I have an IPN script that is doing some work on the amount of a payment received, and when a certain amount is received, it is updating their license code in the database after verifying it with PayPal's IPN service.
This SQL isn't right, it's not updating. The rest of my code is fine because it sends an email, but where's the SQL error at? It's really late and I'm spacing out...
if ($amt == "77.00")
{
mysql_query("UPDATE login_users SET license_code = 3 WHERE username = ". $username ."") or die(mysql_error());
// Change license code in database
}
You need quotes around the user name if it's a string.
WHERE username = '". $username ."'
Also make sure $username is properly sanitized:
$username = mysql_real_escape_string(... wherever the value is coming from ...);
Put SET before WHERE and add single quotes around username
"UPDATE login_users SET license_code = 3 WHERE username = '". $username ."'";
Related
My sql table is not updating. I have looked through tons of documentation and I do not see why it is not working.
if (!empty($_POST['services'])){
$username = mysql_real_escape_string($_POST['username']);
$service = mysql_real_escape_string($_POST['services']);
$registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".username."'");
}
Please update your code to use PDO. Inserting into the database could be much easier and safer using prepared statements.
For example:
<?php
$stmt = $db->prepare("UPDATE `users` SET `services`=:service WHERE `username`=:username");
$stmt->execute(array(':username' => $username, ':service' => $service));
?>
Here's a good resource when learning the basics of PDO.
http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
Have a good one!
- Scott
My error was that I wrote this: $registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".username."'"); and I was missing the $ and an s in services. To correct this: $registerquery = mysql_query("UPDATE users SET services = '".$service."' WHERE Username = '".$username."'"); Thank you all for your help. I submitted another answer last night saying I found the error.
I have tried to close this twice. All I had to do was add a "s" at the end of "service" in the update command. I overlooked the fact it did not match the requested field in the table.
Please replace like this and execute.
$registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".$username."'");
I want to make simple login server for android.
Login feature works well, but in registration has some problem.
My intent is :
Android Client Send User Info(id, username, password) to XAMPP Server by using HTTPPOST.
Server get User Info, and find repetition id or username from database(using select query). if repetition exists, response to client using echo.
if repetition not exists, make new user info to database using insert query. And response to client using echo.
If repetition exists, it works well. server response correctly.
but in case of no repetition, query's output is 1 then server response 'there is repetition'...
login.php is same code with register.php, but there is no insert query in login.php, and it works perfectly well.
so I think this problem caused by insert query.
here is my code:
<?php
$hostname_localhost ="localhost";
$database_localhost ="mydatabase";
$username_localhost ="root";
$password_localhost ="";
$id_localhost ="";
$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost, $id_localhost) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_localhost, $localhost);
$username = $_POST['username'];
$password = $_POST['password'];
$id = $_POST['id'];
$query_search = "select * from tbl_user where username = '".$username."' OR id = '".$id."'";
$query_exec = mysql_query($query_search) or die(mysql_error());
$rows = mysql_num_rows($query_exec);
if($rows == 0) {
$query_register = "INSERT INTO tbl_user (id, username, password) VALUES ('$id', '$username', '$password')";
$result = mysql_query($query_register) or die(mysql_error());
if($result == TRUE){
echo "Register Success";
} else {
echo "Register Fail";
}
exit;
die;
} else {
echo "Registered Device or Username";
exit;
}
?>
login.php is almost same. only search query(select id and username and password same) and insert query is different(no insert in login.php).
server response is wrong but insert action is doing right. I can see new record in my database. so... it seems to be run twice.
client side has no problem because it also almost same with login code(And login works well with no insert query:)).
Update
mysql_num_rows return an int, you are checking if $rows is false instead of 0. Use ===.
What id are you referring to in your tbl_user and why would the user supply their ID? Are you sure that you are checking for the right id? It feels like you should be doing a separate query for the device id OR check for a device_id column in the table tbl_user.
Other things to look into
exit; and die; are the same so calling it twice makes no sense.
if ($rows == 0) is checking for (bool) false instead of the integer 0. Use === for checking for supplied type.
When using "" double-quotation marks you can supply the variables directly;
E.g. "...WHERE username = '$username'" instead of "... WHERE username = '".$username."'".
Look into using mysqli instead of mysql for more features and improved security; http://php.net/manual/en/book.mysqli.php
Can someone point me out how can I save the default password if it is blank?
Its an update issue. Im making an update page when the user update their profile.
Its a long profile info. I did not post it all here coz my only problem is the password field.
Even if it is leave as blank it still updating the field on the database.I use md5 for encryption. Below is the code. Please just add the code, your code. Thank you.
The id is=1 because im just testing it. Ill only have one data in the userstest table.
$desire= $_POST['desired'];//username field
$password = md5(trim(mysql_prep($_POST['password'])));//password field
$passconfirm = md5(trim(mysql_prep($_POST['confirmpassword']))); //confirmpasswor field
$sql = mysql_query("UPDATE userstest SET username = '$desire',password='$password',confirmpassword='$passconfirm' WHERE id=1");
if(mysql_affected_rows()==1){
echo "Update Successfull";
}else{
echo "Update Failed" . mysql_error();
}
Add a if condition while building query
$sql = "UPDATE userstest SET username = '$desire'";
if($password) {$sql += ",password='$password',confirmpassword='$passconfirm'";}
$sql += " WHERE id=1";
then run the query mysql_query($sql);
Don't update the password or confirmpassword columns if those fields are blank. Just don't add them to the SQL query in that case.
By the way, why are you even saving the confirmpassword? Shouldn't this always be the same as password? It's usually only used in an if statement in the PHP script to see that the user didn't do a typo.
I'm currently running into a problem with an UPDATE query. What I'm trying to run is:
dbquery("UPDATE users SET vip_points = 'vip_points' +'". $points ."' WHERE username = '". $user ."'");
$user and $points are sent via a form. I've tried echoing the results and they come out to what I post.
Database error
Truncated incorrect DOUBLE value: 'vip_points'
So can some one please explain what's wrong with my query? It's worked on other MySQL servers. At the moment I'm using MySQL server 5.5 under Windows 2008.
Oh, and vip_points column is set as 0 by default.
Thanks.
You're quoting values you shouldn't be quoting. Try this:
dbquery("UPDATE users SET vip_points = vip_points + ". ... ." where username = '". $user ."'");
Is there something wrong with the syntax on this MySQL query?
Thanks in advance,
John
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = ".$row['username']."");
EDIT: Okay, per Pekka's request, I echoed out the actual query value, and that gave me some ideas. Now I'm using this:
$ttquery = "Update login SET ttemail = 1 WHERE username = ".$row['username']."";
and I get this error: Unknown column 'admin' in 'where clause'. "admin" is the first username that meets the condition I want to run this query for... it's not the name of a field. Any ideas on why I'm getting the error?
EDIT: Here is the MySQL echoed MySQL query if that helps:
Update login SET ttemail = 1 WHERE username = admin
You probably need single quotes around username
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
If you're using sprintf, you would have:
$ttquery = sprintf("Update login SET %1$s = '1' WHERE username = '%2$s'", $row['ttemail'],$row['username']);
Update login SET ttemail = 1 WHERE username = admin
In SQL, strings are surrounded by single quotes and table/column names are unquoted. You need to fix your PHP code so you generate this:
Update login SET ttemail = 1 WHERE username = 'admin'
Try to make sure you understand basic SQL before banging your head against PHP ;-)
try this
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = '" . $row['username'] ."'"
i.e., username='[your value]'
This should work:
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
man, be careful about sql injections.
Also, why call sprintf() if you dont actually use it?