Issue updating values in Database from mySQL query on PHP site - php

Been tinkering with my website, it is a seat booking website. Still in alpha testing really so not live to the public yet for obvious reasons.
However, I'm having a few problems with updating the values in my database.
I'll post the code and then explain the problem..
else {
$seatID = $_POST['form_submitted'];
$query1 = "SELECT seatTaken FROM SEATS WHERE seatNo = '$seatID'";
$result = mysql_query($query1);
while($row = mysql_fetch_array($result))
{
$taken = $row['seatTaken'];
}
$query2 = "SELECT passNo FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query2);
while($row = mysql_fetch_array($result))
{
$passno = $row['passNo'];
}
$query3 = "SELECT groupID FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query3);
while($row = mysql_fetch_array($result))
{
$groupno = $row['groupID'];
}
$query4 = "SELECT flightNo FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query3);
while($row = mysql_fetch_array($result))
{
$flightno = $row['flightNo'];
}
// if ($taken = 0) {
$update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
// AND flightNo = '$flightno'"
echo '<meta http-equiv="refresh" content="5;url=http://www.mywebsite.com/">';
echo mysql_error();
//}
}
?>
Now the user will have selected their seat in the previous form hence the:
$seatID = $_POST['form_submitted'];
However, at the bottom in my queries, the only value that actually changes in the database when this PHP code is run is the boolean value of 'seatTaken', in that it does change from 0 (not occupied) to 1 (occupied).
The field passNo and groupID in my database DO NOT UPDATE as referenced here in these queries:-
$update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
Is anyone able to help? Many thanks!
Tom

Watch your variable naming and string quotation
When your looking for values in mysql, they usually need to be a string literal (add quotes).
And your other problem is your variable names:
$update = mysql_query("UPDATE PASSENGER SET seatNo = '$seatID' WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passno', groupID = '$groupno' WHERE seatNo = '$seatID'");
$passno vs $passNo
$groupid vs $groupno
You should also make sure you properly escape any input coming from the user http://php.net/manual/en/function.mysql-real-escape-string.php

One can't see in your code how do you generate the values of $groupid, $passNo, $seatID. Are those varaibles set when you do your update? (just echo the SQL code to see what query is being sent to your database)
Maybe you should try getting the variables from your post request, like $_POST['groupid'], if groupid is the name of the field in the form.

Related

Any idea why my query only works on first but on second isset nothings happen

if (isset($_POST['submitid'])) {
$itemid = $_POST['itemID'];
$cartno = mysqli_query($connection , "SELECT * FROM users");
while ($cartnorow = mysqli_fetch_assoc($cartno)) {
$existingcartno = $cartnorow['cartno'];
$existingtotal = $cartnorow['total'];
}
$updatecartno = $existingcartno + 1;
$updateprice = $itemlistprice+$existingcartno;
mysqli_query($connection ,
"UPDATE users SET cartno = '$updatecartno' WHERE id=1");
}
When I remove WHERE id = 1 it works fine.
I seriously need to update specific id thats why I need that WHERE id = 1.

Displaying based on Results in Mysql Query

I have an orders table in mysql and in that for some orders I set particular order status like 'review'.
I want to setup a way if any order placed by a particular customer(first and last name) for whom i have previously set order status as 'review' to display a warning in the list.
$sql = "select * from order where firstname = ".$firstname." AND lastname = ".$lastname." AND order_status = 'review';";
$SQLresult = mysql_query("$sql", $DBcon_MySQL);
while($row = mysql_fetch_array($SQLresult)) {
foreach($row as $row){
$result = "warning!";
echo $result;
}
}
The above code does not display anything. please let me know how to fix this.
[EDIT After Applying Answer]
This is how i am using it.
<td width="200">
<?
$sql = "select * from cust_order where firstname = '$firstname' AND lastname = '$lastname' AND order_status = 'review'";
$SQLResult = mysql_query("$sql", $DBcon_MySQL);
while($row = mysql_fetch_array($SQLResult )) {
//$result;
foreach($row as $row ){
//$result="";
$result = "Warning!";
}
?>
<p><? echo $result;?></p>
<?} ?>
</td>
How should i insert a check that it should display warning only once No matter how many orders from single customer are marked as review, display warning only once?
try this,
$sql = "SELECT
*
FROM
`order`
WHERE
firstname = '$firstname' AND lastname = '$lastname' AND
order_status = 'review' LIMIT 1";
$SQLresult = mysql_query($sql, $DBcon_MySQL);
while($row = mysql_fetch_array($SQLresult)) {
foreach($row as $row){
$result = "warning!";
echo $result;
}
}
Please be informed that mysql functions are deprecated and not recommended. USE MySQLi or PDO instead. have a reference from following queries.
http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.pdo.php

update table for multiple users

I am looking to count the number of times 'yes' in present for a user in a table, then post the result into anther table for that same user. Both tables have the username. I would like this done for each user. I have the following but it is not working.
$sql = $item_count = "SELECT SUM(if(strike='yes',1,0)) AS strike_total FROM weekpicks WHERE username = 'username'";
// execute SQL query and get result
$sql_result = mysql_query($sql) or die (mysql_error());
if (!$sql_result) {
echo "Something has gone wrong!";
}
else {
//loop through record and get values
while ($row = mysql_fetch_array($sql_result)) {
$item_result = ($row = #mysql_query($item_count)) or die(mysql_error());
$strike_total = ($row = #mysql_result($item_result,"strike_total"));
$strikes = ($row = $strike_total ['strike_total']);
$username = $row["username"];
// the following will insert number of strikes into table for each user.
$sql = "UPDATE authorize SET strikes = '($strikes)' WHERE username='$username'";
//mysql_query(" UPDATE authorize SET " . "strikes = '" . ($strikes) . "' WHERE username='$username' ");
$result = mysql_query($sql) or die (mysql_error());
Just one query should be enough
Update for single user..
UPDATE authorize SET strikes = (select count(*) from weekpicks WHERE username = '$username' and strike='yes') WHERE username='$username';
For bulk update all users
UPDATE authorize as A SET strikes = (select count(*) from weekpicks B WHERE strike='yes' and A.username=B.username group by B.username)
Isn't that simple.

MySQL Query in PHP error

I have a problem with an query that won't work.
The one that needs to set the rank to 2 works, but the one that needs to set vip to 1 doesn't work.
I just get an white page.
What is the problem?
<?php
session_start();
include ("includes/config.php");
$lid = $_SESSION['lid'];
$uQuery = mysql_query("SELECT * FROM users WHERE id = '".$lid."'");
while($uFetch = mysql_fetch_array($uQuery)){
$uuser = $uFetch['username'];
$umotto = $uFetch['motto'];
$ucredits = $uFetch['credits'];
$upixels = $uFetch['activity_points'];
$ubelcr = $uFetch['belcredits'];
$urank = $uFetch['rank'];
$ufigure = $uFetch['look'];
}
if($urank < '2'){
mysql_query("UPDATE users SET rank = 2 WHERE id = '".$lid."'");
mysql_query("UPDATE users SET vip = 1 WHERE id = '".$lid."'");
}
Header("vip.php?succes=1");
?>
mysql_query("UPDATE users SET rank = 2,vip = '1' WHERE id = '".$lid."'");
Not exactly what you're looking for, but looking at the queries you could simplify to:
session_start();
include ("includes/config.php");
if(isset($_SESSION['lid'])){
$lid = $_SESSION['lid'];
$query = "UPDATE users SET rank = 2, vip = '1' WHERE rank < 2 AND id = ".intval($lid);
$result = mysql_query($query) or die(mysql_error());
header('Location: vip.php?succes=1');
exit;
}

Issue with this function. The code is not executing

The function is supposed to update the values in the database.
Here is the code:
//Functions
//Function to Update users networth
function update_net($name)
{
//Get worth & balance at the time
$sql_to_get_worth_balance = "SELECT * FROM user WHERE username = '$name'";
$sql_query = mysql_query($sql_to_get_worth_balance);
while ($rows = mysql_fetch_assoc($sql_query))
{
$worth = $rows['worth'];
$balance_ = $rows['cash_balance'];
}
//Get net_worth now
$new_net_worth = $worth + $balance;
//Update net_worth
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
$sql_worth_query = mysql_query($sql_worth);
}
It is used here:
//Get username
$username = $_SESSION['username'];
if (isset($username))
{
//Update networth
$update_worth = update_net($username);
You probably want a WHERE clause on the end of this query:-
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
e.g.
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth' WHERE username = '$name';
You're forgetting the where name=$name part in the update query (which will update the entire table!)
I hope your $name can never hold user entered data because your sql is vulnarable to injection.
Maybe:
//Update net_worth
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
$sql_worth_query = mysql_query($sql_worth);
Should Read:
//Update net_worth
$sql_for_new_worth = "UPDATE user SET net_worth = '$new_net_worth'";
$sql_worth_query = mysql_query($sql_for_new_worth);
May be you should commit transaction?

Categories