBC->set_charset("utf8");
$tables = $DBC->query("SHOW FULL TABLES WHERE Table_type='BASE TABLE'");
while($table = $tables->fetch_array()) {
$table = $table[0];
$columns = $DBC->query("DESCRIBE `{$table}`");
$textFields = array();
$primaryKeys = array();
while($column = $columns->fetch_assoc()) {
// check for char, varchar, text, mediumtext and so on
if ($column["Key"] == "PRI") {
$primaryKeys[] = $column['Field'];
} else if (strpos( $column["Type"], "char") !== false || strpos($column["Type"], "text") !== false ) {
$textFields[] = $column['Field'];
}
}
if (!count($primaryKeys)) {
echo "Cannot convert table without primary key: '$table'\n";
continue;
}
foreach ($textFields as $textField) {
$sql = "SELECT `".implode("`,`", $primaryKeys)."`,`$textField` from `$table` WHERE `$textField` like '%&%'";
$candidates = $DBC->query($sql);
$tmp = $DBC->query("SELECT FOUND_ROWS()");
$rowCount = $tmp->fetch_array()[0];
$tmp->free();
echo "Updating $rowCount in $table.$textField\n";
$count=0;
while($candidate = $candidates->fetch_assoc()) {
$oldValue = $candidate[$textField];
$newValue = html_entity_decode($candidate[$textField], ENT_QUOTES | ENT_XML1, 'UTF-8');
if ($oldValue != $newValue) {
$sql = "UPDATE `$table` SET `$textField` = '"
. $DBC->real_escape_string($newValue)
. "' WHERE ";
foreach ($primaryKeys as $pk) {
$sql .= "`$pk` = '" . $DBC->real_escape_string($candidate[$pk]) . "' AND ";
}
$sql .= "1";
$DBC->query($sql);
}
$count++;
echo "$count / $rowCount\r";
}
}
}
?>
cheers
Roland
It's a bit kludgy but I think the mass update is the only way to go...
$Query = "SELECT row_id, html_entitied_column FROM table";
$result = mysql_query($Query, $connection);
while($row = mysql_fetch_array($result)){
$updatedValue = html_entity_decode($row['html_entitied_column']);
$Query = "UPDATE table SET html_entitied_column = '" . $updatedValue . "' ";
$Query .= "WHERE row_id = " . $row['row_id'];
mysql_query($Query, $connection);
}
This is simplified, no error handling etc.
Not sure what the processing time would be on millions of rows so you might need to break it up into chunks to avoid script timeouts.
I had the exact same problem. Since I had multiple clients running the application in production, I wanted to avoid running a PHP script to clean the database for every one of them.
I came up with a solution that is far from perfect, but does the job painlessly.
Track all the spots in your code where you use htmlentities() before inserting data, and remove that.
Change your "display data as HTML" method to something like this :
return html_entity_decode(htmlentities($chaine, ENT_NOQUOTES), ENT_NOQUOTES);
The undo-redo process is kind of ridiculous, but it does the job. And your database will slowly clean itself everytime users update the incorrect data.
i'm using this mysql query alongwith php to search for multiple keywords:
$query = "SELECT cQuotes, vAuthor, cArabic, vReference FROM ".$table." WHERE (";
$countFields = count($arrayFields);
while ($a < $countFields)
{
while ($b < $countSearch)
{
$query = $query."$arrayFields[$a] LIKE '%$arraySearch[$b]%'";
$b++;
if ($b < $countSearch)
{
$query = $query." AND ";
}
}
$b = 0;
$a++;
if ($a < $countFields)
{
$query = $query.") OR (";
}
}
$query = $query.")";
$result = mysql_query($query, $conn)
i'd like to reuse this query with a few modifications to it (for instance, the WHERE clause remains the same, while i query the number of rows using COUNT), but it doesn't seem practical to repeat the code again for a few additions. any suggestions?
I don't understand exactly what you're doing since there's code missing, but I'd suggest the following:
Don't use while with arrays; use foreach it's much more compact and that's what it was made for.
Don't concatenate strings manually, use implode()
Don't add complexity to your SQL to count result; use MYSQL's FOUND_ROWS() instead.
On a somewhat unrelated note I'd suggest upgrading from PHP's mysql library to mysqli. It allows multiple queries, which will make your life easier.
You could pull that code out into a separate function, then send it a parameter telling the function what version of the query you want. The function would then construct the query and return the string. I also think prepared statements might be beneficial to you.
You could try using a query builder library or ORM, especially if this problem is happening repeatedly. They allow you to create SQL functionally. I would suggest using Doctrine or Sqloo (spoiler alert: I'm the creator of Sqloo). Since you can use them to functionally create SQL, you can even pass partial queries around since they object, to allow for a very high reuse of code.
A few examples for Doctrine and Sqloo.
<?php
$table = "myTable";
$justCount = true;
$requiredFields = array('cQuotes', 'vAuthor', 'cArabic', 'vReference');
$arrayFields = array('cQuotes','vAuthor');
$arraySearch = array('blah','foo','bar');
///////////////
$selectWhat = $justCount ? "COUNT(*)" : implode(',', $requiredFields);
$wherePart = array();
foreach($arraySearch as $search)
{
$subWherePart = array();
foreach($arrayFields as $field)
{
$subWherePart[] = $field . " LIKE '%" . $search ."%'";
}
$wherePart[] = "(" . implode(" AND ", $subWherePart) . ")";
}
$query = "SELECT " . $selectWhat . " FROM " . $table
. " WHERE " . implode(" OR ", $wherePart);
?>
don't forget to filter input search words to avoid SQL Injection.
I am coding in php and the code takes data from an array to fetch additional data from a mysql db. Because I need data from two different tables, I use nested while loops. But the code below always only prints out (echo "a: " . $data3[2]; or echo "b: " . $data3[2];) one time:
foreach($stuff as $key)
{
$query3 = "SELECT * FROM foobar WHERE id='$key'";
$result3 = MySQL_query($query3, $link_id);
while ($data3 = mysql_fetch_array($result3))
{
$query4 = "SELECT * FROM foobar_img WHERE id='$data3[0]'";
$result4 = MySQL_query($query4, $link_id);
while ($data4 = mysql_fetch_array($result4))
{
$x += 1;
if ($x % 3 == 0)
{
echo "a: " . $data3[2];
}
else
{
echo "b: " . $data3[2];
}
}
}
}
First and foremost, improve your SQL:
SELECT
img.*
FROM
foobar foo
INNER JOIN foobar_img img ON
foo.id = img.id
WHERE
foo.id = $key
You will only have to iterate through one array.
Also, it appears that you're actually only selecting one row, so spitting out one row is expected behavior.
Additionally, please prevent yourself from SQL injection by using mysql_real_escape_string():
$query3 = "SELECT * FROM foobar WHERE id='" .
mysql_real_escape_string($key) . "'";
Update: As Dan as intimated, please run this query in your MySQL console to get the result set back, so you know what you're playing with. When you limit the query to one ID, you're probably only pulling back one row. That being said, I have no idea how many $keys are in $stuff, but if it spins over once, then it will be one.
You may be better off iterating through $stuff and building out an IN clause for your SQL:
$key_array = "";
foreach($stuff as $key)
{
$key_array .= ",'" . mysql_real_escape_string($key) . "'";
}
$key_array = substr($key_array, 1);
...
WHERE foo.id IN ($key_array)
This will give you a result set with your complete list back, instead of sending a bunch of SELECT queries to the DB. Be kind to your DB and please use set-based operations when possible. MySQL will appreciate it.
I will also point out that it appears as if you're using text primary keys. Integer, incremental keys work best as PK's, and I highly suggest you use them!
You should use a JOIN between these two tables. It the correct way to use SQL, and it will work much faster. Doing an extra query inside the loop is bad practice, like putting loop-invariant code inside a loop.