I'm trying to make a delete button from sql. I started a function called $del but I don't know how to complete it, in the form of a delete button echoe'd out beside the current echo statements.
$con = mysql_connect("localhost", "user", "pass");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$sql = "INSERT INTO camps (city, map, park, day, details)
VALUES ('$_POST[city]','$_POST[map]','$_POST[park]','$_POST[day]','$_POST[details]')";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
$number = 0;
$del = mysql_query("DELETE FROM camps WHERE user_id= '$number'");
$result = mysql_query("SELECT * FROM camps");
while ($row = mysql_fetch_array($result)) {
echo "" . $row['city'] . "";
echo "<br />";
}
You will need to make your links pass a param to a script that will delete that record.
Your links would looks something like this
echo "" . $row['city'] . "";
Then your delete can just grab the params from the $_GET gloabal, and pass them into your sql like so
$del = mysql_query("DELETE FROM camps WHERE user_id=" . $_GET['user_id']);
This current query will delete all camps for that user (adjust params / sql as needbe).
However, you should NEVER pass user vars into your sql strings. You leave yourself open for sql injection attacks. I would recommend using PDO to escape your sql. I would also recommend using the post method for any destructive db operation so that you don't accidentally alter something.
Related
First of all I like to say that I'm super bad at this type of stuff so my code can be totally useless.
The mission is to create a system that will ask the user to scan two ID's, userID and itemID. After the scan has been successful I want these values to be transported to a PHP document.
Here I'd like to run a MySQL query which will update the value of userID where itemID match the database.
So my problem is that I get this message after running my query:
userID:202 itemID:8204 Could not update data: Query was empty. And ofc my database remains empty.
I think the problem is that the query can't read the $_GET variables. But I have no clue so please help me, Thanks!
This is my form:
<form id="checkin" name="checkin" action="test.php">
<input type="button" onclick="checkIn()" value="Check in Item">
</form>
The function:
<script>
function checkIn(){
var userID=parseInt(prompt ("Scan userid"), 10);
var itemID=parseInt(prompt ("Scan itemid"), 10);
if(userID!=null && itemID!=null){
window.location.href= "http://localhost/webapp/test.php?userID=" + userID + "&itemID=" + itemID;
alert ("working so far userID:"+ userID + " --- itemID:" + itemID);
}
}
</script>
At last the PHP:
$con = mysql_connect("localhost", "root", "", "book1");
$db = mysql_select_db('book1');
if (isset($_GET["userID"]) && isset($_GET["itemID"])) {
$userID1 = (int)$_GET["userID"];
$itemID2 = (int)$_GET["itemID"];
$test = "userID: ".$_GET["userID"]." "."itemID: ".$_GET["itemID"];
echo $test;
}
if (!$con) {
die('Could not connect: '.mysql_error());
}
$upd = mysql_query('UPDATE INTO booking SET userID ="$userID" WHERE ID ="$itemID');
$retval = mysql_query($upd, $con);
if (!$retval) {
die('Could not update data: '.mysql_error());
}
echo "Updated data successfully\n";
Invalid arguments # mysql_connect()
$con=mysql_connect("localhost", "root", "") or die ('Connection failed' . mysql_error());
$db = mysql_select_db('book1',$con);
UPDATE INTO need to change to UPDATE ....
Also you have userID assigned to variable $userID1 and itemID assigned to $itemID2. But in your query it is wrong. Query is updated now.
Mysql Manual
Also missing quotes at WHERE ID ="$itemID'
$upd = mysql_query("UPDATE booking SET userID ='$userID1' WHERE ID ='$itemID2'", $con);
P.S. Usage of mysql_* functions is not advised, instead use mysqli_*
Your DB connection string might looks mysqli_. In mysql_, you don't want to specify the DB Name as parameter.
$con=mysql_connect("localhost", "root", "", "book1");
This should be,
$con=mysql_connect("localhost", "root", "");
You add unnecessary INTO in UPDATE query..
Refer the manual
Try this,
UPDATE booking SET ....
instead of,
UPDATE INTO booking SET ....
You might also want to read this: Why shouldn't I use mysql_* functions in PHP?
Correct your connection as per manual and also correct Update syntax
Check PHP CONNECTION Manual
$con=mysql_connect("localhost", "root", "") OR die('Could not connect');
$db = mysql_select_db('book1',$con);
if(isset($_GET["userID"]) && isset($_GET["itemID"])){
$userID1= (int) $_GET["userID"];
$itemID2= (int) $_GET["itemID"];
$test = "userID: ". $_GET["userID"] . " " . "itemID: ". $_GET["itemID"];
echo $test;
}
$upd = mysql_query("UPDATE booking SET userID='".$userID."' WHERE ID=$itemID");
$retval = mysql_query( $upd);
if(! $retval){
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
}
#user3751216 the error of the "syntax" problem it's generated on this line
$upd = mysql_query("UPDATE booking SET userID='".$userID."' WHERE ID=$itemID");
$retval = mysql_query( $upd);
If you put your code like this, it should resolve the problem of the SQL syntax
$upd = ("UPDATE booking SET userID='".$userID."' WHERE ID=$itemID");
$retval = mysql_query( $upd);
Let me now if you already resolve the problem.
BIt of a php/mysql noob here, hope someone can help.
Ok so i have a URL which has an id in the querystring like so: wwww.mysite.com/page1.php?id=1
What i want to do is connect to a table in the database and get the data from the columns on one row where the first column named ID equals the id number held in the querystring.
I then want to print the data from each column in different div's elsewhere on the page.
There's also the additional issue of what to do if there's no row in the table with the same id as the querystring, i'd want it to change the id in the querystring to 1 and load that rows data.
I had a little go, i know it connects ok but i have no idea if the rest is what i want:
<?php
$link = mysql_connect('Address', 'Database', 'Password');
if (!$link) {
die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = "select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per=".$_GET['ID']."";
echo $result['A'];
mysql_close($link);
?>
And then put this in the div's to print the data.
<?php echo $result['A']; ?>
Am i along the right lines or completely wrong?
$dbConnection = mysql_connect('Address', 'Database', 'Password');
if (!$dbConnection) {
die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = $dbConnection->prepare("select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per = ?");
$query->bind_param('s', $per);
$query->execute();
$result = $query->get_result();
<?php echo $result; ?>
use this code first to avoid SQL Injection second that's the way it should work in PHP first prepare the query second execute and only then show it.
Use mysql_query function in your code.
mysql_* functions is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used.
<?php
$link = mysql_connect('Address', 'Database', 'Password');
if (!$link) {
die('Could not connect to MYSQL database: ' . mysql_error());
}
$per = $_GET['id'];
$query = "select A,B,C,D,E,F,G,H,I,J,K,L from table_name where per=$per";
$result = mysql_query($query, $link) or die(mysql_error());
$row = mysql_fetch_assoc($result);
echo $row['A'];
mysql_close($link);
?>
I'm trying to update a record in my database using the code below. I'm trying to change the product name but I am getting the following error:
Could not update data: Unknown column 'Earrings' in 'field list'
Code:
<?php
if(isset($_POST['update']))
{
$dbhost = 'databasehost';
$dbuser = 'username';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$ProductsID = $_POST['ProductsID'];
$ProductsName = $_POST['ProductsName'];
$sql = "UPDATE Products ".
"SET ProductsName = $ProductsName ".
"WHERE ProductsID = $ProductsID" ;
mysql_select_db('databasename');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
else
{
?>
The query should be
$sql = "UPDATE Products ".
"SET ProductsName = '$ProductsName' ".
"WHERE ProductsID = $ProductsID" ;
You forgot to wrap $ProductName with quotations. Don't forget to do so when dealing with string values.
You want something like this:
ProductsName = '$ProductsName'
Also, be sure to escape that input, else you'll be subjected to SQL injections.
Your are trying to set the ProductsName to an existing column, add quotes to let sql interpret a value:
$sql = "UPDATE Products ".
"SET ProductsName = '$ProductsName' ".
"WHERE ProductsID = $ProductsID" ;
You are not sanitizing your data, so there is a good chance that your query could break depending on the value submitted, not to mention it leaves your database wide open for an attacker to manipulate via SQL Injection.
Please do not use mysql_ functions, as they are depricated. You should be using prepared statements, please see PDO and mysqli.
As for your answer, you need to put 'quotes' around the $variable
I have been able to manually insert values in my table using phpmyadmin, and even if i end up using the same php code i get from php my admin to call the query it STILL won't add the value to the table. here is the code:
<?php
$link = mysql_connect('localhost', 'username', 'password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_select_db('sc2broating1', $link);
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES (\'hello11\')";
mysql_query($sql);
mysql_close($link);
?>
Don't escape value.
$sql = "INSERT INTO `sc2broad_tesing1`.`Persons` (`re`) VALUES ('hello11')";
I would also consider using bound parameters, as seen in mysqli::prepare, if Mysqli is an option.
I am getting an unwanted duplicate entry for every last row on an insert statement. Does anyone know why this happens and how I can fix it?
?php
if(isset($_POST['submit'])) {
$con = mysql_connect("localhost"," "," ");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$sql="INSERT INTO table(ID,user) VALUE('$ID','$_POST[user]')";
$result = mysql_query( $sql,$con );
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
header( 'Location: index.php?success' ) ;
}
?>
if (!mysql_query($sql,$con)) executes the query again.
Should be:
$result = mysql_query( $sql,$con );
if (!$result)
You're running the query twice. Try this:
$result = mysql_query( $sql,$con );
if (!$result) {...
And please sanitize the $_POST before using it ine a query string (mysql_real_escape at least).
Maybe you could comment somewhere what is $ID and how you get it.