I want to run many SQL update queries at one time using JOOMLA 2.5. Below my code:
require_once '../includes/framework.php';
$query = "UPDATE #__mytable SET myfield='value' where id=1; UPDATE #__mytable SET
myfield='value' where id=2; UPDATE #__mytable SET myfield='value' where id=3;";
$db = JFactory::getDbo();
$db->setQuery($query);
$db->query();
But it shows me a syntax error. I tried to test directly in MYSQL and it works.
PHP does not allow multiple queries by default. You can force it to do so by adding a parameter to mysql_connect, but I wouldn't recommend it (it opens huge security holes for SQL injections).
I don't know how JFactory handles this, but I would be surprised if it were different.
More infos about it: http://de3.php.net/manual/en/function.mysql-query.php#91669
You must use JDatabaseDriver::splitSql() to
split a string of multiple queries into an array of individual queries, and run them once at a time.
This is how the internal extensions installer works.
Don't worry about comments, they will be stripped off.
$sql = "UPDATE #__mytable SET myfield='value' where id=1; UPDATE #__mytable SET myfield='value' where id=2; UPDATE #__mytable SET myfield='value' where id=3;";
$db = JFactory::getDbo();
$queries = JDatabaseDriver::splitSql($sql);
foreach ($queries as $query)
{
try
{
$db->setQuery($query)->execute();
}
catch (JDatabaseExceptionExecuting $e)
{
...
}
}
Related
mysql_query("UPDATE users SET `test` = '$unicornID' where id='$_SESSION[user_id]' ")
or die(mysql_error());
Now, when user clicks 'add to favorite'-button this line of code updates my database but also deletes all the old data from column test. What command should so that the old data is not deleted?
I think what you may be looking for is an "INSERT" sql query.
It would be something along the lines of;
"INSERT * INTO users WHERE test='$unicornID' and id='$_SESION['user_id']'";
Let me know how it goes. Cheers.
Another tip.
Use PDO with prepared statements:
$pdo = new PDO(sprintf('mysql:host=%s;dbname=%s', HOST, DATABASE), USER, PASSWORD);
And to insert something:
$params = array(':unicornID' => $unicornID, ':id' => $_SESSION['user_id']);
$stmt = $pdo->prepare("INSERT * INTO users WHERE test=:unicornID and id=:id");
$stmt->execute($params);
The old mysql(_query) commands are old and very vulnerable, PDO isn't as vulnerable.
The advantage of prepared statements are mainly that you can't inject via your variables some sql code.
Hope you understood my and my code
"Update" means that the old data row is changed; if you want to keep it, you have to insert a new one. In this case I think that you should copy the row (which may be done using "insert... select...") and then update the newly inserted line.
I have a web hosting that do not allow me to grant privileges to users.
So I only have one usable user, with SELECT/UPDATE/DELETE privileges.
I connect to MySQL using PHP with MySQLi.
Is there a way to tell either MySQL (the database itself) or MySQLi (the PHP object) to disallow updates/deletes only for the current session?
The aim is to have this kind of code:
$mysqli = new mysqli(MYSQLI_IP, MYSQLI_USER, MYSQLI_PASSWORD,n MYSQLI_DBNAME);
// I have SELECT privileges so it works
$mysqli->query('SELECT * FROM `table`');
// This should work too because I have UPDATE privilege
$mysqli->query('UPDATE `table` SET `date`=NOW()');
// This is the "command" I'm looking for
$mysqli->disallowUpdates();
// Ok, it still works
$mysqli->query('SELECT * FROM `table`');
// This must not work because I told mysqli (php)/mysql (db)
// to disallow updates for this session
$mysqli->query('UPDATE `table` SET `date`=NULL');
You cannot do that in any way mentioned. You need to do that logic by yourself, for example:
Grant or disallow on some condition:
session_start();
$_SESSION['isAllowedToUpdate'] = false;
Do updates:
if (isset($_SESSION['isAllowedToUpdate']) && $_SESSION['isAllowedToUpdate']) {
// do some updates
}
I have the following query which does not work when it is initiated by my PHP code:
$sql = 'START TRANSACTION;
DELETE FROM task_actions
WHERE task_id='.$id.';
DELETE FROM tasks
WHERE id='.$id.';
COMMIT;
';
When I echo $sql and put the output directly into phpMyAdmin, it works without a problem; and when I had it done in two steps instead of one transaction, it worked from my PHP code, too.
I first thought MySQL might not allow transactions, but stackoverflow.com/questions/2050310 and stackoverflow.com/questions/2960012 showed that was wrong.
I found I could disable autocommit, do both queries and reactivate autocommit (stackoverflow.com/a/17607619 & stackoverflow.com/a/12092151), but I would prefer not to.
Any ideas why it does not work?
$sql = 'START TRANSACTION';
// run this query
$sql = 'DELETE FROM task_actions WHERE task_id=?';
// run this query
$sql = 'DELETE FROM tasks WHERE id=?';
// run this query
$sql = 'COMMIT';
// finally run this one
I own a image hosting website and I capture image views using php and mysql.
I use the following code to count the views.
include 'mysql.php';
$result = mysql_query("SELECT * FROM DB WHERE ID='$id'");
$row = mysql_fetch_array($result);
$views=$row['views'];
$query = "UPDATE DB SET views=$views+1 WHERE ID='$id'";
$result2 = mysql_query($query);
mysql_close($con);
views is mediumint(9) type field.
I noticed that the views get decreased day by day.can anyone say what is the problem and offer a solution.
Thanks.
You should use this to update instead:
$query = "UPDATE DB SET views=views+1 WHERE ID='$id'";
If a page takes a long time to execute, you can have one query overwrite another. Also using this, you might not need to even run the first query - unless you want other info from it.
The reason you are getting an error is that one script is reading the data and grabbing the value, then updating it - based on the value it is storing - but in the meantime other scripts could be updating the row. You could avoid it by using transactions, but that seems utter overkill for what you are doing.
You need to stop using mysql_* as those functions are deprecated
You don't need to make 2 queries just to increment a field by 1:
$query = "UPDATE DB SET views=views+1 WHERE ID='$id'";
and PDO example:
$db = new PDO('mysql:host=localhost;dbname=mydb;charset=UTF-8', 'username', 'password', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$stmt = $db->prepare("UPDATE DB SET views=views+1 WHERE ID=:id");
$stmt->execute(array(':id' => $id));
Read more about prepared statements and PDO
I am trying to create a "views" system on my books website.
I have the following tables with the following columns:
Books
-bookid
-bookname
-authorid
-views
my webpage is set up to display a book based on the $_GET['bookid'] variable and I want to add 1 (increment the views column by one for that particular book)
I tried using the following code but it didn't update my table:
<?php $sql = "UPDATE `books` \n" . "SET views = views+1 WHERE" . $_GET['bookid'] .= "bookid"; ?>
ALSO: I used dreamweaver to run the recordset query) so maybe something is different.
Please Help!
Sidenote: Can you please recommend a good book/video or written tutorial to learn php and mysql for absolute beginners like my self!
This is important: don't include $_GET paramaters directly in your SQL query.
This makes your website vulnerable to an SQL Injection attack. Sanatise your inputs by using:
$book_id = mysql_real_escape_string($_GET['book_id']); // If it is a string
$book_id = intval($_GET['book_id']); // It it is an integer
// Assuming it is an integer
$sql = "UPDATE books SET views = views+1 WHERE bookid = $book_id";
You obviously need to execute that query, are you doing that?
$user="username";
$password="password";
$database="database";
mysql_connect(localhost,$user,$password);
mysql_select_db($database) or die( "Unable to select database");
mysql_query($sql);
mysql_close();
EDIT:
Also, just a tip, since you're using $_GET you should be executing something like yourscript.php?book_id=12345, is that what you're doing?
you've already found some of the best ways to learn PHP: writing code and coming here when you don't know further :) (don't have a real good tutorial on my hands beyond that ;)
As for your question:
check the value of $_GET['bookid']
check the value of $sql
if all looks as intended, run the query directly
oh wait.
you're not actually executing the sql in your code, just generating a string with the query. you need to open a connection etc, or are you doing that and leaving it out here?
Your query looks slightly off. Try this:
$sql = 'UPDATE books SET views = views+1 WHERE bookid = ' . intval($_GET['book_id']);