I am trying to make an update query to update a user to have a password. The update statement is extremely easy and it has been baffling me for about 12 hours now.
I have read everything having to do with this on 3.5 pages of google searches. but for some reason, none of the suggestions work for me!
Here is the UPDATE query in its 'original' form:
$sql_update = "UPDATE users_sensitive SET password = '$password_hash', ch_password = '$password_hash' WHERE email_hash = '$email_hash'";
$result_update = mysql_query($sql_update) or die(mysql_error());
When I do this update Query, I get no errors or anything back. It also just does not update.
Here's another rendition of the same code:
$sql_update = "UPDATE users_sensitive SET password = '" . $password_hash . "', ch_password = '" . $password_hash. "' WHERE email_hash = '" . $email_hash . "'";
$result_update = mysql_query($sql_update) or die(mysql_error());
Again, nothing happens.
When I put the actual numbers in here instead of the php variables:
$sql_update = "UPDATE users_sensitive SET password = '700b5b23b511d974fe9eeb17ad350b33', ch_password = '700b5b23b511d974fe9eeb17ad350b33' WHERE email_hash = 'ac24dab060a172d8c0b3679d8ae61cac'";
$result_update = mysql_query($sql_update) or die(mysql_error());
(don't worry, it's not sensitive info) It does actually update...
So, I'm assuming my syntax is wrong? I know these are Strings instead of just numbers, so I need the single quotes around them. I have the two variables I need echoed and they are both showing exactly what they should be. I have even tried to use backticks around the column name but that didn't do anything?
I did a var_dump and it came back "true".
When I do a print on my $sql_update, I get:
UPDATE users_sensitive SET password = '700b5b23b511d974fe9eeb17ad350b33', ch_password = '700b5b23b511d974fe9eeb17ad350b33' WHERE email_hash = 'ac24dab060a172d8c0b3679d8ae61cac'
There is no whitespace here.
When I print the $result_update, it comes up with: 1
ANSWER
Thank you to bemace, James Anderson, VolkerK, alex and the others!
The problem was that there was a strange line break in the code creating whitespace that was not the same as on the database.
After backtracking, I noticed at the very beginning of my code on this page, I used a GET to get a hash number from the URL. While making a variable, during testing, I added a line break to the variable for testing purposes only. I (stupidly) left the line break in there. When using that variable in a hidden form field, it included the line break.
After taking the line break out of the first line, everything matched up and all is good.
If you are reading this and plan on posting later, Posting the entire code is probably worth it. This problem would have been fixed earlier if I had.
Again, Thank you to the quick responses and trouble shooting!
No errors and no updates tells me that your where clause isn't matching anything. Make sure $email_hash doesn't have any leading or trailing whitespace and isn't being truncated.
A less likely possibility is that the update is part of a transaction that is being rolled back.
Another less likely possibility: are you connected to the right server?
Thank you to bemace, James Anderson, VolkerK, alex and the others!
The problem was that there was a strange line break in the code creating whitespace that was not the same as on the database.
After backtracking, I noticed at the very beginning of my code on this page, I used a GET to get a hash number from the URL. While making a variable, during testing, I added a line break to the variable for testing purposes only. I (stupidly) left the line break in there. When using that variable in a hidden form field, it included the line break.
After taking the line break out of the first line, everything matched up and all is good.
If you are reading this and plan on posting later, Posting the entire code is probably worth it. This problem would have been fixed earlier if I had.
Again, Thank you to the quick responses and trouble shooting!
Related
I am running a very simple SELECT query in MySQL and it's not working.
SELECT string_name FROM table_name;
This is giving me required output. Like
This is string one.
This is string two.
This is string three.
and so on...
But if I am running a query like this
SELECT * FROM table_name WHERE string_name='This is string one'
It's not giving any output. I even tried TRIM function.
SELECT * FROM table_name WHERE TRIM(string_name)=TRIM('This is string one')
But it's still not giving any output.
Please suggest what I am missing here. Is it because of some formatting or am I doing any silly mistake. By the way, Strings are saved as VARCHAR in the database.
To reiterate from comments; sometimes "non-printing" control characters (like newlines) can make their way into data they were never intended to be a part of. You can test for this by checking CHAR_LENGTH of field values versus what you actually see. Obviously, on large amounts of data this can be difficult; but if you know of one problematic value already, you can use this method to confirm this is the problem on that row before attempting to identify the offending character.
Once this problem is confirmed, you can use queries with MySql's ASC() and substring functions to identify character codes until you find the character; it can be best to start from the end of the string and work back, as often the offending characters are at the end.
The character or characters identified in known problem rows are often the cause of other problem rows as well, so identifying the issue in one known row can actually help resolve all such problems.
Once the character code(s) are identified, queries like WHERE string_name LIKE CONCAT('%', CHAR(13), CHAR(10)) should work (in this case for traditional Windows newlines) to identify other similar problem rows. Obviously, adjust character codes and wildcards according to your circumstances.
If no row should ever have those characters anywhere, you should be able to clean up the data with an update like this:
UPDATE theTable SET theString = REPLACE(REPLACE(theString, CHAR(10), ''), CHAR(13), '') to remove the offending characters. Again, use the codes you've actually observed causing the problem; and you can convert them to spaces instead if circumstances are better handled that way, such as a newline between two words.
Have you tried using LIKE for debugging purposes?
SELECT * FROM table_name WHERE string_name LIKE 'This is string one'
/!\ Don't just switch from = to LIKE, read about why here
TLDR:
= is apparently 30x faster.
Use = wherever you can and LIKE wherever you must.
First of all, I must acknowledge the points made by #Uueerdo were actually the the main cause of this issue. Even I was somewhat sure that there are some hidden characters in the string causing all the issue but I was not sure how to find and fix that offending character.
Also, the approach suggested by #Uueerdo to check and replace the offending character using the ASCII code seems quite legit but as he himself mentioned that this process will take lot's of time and one have to manually check every string for that one offending character and then replace it.
Luckily after spending couple of hours on it, I came up with a much faster approach to fix the issue. For that, first of all I would like to share my use case.
My first query was for selecting all the strings from a database and printing the result on page.
$result = mysqli_query($conn, "SELECT * from table_name");
while($row = mysqli_fetch_array($result)){
$string_var = $row["string_name"];
echo $string_var;
echo "<br>";
}
The above code was working as expected and printing all the string_name from the table. Now, if I wanted to use the variable $string_var for another SELECT query in the same table, it was giving me 0 results.
$result = mysqli_query($conn, "SELECT * FROM table_name");
while($row = mysqli_fetch_array($result)){
$string_var = $row["string_name"];
echo "String Name : ".$string_var."";
$sec_result = ($conn, "SELECT * FROM table_name WHERE string_var='$string_name'");
if(mysqli_num_rows($sec_result) > 0){
echo "Has Results";
} else {
echo "No Results";
}
}
In this snippet, my second query $sec_result was always giving me No Results as output.
What I simply did to fix this issue.
$result = mysqli_query($conn, "SELECT * FROM table_name";
while ($row = mysqli_fetch_array($result)){
$string_var = $row["string_name"];
$row_id = $row["id"];
$update_row = mysqli_query($conn, "UPDATE table_name SET string_name='$string_var' WHERE id=$row_id");
}
This step updated all the strings from the table without any hidden/problem causing character.
I am not generalising this approach and I am not sure if this will work in every use case but it helped me fix my issue in less than a minute.
I request #Uueerdo and others with better understanding on this to post a more generic approach so that it can help others because I think many people who can't find a right approach in such conditions, end up using LIKE in place of = but that completely changes the core idea of the query.
I'm working on an old mySql database, trying to insert new rows. The code is below (I know it's ugly- just trying to get it to work before making it work well!).
Everything seems to work unless the $newbuilding variable includes a space. That variable will always be a string, but if that string includes a space (for example, "Building 01"), anything after the space is omitted when it's inserted into the table. Works fine if there are no spaces.
Any idea what I'm doing wrong? Thanks for any feedback!
$SQLstmt = "insert into homes_mail_lists set " .
"`tbl_id` = ${tbl_main["tbl_id"]}, " .
"`item_id` = ${Iitem_id}, " .
"`building` = '${newbuilding}', " .
"`updt_user` = '${cp_valid_user}', " .
"`updt_dttm` = null";
Just figured out my problem- sorry for wasting anyone's time! If you're curious or run into a similar problem- my issue wasn't with the SQL, it was with the html provided to the $newbuilding variable (it was not enclosed in quotes, so wasn't recognizing two words as one string).
I am trying to update my long text mysql field. It has been working previously with no issues what-so-ever, but all of sudden now it won't update. Here is the code
$productTitle = $_POST['product_title'];
$productDesc = $_POST['product_desc'];
$updateProductDesc = "UPDATE product_desc SET product_desc='$productDesc'
WHERE product_sku='$productSku' ";
mysql_query($updateProductDesc, $db_custom);
I know I should be using mysqli but other than that all the syntax is correct. Or am I completely missing something.
many reasons your code will not work:
Step 1
Change
$productDesc = $_POST['product_desc'];
Into
$productDesc = addslashes($_POST['product_desc']);
Step 2
Before update, add mysql_real_escape_string($productDesc);
Check your database and put product_desc type on TEXT
Step 3
Verify if product_sku='$productSku' is viable.
Extra step
mysql_query() is depreciated. Go for mysqli
If all has been well before, odds are that your description field has some offending character. Yogesh Suthar is right that you should check the error. Try escaping the value with mysql_escape_string()
i might be doing some idiot mistake, but i could not figure that out. i have some values coming from html and wanna insert into mysql db. problem is, the very same query does not work in regular php file (that includes other queries), but when i try on an independent php file, it does. here is a sample of the code:
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15);
as i mentioned, the very same code works when i just copy this snippet to a new php file, and it works smoothly.. as you see, there are 20+ insert with the same php, because there are 25+ tables, but data is not much. first 14 query and following 7 queries do work by the way.
do you have any ideas?
There are some things to check and do.
Sanitize user input:
"('$article_id', '".mysql_real_escape_string($_POST['Article_Title'])."')";
You might also want to check if the value is what you expect.
Is your $article_id correct for column Article_ID?
Are your table and column names correct?
Check for errors:
$res = mysql_query($sql15);
if (!$res)
echo mysql_errno($link) . ": " . mysql_error($link);
Show us you complete query:
echo $sql15;
First of all i would suggest you to write your insert query like below
$sql15="insert into body SET Article_ID = '$article_id', Article_Title = '".$_POST['Article_Title']."'";
echo $sql15;
mysql_query($sql15);
so that each time when you add new column to database it would be easy for u to change insert query. echo your query and see it in browser. in it seems to o.k then copy it and paste it in SQL section under your phpmyadmin (see you are choosing proper database) and run it. if one row inserted successfully then your query is alright.
I hope this would help you a little.
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15) or die(mysql_error());
use like this u will be get the error. then u will be find the issue
I think using mysql_real_escape_string may solve your problem.I also recommend you to store your form data in a string.
$article_title= mysql_real_escape_string($_POST['Article_Title']);
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '$article_title') ";
mysql_query($sql15) or die(mysql_error());
First of all I'm a rookie to Programming, I created a PHP page to update a value from my mysql(myadmin) database, but the value is not updating. I also tried to retrieve values from database it's working just fine but this UPDATE code is not working! I don't know why, please check out my code below.
$qs=mysql_query("update staff set review=$newrate where name=$rateuser");
$resu=mysql_query($qs);
All variables are double defined, assigned with proper values, checked and I tested variables using echo, table name is also checked, it's all fine, but I think the problem is with Update query, I searched internet for the syntax but it's not different than mine. Please help me out
How are $newrate and $rateuser set?
mysql_query("UPDATE staff SET review = '".mysql_real_escape_string($newrate)."' WHERE name = '".mysql_real_escape_string($rateuser) ."'");
http://php.net/manual/en/function.mysql-real-escape-string.php
Try:
$qs=mysql_query("update staff set review='$newrate' where name='$rateuser'");
Do not use second line.
You probably just need some " around your values $newrate and $rateuser
But if you did an echo, why not actually echo for us what the query-string becomes?
You need single quotes around string values on your query:
$qs=mysql_query("update staff set review='$newrate' where name='$rateuser'");
(assuming both variables are strings)