<?php
require('dbconnect.php');
$indexno = $_POST['indexno'];
$cevap = $_POST['cevap'];
$cevapdate = gmdate("Y-m-d\TH:i:s\Z");
$query = "UPDATE soru
SET cevap = '$cevap',
cevapdate = '$cevapdate'
WHERE `index` = '$indexno'";
$link = mysql_query($query);
if(!$link) {
die('not worked: ' . mysql_error());
} else {
mysql_close($con);
echo 'worked';
}
?>
Outcome of this php code is "Worked." but there is no change in the database. The thing is Im trying to update the cevap and cevapdate fields on a row by index id.
You need to remove the single quotes from aroud the index. You should not put single quotes around a column name while writing a query. Write your query this way -
$query = "UPDATE soru SET cevap = '$cevap', cevapdate = '$cevapdate' WHERE index = '$indexno'";
You have to escape your rows/table with backticks, not single-quotes.
$query = "UPDATE `soru`
SET `cevap` = '$cevap', `cevapdate` = '$cevapdate'
WHERE `index` = '$indexno'";
Also, you should escape your user input to prevent SQL injections.
Related
I'm trying to copy title column to keywords column in database, so the keywords will be inserted automatically from the title.
http://store2.up-00.com/2015-06/1435609110941.png
I want to add comma ', ' before each word for example.
" It's my first program "
it will turn into
" It's, my, first, program, "
This the code I wrote.
<?php
// $id =mysql_insert_id;
$select_posts = mysql_query("SELECT * FROM `posts`");
while($row = mysql_fetch_array($select_posts)){
$id = $row['post_id'];
$text = $row['post_title'];
$delim = ' \n\t,.!?:;';
$tok = strtok($text, $delim);
while ( $tok !== false){
echo $tok1 = $tok.',';
mysql_query("UPDATE `posts` SET `post_keywords` = '$tok1' WHERE `post_id` = $id ");
$tok = strtok($delim);
}
}
?>
it insert the last word in each title column , because the words is overwritten by while loop.
Please help me .
Concat the values:
... SET post_keywords = CONCAT(post_keywords, '$tok1')
and note that you're vulnerable to sql injection attacks. Just because that $tok1 value came out of a database doesn't mean it's safe to REUSE in a query...
You can do it with a single query :
UPDATE `posts` SET post_keywords = REPLACE(post_title, ' ', ',');
Require("dbconnect.php");//works is used on other another page
echo $Customer_id;//Displays correctly
Can anyone help?
First Check that use session variable is getting the data or not.
If the Customer id is of varchar then you are missing single inverted comma in where clause.
session_start();
$Customer_id = $_SESSION['id'];
Require("dbconnect.php");//works is used on other another page
$sql = "SELECT Job_id FROM Job";
$sql.= " WHERE Job_Customer_id = '$Customer_id'";
$stmt = $dbh->query($sql);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$Job_id = $row['Job_id'];
echo $Customer_id;//Displays correctly
echo $Job_id;//Curently dose not display anything
Change the $sql.= line to this:
$sql.= " WHERE Job_Customer_id = '$Customer_id'"
with the ' around $Customer_id.
In my php script for a gallery, I need to update my table.
I am using the following code, but the code does nothing:
mysql_query(' "update gallery_photos set photo_caption = replace(photo_caption,"\\\'","\'") "');
Can you tell me how to get it to work or point me in the right direction?
Try
mysql_query("UPDATE gallery_photos SET photo_caption = REPLACE(photo_caption,'\\\'','\'') ");
You have the escaping and ' and " mixed in a wrong way.
The thing is, there are two unescapings: Once in PHP, then in MySQL.
So '\\\\' becomes "\\" in PHP and then "\" in MySQL.
And now I found out that even StackOverflow spoils it for us as it unescapes too. So to write "\\" here I had to write "\\\\" :)
Try this with removing single quotes at start and end.
mysql_query("update gallery_photos set photo_caption = replace( photo_caption,'\\\'','\'') ");
try doing this
$que = mysql_query("select * from gallery_photos");
$fet = mysql_fetch_object($que);
$pc = $fet->photo_caption;
$pc2 = replace($pc,"'\\\'","'\'") ;
$update = mysql_query("update gallery_photos set photo_caption='$pc2'");
if (!$update) {
echo "Error : <br>";
echo "".mysql_error()."";
}else {
echo "Updated ..!!";
}
I am trying to update a record in my database with values pulled from an exploded array
$arr2 = explode(",",$_POST['hidden-tags']);
//echo $arr2[0];
//insert new rows into blog post
mysql_select_db($db, $db);
$insertq = mysql_query("UPDATE blog SET tags1 = $arr2[0],tags2 = $arr2[1],tags3 = $arr2[2], tags4 = $arr2[3], tags5 = $arr2[4] WHERE idblog = '$id' ",$dbconnet);
If I echo the values from my array one at a time it works great. Once I try to put them in the db the row turns up empty. Whats more the user may not of entered 5 items they may only have entered 1 but I dont think thats really the problem. To be honest I cant see why its currently failing at all.
I know I can save all values in one field but it will be easier as separate fieldsfor when I pull back and query later on.
if the data types of the columns are string, values must be wrap with single quotes as they are string literals. eg,
$insertq = mysql_query("UPDATE blog SET tags1 = '". $arr2[0] . "',....");
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
$insertq = mysql_query("UPDATE blog SET tags1 = $arr2[0],tags2 = $arr2[1],tags3 = $arr2[2], tags4 = $arr2[3], tags5 = $arr2[4] WHERE idblog = '$id' ",$dbconnet);
should be:
$insertq = mysql_query("UPDATE blog SET tags1 = '".$arr2[0]."',tags2 = '".$arr2[1]."',tags3 = '".$arr2[2]."', tags4 = '".$arr2[3]."', tags5 = '".$arr2[4]."' WHERE idblog = '".$id."' ,$dbconnet);
or the whole query is going to consider the variables names as part of the string
EDITED: i had the quotes inverted.
It should be like this :
$insertq = mysql_query("UPDATE blog SET tags1 = "'.$arr2[0].'",tags2 = "'.$arr2[1].'",tags3 = "'.$arr2[2].'", tags4 = "'.$arr2[3].'", tags5 = "'.$arr2[4].'" WHERE idblog = "'.$id.'" ",$dbconnet);
I think you might need to look at the datatypes of your table. If you are using varchar or text as data-types then single colon will be necessary.
$insertq = mysql_query("UPDATE blog SET tags1 =' $arr2[0]',tags2 = '$arr2[1]',tags3 = '$arr2[2]', tags4 = '$arr2[3]', tags5 = '$arr2[4]' WHERE idblog = '$id' ",$dbconnet);
Also if the idblog is integer then donot use single quotes.
hope this helps
I have 2 variables that contain a a string of text. I need to update them in the table, but out of the 20 + different variations of about 5 different scripts that I've tried out, it just doesn't update!
I can update using this:
mysql_query("UPDATE cart SET quantity = $q WHERE sessionid='" .session_id(). "' AND description = '$d'") or die(mysql_error());
but I am now working on a different page, where I need a slightly different update query. Which is:
UPDATE cart SET quantity = $q WHERE sessionid = $somethin AND description = $desc
And for that I have:
mysql_query("UPDATE cart SET quantity = $q WHERE sessionid = $o AND description = $d") or die(mysql_error());
(I have tried many variations with different quotes in different places for the above query, but nothing works!)
I have also tried:
$conn = mysql_connect("my01..com", "dbase", "2354ret345ert");
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'UPDATE cart
SET quantity="'.$q.'"
WHERE sessionid="$o" AND description = "$d"';
mysql_select_db('mysql_94569_dbase');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
That last one doesn't display any errors, in fact, it even tells me that it has successfully updated! But it's lying. It hasn't updated anything.
Can someone please help me out here, I am really getting sick of reading tutorial after turorial and never learning anything because they all have differnt syntax and none of it seems to work.
What I would like to do is:
UPDATE table SET columnname = $this WHERE thiscolumn = $this AND thiscolumn = $that
$this = $var
Thank you
You are missing the quotes in description and SessionID, do it like this:
mysql_query("UPDATE cart
SET quantity = '".$q."'
WHERE sessionid = '".$o."' AND description = '".$d."'");
In order to save you confusion, I would recommend start using concatenation operator (eg 'UPDATE '.$table .' SET ...')instead of writing variables directly to strings (eg. "UPDATE $table SET ...").
in this case your query would look like:
mysql_query("UPDATE cart SET quantity = ".$q." WHERE sessionid='" .session_id(). "' AND description = '".$d."'") or die(mysql_error());
This might help you to find problems with quotes and parenthesis quicker
BAD:
I had this query in php:
$query = "UPDATE users SET username = ".$nume." WHERE id = ".$userID;
That did this SQL:
UPDATE users SET username = elev WHERE id = 2
GOOD: For it to work I changed it to this php:
$query = "UPDATE users SET username = ".'"'.$nume.'"'." WHERE id = ".$userID;
That did this SQL:
UPDATE users SET username = "elev" WHERE id = 2