I know this is a short question but i can't figure out the syntactical error in this line:
$insert = mysql_query("UPDATE user SET userName = '$username_change' WHERE userID = '$_SESSION['userid']' ");
I know the problem is with $_SESSION variable but don't what, if anything, i need to escape or alter for the statement to work.
Try wrapping your array variables within curly brackets:
UPDATE user SET userName = '$username_change' WHERE userID =
'{$_SESSION['userid']}'
Also think about moving away from the mysql_* functions.
try:
$insert = mysql_query("UPDATE user SET userName = '".$username_change."' WHERE userID = ".$_SESSION['userid']);
Try this
UPDATE user SET userName = '$username_change' WHERE userID = "'.$_SESSION['userid']."' "
Related
I have a Mysql Database named user. Here is a picture:
I want to change the Username of the user "dodlo.rg" programmatically.
Actually, I have the PHP-Version 7.1. And this is a part of my PHPCode:
EDITED CODE:
$newName= $_POST["changeT"];
$userId = $_POST["userId"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1"
Thanks in advance.
The problem lies in 2 parts.
Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error.
Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error.
Therefore your working code should be:
$newName= $_POST["changeT"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. (eg. where user_id = 35 instead of where username = 'dodlo.rg' ).
Lastly, but quite important this code might be vulnerable to sql injections. You need to use prepared statements.
You have to convert this query into two parts
$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";
My sql table is not updating. I have looked through tons of documentation and I do not see why it is not working.
if (!empty($_POST['services'])){
$username = mysql_real_escape_string($_POST['username']);
$service = mysql_real_escape_string($_POST['services']);
$registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".username."'");
}
Please update your code to use PDO. Inserting into the database could be much easier and safer using prepared statements.
For example:
<?php
$stmt = $db->prepare("UPDATE `users` SET `services`=:service WHERE `username`=:username");
$stmt->execute(array(':username' => $username, ':service' => $service));
?>
Here's a good resource when learning the basics of PDO.
http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
Have a good one!
- Scott
My error was that I wrote this: $registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".username."'"); and I was missing the $ and an s in services. To correct this: $registerquery = mysql_query("UPDATE users SET services = '".$service."' WHERE Username = '".$username."'"); Thank you all for your help. I submitted another answer last night saying I found the error.
I have tried to close this twice. All I had to do was add a "s" at the end of "service" in the update command. I overlooked the fact it did not match the requested field in the table.
Please replace like this and execute.
$registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".$username."'");
i am trying to make a last online system and this is the code that (should) run after the login
$name = $user['username']
mysql_query("UPDATE users SET last_activity = now() WHERE username = $name");
$message = "Connected";
normally, If i type this code in php tags the name is displayed
echo $user['username']
but it seems that this variable in the mysql_query doesn't work
why?
how should I set "$name" to make it work?
You must use quotes in '$name'.
Try:
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
You need quotes around your variables
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
The problem here is that you need to quote a string in a mysql query so your query should be
"UPDATE users SET last_activity = now() WHERE username = \"$name\""
However I would still caution against direct query manipulation like this for many reasons. Have you looked into using a library like PDO http://www.php.net/manual/en/book.pdo.php?
You have to concatenate the query with the variable like
mysql_query("UPDATE users SET last_activity = now() WHERE username = '" . $name . "');
I solved by myself using another variable
with this code in index.php everything worked :)
mysql_query("UPDATE users SET last_activity = now() WHERE uid = {$user['uid']}");
I wrote this code
if(isset($_POST['update'])) {
$webname = $_POST['webname'];
$webmeta = $_POST['webmeta'];
$webdesc = $_POST['webdesc'];
$sql=("UPDATE settings (name, meta, description) VALUES ('$webname', '$webmeta', '$webdesc')");
}
but the problem is that it doesn't update my database, and I cannot find anything wrong in the code ...
I have name "update" on submit button, and all my fields are the same as in code
That's insert! Not update!
$sql=("UPDATE `settings` SET `name` = '$webname',
`meta` = '$webmeta',
`description` = '$webdesc')
WHERE [some condition]");
And replace the [some condition] with a valid condition.
Your code is heavily vulnerable to SQL Injection.
Consider escaping the input by replacing these:
$webname = $_POST['webname'];
$webmeta = $_POST['webmeta'];
$webdesc = $_POST['webdesc'];
With:
$webname = mysql_real_escape_string($_POST['webname']);
$webmeta = mysql_real_escape_string($_POST['webmeta']);
$webdesc = mysql_real_escape_string($_POST['webdesc']);
Or something equivalent like PDO or MySQLi.
mysql_select_db("my_db", $con);
mysql_query("UPDATE Persons SET Age=36
WHERE FirstName='Peter' AND LastName='Griffin'");
u need to first formulate query ans then run/ execute that
$query = "UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value";
// Perform Query
$result = mysql_query($query);
You need to run
$connection = mysql_connect($server, $serv_Username, $serv_Password);
mysql_select_db($dbase_name, $connection);
mysql_query($update_query, $connection));
I don't know if this is your problem (don't know how much you know about PHP so just saying).
Also your syntax is wrong. Should be:
UPDATE tablename SET column_name='some_value' WHERE column_name ='some_value'
note that this is diffrent from mentioned above without the thingys covering the column_name parameters.
better is to use PDO as mentioned above, mysql_ can be used "safely" on < PHP 5.5.
Try The code shown below
Just replace the field names and values with your information on your database
$editid=$_POST['editid'];
$username=callback($_POST['username']);
$password=callback($_POST['password']);
$name=callback($_POST['name']);
$age=callback($_POST['age']);
$phone=callback($_POST['phone']);
$emailaddress=callback($_POST['emailaddress']);
$gender=callback($_POST['gender']);
$description=callback($_POST['description']);
$update=update("users","username='".$username."',password='".$password."',name='".$name."',age='".$age."',phone='".$phone."',emailaddress='".$emailaddress."',gender='".$gender."',description='".$description."' ","ID='".$editid."' " );
Is there something wrong with the syntax on this MySQL query?
Thanks in advance,
John
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = ".$row['username']."");
EDIT: Okay, per Pekka's request, I echoed out the actual query value, and that gave me some ideas. Now I'm using this:
$ttquery = "Update login SET ttemail = 1 WHERE username = ".$row['username']."";
and I get this error: Unknown column 'admin' in 'where clause'. "admin" is the first username that meets the condition I want to run this query for... it's not the name of a field. Any ideas on why I'm getting the error?
EDIT: Here is the MySQL echoed MySQL query if that helps:
Update login SET ttemail = 1 WHERE username = admin
You probably need single quotes around username
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
If you're using sprintf, you would have:
$ttquery = sprintf("Update login SET %1$s = '1' WHERE username = '%2$s'", $row['ttemail'],$row['username']);
Update login SET ttemail = 1 WHERE username = admin
In SQL, strings are surrounded by single quotes and table/column names are unquoted. You need to fix your PHP code so you generate this:
Update login SET ttemail = 1 WHERE username = 'admin'
Try to make sure you understand basic SQL before banging your head against PHP ;-)
try this
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = '" . $row['username'] ."'"
i.e., username='[your value]'
This should work:
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
man, be careful about sql injections.
Also, why call sprintf() if you dont actually use it?