after inseet/delete /update i have to manually update the page until i see the result..why? how can i solve this problem
if (isset($_POST['action']) && $_POST['action']=='submitted') {
if (isset($_POST['update'])) {
$selected = $_POST['selected'];
for ($i=0; $i<$columncount;$i++){
$value[$i] = $_POST[$name[$i]];
foreach ($selected as $j)
mysql_query ("UPDATE $tablename set $name[$i]='".$value[$i][$j]." 'WHERE $name[0]=".$value[0][$j]);}
}
its reading table value from a form and updating
Because you update the database after displaying the table.
In other words, you fetch the values, display them, then update them. To fix this just put the above code above the table display.
Other than the obvious SQL injection vulnerabilities that are just begging to get your server pwn3d, you have no error handling whatsoever on your query - you're assuming it succeeded. Why not take the extra 2 seconds to try and handle the possibility that your query might actually have a syntax error?
$result = mysql_query(...) or die(mysql_error());
^^^^^^^^^^^^^^^^^^^^^^
Try this one. Hope it will work
mysql_query ("UPDATE ".$tablename." set ".$name[$i]."='".$value[$i][$j]."' WHERE ".$name[0]."='".$value[0][$j]."';");}
Related
I populate a web form with rows of data. Some of the fields I need to be updatable so I put the value into a text field. MySQL query is:
SELECT * FROM results WHERE EventID = %s AND CompNo = %s", GetSQLValueString($colname_rsResults, "int"),GetSQLValueString($colname2_rsResults, "int"));
EventID and CompNo are passed in the URL.
Let's say the result is 50 rows. I want to be able to update the Name field (eg, make correction to the spelling), click a button and have the code update the database with any new values. It doesn't matter that most of the values will not change as this is a very infrequent operation.
I used to be able to do this in ASP but I can't seem to do in PHP.
This is the code I am using and I think it is completely wrong!!
if ((isset($_POST["JM_update"])) && ($_POST["JM_update"] == "form1")) {
$i = 0;
$j = $totalRows_rsResults;
while($i < $j)
$resultID=$_GET['ResultID'];
$vDelete=$_GET['Del'];
if ($vDelete == 1) {
$delSQL = sprintf("DELETE FROM Results WHERE ResultID=$resultID");
mysql_query($delSQL,$connFeisResults);
} else {
$name=$_GET['Name'];
$qual=$_GET['Qual'];
$updateSQL = sprintf("UPDATE results SET Name = ".$name{$i}.", Qual = ".$qual[$i]." WHERE ResultID=$resultID");
mysql_query($updateSQL, $connFeisResults);
$i++;
}
}
There is also a checkbox at the end of each row to check if I need that record deleted. That doesn't work either!!
I am using Dreamweaver CS6 and trying to adapt the update behaviours etc.
Any thoughts? Many thanks in advance.
It looks like you're missing an opening brace after your while statement.
--UPDATED
Also, check your sprintf statements -- they look wrong, and they look like they're writing the raw '$resultID' to the SQL String, instead of the value within it.
See how to do it here: http://www.talkphp.com/general/1062-securing-your-mysql-queries-sprintf.html
For the life of me I cannot figure this one out, still new so I am probably overlooking.
Based on a POST value, I would like to perform 1 of 3 MySQL queries. I have verified that each query works on its own, when I add the if statement nothing updates. Also not receiving any MySQL errors.
If the POST value is "on" or "off" run the corresponding query to update all columns.
If the POST value is anything else (would be a column number), toggle that column.
<!-- language: lang-php -->
mysql_select_db("lightup") or die(mysql_error());
if ($light=="on")
{
$query = mysql_query("UPDATE Homes SET L1Status='0',L2Status='0',L3Status='0',L4Status='0',L5Status='0',L6Status='0',L7Status='0',L8Status='0',L9Status='0',L10Status='0' WHERE HomeID=$id") or die(mysql_error());
}
elseif ($light=="off")
{
$query = mysql_query("UPDATE Homes SET L1Status='0',L2Status='0',L3Status='0',L4Status='0',L5Status='0',L6Status='0',L7Status='0',L8Status='0',L9Status='0',L10Status='0' WHERE HomeID=$id") or die(mysql_error());
}
else()
{
$query = mysql_query("UPDATE Homes SET $lightcolumn = !$lightcolumn WHERE HomeID=$id") or die(mysql_error());
}
mysql_close($link);
Any thoughts?
You have an error in your syntax in your last else, remove the parens, so instead of this:
else()
it should be this
else
I have this code. Its returning 1 but there is no change on the database!
<?
include ("../connect.php");
$id = $_REQUEST['id'];
$stat = $_REQUEST['changeTo'];
$prod = $_REQUEST['product'];
echo mysql_query("UPDATE $prod SET STATUS = '$stat' WHERE ID = '$id'");
echo mysql_error();
?>
An error will only be returned on an UPDATE statement if a SQL error occurs. If no rows are affected the query is still successful and reported as such.
Make sure all of the variables used in the query contain valid values and that the query should actually affect any records in your database.
My first thought is that $id doesn't exist, can you manually enter an id that you know exists and try running that once? just to rule it out if nothing else
I added this in the hopes that I could get an answer vote :)
Try the SQL-Statement direct with values set by code.
I have this update statement:
mysql_query ("UPDATE loan SET loan_reff_id='$_POST[loan_reff_id]',
commit_date='$_POST[commit_date]',app_loan_type='Tertiary Loan',
app_ln_amnt='$_POST[app_ln_amnt]', institution_name='$_POST[institution_name]',
app_course='$_POST[app_course]',course_length='$_POST[course_length]',
course_cost='$_POST[course_cost]', app_trm_pymnt='$_POST[app_trm_pymnt]',
app_intrst_rate=3
WHERE app_file_id='$_POST[app_file_id]'");
However wen I run the query it says query empty, what do you think might be the problem
Im using mysql and php
This one is not empty.
You are getting such an error from some other query.
According this one, to make it sane at the very least,
foreach($_POST as $key => $value) {
$_POST[$key] = mysql_real_escape_string($value);
}
$sql = "UPDATE loan SET loan_reff_id='$_POST[loan_reff_id]',
commit_date='$_POST[commit_date]',app_loan_type='Tertiary Loan',
app_ln_amnt='$_POST[app_ln_amnt]', institution_name='$_POST[institution_name]',
app_course='$_POST[app_course]',course_length='$_POST[course_length]',
course_cost='$_POST[course_cost]', app_trm_pymnt='$_POST[app_trm_pymnt]',
app_intrst_rate=3
WHERE app_file_id='$_POST[app_file_id]'";
mysql_query($sql) or trigger_error(mysql_error()." in ".$sql);
You should not use directly $_POST values in your queries, you risk SQL injections, try using PDO.
Regarding the empty query, you must have a problem with simple/double quotes and concatenation.
Finally, are you sure you do not violate any constraint in your table ? NOT NULL, etc...
$db = mysql_connect("localhost","root","123");
mysql_select_db("website_categorization") or die("\n error selecting database" );
$keyword_array = preg_split('/[\s,]+/', $tag);
foreach($keyword_array as $tag1)
{
mysql_query("INSERT INTO category_keyword(ID_Category, Keyword) VALUES(2,$tag1)");
}
echo "\nAffected rows are ".mysql_affected_rows()."\n";
mysql_close($db);
Can u tell me what is the problem with this code??...I intend to insert rows into the category_keyword table from an array $keyword_array. I get errors "Affected rows are -1" and insertion does not work
You should quote and escape string values.
You should also handle errors, to be notified of them.
You should also write distinct statements, to be able to read your code later (as well as let others to read it).
$tag1 = mysql_real_escape_string($tag1);
$sql = "INSERT INTO category_keyword(ID_Category, Keyword) VALUES(2,'$tag1')";
mysql_query($sql) or trigger_error(mysql_error()." in ".$sql);
insert multiple rows via a php array into mysql
You need to encapsulte the string $tag in a query, otherwise mysql will think its a column name
mysql_query("INSERT INTO category_keyword(ID_Category, Keyword) VALUES(2,'".mysql_real_escape_string($tag1)."')");
You should quote and escape your string columns
$tag1 =
mysql_real_escape_string($tag1);
mysql_query("INSERT INTO
category_keyword(ID_Category, Keyword)
VALUES(2,'$tag1')");
You should also handle the mysql query errors to know why the query get failed. With the current code you never know why it is failing.It is better to handle mysql errors.
mysql_query('Your query') or trigger_error(mysql_error());
You can use this:
mysql_query("INSERT INTO category_keyword SET ID_Category=2, Keyword=".$tag1.");
Better syntax to understand :)