I am trying to update a column in a row in a MySQL table. The column is the 'votes' column and when someone submits an HTML form there is a hidden input with a value of "1" that gets submit and posted. This is the code I am using to try to update the vote count:
if(isset($_POST['image_id']) && isset($_POST['vote'])){
$image_id = $mysqli->real_escape_string($_POST['image_id']);
$vote = $mysqli->real_escape_string($_POST['vote']);
$sql_users_vote = "SELECT * FROM users WHERE id='$image_id'";
$result_users_vote = $mysqli->query($sql_users_vote);
$row_vote = mysqli_fetch_array($result_users_vote);
$votes_count = $row_vote['votes'];
$new_votes = $votes_count + $vote;
$sql_vote = "UPDATE users WHERE id='$image_id' SET votes=$new_votes";
$result_vote = $mysqli->query($sql_vote);
}
I have echo'ed out the variable up until $sql_vote and $image_id, $vote, $votes_count and $new_votes all echo out the correct values. I'm guessing that there is a problem in the UPDATE syntax. I've checked it over and over but can't seem to find anything. I know that I don't have quotes around $new_votes in the UPDATE because I believe that is correct syntax. I've tried it with quotes and it doesn't work that way either.
Can someone help me identify the problem? Thanks!
Doesn't the SET come before the WHERE?
$sql_vote = "UPDATE users SET votes = $new_votes WHERE id = '$image_id'"
Or does it not matter?
$sql_vote = "UPDATE users SET votes=$new_votes WHERE id='$image_id'";
Related
I have in my database a column called counter, i'm trying to save one of the rows of that column into a variable in PHP and make it equal the column rating. I do not want to make it from sql directly, I need to make it through php.
The problem is that when I run the query, the value for rating does not change at all. Please give me a solution
$cntrvalue = "SELECT counter FROM schools WHERE name = 'School1'";
$cntrResult = $this->conn->query($cntrvalue);
$mys1 = "UPDATE schools SET rating = $cntrResult WHERE name = 'School1'";
$this->conn->query($mys1);
Thanks
EDIT:
Sorry the code above gives an error, this is the code that changes nothing
$cntrvalue = "SELECT counter FROM schools WHERE name = 'School1'";
$this->conn->query($cntrvalue);
$mys1 = "UPDATE schools SET rating = $cntrvalue WHERE name = 'School1'";
$this->conn->query($mys1);
EDIT 2:
What i'm trying to do now is that i'm trying to get the value of a SUM query:
$mys4 = "SELECT SUM(`s1`+`s2`*2 +`s3`*3 + `s4`*4 + `s5`*5) FROM schools WHERE name = 'School1'";
$mys4Result = $this->conn->query($mys4);
$mys4Value = $mys4Result->fetch_assoc()[''];
The thing is that there is no column in the db to fetch from for this operation. What am I supposed to do? Thanks
Want you want to achieve, can be done within one mysql query, but if you just want how to fix that code:
You need to use the $cntrResult outside the string. Try string concatenation.
First you need to make sure, you have the correct value, as $cntrResult is not an string object, its an resultset:
$value = $result->fetch_assoc()['counter']
And the query:
"UPDATE schools SET rating = '" . $value . "' WHERE name = 'School1'";
$rating = mysqli_real_escape_string($conn,$_POST['rating']);
$id = mysqli_real_escape_string($conn,$_POST['id']);
mysqli_query($conn,"UPDATE table SET $rating=$rating+1 WHERE id='$id'");
Is there any way to update a column based on the PHP variable $rating? $rating is a column name.
Also, this may be prone to security risks etc, so I'd like to know if this is even a good way to go about it.
Yes you can use variable name as field name in the sql. However you must validate it first before putting it into sql string. Since its not a field value, you cannot "quote" it.
$rating = $_POST['rating'];
// Define list of valid "rating" db field names here
$valid_fields = Array('rating_a', 'rating_b', 'rating_c');
if (in_array($rating, $valid_fields)) {
$id = mysqli_real_escape_string($conn,$_POST['id']);
mysqli_query($conn,"UPDATE table SET $rating=$rating+1 WHERE id='$id'");
}
First and foremost your sql is not correct because I don't think a variable can be a column name in mysql. So please check in the mysql database for the exact column you want to update. So your sql will be something like
$rating = mysqli_real_escape_string($conn,$_POST['rating']) + 1;
$id = mysqli_real_escape_string($conn,$_POST['id']);
mysqli_query($conn,"UPDATE `table` SET `rating`=$rating WHERE id='$id'");
If rating is not your column name then change it to the exact column name.
Hope I helped.
I have to enter the audi in a column of a particular for a given user (in long blob).
The code is this
$audi = addslashes(file_get_contents($_FILES['audi']['tmp_name']));
$audi_na = addslashes($_FILES['audi']['name']);
$tab=$_SESSION['email'];
mysql_query("UPDATE `database`.`TableOfUsers` SET `audio` = '$audi' AND `audiname` = '$audi_name' WHERE WHERE `user`.`email` = '$tab'") or die(mysql_error());
but my data is not being stored in the table..... something else get stored in the table with size 1 byte (always) but not required data.
I am beginner so pardon me if I am asking a silly question.
Lots of wrong in your query...correct them
mysql_query("UPDATE `database`.`TableOfUsers`
SET `audio` = '$audi', `audiname` = '$audi_name'
WHERE `user`.`email` = '$tab'") or die(mysql_error());
You have added WHERE 2times and for multiple column update you can separate them with comma
You are using where 2 times in query. Make your query like this
mysql_query("UPDATE `database`.`TableOfUsers` SET `audio` = '$audi' AND `audiname` = '$audi_name' WHERE `user`.`email` = '$tab'") or die(mysql_error());
If you have mysql_error(), you should know the error
In your query there is a syntax error. There is WHERE repeated two times. And also when you have multiple column updates you have to separate with them with , not with AND i hope it will work.
mysql_query("UPDATE `database`.`TableOfUsers`
SET `audio` = '$audi',
`audiname` = '$audi_name'
WHERE `user`.`email` = '$tab'
") or die(mysql_error());
$sql_images = "'".$uploaded_image."', '".$uploaded_image2."', '".$uploaded_image3."', '".$uploaded_image4."', '".$uploaded_image5."'";
$db->query("UPDATE menu SET nav_name = $navigation, image_bg = $sql_images WHERE id = $id;") or die(mysql_error());
I cant update my table and I know that the problem is with the $sql_images variable because I have added quotations and have messed it all up, but that is how I want and need it, is there any way to add that variable in the table without any problem? because right now it gives me an error.
Try it like this
$sql_images = "\'".$uploaded_image."\', \'".$uploaded_image2."\', \'".$uploaded_image3."\', \'".$uploaded_image4."\', \'".$uploaded_image5."\'";
$db->query("UPDATE menu SET nav_name = '$navigation', image_bg = '$sql_images' WHERE id = $id;") or die(mysql_error());
Hey, I have a field called STATUS and it is either 1 to show or 0 to hide. My code is below. I am using an edit in place editor with jQuery. Everytime you update it creates a new ROW which I want, but I want only the new one to have STATUS = 1 and the others to 0. Any ideas on how I would do that?
<?php
include "../../inc/config.inc.php";
$temp = explode("_", $_REQUEST['element_id'] );
$field = $temp[0];
$id = $temp[1];
$textboxval = stripslashes(mysql_real_escape_string(preg_replace('/[\$]/',"",$_REQUEST["update_value"])));
$query = "INSERT INTO notes ($field,status,date,c_id) VALUES ('$textboxval','1',NOW(),'$id')";
mysql_query($query);
echo($_REQUEST['update_value']);
?>
I am not sure exactly what you mean - do you want to make all the entries except the new one have status = 0? If so, just issue an update before the insert:
UPDATE notes SET status = 0
However, I should also note that you have a potential SQL injection to worry about. By stripping slashes after applying "mysql real escape string", you are potentially allowing someone to put text in your SQL statement that will execute an arbitrary SQL statement.
Something like this, sorry for the post before, I mis read it the first time then went back:
<?php
include "../../inc/config.inc.php";
$temp = explode("_", $_REQUEST['element_id'] );
$field = $temp[0];
$id = $temp[1];
$textboxval = mysql_real_escape_stringstripslashes((preg_replace('/[\$]/',"",$_REQUEST["update_value"])));
// set older entries to 0 - to not show but show in history
$hide_notes = "UPDATE notes SET status = 0";
mysql_query($hide_notes);
// add new entry with status of 1 to show only latest note
$query = "INSERT INTO notes ($field,status,date,c_id) VALUES ('$textboxval','1',NOW(),'$id')";
mysql_query($query);
echo($_REQUEST['update_value']);
?>
i just ran in to a problem I didn't of the set up of my table doesn't allow me to show more than one client a time and i will be having numerous clients, my bad on planning ha
You really want to get the ID of the newly generated row and then trigger an UPDATE where you all rows where the ID is not the new row, e.g.
UPDATE notes SET status = 0 WHERE id != $newly_generated_id
If the ID column in your table is using AUTO_INCREMENT you can get its ID via "SELECT LAST_INSERT_ID()" and then use the return value in that statement in your UPDATE statement.
Pseudo code:
$insert = mysql_query("INSERT INTO ...");
$last_id = mysql_query("SELECT LAST_INSERT_ID()");
$update = mysql_quqery("UPDATE notes SET status = 0 WHERE id != $last_id");
The only caveat to this approach is where you might have a brief moment in time where 2 rows have status=1 (the time between your INSERT and the UPDATE). I would wrap all of this in a transaction to make the whole unit more atomic.