PHP variable variables in MySQL query - php

This code works fine: $batsman1name is inserted as a new value in the correct row in the database.
for($count = 1; $count <= 22; ++$count)
{
$setbattingid = 'batsman' . $count . 'battingid';
$$setbattingid = mysql_real_escape_string($_POST[$setbattingid]);
$setname = "batsman" . $count . "name";
$$setname = mysql_real_escape_string($_POST[$setname]);
$query = "UPDATE batting_new SET batsmanname = NULLIF('$batsman1name', '') WHERE battingid = '$batsman1battingid'";
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
}
With this code the database is not updated, but the varaible variables $$setname and $$setbattingid do contain the same values as $batsman1name and $batsman1battingid above.
for($count = 1; $count <= 22; ++$count)
{
$setbattingid = 'batsman' . $count . 'battingid';
$$setbattingid = mysql_real_escape_string($_POST[$setbattingid]);
$setname = "batsman" . $count . "name";
$$setname = mysql_real_escape_string($_POST[$setname]);
$query = "UPDATE batting_new SET batsmanname = NULLIF('$$setname', '') WHERE battingid = '$$setbattingid'";
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
}
Any ideas? Let me know if I haven't explained my question very well? Thanks.


You should use :
$query = "UPDATE batting_new SET batsmanname = NULLIF('${$setname}', '') WHERE battingid = '${$setbattingid}'";
As described here : http://php.net/manual/language.variables.variable.php

Related

Error in SQL syntax at line 1 php/sql

The first problem was with mysql_query which returns FALSE and mysql_num_rows expects parameter 1 to be resource not a boolean. I ve made this to get the error
if($itemsres === FALSE)
die(mysql_error());
Now i have this error " You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
<?php
ob_start();
session_start();
require("header.php");
require("functions.php");
echo "<h1>Your shopping cart</h1>";
showcart();
if(isset($_SESSION['SESS_ORDERNUM']) == TRUE) {
$sql = "SELECT * FROM orderitems WHERE order_id = " .
$_SESSION['SESS_ORDERNUM'] . ";";
$result = mysql_query($sql);
$numrows = mysql_num_rows($result);
if($numrows >= 1) {
echo "<h2><a href='checkout-address.php'>Go to the checkout</a></h2>";
}
}
require("footer.php");
?>

The problem started from here.
if(isset($_SESSION['SESS_LOGGEDIN']))
{
$custsql = "SELECT id, status from orders WHERE customer_id = ".
$_SESSION['SESS_USERID']. " AND status < 2;";
$custres = mysql_query($custsql);
$custrow = mysql_fetch_assoc($custres);
$itemssql = "SELECT products.*, orderitems.*, orderitems.id AS itemid FROM
products, orderitems WHERE orderitems.product_id =products.id AND order_id
= " . $custrow['id'];
$itemsres = mysql_query($itemssql);
if($itemsres === FALSE)
die(mysql_error());
$itemnumrows = mysql_num_rows($itemsres);
}
mysql_num_rows expects parameter 1 instead of boolean which is given by mysql_query and after i made that check now i have this sql error.

<?php
ob_start();
session_start();
require("config.php");
if(isset($_SESSION['SESS_LOGGEDIN']) == TRUE) {
header("Location: " . $config_basedir);
}
if(isset($_POST['submit']))
{
$loginsql = "SELECT * FROM logins WHERE username = '" . $_POST['userBox'].
"' AND password = '" . sha1($_POST['passBox']) . "'";
$loginres = mysql_query($loginsql);
$numrows = mysql_num_rows($loginres);
if($numrows == 1)
{
$loginrow = mysql_fetch_assoc($loginres);
session_start("SESS_LOGGEDIN");
session_start("SESS_USERNAME");
session_start("SESS_USERID");
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " .
$_SESSION['SESS_USERID'] . " AND status < 2"; $orderres =
mysql_query($ordersql); $orderrow = mysql_fetch_assoc($orderres);
session_start("SESS_ORDERNUM"); $_SESSION['SESS_ORDERNUM'] =
$orderrow['id']; header("Location: ".$config_basedir);
}
else {
header("Location: http://" .$_SERVER['HTTP_HOST']. $_SERVER['SCRIPT_NAME'] .
"?error=1");
}
}
else {
require("header.php");
?>

You have a syntax error
Use query like this
$sql = "SELECT * FROM orderitems WHERE order_id = $_SESSION['SESS_ORDERNUM']";
Or
$sql = "SELECT * FROM orderitems WHERE order_id = ".$_SESSION['SESS_ORDERNUM'];
Or
$sql = "SELECT * FROM orderitems WHERE order_id = '$_SESSION['SESS_ORDERNUM']'";
NOTE: SQL Injection.
PS: Use prepared statements
$loginrow = mysql_fetch_assoc($loginres);
session_start();
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " .
$_SESSION['SESS_USERID'] . " AND status < 2";
$orderres =
mysql_query($ordersql); $orderrow = mysql_fetch_assoc($orderres);
$_SESSION['SESS_ORDERNUM'] =
$orderrow['id']; }

First of all, you should check the value of $_SESSION['SESS_ORDERNUM'].
The error means the created query($sql) is not valid, so you should debug $sql.

PHP Fatal error: Could not queue new timer in Unknown on line 0

I write a simple web application for my compnay that can let user log in to arrange their work time. Besides, user can also view the report of he's or she's attandence that I use ajax to callback from java.jar. (We use java to analyze)I use Xampp to set up the server in virtual machine HyperV and it can run successfully at the begining but after twenty hours or more than one day it won't let anyone to log in.
I open the error.log shows that :
PHP Fatal error: Could not queue new timer in Unknown on line 0
. . . and than:
PHP Warning: mysqli_connect(): (HY000/2002): Unknown Error
I don't understand what can cause that happend and how to solve it.
I alreday know is when I restarted the apache server, it can still be used till that error happened.
My System Enviroment :
win7 64 bit HyperV
xampp Apache/2.4.18, php/7.0.6, mysql/ 5.1
Here is my code:
mysql_start.php
<?php
header("Content-Type:html;charset=utf-8");
$servername = "127.0.0.1";
$username = "root";
$password = "cc1234";
$dbname = "cc_tw000427";
$conn = null;
try {
$conn = new mysqli($servername, $username, $password, $dbname);
} catch (Exception $e) {
$error_message = "Connect Error (" .$conn->connect_errno ." )" . $conn->connect_error;
error_log($error_message, 3, "php_error_log");
header("location:login.php?err=$e");
}
$conn->set_charset("utf-8");
$strDBColLoingAccount = "AccountID";
checklogin.php
session_start();
include_once("mysql_start.php");
$yid = trim(filter_input(INPUT_POST, "yid"));
$passd = trim(filter_input(INPUT_POST,"passd"));
$strSql = "SELECT acc.*, b.String_10_1 FROM basicstoreinfomanageacc_sub acc,basicstoreinfo b
WHERE acc.$strDBColLoingAccount ='$yid' AND acc.String_50_1 = b.String_50_1";
$result = $conn->query($strSql);
$n = $result->num_rows;
if ($n == 0) {
header("Location:../desktop/login.php?err=1");
echo "Error 1";
exit();
}
while ($row = $result->fetch_assoc()) {
$passd_right = $row["AccountPwd"];
$user_id = $row["AccountID"];
$user_name = $row["AccountName"];
$user_dep_id = $row["String_10_1"];
$user_dep = $row['String_50_1'];
}
$result->close();
if (($passd_right == "") || ($passd_right == NULL)){
session_start();
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
header("location:newpwd.php");
exit();
}
if ($passd == $passd_right) {
$_SESSION['user_id'] = $user_id;
$_SESSION['user_name'] = $user_name;
$_SESSION['loginOK'] = 'yes';
$_SESSION['year_i'] = date('Y',time());
$_SESSION['year_f'] = date('Y',time());
$_SESSION['month_i'] = date('m',time());
$_SESSION['month_f'] = date('m',time());
$_SESSION['day_i'] = date('d',time());
$_SESSION['day_f'] = date('d',time());
$_SESSION['Hour'] = date('Y-m-d G:i:s',strtotime('+6 hour'));
$_SESSION['user_dep_id'] = $user_dep_id;
$_SESSION['user_dep'] = $user_dep;
header("Location:../desktop/Punch.php");
} else {
header("Location:../desktop/login.php?err=1");
}
$conn->close();
?>
Next two *.php files are used to receive the post from the web.
The select.php is used to select the data from mysql than output in html tag.
The save.php is used to save the data post from web.
select.php
<?php
session_start();
include_once '../control/mysql_start.php';
$strYear = $_POST['year'];
$strMonth = $_POST['month'];
$strDay = $_POST['day'];
.
.//some codes
.
$strSql = "SELECT * FROM basicemploymentinfo bei WHERE bei.BelongStore = '". $_SESSION['user_dep']."'".
"AND ((bei.datetime_2 is null AND bei.datetime_3 is null) OR (bei.datetime_2 is null AND bei.datetime_3 >= STR_TO_DATE('" . $strDate . "', '%Y-%m-%d'))" .
" OR (bei.datetime_2 <= STR_TO_DATE('" . $strDate . "', '%Y-%m-%d') AND bei.datetime_3 is null)" .
" OR (bei.datetime_2 <= STR_TO_DATE('" . $strDate . "', '%Y-%m-%d') AND bei.datetime_3 >= STR_TO_DATE('" . $strDate . "', '%Y-%m-%d'))) "
."AND bei.Active ='Y'";
$EmpId = array();
$EmpName = array();
if ($result = $conn->query($strSql)) {
while($row = $result->fetch_assoc()) {
array_push($EmpId, $row['String_20_1']);
array_push($EmpName, $row['String_20_2']);
.
.//some codes
.
}
}
$Emp = array_combine($EmpId, $EmpName);
$strSql = " SELECT Distinct date_format(DateTime_1, '%e') as date, AutoCheck
FROM hrotcheck
WHERE date_format(DateTime_1, '%Y-%m-%d') = '$newformat'
AND AutoCheck = 'C'
AND String_20_1 IN ($array_emp_id)";
if ($result = $conn->query($strSql)) {
$n = $result->num_rows;
if ($n > 0) { $checkboxVerify = 'C';}
}
$result->close();
foreach ($Emp as $EId => $EName)
{
.
.//some codes
.
$strSql = "SELECT RegularM_1, RegularM_2, FORMAT(OT_3, 1) as OT_3, TOM, TOTM, Notes, AutoCheck FROM hrotcheck where string_20_1 = '" . $EId . "' AND"." date_format(DateTime_1,'%Y-%m-%d') = '$newformat'";
$result = $conn->query($strSql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$RegularM_1 = $row['RegularM_1'];
$RegularM_2 = $row['RegularM_2'];
$OT3 = $row['OT_3'];
$tom = $row['TOM'];
$totm = $row['TOTM'];
$notes = $row['Notes'];
}
}
$result->close();
.
.//I did a lot of SQL select and use that to create htmltable
.
$output .= '
<tr data-table="sub">
<td>'.$row['string_20_1'].'</td>
<td>'.$row['string_20_2'].'</td>
.
.//<td>...</td>
.
<td class="'.$condition16.'">'.$notes.'</td>
<td class="'.$condition17.'"></td>
</tr>
';
}
.
.//some codes
.
$strSql01 = "SELECT * FROM manufacturejobschedulingpersonal where string_20_1 = '".
$row['string_20_1']."' AND"." date_format(DateTime_1,'%Y-%m-%d') = '$newformat'";
$result01 = $conn->query($strSql01);
if ($result01->num_rows > 0) {
while ($row01 = $result01->fetch_assoc()) {
.
.//some codes
.
}
}
$result01->close();
.
.//some codes
.
$result->close();
$conn->close();
echo $optionUse.'?'.$checkboxVerify.'?'.$output.'?'.$hasCheckDate;
?>
save.php
<?php
session_start();
include_once '../control/mysql_start.php';
$arrayObjs = $_POST;
.
.//some codes
.
$msDanger = '';
foreach($arrayObjs as $array)
{
foreach($array as $row)
{
$UserId = $row['UserId'];
$UserName = $row['UserName'];
.
.//some codes
.
$strSql = "SELECT * FROM manufacturejobschedulingpersonal where string_20_1 = '".
$UserId."' AND"." date_format(DateTime_1,'%Y-%m-%d') = '$DateTime_1'";
$result = $conn->query($strSql);
if( $result->num_rows > 0) {
if ($table == 'main') {
$strSql = "Update manufacturejobschedulingpersonal SET String_10_1 ='$String_10_1', String_Assist01 ='$assist_1',String_Assist02='$assist_2' where string_20_1 = '".
$UserId."' AND"." date_format(DateTime_1,'%Y-%m-%d') = '$DateTime_1'";
} else {
$strSql = "Update manufacturejobschedulingpersonal SET String_10_1 ='$String_10_1' where string_20_1 = '".
$UserId."' AND"." date_format(DateTime_1,'%Y-%m-%d') = '$DateTime_1'";
}
$result = $conn->query($strSql);
} else {
$strSql = "INSERT INTO manufacturejobschedulingpersonal (string_20_1,string_20_2,YM,DateTime_1,String_10_1,String_Assist01,String_Assist02)".
"VALUES ( '$UserId', '$UserName', '$YM', '$DateTime_1', '$String_10_1','$assist_1','$assist_2')";
$result = $conn->query($strSql);
}
.
.//A lot of sql CRUD
.
}
}
$conn->close();
$last_line = exec('java -jar C:/CCERP/ChainCodeERP/ExtraModule/HRMultiOTCheck/HRMultiOTCheck.jar -ssa '.$javaDate.' ' .$javaDepId, $return_var);
echo 'Updated';
?>

how to access fetch value from database using mysql and this value use in same form any were

use query for access the $current_rank this value want to access in different query but this value can not access any where in different query so how to access $current_rank......
$query = "select * from menu_master where menu_id =
$row_id and hotel_id='" . $_REQUEST['hotel_id'] . "'";
$result = mysql_query($query)."<br/>";
while($row=mysql_fetch_array($result))
{
$rank = $row['set_rank'];
}
$current_rank = $rank;
//echo $current_id = $row_id."<br/>";
//echo $new_rank =$_REQUEST['set_rank']."<br/>";
$sql = "select * from menu_master where set_rank = '$new_rank ' and hotel_id='".$_REQUEST['hotel_id']."'" ;
// echo $sql."<br/>";
$rs = mysql_query($sql)."<br/>";
while($row = mysql_fetch_array($rs))
{
$menu_id = $row['menu_id'];
$sql="update menu_master
set set_rank=$current_rank where menu_id= $menu_id and hotel_id='".$_REQUEST['hotel_id']."'";
//echo $sql."<br/>";
mysql_query($sql)."<br/>";
}
$sql="update menu_master set menu_name = '" . mysql_real_escape_string($_REQUEST['menu_name']) . "',
menu_name_ar = '" . mysql_real_escape_string($_REQUEST['menu_name_ar']) . "',
is_active = '" . $is_active . "',
set_rank = $new_rank where menu_id = '$current_id' and hotel_id='".$_REQUEST['hotel_id']."'";
//echo $sql."<br/>";
//exit;
mysql_query($sql);

Your current_rank seems to be an array. If you have single value in current_rank, then do not use while loop for it.
Just use $row=mysql_fetch_array($result);
$current_rank = $row['set_rank'];

Also you have commented out this line.
//echo $new_rank =$_REQUEST['set_rank']."";
So you have no value for $new_rank

Why is my PHP / MySQL inserting instead of updating?

if ($Funct == "BUILD" AND $Mode == "GROUND")
{
$sql = "SELECT * FROM $landCon WHERE North = '" . $North . "' AND West = '" . $West ."'" ;
$result = mysql_query($sql) or die("Error occurred in [$sql]: " . mysql_error());
$count = mysql_num_rows($result);
If ($Count == 0 )
{
$sql = "INSERT INTO $landCon (West,North,Type1) VALUES ($West,$North,'$Char')";
mysql_query($sql) or die("Error occurred in RootA as:[$sql]: " . mysql_error());
}
else
{
$result=mysql_query("UPDATE $landCon SET Type1= '$Char' WHERE North = $North AND West=$West") or die( "Database Error: ".mysql_error());
}
echo "SUCCESS";
}
Instead of it updating where an entry exists it is inserting. My intention is to have it update if there is already the specified $North and $South entry so that there is only one North/South value per map grid.

$count = mysql_num_rows($result);
If ($Count == 0 )
Is $count $Count ?
captcha: languages that silently initialize new variables when you make a typo

mysqli_num_rows() expects parameter 1 to be mysqli_result geolocation

I really don't know what i'm doing wrong. I want to count the rows in my query. My id's started from 1 to ... step 1, so the biggest number is the last record. I only want to let the script run on the last record of de DB. So here is my code.
public function saveLongLan()
{
define("MAPS_HOST", "maps.google.com");
define("KEY", "MYKEY");
$link = mysql_connect('localhost', 'root', 'root');
if (!$link) {
die('Not connected : ' . mysql_error());
}
// Set the active MySQL database
$db_selected = mysql_select_db('Foodsquare', $link);
if (!$db_selected)
{
die("Can\'t use db : " . mysql_error());
}
$query = "SELECT * FROM tblPlaces WHERE 1";
$result = mysql_query($query);
$row_cnt = mysqli_num_rows($result);
if (!$result)
{
die("Invalid query: " . mysql_error());
}
$delay = 0;
$base_url = "http://" . MAPS_HOST . "/maps/geo?output=xml" . "&key=" . KEY;
while ($row = #mysql_fetch_assoc($result))
{
$geocode_pending = true;
while ($geocode_pending)
{
$address = $row["Street"];
$id = $row["Id"];
$request_url = $base_url . "&q=" . urlencode($address);
$xml = simplexml_load_file($request_url) or die("url not loading");
$status = $xml->Response->Status->code;
if (strcmp($status, "200") == 0)
{
// Successful geocode
$geocode_pending = false;
$coordinates = $xml->Response->Placemark->Point->coordinates;
//explode functie breekt een string af vanaf een bepaald teken en stopt hem dan in een array
$coordinatesSplit = explode(',', $coordinates);
// formaat: Longitude, Latitude, Altitude
$lat = $coordinatesSplit[1];//getal = plaats in array
$lng = $coordinatesSplit[0];
$query = sprintf("UPDATE tblPlaces " .
" SET lat = '%s', lng = '%s' " .
" WHERE id = '". $row_cnt . "' LIMIT 1;",
mysql_real_escape_string($lat),
mysql_real_escape_string($lng),
mysql_real_escape_string($id));
$update_result = mysql_query($query);
if (!$update_result)
{
die("Invalid query: " . mysql_error());
}
} else if (strcmp($status, "620") == 0)
{
// sent geocodes too fast
$delay += 100000;
}
else
{
// failure to geocode
$geocode_pending = false;
echo "Address " . $address . " failed to geocoded. ";
echo "Received status " . $status . " \n";
}
usleep($delay);
}
}
}

your query is incorrect $query = "SELECT * FROM tblPlaces WHERE 1";
you should specify the column name after where clause for comparison with a value for example: WHERE column_name = 1 or something like that.

You're using mysqli_num_rows($result) but you aren't using MySQLi.
Change:
$row_cnt = mysqli_num_rows($result);
To:
$row_cnt = mysql_num_rows($result);
And you should be good to go.

Categories