I'm currently running into a problem with an UPDATE query. What I'm trying to run is:
dbquery("UPDATE users SET vip_points = 'vip_points' +'". $points ."' WHERE username = '". $user ."'");
$user and $points are sent via a form. I've tried echoing the results and they come out to what I post.
Database error
Truncated incorrect DOUBLE value: 'vip_points'
So can some one please explain what's wrong with my query? It's worked on other MySQL servers. At the moment I'm using MySQL server 5.5 under Windows 2008.
Oh, and vip_points column is set as 0 by default.
Thanks.
You're quoting values you shouldn't be quoting. Try this:
dbquery("UPDATE users SET vip_points = vip_points + ". ... ." where username = '". $user ."'");
Related
I am trying to update varchar cell in SQL users table. Now the value of groups_id is 3. $last_id = 4. I want to change it to 3, 4. Could you please tell me what I am doing wrong?
With this code the value remains the same
$sql = "UPDATE registration.users SET groups_id = groups_id+', $last_id' WHERE username = '$user_name'";
$update_groups_id = $db->query($sql);
$val = $groups_id . ", ".$last_id;
$sql = "UPDATE registration.users SET `groups_id` = '$val' WHERE username = '$user_name'";
$update_groups_id = $db->query($sql);
your SQL query is wrong, you are not concatenating variables properly, try doing this way, I think it should help you
There is a syntax fault in your $sql object as you use +', $last_id'. If you want to append in PHP you can use . in string context
Also I'm pretty sure you can leave the '' from the variables so '$last_id' will become $last_id
But more important is that you do not check for any security issues. I hope $user_name and $last_id are not just taken from the input as SQL injections are possible.
I recommend you to look at mysqli_prepare and mysqli_bind
I'm working on a simple, small project for a class - a mock-database (built using phpMyAdmin) with an accompanying web application for user input, to allow for searching/appending/updating said database. Searching and Appending is working perfectly, but updating is giving me grief.
I have error messages set to display to help in the debugging process, and although they've popped up for previous issues in this project, they haven't shown up for this particular problem.
My code looks like this:
$sth = "UPDATE adjunct_number
SET FIRSTNAME = '.$updateInformation.'
WHERE 700NUMBER = '.$updateCriteria.';";
(I tried echoing $sth right here, nothing displayed!)
$sth = $db->prepare($sth);
$sth->execute();
$updateInformation and $updateCriteria are both being pulled from an HTML form's text boxes successfully. (I'll enter Drew and 700123456 into the form as test data.) I tested that $updateInformation and $updateCriteria ARE in fact being successfully captured using this statement:
echo $updateInformation . ", " . $updateCriteria
Which yields the following output:
Drew, 700123456
I'll enter the following query into phpMyAdmin to test it first.
UPDATE adjunct_number
SET FIRSTNAME = 'DREW'
WHERE 700NUMBER = 700482306
It always works in phpMyAdmin, as expected, 100% of the time... however, the exact same update command never works when I send it through via PHP, which confusions me greatly. The only thing I can think of is an overlooked PHP typo in my SQl statement, but at this point in time I've been staring at it for so long that I could use a fresh set of eyes! Why is it that when I tried to echo $sth, no sql statement was displayed? Any insight from this wonderful community would be greatly appreciated.
You need to learn basic PHP strings:
$sth = "UPDATE adjunct_number
^---start of PHP string
SET FIRSTNAME = '.$updateInformation.'
WHERE 700NUMBER = '.$updateCriteria.';";
^---end of PHP string
That means your query is doing ... SET FIRSTNAME = '.foo.' ..., with the . embedded literally within the query. That means your where clause will never match any records.
Since you're using " for the quotes, you don't NEED to use the . at all:
$sth = "UPDATE adjunct_number
SET FIRSTNAME = '$updateInformation'
WHERE 700NUMBER = '$updateCriteria';";
or you should properly exit the string first:
$sth = "UPDATE adjunct_number
SET FIRSTNAME = '" . $updateInformation . "'
WHERE 700NUMBER = '" . $updateCriteria . "';";
No need of ; in your query. You are not in interactive session
You are subject to SQL injection.
No need of quote with parameterized query.
Here's a suggestion how you you could do it.
$query = "UPDATE adjunct_number SET FIRSTNAME = ? WHERE 700NUMBER = ?";
$sth = $db->prepare($query);
$sth->execute( array( $updateInformation, $updateCriteria ) );
You have mixed single and double quotes. Update it to the following:
$sth = "UPDATE adjunct_number
SET FIRSTNAME = ".$updateInformation."
WHERE 700NUMBER = ".$updateCriteria.";
May be you can try using the symbol (" ` ")backtick for column names and tables
UPDATE `adjunct_number`
SET `FIRSTNAME` = 'DREW'
WHERE `700NUMBER` = 700482306
i am trying to make a last online system and this is the code that (should) run after the login
$name = $user['username']
mysql_query("UPDATE users SET last_activity = now() WHERE username = $name");
$message = "Connected";
normally, If i type this code in php tags the name is displayed
echo $user['username']
but it seems that this variable in the mysql_query doesn't work
why?
how should I set "$name" to make it work?
You must use quotes in '$name'.
Try:
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
You need quotes around your variables
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
The problem here is that you need to quote a string in a mysql query so your query should be
"UPDATE users SET last_activity = now() WHERE username = \"$name\""
However I would still caution against direct query manipulation like this for many reasons. Have you looked into using a library like PDO http://www.php.net/manual/en/book.pdo.php?
You have to concatenate the query with the variable like
mysql_query("UPDATE users SET last_activity = now() WHERE username = '" . $name . "');
I solved by myself using another variable
with this code in index.php everything worked :)
mysql_query("UPDATE users SET last_activity = now() WHERE uid = {$user['uid']}");
I have an IPN script that is doing some work on the amount of a payment received, and when a certain amount is received, it is updating their license code in the database after verifying it with PayPal's IPN service.
This SQL isn't right, it's not updating. The rest of my code is fine because it sends an email, but where's the SQL error at? It's really late and I'm spacing out...
if ($amt == "77.00")
{
mysql_query("UPDATE login_users SET license_code = 3 WHERE username = ". $username ."") or die(mysql_error());
// Change license code in database
}
You need quotes around the user name if it's a string.
WHERE username = '". $username ."'
Also make sure $username is properly sanitized:
$username = mysql_real_escape_string(... wherever the value is coming from ...);
Put SET before WHERE and add single quotes around username
"UPDATE login_users SET license_code = 3 WHERE username = '". $username ."'";
Is there something wrong with the syntax on this MySQL query?
Thanks in advance,
John
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = ".$row['username']."");
EDIT: Okay, per Pekka's request, I echoed out the actual query value, and that gave me some ideas. Now I'm using this:
$ttquery = "Update login SET ttemail = 1 WHERE username = ".$row['username']."";
and I get this error: Unknown column 'admin' in 'where clause'. "admin" is the first username that meets the condition I want to run this query for... it's not the name of a field. Any ideas on why I'm getting the error?
EDIT: Here is the MySQL echoed MySQL query if that helps:
Update login SET ttemail = 1 WHERE username = admin
You probably need single quotes around username
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
If you're using sprintf, you would have:
$ttquery = sprintf("Update login SET %1$s = '1' WHERE username = '%2$s'", $row['ttemail'],$row['username']);
Update login SET ttemail = 1 WHERE username = admin
In SQL, strings are surrounded by single quotes and table/column names are unquoted. You need to fix your PHP code so you generate this:
Update login SET ttemail = 1 WHERE username = 'admin'
Try to make sure you understand basic SQL before banging your head against PHP ;-)
try this
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = '" . $row['username'] ."'"
i.e., username='[your value]'
This should work:
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
man, be careful about sql injections.
Also, why call sprintf() if you dont actually use it?