We Keep Coding

Trying to add date range to query

I am working in OpenCart and am trying to change this query. I need to change it so that it returns records from that last year(1 year from now) here is my query
$query = $this->db->query("SELECT count(*) AS total, channel FROM `" . DB_PREFIX . "order` WHERE customer_id = '" . (int)$customer_id . "' && order_status_id IN(" . implode(",", $implode) . ") AND YEAR(date_added) = YEAR(CURDATE()) GROUP BY channel");
I tried changing it to this but it ddidnt work:
$query = $this->db->query("SELECT count(*) AS total, channel FROM `" . DB_PREFIX . "order` WHERE customer_id = '" . (int)$customer_id . "' && order_status_id IN(" . implode(",", $implode) . ") AND date_added BETWEEN CURDATE() - INTERVAL 1 year AND CURDATE()) GROUP BY channel");

Before, consider to sanitize your input data to protect your queries against SQL Injection. Here you can find some content about this topic.
Based on this answer, we can adapt your PHP code to the following:
$query = $this->db->query("SELECT count(*) AS total, channel
FROM `" . DB_PREFIX . "order`
WHERE customer_id = '" . (int)$customer_id . "'
AND order_status_id IN(" . implode(",", $implode) . ")
AND date_added >= DATE_SUB(NOW(),INTERVAL 1 YEAR)
GROUP BY channel");

You got the wrong syntax when calculating the last year.
You can use DATE_SUB.
$query = $this->db->query("SELECT count(*) AS total, channel FROM `" . DB_PREFIX . "order` WHERE customer_id = '" . (int)$customer_id . "' && order_status_id IN(" . implode(",", $implode) . ") AND date_added BETWEEN DATE_SUB(CURDATE(), INTERVAL 1 YEAR) AND CURDATE()) GROUP BY channel");

mysql php cannot use "like" as column header

I am using codeigniter to build an app and I am really far in the code.
I have a table with column headers id, page, user and like. Now the problem is, in the mysql query, I realised I cant use the word like for the column name as its a sql keyword I belive.
I can't change the column name from like to something else because it would mean changing 100s of lines of php code.
Is there something that i can do to overcome the clash of the world like?
here is what I mean
$like_variable = 100;
$query = $this->db->query("SELECT * FROM `table_name`
WHERE id ='" . $qry . "' AND
page = '" . $_SESSION['p_id'] . "' AND
user_id = '" . $_SESSION['user_id'] . "' AND
like = '" . $like_variable . "'
");
// i think i cant use the world like above but I cant change the column header
Any solutions would be much appreciated thanks in advance

In SQL, you can use keywords as column names. Wrap them in ``.
SELECT * from `table_name` WHERE `like` = 100

Change like to:
`like`
Result:
$like_variable = 100;
$query = $this->db->query("SELECT * FROM `table_name`
WHERE id ='" . $qry . "' AND
page = '" . $_SESSION['p_id'] . "' AND
user_id = '" . $_SESSION['user_id'] . "' AND
`like` = '" . $like_variable . "'
");

MySQL query using variables

I am using pretty much all variables in my query and i am pretty sure my syntax is wrong somewhere. I have tried a lot of different ways to setup my query. Basically im trying to update a specific row with the id, and the column that is the variable $loc.
mysqli_query($con,"UPDATE `" . $tbvbr . "` SET $loc='".$addscore."' WHERE pid='".$pn."' ");
i also tried
mysqli_query($con,"UPDATE `" . $tbvbr . "` SET $loc='$addscore' WHERE pid='$pn' ");
and
mysqli_query($con,"UPDATE `" . $tbvbr . "` SET $loc=$addscore WHERE pid=$pn ");
Thanks

$sql = "UPDATE `" . $tbvbr . "` SET " . $loc . " = '" . $addscore . "' WHERE pid= '" . $pn . "'";
mysqli_query($con,$sql);

Does this work?
mysqli_query($con,"UPDATE ".$tbvbr." SET ".$loc." = '".$addscore."' WHERE pid = ".$pn);

UPDATE two rows - MySQL

I'm trying to update two rows in my database using a query (which is going to be run from a PHP script) and there is just one Condition (WHERE). What I've tried is:
$sql = 'UPDATE ' . CANNED_MESSAGES . "
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "'" ;
$db->sql_query($sql);
Can you tell me whats wrong with my query? :)

This may be due to Quotes mismatch. Please use this
$sql = "UPDATE '" . CANNED_MESSAGES ."'
SET canned_message_content = '" . $db->sql_escape($content) . "',
canned_message_title = '" . $db->sql_escape($title) . "'
WHERE id = '" . intval($id) . "' " ;

I highly doubt that two rows can have the same id column. Do they? If not, how could you update 2 rows by specifying a condition on a column with such a constraint?

How to put a PHP Variable into output of a SQL Query

Ok, I am querying my DB for a file. And I want to use a PHP global variable and stick it somewhere in that output using say a '$dir' in my table. Any possible way to do so?

Just use it in a string for the query like you would in any other string. eg:
$sql = "UPDATE TABLE x SET dir=" . $dir . " WHERE id=" . $id;
Though if you do this and your variables use user input it's VERY IMPORTANT to sanitize them against SQL injection and such. The function mysql_real_escape_string() is provided for just such instances.
$sql = "UPDATE TABLE x SET dir=" . mysql_real_escape_string($dir) . " WHERE id=" . mysql_real_escape_string($id);

$query = "SELECT '" . $dir . "' as myVariable, userName, userpassword from users where userName = ...."

The first reply was missing some quotes:
$sql = "UPDATE TABLE x SET dir=" . $dir . " WHERE id=" . $i
->
$sql = "UPDATE TABLE x SET dir='" . mysql_real_escape_string($dir) . "' WHERE id=" . $i
and
$sql = "UPDATE TABLE x SET dir=" . mysql_real_escape_string($dir) . " WHERE id=" . mysql_real_escape_string($id);
->
$sql = "UPDATE TABLE x SET dir='" . mysql_real_escape_string($dir) . "' WHERE id=" . mysql_real_escape_string($id);