First of all I'm a rookie to Programming, I created a PHP page to update a value from my mysql(myadmin) database, but the value is not updating. I also tried to retrieve values from database it's working just fine but this UPDATE code is not working! I don't know why, please check out my code below.
$qs=mysql_query("update staff set review=$newrate where name=$rateuser");
$resu=mysql_query($qs);
All variables are double defined, assigned with proper values, checked and I tested variables using echo, table name is also checked, it's all fine, but I think the problem is with Update query, I searched internet for the syntax but it's not different than mine. Please help me out
How are $newrate and $rateuser set?
mysql_query("UPDATE staff SET review = '".mysql_real_escape_string($newrate)."' WHERE name = '".mysql_real_escape_string($rateuser) ."'");
http://php.net/manual/en/function.mysql-real-escape-string.php
Try:
$qs=mysql_query("update staff set review='$newrate' where name='$rateuser'");
Do not use second line.
You probably just need some " around your values $newrate and $rateuser
But if you did an echo, why not actually echo for us what the query-string becomes?
You need single quotes around string values on your query:
$qs=mysql_query("update staff set review='$newrate' where name='$rateuser'");
(assuming both variables are strings)
Related
I have come across a strange problem, which im trying to solve for quite some time now but can´t find any solution to this.
I am generating some lines with information which each of includes one checkbox. I have the following code in PHP which checks if a certrain entry exists, if so the checkbox is checked.
$sql = "SELECT COUNT(*) anz FROM jubilaeum WHERE jahr='".$Jahr."' AND mon='".$num."' AND AdrNr='".$RS1_row["AdrNr"]."' AND type='1'";
$rs_erledigt = $db->prepare($sql);
$rs_erledigt->execute();
$row = $rs_erledigt->fetch();
$anz = $row["anz"];
The Code generates me the following SQL Query:
SELECT COUNT(*) anz FROM jubilaeum WHERE jahr='2019' AND mon='5' AND AdrNr='14061' AND type='1'
PHPMyAdmin Query & Result
Now i am using a basic IF to check if there are any records found so i can check a checkbox
<input type="checkbox" name="mychk" id="mychk" value="somevalue" <?php if($anz>0) echo "checked"; ?> />
All checkboxes which have a proper entry in my DB are checked, except the very first one generated, i can swap the boxes around at free will, the first one never gets checked.
I tried to use the $row["Anz"] directly in my IF, didn´t fix the problem.
I think that PHP doesnt interpret the returned value of my query correctly, but i am clueless about how to fix this.
Did someone encounter similar problems and can help me with this?
Im new to posting in here, so please tell me if you need some more information.
Thanks in advance!
Edit: I just tried to change the Query from COUNT(*) to if(COUNT(*)>0,'ja','nein') while also changing the if to if($anz=="ja")
the value of $anz still remains empty.
I found the solution. My issue was a second fetch on my Query. After removing it, everything works fine.
I'm trying to add +1 in custom row. Example:
UPDATE `users` SET `MVP` = `MVP` + 1 WHERE `steam_id` = `%s`;
But nothing. What's wrong? Syntax looks good i think.
%s is a value so remove `
You can usually omit that everywhere unless you are using some "unlucky" column names
UPDATE `users` SET `MVP` = `MVP` + 1 WHERE `steam_id` = %s;
Take the ' away from the MVP you are incrementing.
UPDATE `users` SET `MVP` = MVP+1 WHERE `steam_id` = `%s`;
Post the entire code snipped. Can´t really help you like that. What is steam_id? What is %s. When do you replace it with an actual value? You should also just use prepared statements and not DYI that. %s is not how they look like in PDO or MYSQLI, but sure looks like a placeholder for a string.
You also marked this as insert, yet you´re doing an update.
Those `` are kinda unnecessary, never used them for column/table names, but appears to work at least in mysql console.
The sql snipped looks right, assuming MPV is numeric and the id is a string/varchar and equals %s, or you´re replacing it with something.
EDIT: As some have said the %s is the problem use nothing if it´s a int. Use single or double quotes if it´s a string. And you don´t need to use anything anywhere else, but if you wish to do so you can.
I need some help with the php syntax for when user input is a variable in the request to the database.
The below manually enters values:
"UPDATE customer SET first_name= 'Me2' WHERE id = ' 13 ' ";
However i want the user to be able to enter values such as this:
"UPDATE customer SET first_name=".$edit_first_name.", WHERE id=".$edit_id."\"";
When i run the above it doesn't work as the first example script does.
An i'm assuming it's a syntax problem, an there is no display on the page to indicate the issue location. Please help
Your query is wrong. Don't insert , before WHERE & put single quotes around string value.
"UPDATE customer SET first_name='".$edit_first_name."' WHERE id=".$edit_id;
This is the final query:
$update="UPDATE customer SET first_name=".$edit_first_name." WHERE id=".$edit_id;
You miss simple quotes '' around your $edit_first_name as it is a string.
try this statement, maybe it could solve your problem:
"UPDATE customer SET first_name ='$edit_first_name' WHERE id='$edit_id'";
i might be doing some idiot mistake, but i could not figure that out. i have some values coming from html and wanna insert into mysql db. problem is, the very same query does not work in regular php file (that includes other queries), but when i try on an independent php file, it does. here is a sample of the code:
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15);
as i mentioned, the very same code works when i just copy this snippet to a new php file, and it works smoothly.. as you see, there are 20+ insert with the same php, because there are 25+ tables, but data is not much. first 14 query and following 7 queries do work by the way.
do you have any ideas?
There are some things to check and do.
Sanitize user input:
"('$article_id', '".mysql_real_escape_string($_POST['Article_Title'])."')";
You might also want to check if the value is what you expect.
Is your $article_id correct for column Article_ID?
Are your table and column names correct?
Check for errors:
$res = mysql_query($sql15);
if (!$res)
echo mysql_errno($link) . ": " . mysql_error($link);
Show us you complete query:
echo $sql15;
First of all i would suggest you to write your insert query like below
$sql15="insert into body SET Article_ID = '$article_id', Article_Title = '".$_POST['Article_Title']."'";
echo $sql15;
mysql_query($sql15);
so that each time when you add new column to database it would be easy for u to change insert query. echo your query and see it in browser. in it seems to o.k then copy it and paste it in SQL section under your phpmyadmin (see you are choosing proper database) and run it. if one row inserted successfully then your query is alright.
I hope this would help you a little.
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15) or die(mysql_error());
use like this u will be get the error. then u will be find the issue
I think using mysql_real_escape_string may solve your problem.I also recommend you to store your form data in a string.
$article_title= mysql_real_escape_string($_POST['Article_Title']);
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '$article_title') ";
mysql_query($sql15) or die(mysql_error());
I am trying to make an update query to update a user to have a password. The update statement is extremely easy and it has been baffling me for about 12 hours now.
I have read everything having to do with this on 3.5 pages of google searches. but for some reason, none of the suggestions work for me!
Here is the UPDATE query in its 'original' form:
$sql_update = "UPDATE users_sensitive SET password = '$password_hash', ch_password = '$password_hash' WHERE email_hash = '$email_hash'";
$result_update = mysql_query($sql_update) or die(mysql_error());
When I do this update Query, I get no errors or anything back. It also just does not update.
Here's another rendition of the same code:
$sql_update = "UPDATE users_sensitive SET password = '" . $password_hash . "', ch_password = '" . $password_hash. "' WHERE email_hash = '" . $email_hash . "'";
$result_update = mysql_query($sql_update) or die(mysql_error());
Again, nothing happens.
When I put the actual numbers in here instead of the php variables:
$sql_update = "UPDATE users_sensitive SET password = '700b5b23b511d974fe9eeb17ad350b33', ch_password = '700b5b23b511d974fe9eeb17ad350b33' WHERE email_hash = 'ac24dab060a172d8c0b3679d8ae61cac'";
$result_update = mysql_query($sql_update) or die(mysql_error());
(don't worry, it's not sensitive info) It does actually update...
So, I'm assuming my syntax is wrong? I know these are Strings instead of just numbers, so I need the single quotes around them. I have the two variables I need echoed and they are both showing exactly what they should be. I have even tried to use backticks around the column name but that didn't do anything?
I did a var_dump and it came back "true".
When I do a print on my $sql_update, I get:
UPDATE users_sensitive SET password = '700b5b23b511d974fe9eeb17ad350b33', ch_password = '700b5b23b511d974fe9eeb17ad350b33' WHERE email_hash = 'ac24dab060a172d8c0b3679d8ae61cac'
There is no whitespace here.
When I print the $result_update, it comes up with: 1
ANSWER
Thank you to bemace, James Anderson, VolkerK, alex and the others!
The problem was that there was a strange line break in the code creating whitespace that was not the same as on the database.
After backtracking, I noticed at the very beginning of my code on this page, I used a GET to get a hash number from the URL. While making a variable, during testing, I added a line break to the variable for testing purposes only. I (stupidly) left the line break in there. When using that variable in a hidden form field, it included the line break.
After taking the line break out of the first line, everything matched up and all is good.
If you are reading this and plan on posting later, Posting the entire code is probably worth it. This problem would have been fixed earlier if I had.
Again, Thank you to the quick responses and trouble shooting!
No errors and no updates tells me that your where clause isn't matching anything. Make sure $email_hash doesn't have any leading or trailing whitespace and isn't being truncated.
A less likely possibility is that the update is part of a transaction that is being rolled back.
Another less likely possibility: are you connected to the right server?
Thank you to bemace, James Anderson, VolkerK, alex and the others!
The problem was that there was a strange line break in the code creating whitespace that was not the same as on the database.
After backtracking, I noticed at the very beginning of my code on this page, I used a GET to get a hash number from the URL. While making a variable, during testing, I added a line break to the variable for testing purposes only. I (stupidly) left the line break in there. When using that variable in a hidden form field, it included the line break.
After taking the line break out of the first line, everything matched up and all is good.
If you are reading this and plan on posting later, Posting the entire code is probably worth it. This problem would have been fixed earlier if I had.
Again, Thank you to the quick responses and trouble shooting!