I have values which use the GET method to send URL variables to a PHP page using Ajax.
On the page, I have:
$value=$_GET["q"];
$id=$_GET["id"];
$mod=$_GET["mod"];
I started out using the UPDATE SET method to modify values in a mySQL database.
I used: $num_rows= mysql_num_rows($result);
With an If Else statement to either Insert the values (if not there) or Update the column "Attribute"
But this was very inconsistant and often would not UPDATE, and there developed several duplicate values (even though if($num_rows > 0){ (WHERE Object_ID = '".$mod."' AND Type='".$id."') it SHOULD NOT have inserted, but it did.)
So I switched to this:
$sql="SELECT * FROM Attributes WHERE Object_ID = '".$mod."' AND Type='".$id."'";
$result = mysql_query($sql);
mysql_query("DELETE FROM Attributes WHERE Object_ID = '".$mod."' AND Type = '".$id."'");
mysql_query("INSERT INTO Attributes (Object_ID, Type, Attribute)
VALUES ('".$mod."', '".$id."', '".$value."')");
I know, really bad idea. But Even this method doesn't always insert the values correctly.
I know that the variables are getting to the page, because the response would be written in a div using innerHTML, and it always showed up correctly.
How can I ensure that the values are ALWAYS updated/inserted in the database?
Why not run a SELECT COUNT(*) for the condition and check what that returns and based on that run your UPDATE or INSERT?
i am really confused what is wrong with your database operation but the only way to ensure is to send back response from your php script to ajax.
It can be json or simple text informing you that which action was requested and what is performed. Depending on the response you can adjust what you want.
You have to query the table to find out if the id already exists there or not if it exits then write an Update Query i.e.
$update = "update tbl_name set column=value where id = $_GET['id']"
and if the id does not exist then use the insert
$insert = "Insert into ......"
hope this solves your issue. And Further more you have to echo out the response here in either a string format or a some other value which you will get in the success method of $.Ajax.
No need to query the database to see if the data exists already. As long as you have good data, you can delete the row every time. If the row doesn't exist, the DELETE does nothing.
Run these two queries every time, and you will be fine.
mysql_query("DELETE FROM Attributes WHERE Object_ID = '$mod' AND Type='$id'");
mysql_query("INSERT INTO Attributes (Object_ID, Type, Attribute) VALUES ('$mod', '$id', '$value'");
And please at a minimum, before you do anything with $_GET, run those through mysql_real_escape_string first. You should probably be doing more checking just to make sure that the values passed in are valid.
$value=mysql_real_escape_string($_GET["q"]);
$id=mysql_real_escape_string($_GET["id"]);
$mod=mysql_real_escape_string($_GET["mod"]);
Related
I want to be able for members to add more info (location, story) to their profile and also update their password if needed.
For that I use the following snippet:
$query = mysql_query("
INSERT INTO
members (location, story)
VALUES
('$location', '$story')
WHERE
username='$user'
ON DUPLICATE KEY UPDATE
hash = '$password',
location='$location',
story='$story'
");
This does not work with the "WHERE" part, but if I remove it then the data just gets filled into an empty record, not the user record. How do I properly use the WHERE part in this snippet, so the correct user profile is updated?
I have searched up and down the internet and this website, but not found a single solution, which surprises me as this seems to be a very common question?
Does anyone know how to solve this problem?
Thanks in advance!
First, mysql is deprecated, you should use mysqli.
Second, make sure you escape your values before entering them in queries. mysql_real_escape_string() is a bare minimum.
Third, INSERT / ON DUPLICATE KEY UPDATE does not accept WHERE clause.
It's use is for avoid duplicating keys.
For a simple user signup or whatever, you could avoid using IDs / auto increment and use username as primary key. But for this you'd need MyISAM or MySQL 5.6+ in order to have fulltext indexing, and in general, this is recommended.
But in this use case, your location and story would be always overwritten.
If this is what you want, you can try whatever I've written in the previous paragraph.
You can use a INSERT INTO ... SELECT FROM ... ON DUPLICATE KEY UPDATE construct like
INSERT INTO
members (location, story)
SELECT '$location', '$story'
FROM table_name
WHERE username='$user'
ON DUPLICATE KEY UPDATE
hash = '$password',
location='$location',
story='$story'
Ok, I was finally able to solve this problem on my own. For anyone who is interested, here is the code:
// if user entered location
if (!empty($_POST['location']))
{
// if database row empty
if ($row['location'] == " ")
{
mysql_query("INSERT INTO members (location) VALUES ('".$location."') WHERE username='".$user."'");
}
// if database row not empty
else
{
mysql_query("UPDATE members SET location='".$location."' WHERE username='".$user."'");
}
}
// if user entered story
if (!empty($_POST['story']))
{
// if database row empty
if ($row['story'] == " ")
{
mysql_query("INSERT INTO members (story) VALUES ('".$story."') WHERE username='".$user."'");
}
// if database row not empty
else
{
mysql_query("UPDATE members SET story='".$story."' WHERE username='".$user."'");
}
}
I am having two table consider table1 and table2. I need to do a trigger after inserting into table1.
Trigger has to do some thing like retrieving data from two other tables using select query (it retrieves more than one row) do some calculations with the data retrieved and then it need to insert it into table2 as single row.
I think it's not possible to do these with in a trigger, so I decided to call a php file from that trigger which does all those things. But some persons says calling php from a trigger is not practically good and it has some security risk.
A Simple Example will help you out.
$sql="INSERT INTO `table1` (FirstName, LastName, Age)
VALUES ('$firstname', '$lastname', '$age')";
$result = mysql_query($sql) ;
if($result)
{
// Record successfully inserted , place your code which needs to be executed after successful insertion
}
else
{
// Insertion failed
}
I assume you would be using mysqli and not mysql becuase mysql_query is deprecated as of PHP 5.5.0 but this is just an example to help you understand the logic.
Ok got you .. In this case you need to create a TRIGGER something like this.
CREATE
TRIGGER `event_name` BEFORE/AFTER INSERT/UPDATE/DELETE
ON `database`.`table`
FOR EACH ROW BEGIN
-- trigger body
-- this code is applied to every
-- inserted/updated/deleted row
END;
This Question has already been answered check the link below.
MySQL trigger On Insert/Update events
Hope this helps.
I am experiencing something so basic, yet so annoying that I thought I had to put it out to the wider community to save my sanity.
I am using a table within a database to store some very basic data. There is only two columns, Id and Campaign. I only want to use a single row of the table, however, campaign will be updated at various points. I have set up the table as follows:
$sql = "CREATE TABLE IF NOT EXISTS TestCampaign(id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
Campaign CHAR(20))";
Initially I write to the table to insert a null CHAR in campaign:
$sql = "INSERT INTO TestCampaign (Campaign) VALUES ('None')";
The based on a specific text field being filled in on an html form followed by a submit button press I intended to do the update of the campaign field:
$sql = "UPDATE TestCampaign SET Campaign = '$Test' WHERE id = '1'";
$Test is the POSTED campaign name from the form. Unfortunately although the INSERT works fine the UPDATE doesn't. I have checked the permissions and I have ALL on this database. I have also checked the syntax with various sites and it seems that it is fine.
Interestingly I do not get an error when I echo:
echo " ".mysqli_error($con);
I'm sure I have made some basic error somewhere but I have been looking at it for so long and changing the syntax that I can't seem to spot it.
Any help would be appreciated.
UPDATE:
I have played around with the code and it seems as though the UPDATE code does work, however, It only works when it is the next line of code after the INSERT. In fact I have found that it works as long as it is not where I need it to be. I have it placed in 'if' statement that is run only on a specific button press on the form:
if(isset($_POST['TestID']))
{
Some Code;
$sql = "UPDATE TestCampaign SET Campaign = '$Test' WHERE id = '1'";
Some More Code;
}
I have checked the rest of the code in the 'if' statement and it seems solid.
Is this odd behaviour or have I missed something?
SOLVED
Finally found out what the problem was, it ended up that when exiting the first 'if' statement as expected the html form code was revisited which must have closed the connection to the database, when the button was pressed to run the second 'if' statement there was a connection to MySQL but no connection to the database I needed access to. A quick fix to re-connect and all works fine.
$sql = "UPDATE TestCampaign SET Campaign = '$Test' WHERE id = 1";
Is the only thing I think is wrong... What do you get with :
Select * from TestCampaign
have you set up any triggers based on this table name? After update, before update triggers may prevent you from storing the required data on the table.
Also, MySQL may use 0 as id value if you don't specify the value of the id at sending insert command. Are you sure the value of your id is 1 in the record you want to update? If you have run insert statements before on your table, the id may be a larger number than 1, because of the MySQL indices (I guess this may be the problem).
I don't know how exactly PHP statements are processed when sending them to MySQL, but I would recommend you to use PDO statements, the PHP syntax would look something like this:
$sql = $pdo->prepare("UPDATE TestCampaign SET Campaign = ? WHERE id = ?");
$sql->bindParam(1, $Test);
$sql->bindParam(2, 1);
$sql->execute();
Tutorial: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
I would also echo your $Test variable to check what is stored in it.
Hope it helps...
Finally found out what the problem was, it ended up that when exiting the first 'if' statement as expected the html form code was revisited which must have closed the connection to the database, when the button was pressed to run the second 'if' statement there was a connection to MySQL but no connection to the database I needed access to. A quick fix to re-connect and all works fine.
I have a feature in my web app where a table is "quick-editable", that is, its cells can be edited directly. When the user saves his changes, the client sends to the server the changed rows, with their changed columns (excluding non-changed columns, just to clarify), and their corresponding IDs.
In order to do UPDATE queries efficiently, I am using PDO's prepared statement feature. Here is an equivalent statement what I currently came up:
UPDATE table
SET
col1 = :arg_col1,
col2 = :arg_col2,
col3 = :arg_col3
WHERE
ID = :arg_ID
Then I came up with this problem in which I cannot set a column into its current value. Because only the edited column(s) in a row is/are submitted, I only need to bind the data to their respective column(s). For example, if only col1 and col2 are changed, the resulting statement should be
UPDATE table
SET
col1 = 'new data',
col2 = 'an edit',
col3 = col3 /* Use the current value of the column */
WHERE
ID = 153454
Modifying the statement directly would definitely nullify the performance improvement of using the same prepared statement for updating multiple rows. Sadly, PDO doesn't seem to have an option to bind a column to its current value.
How should I solve this problem?
ADDITIONAL: I do not wish to send all the columns, for performance reasons.
Unfortunately, an approach you are aiming to, won't actually work. You just can't prepare a statement in one call and then use it in all subsequent calls - you'll have to prepare it every time again.
So, there is no point in creating a generic query. Thus, you can create a custom query for the very data set. And this latter task can be automated: just create your UPDATE statement dynamically.
A solution, based on the tag wiki (scroll to the very bottom):
// first, have your update data in array (you can omit this line though)
$update = $_POST;
// next, list all fields a user allowed to
$allowed = array("col1","col2","col3");
// finally, create a SET statement query dynamically
$set = pdoSet($fields,$values, $update);
// voila - your query contains only fields were POSTed:
$sql = "UPDATE users SET $set WHERE id = :id";
$stm = $dbh->prepare($sql);
// just add an ID and execute
$values["id"] = $_POST['id'];
$stm->execute($values);
You actually don't want the col3 in the sql, what you need to do is to build the sql dynamically, only add the changed columns to the sql.
I am looking at how to update a specific table depending on whether the ID already exists in that table or whether the record needs to be created.
I am planning on using a function which is passed the id number from the main table in the database. The id value.
so something like update($id). But when this function is called I am not quite clear on how to check if the value already exists in the database, if it does then update the record. If it doesn't then create the record. Any thoughts?
I understand how to update the table, but not how to use the conditional statements I require.
$query = "UPDATE reports FROM them where id='$id'";
PSEUDOCODE:
Check if $id exists in table.
If $id exists, update that row
If $id does not exists, create the record.
You need to execute a select statement beforehand to check whether a record with that id already exists. If the results from executing the query are not empty, then use an UPDATE statement. If the results are empty, call INSERT instead.
To check for existing records, use the query like the one below. Code sample provided.
SQL:
"Select * from reports where id='$id'";
PHP:
$result = mysql_query("Select * from reports where id='$id'");
if (mysql_num_rows($result) > 0) {
mysql_query("UPDATE...(your update statement query string)");
} else {
mysql_query("INSERT...(your insert statement query string)");
}
Note that this is a basic example, and you should remember to do things like sanitize your query variables to prevent SQL injection, as well as check for error conditions whenever executing a query.