Here am trying to update a field in a table with two values if the value which i got from other file using the GET function is Deactivate update the value of cnf_status as 1 and if it is Activate update the value of cnf_status as 0. But this bit of code is not working...can anyone help me how to solve this issue?
<?php
require_once '../config.php';
$id = $_GET['id'];
$status = $_GET['status'];
if($status == Deactivate)
{
mysql_query("update user_details set cnf_status='1' where user_id = '$id'");
}
else if($status == Activate)
{
mysql_query("update user_details set cnf_status='0' where user_id = '$id'");
}
?>
Forgot quotes maybe?
if($status == "Deactivate")
{
mysql_query("update user_details set cnf_status='1' where user_id = '$id'");
}
else if($status == "Activate")
{
mysql_query("update user_details set cnf_status='0' where user_id = '$id'");
}
You should also consider using mysql_real_escape_string() to avoid SQL Injections.
$id = mysql_real_escape_string($_GET['id']);
Usually you dont use Single quotes for Int fields... try removeing them.
You only need them when using with fields like: text, varchar, enum
Also you should quote the Deactivate & Activate otherwise they will be used as constants
Related
I have a problem when trying to update table after checking row. Not sure if the "if" statement is wrong, however I'm not quite sure, why the UPDATE sql is returning this error. I wouldn't be suprised if INSERT did that.
Here's part of code:
$sql = "SELECT user_id FROM players WHERE user_id = '$id'";
$result = $connect->query($sql);
if($result->num_rows > 0)
{
$sql = "UPDATE players SET user_id = '$Player->user_id', display_name = '$Player->display_name', attackPower = '$Player->attackPower]', defensePower = '$Player->defensePower'";
if($connect->query($sql) === TRUE)
{
echo 'Table has been successfully updated.';
}else{
echo 'There has been a problem with updating the "players" table. <br>Error: '.$connect->error;
}
}else{
$sql = "INSERT INTO players(user_id, display_name, attackPower, defensePower) VALUES('$Player->user_id', '$Player->display_name', '$Player->attackPower', '$Player->defensePower')";
if($connect->query($sql) === TRUE)
{
echo'Table has been successfully migrated.';
}else{
echo'Table migration has failed.';
}
}
$connect->close();
INSERTing is working just fine. I would appreciate any advice. Thanks.
Your update query should look like:
$sql = "UPDATE `players` SET `display_name` = '{$Player->display_name}',
`attackPower` = '{$Player->attackPower}', `defensePower` = '{$Player->defensePower'}
WHERE `user_id` = '{$Player->user_id}'";
It cause an error because Identity columns are not updateable.
You can update every columns except them:
$sql = "UPDATE players SET display_name = '$Player->display_name', attackPower = '$Player->attackPower]', defensePower = '$Player->defensePower'";
As #aynber and #Julqas said, problem was my sql was missing WHERE condition. Thanks for help.
I am trying to make a deactivate account so ...When I click a link I want the account status to be updated in the database so it will turn 0. Every time I click the link here nothings happens it just re direct me to another page this my code for the deactivating
<?php
include "../includes/dbcon.php";
if(isset($_GET['user_id']))
{
$result = mysql_query("SELECT user_id FROM users WHERE user_id = $user_id");
while($row = mysql_fetch_array($result))
{
echo $result;
$status = $row($_GET['status']);
if($status == 1)
{
$status = 0;
$update = mysql_query("Update users set status = $status");
header("location: admin_manage_account.php");
}
else
{
echo "Already deactivated";
}
}
}
?>
I don't know what is your problem exactly, but why do you select the id based on the id?
Why don't you do something like "UPDATE users SET status = $status WHERE user_id = $user_id" in the first place?
In your example you don't even have a condition in the update statement...
If you want to "toggle/flip" a value you can just do something like:
UPDATE users SET status = NOT status WHERE user_id = $user_id
This way, true become false, false become true, etc.
You code is not ok on many reasons. But the most serious problem is SQL Injection attack!
If attacker put non-expected value to your user_id param, your sql like that "SELECT user_id FROM users WHERE user_id = $user_id" and that "Update users set status = $status WHEREuser_id= '$user_id'" can cause very serious problems.
For example: user_id can be: "0; DROP TABLE users"
Be careful with your code, rewrite it
Too many things needed to be improved. You should not use MySQL either. Consider MySQLi or PDO. BTW here is an updated version of your own code which should work:
<?php
include "../includes/dbcon.php";
if(isset($_GET['user_id']))
{
$user_id = $_GET['user_id']; // I assume you want to capture it from URL
$result = mysql_query("SELECT user_id FROM users WHERE user_id = $user_id");
while($row = mysql_fetch_array($result))
{
// echo $result; why do you echo it? No need
/* $status = $row($_GET['status']); should be: */
$status = $row['status'];
if($status == 1)
{
$status = 0;
$update = mysql_query("Update users set status = $status WHERE `user_id` = '$user_id'");
header("location: admin_manage_account.php");
}
else
{
echo "Already deactivated";
}
}
}
?>
Previously, you were not defining $user_id. Moreover, it wasn't correct the way you were getting the status ($status) of the user.
I'm trying to write a query to check which column to update. The user sends an action which they performed (a like or a comment) and I'm trying to update a table. Is it possible to check inside the query which column to update? For example:
DB structure:
id imageName imageLikesCount imageCommentsCount
$actionPerformed = "like";
mysqli_query($link, "UPDATE table (if $actionPerformed=like SET imageLikesCount+1
else imageCommentsCount+1)
WHERE imageName='$image'");
I'm not sure how to phrase that, if it's possible at all. Any advice? Thanks in advance!
though meverhart913 has a way to do it, the better way to do the same thing is to instantiate your variable based on the if condition, then just plug that variable into your string. This keeps you from having to repeat your string over and over as well as allows you to easily add additional conditions.
if($actionPerformed=="like"){
$col = imageLikesCount;
else{
$col = imageCommentsCount;
}
mysqli_query($link, "Update table SET '$col' = '$col + 1' where imageName = '$image'");
if($actionPerformed=="like"){
mysqli_query($link, "Update table SET imageLikesCount = imageLikesCount + 1 where imageName = '$image'");
}
else {
mysqli_query($link, "Update table SET imageCommentsCount = imageCommentsCount + 1 where imageName = '$image'");
}
I'm not a php programmer so my syntax won't be correct, but here are two ways to do it:
if ($actionPerformed == "like")
query for updating imageLikesCount
else if ($actionPerformed == "comment")
query for updating imageCommentsCount
else
whatever
Or
if ($actionPerformed == "like")
$column = "imageLikesCount";
else ($actionPerformed == "comment")
$column = "imageCommentsCount";
$sql = "update table set $column = $column + 1";
Then execute it.
I have a feeling that my syntax is incorrect but I can't narrow down what's going on. I have no issues running the statement in a phpMyAdmin SQL query, so hopefully I can get pointed in the right direction. My code is as follows:
else if ($resultdetails === 1) {
$query3 = "update customer_det set `10k`='$_10k',
`14k`='$_14k', `18k`='$_18k', `21k`='$_21k', `22k`='$_22k',
`24k`='$_24k', `925k`='$_925k', `coins`='$coins', `bars`='$bars'
where `id` = '".$uid."'";
$result3 = mysql_query($query3);
}
$resultdetails is a variable set with a EXISTS function. In the SQL query, it returns 1 for me, because the row I'm looking for does exist. So there should be no issues with that.
I tried the double ==, as well as the triple, and there doesn't seem to be any difference in results. I believe the triple === means that it's identical, i.e. the datatype is the same and the value is the same.
I think the issue here is the WHERE statement. Any ideas or suggestions would be greatly appreciated. I forgot to mention that customer_det is the table to be updated and id is the primary key, autoincremented. I pull the $uid variable from the database as well.
Your sql query is right !
But your else if is the problem !
see you add ===,
change it with == and i'm also doubt with your variable declare,
your code will look
like this:
else if ($resultdetails == 1) {
$query3 = "update customer_det set `10k`='".$_10k."',
`14k`='".$_14k."', `18k`='".$_18k."',
`21k`='".$_21k."', `22k`='".$_22k."', `24k`='".$_24k."', `925k`='".$_925k."', `coins`='".$coins."', `bars`='".$bars."' where `id` = '".$uid."'";
$result3 = mysql_query($query3);
}
EDIT:
if (CONDITION :: IF FOUND ON DATABASE) {
$query3 = "update customer_det set `10k`='".$_10k."',
`14k`='".$_14k."', `18k`='".$_18k."',
`21k`='".$_21k."', `22k`='".$_22k."', `24k`='".$_24k."', `925k`='".$_925k."', `coins`='".$coins."', `bars`='".$bars."' where `id` = '".$uid."'";
$result3 = mysql_query($query3);
} else {
// Insert query if not found
}
Check for the data type for $uid and $_blahblah
Try this query --
else if ($resultdetails == 1) {
$query3 = "update customer_det set `10k`='$_10k',
`14k`='$_14k', `18k`='$_18k', `21k`='$_21k', `22k`='$_22k',
`24k`='$_24k', `925k`='$_925k', `coins`='$coins', `bars`='$bars'
where `id` = $uid";
$result3 = mysql_query($query3);
}
I'm working on a database with 3 tables, some with overlapping information. A few columns from each table can be updated by the user via the web app that I am creating. But... There is an issue. Not sure what it is, but my updates aren't happening. I am wondering if something is wrong with my query. (Actually, after debugging, I am quite certain there is).
if (empty($errors)) {
$query1 = "UPDATE owner SET
name = '{$name}'
WHERE ownerId= '{$ownerId}'";
$query1_result = mysql_query($query1);
if (mysql_affected_rows()==1) {
$query2 = "UPDATE queue_acl SET
date_expires = '{$date_expires}'
WHERE user_id='{$ownerId}'";
$query2_result = mysql_query($query2);
if (mysql_affected_rows()==2) {
$query3 = "UPDATE ownerOrganization SET
orgId = {$orgId}
WHERE ownerId = '{$ownerId}'";
$query3_result = mysql_query($query3);
if (mysql_affected_rows()==3) {
$_SESSION['name'] = $name;
$_SESSION['updates_occurred'] = true;
}
}
}
Sorry if it is trivial; I have never worked with multiple tables before.
It's not a good habit to update tables the way you do it. If the updates are relating somehow you might want to think about creating a transaction. Transactions make sure that all updates are executed (and if not, a rollback is done (which means no update will be executed)):
// disable autocommit
mysqli_autocommit($dblink, FALSE);
// queries
$query1 = mysqli_query($dblink, "UPDATE owner SET name = '{$name}' WHERE ownerId= {$ownerId}'");
$query2 = mysqli_query($dblink, "UPDATE queue_acl SET date_expires = '{$date_expires}' WHERE user_id='{$ownerId}'");
$query3 = mysqli_query($dblink, "UPDATE ownerOrganization SET orgId = {$orgId} WHERE ownerId = '{$ownerId}'");
if($query1 && $query2 && $query3)
{
mysqli_commit($dblink);
$_SESSION['name'] = $name;
$_SESSION['updates_occurred'] = true;
}
else
mysqli_rollback($dblink);
I haven't tested it but it guess it should work. Also you should take a look at mysqli or prepared statements since mysql_ is deprecated.
The first issue might be scope related. Your if conditionals are wrong?
If (result ==1)
{
if(result == 2)
{
...
}
}
Thus if your first result is more than 1 then all the internal conditionals will be skipped.
If I understand it should be:
if(result ==1)
{
}
elseif(result ==2)
{
}
...(other conditions)...
else
{
}
I would recommend a base case to catch if you have more results than you expect.
The second issue might be that you quote around all data except orgId = {$orgId}. This should probably be orgId = '{$orgId}' if the id is some random string then not quoting will cause issues.
One last concern is to check ownerId. If that is blank for some reason then your query will fail because where id=0 (assuming you have auto increment on) will never be true. Put a if(!empty(ownerId) conditional.