Before you assume I didn't establish a database connection, I did. the only portion of the code that does not update is the if empty statements.
All the values can be echoed out correctly, it's just that query doesn't work.
This is in directory config and named stuff.php
$user = $mysqli->real_escape_string($_SESSION['username']);
$user_query = "SELECT * FROM users WHERE username = '$user'";
$result = $mysqli->query($user_query);
$row = $result->fetch_assoc();
$referrer = $row['ref'];
$refearn = $row['refearn'];
verify.php
include('config/stuff.php');
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Get Real IP
$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$IP = $_SERVER['REMOTE_ADDR'];
}
if ($IP=="external server ip here") {
if (!empty($referrer)){
$mysqli->query("UPDATE users SET points=points+10, refearn = refearn+10 WHERE username='".$referrer."'") or die(mysqli_error($mysqli));
}
$mysqli->query("UPDATE users SET points=points+".$earnings.", completed = completed+1 WHERE username='".$subid."'") or die(mysqli_error($mysqli));
}
My guess is you could try to retrieve the value of points through a query then add to it so you're just updating to a simple value. However, if mysql_error() is returning an error, it should be easier to figure out.
Example:
$getPoints = mysql_query("SELECT points FROM table WHERE condition");
$points = mysql_result($getPoints, 0, "points");
$update = mysql_query("UPDATE table SET points=" . ($points+10) . " WHERE condition");
Hope that helps. Another consideration, though. Why use an endif structure unless you're breaking PHP tags to display content?
try this:
$mysqli->query("UPDATE `users` SET `points`=`points`+10, `refearn` = `refearn`+10 WHERE `username`='".$referrer."'") or die(mysqli_error($mysqli));
Hope this helps. What I think is, mysql query might be taking those as constant - not as the mysql rows. Try that
Related
I am taking a users input and storing it in a database, however I want to be able to update the records if a user adds more information. So I want to search the database find the server with the same name and update the the last downtime and the number of downtimes.
$connect = mysqli_connect("localhost", "Username", "Password","Test_downtime");
if (!$connect)
{
die("Connection failed: " . mysqli_connect_error());
}else
{
echo "Connected successfully\n";
}
$servername = $_GET["server_name"];
$downtime = $_GET["downtime"];
$time_now = time();
$result = mysqli_query($connect, "SELECT COUNT(*) FROM `Test_downtime`.`Downtime` WHERE `Server_Name` = '$servername'");
$row = mysqli_fetch_array($result);
// If no downtime have been reported before
if ($row[0] == 0){
$sql = mysqli_query($connect, "INSERT INTO `Test_downtime`.`Downtime` (ID, Server_name, First_downtime, Last_downtime, Num_of_downtime,Total_downtime) VALUES (NULL, '$servername', '$time_now','$time_now',1,'$downtime'); ");
if ($sql==true) {
echo $servername . " has has its first downtime recorded\n";
}
}
//If users is already in the database
else{
$numdowntime = ($row["Num_of_downtime"] + 1);
$id = ($row["ID"]);
$sqlupdate = "UPDATE `Test_downtime`.`Downtime` SET `Num_of_downtime` = $numdowntime, `Last_downtime` = now() WHERE `Server_Name` = '$servername'";
if ($sqlupdate == TRUE) {
echo "Oh No! " . $servername . " has had ". $numdowntime ." of downtimes" ;
}
}
?>
The program works fine if the server is not already in the database, the problems arise if the server is already in the database. I get the message saying it has been updated yet nothing happens to the database. How do i make it so it search and updates the records for the searched item.
So nothing append since you do not execute the sql statement ^^
Take a look here :
$sqlupdate = "UPDATE `Test_downtime`.`Downtime` SET `Num_of_downtime` = $numdowntime, `Last_downtime` = now() WHERE `Server_Name` = '$servername'";
You need to use :
$sql = mysqli_query($connect, $sqlupdate);
Just after it in order to execute it.
Or at least change it to
$sqlupdate = mysqli_query($connect, "UPDATE `Test_downtime`.`Downtime` SET `Num_of_downtime` = $numdowntime, `Last_downtime` = now() WHERE `Server_Name` = '$servername'" );
Btw there is other problem but here is the main one [check out the other answer in order to found another one ]
you are fetching the result as indexed array
mysqli_fetch_array($result);
and here you are accessing results as associative array
$numdowntime = ($row["Num_of_downtime"] + 1);
change your query to
mysqli_fetch_assoc($result);
use
mysqli_num_rows($result);
to checking if you have any data
change
if ($row[0] == 0){}
to
if(mysqli_num_rows($result) ==0){}
A good approach for increasing a count in a column is using SQL to increase that.
$sqlupdate = mysqli_query($connect, "UPDATE `Test_downtime`.`Downtime` SET `Num_of_downtime` = (`Num_of_downtime` + 1), `Last_downtime` = now() WHERE `Server_Name` = '$servername'" );
This way you can skip your $numdowntime calculation, and the result is more accurate.
In your current setup, two users may fire the event at the same time, they both retrieve the same number from the database (ie. 9), both increasing it with one (ie. 10), and writing the same number in the database.
Making your count one short of the actual count.
SQL takes care of this for you by locking rows, and you are left with a more accurate result using less logic :)
You miss the mysqli_query() function, which actually queries the database.
$sqlupdate = mysqli_query("
UPDATE `Test_downtime`.`Downtime`
SET `Num_of_downtime` = $numdowntime, `Last_downtime` = now()
WHERE `Server_Name` = '$servername'"
);
I am trying to make a deactivate account so ...When I click a link I want the account status to be updated in the database so it will turn 0. Every time I click the link here nothings happens it just re direct me to another page this my code for the deactivating
<?php
include "../includes/dbcon.php";
if(isset($_GET['user_id']))
{
$result = mysql_query("SELECT user_id FROM users WHERE user_id = $user_id");
while($row = mysql_fetch_array($result))
{
echo $result;
$status = $row($_GET['status']);
if($status == 1)
{
$status = 0;
$update = mysql_query("Update users set status = $status");
header("location: admin_manage_account.php");
}
else
{
echo "Already deactivated";
}
}
}
?>
I don't know what is your problem exactly, but why do you select the id based on the id?
Why don't you do something like "UPDATE users SET status = $status WHERE user_id = $user_id" in the first place?
In your example you don't even have a condition in the update statement...
If you want to "toggle/flip" a value you can just do something like:
UPDATE users SET status = NOT status WHERE user_id = $user_id
This way, true become false, false become true, etc.
You code is not ok on many reasons. But the most serious problem is SQL Injection attack!
If attacker put non-expected value to your user_id param, your sql like that "SELECT user_id FROM users WHERE user_id = $user_id" and that "Update users set status = $status WHEREuser_id= '$user_id'" can cause very serious problems.
For example: user_id can be: "0; DROP TABLE users"
Be careful with your code, rewrite it
Too many things needed to be improved. You should not use MySQL either. Consider MySQLi or PDO. BTW here is an updated version of your own code which should work:
<?php
include "../includes/dbcon.php";
if(isset($_GET['user_id']))
{
$user_id = $_GET['user_id']; // I assume you want to capture it from URL
$result = mysql_query("SELECT user_id FROM users WHERE user_id = $user_id");
while($row = mysql_fetch_array($result))
{
// echo $result; why do you echo it? No need
/* $status = $row($_GET['status']); should be: */
$status = $row['status'];
if($status == 1)
{
$status = 0;
$update = mysql_query("Update users set status = $status WHERE `user_id` = '$user_id'");
header("location: admin_manage_account.php");
}
else
{
echo "Already deactivated";
}
}
}
?>
Previously, you were not defining $user_id. Moreover, it wasn't correct the way you were getting the status ($status) of the user.
Basically, I have been having some trouble with sending a request to a MySQL server and receiving the data back and checking if a user is an Admin or just a User.
Admin = 1
User = 0
<?php
$checkAdminQuery = "SELECT * FROM `users` WHERE `admin`";
$checkAdmin = $checkAdminQuery
mysqli_query = $checkAdmin;
if ($checkAdmin == 1) {
echo '<h1>Working!</h1>';
}else {
echo '<h1>Not working!</h1>';
}
?>
Sorry that this may not be as much info needed, I am currently new to Stack Overflow.
Firstly, your SQL query is wrong
SELECT * FROM `users` WHERE `admin`
It's missing the rest of the WHERE clause
SELECT * FROM `users` WHERE `admin` = 1
Then you're going to need fetch the result from the query results. You're not even running the query
$resultSet = mysqli_query($checkAdminQuery)
Then from there, you'll want to extract the value.
while($row = mysqli_fetch_assoc($resultSet))
{
//do stuff
}
These are the initial problems I see, I'll continue to analyze and find more if needed.
See the documentation here
http://php.net/manual/en/book.mysqli.php
You need to have something like user id if you want to check someone in database. For example if you have user id stored in session
<?php
// 1. start session
session_start();
// 2. connect to db
$link = mysqli_connect('host', 'user', 'pass', 'database');
// 3. get user
$checkAdminQuery = mysqli_query($link, "SELECT * FROM `users` WHERE `id_user` = " . $_SESSION['id_user'] );
// 4. fetch from result
$result = mysqli_fetch_assoc($checkAdminQuery);
// 5. if column in database is called admin test it like this
if ($result['admin'] == 1) {
echo '<h1>Is admin!</h1>';
}else {
echo '<h1>Not working!</h1>';
}
?>
// get all admin users (assumes database already connected)
$rtn = array();
$checkAdminQuery = "SELECT * FROM `users` WHERE `admin`=1";
$result = mysqli_query($dbcon,$checkAdminQuery) or die(mysqli_error($dbconn));
while($row = mysqli_fetch_array($result)){
$rtn[] = $row;
}
$checkAdminQuery = "SELECT * FROM `users` WHERE `admin`"; !!!!
where what ? you need to specify where job = 'admin' or where name ='admin'
you need to specify the column name where you are adding the admin string
I am trying to get four different values from my database. The session variable username and usernameto are working, but I want to get 4 different values -- two each from username and usernameto:
<?php
session_start(); // startsession
$Username=$_SESSION['UserID'];
$Usernameto= $_SESSION['UserTO'];
$db = mysql_connect("at-web2.xxxxxx", "yyyyy", "xxxxxxx");
mysql_select_db("db_xxxxxx",$db);
$result1 = mysql_query("SELECT user_lon and user_lat FROM table1 WHERE id = '$Usernameto'");
$result2 = mysql_query("SELECT user_lon and user_lat FROM table1 WHERE id = '$Username'");
$myrow1 = mysql_fetch_row($result1);
$myrow2 = mysql_fetch_row($result2);
while($myrow1)
{
$_Mylon=$myrow1[0];
$_Mylat=$myrow1[1];
}
while($myrow2)
{
$_Mylon2=$myrow2[0];
$_Mylat2=$myrow2[1];
}
?>
Edit - just realized that you didn't tell us what wasn't working about the code you provided. Are you getting an error message or are you not getting the correct data back? You still should fix your query, but we'll need some more information to know what's wrong.
Your query statements shouldn't have "and" between the select parameters, so it should be:
Edit 2 - I just noticed that you had a while loop that you don't need, try this:
$result1 = mysql_query("SELECT user_lon, user_lat FROM table1 WHERE id = '$Usernameto'");
$result2 = mysql_query("SELECT user_lon, user_lat FROM table1 WHERE id = '$Username'");
$myrow1 = mysql_fetch_row($result1);
$myrow2 = mysql_fetch_row($result2);
if (isset($myrow1)) {
$_Mylon=$myrow1[0];
$_Mylat=$myrow1[1];
}
if (isset($myrow2)) {
$_Mylon2=$myrow2[0];
$_Mylat2=$myrow2[1];
}
An example from the php manual echoing an html table
I don't know if you can derive what you need from this?
More specific: You can use:
$line = mysql_fetch_array($result, MYSQL_ASSOC);
I'm working on a database with 3 tables, some with overlapping information. A few columns from each table can be updated by the user via the web app that I am creating. But... There is an issue. Not sure what it is, but my updates aren't happening. I am wondering if something is wrong with my query. (Actually, after debugging, I am quite certain there is).
if (empty($errors)) {
$query1 = "UPDATE owner SET
name = '{$name}'
WHERE ownerId= '{$ownerId}'";
$query1_result = mysql_query($query1);
if (mysql_affected_rows()==1) {
$query2 = "UPDATE queue_acl SET
date_expires = '{$date_expires}'
WHERE user_id='{$ownerId}'";
$query2_result = mysql_query($query2);
if (mysql_affected_rows()==2) {
$query3 = "UPDATE ownerOrganization SET
orgId = {$orgId}
WHERE ownerId = '{$ownerId}'";
$query3_result = mysql_query($query3);
if (mysql_affected_rows()==3) {
$_SESSION['name'] = $name;
$_SESSION['updates_occurred'] = true;
}
}
}
Sorry if it is trivial; I have never worked with multiple tables before.
It's not a good habit to update tables the way you do it. If the updates are relating somehow you might want to think about creating a transaction. Transactions make sure that all updates are executed (and if not, a rollback is done (which means no update will be executed)):
// disable autocommit
mysqli_autocommit($dblink, FALSE);
// queries
$query1 = mysqli_query($dblink, "UPDATE owner SET name = '{$name}' WHERE ownerId= {$ownerId}'");
$query2 = mysqli_query($dblink, "UPDATE queue_acl SET date_expires = '{$date_expires}' WHERE user_id='{$ownerId}'");
$query3 = mysqli_query($dblink, "UPDATE ownerOrganization SET orgId = {$orgId} WHERE ownerId = '{$ownerId}'");
if($query1 && $query2 && $query3)
{
mysqli_commit($dblink);
$_SESSION['name'] = $name;
$_SESSION['updates_occurred'] = true;
}
else
mysqli_rollback($dblink);
I haven't tested it but it guess it should work. Also you should take a look at mysqli or prepared statements since mysql_ is deprecated.
The first issue might be scope related. Your if conditionals are wrong?
If (result ==1)
{
if(result == 2)
{
...
}
}
Thus if your first result is more than 1 then all the internal conditionals will be skipped.
If I understand it should be:
if(result ==1)
{
}
elseif(result ==2)
{
}
...(other conditions)...
else
{
}
I would recommend a base case to catch if you have more results than you expect.
The second issue might be that you quote around all data except orgId = {$orgId}. This should probably be orgId = '{$orgId}' if the id is some random string then not quoting will cause issues.
One last concern is to check ownerId. If that is blank for some reason then your query will fail because where id=0 (assuming you have auto increment on) will never be true. Put a if(!empty(ownerId) conditional.