I have 2 variables that contain a a string of text. I need to update them in the table, but out of the 20 + different variations of about 5 different scripts that I've tried out, it just doesn't update!
I can update using this:
mysql_query("UPDATE cart SET quantity = $q WHERE sessionid='" .session_id(). "' AND description = '$d'") or die(mysql_error());
but I am now working on a different page, where I need a slightly different update query. Which is:
UPDATE cart SET quantity = $q WHERE sessionid = $somethin AND description = $desc
And for that I have:
mysql_query("UPDATE cart SET quantity = $q WHERE sessionid = $o AND description = $d") or die(mysql_error());
(I have tried many variations with different quotes in different places for the above query, but nothing works!)
I have also tried:
$conn = mysql_connect("my01..com", "dbase", "2354ret345ert");
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'UPDATE cart
SET quantity="'.$q.'"
WHERE sessionid="$o" AND description = "$d"';
mysql_select_db('mysql_94569_dbase');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
That last one doesn't display any errors, in fact, it even tells me that it has successfully updated! But it's lying. It hasn't updated anything.
Can someone please help me out here, I am really getting sick of reading tutorial after turorial and never learning anything because they all have differnt syntax and none of it seems to work.
What I would like to do is:
UPDATE table SET columnname = $this WHERE thiscolumn = $this AND thiscolumn = $that
$this = $var
Thank you
You are missing the quotes in description and SessionID, do it like this:
mysql_query("UPDATE cart
SET quantity = '".$q."'
WHERE sessionid = '".$o."' AND description = '".$d."'");
In order to save you confusion, I would recommend start using concatenation operator (eg 'UPDATE '.$table .' SET ...')instead of writing variables directly to strings (eg. "UPDATE $table SET ...").
in this case your query would look like:
mysql_query("UPDATE cart SET quantity = ".$q." WHERE sessionid='" .session_id(). "' AND description = '".$d."'") or die(mysql_error());
This might help you to find problems with quotes and parenthesis quicker
BAD:
I had this query in php:
$query = "UPDATE users SET username = ".$nume." WHERE id = ".$userID;
That did this SQL:
UPDATE users SET username = elev WHERE id = 2
GOOD: For it to work I changed it to this php:
$query = "UPDATE users SET username = ".'"'.$nume.'"'." WHERE id = ".$userID;
That did this SQL:
UPDATE users SET username = "elev" WHERE id = 2
Related
Require("dbconnect.php");//works is used on other another page
echo $Customer_id;//Displays correctly
Can anyone help?
First Check that use session variable is getting the data or not.
If the Customer id is of varchar then you are missing single inverted comma in where clause.
session_start();
$Customer_id = $_SESSION['id'];
Require("dbconnect.php");//works is used on other another page
$sql = "SELECT Job_id FROM Job";
$sql.= " WHERE Job_Customer_id = '$Customer_id'";
$stmt = $dbh->query($sql);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$Job_id = $row['Job_id'];
echo $Customer_id;//Displays correctly
echo $Job_id;//Curently dose not display anything
Change the $sql.= line to this:
$sql.= " WHERE Job_Customer_id = '$Customer_id'"
with the ' around $Customer_id.
I've been successful with duplicating joined tables. Yay!
Now, after a number of tests, I've found that single apostrophe (escaped items) aren't being accepted. When originally creating new tables rows in the form, everything was run through the following:
$unit_id = mysqli_real_escape_string($dbc, trim($_POST['ajax_unit_id']));
Now, as I am duplicating these rows to create new records, I don't seem to know where/how to escape_string again in order to allow for single apostrophes again, such as a title called Don's Supah-Dupah App.
Duplication php:
$sql1 = "CREATE TEMPORARY TABLE tmp
SELECT *
FROM ".ID_TABLE."
WHERE `unit_id` = " . $id . "";
$result = mysqli_query($dbc,$sql1) or die(mysqli_error($dbc));
$sql2 = "ALTER TABLE tmp
DROP COLUMN `unit_id`";
$result = mysqli_query($dbc,$sql2) or die(mysqli_error($dbc));
$sql3 = "UPDATE tmp
SET `title` = '" . $titleStamp . "'";
# ************************************************************ #
# ****** This is where I believe the issue is occurring ****** #
# ************************************************************ #
$result = mysqli_query($dbc,$sql3) or die(mysqli_error($dbc));
$sql4 = "INSERT INTO ".ID_TABLE."
SELECT 0,tmp.*
FROM tmp";
$result = mysqli_query($dbc,$sql4) or die(mysqli_error($dbc));
$unit_id1 = $dbc->insert_id; //mysqli_insert_id($dbc); // Store new unit_id as var
$sql5 = "DROP TABLE tmp;";
$result = mysqli_query($dbc,$sql5) or die(mysqli_error($dbc));
After combing through the coding again, I found that the error actually had nothing to do with the duplication...sort of.
Note: I am providing this answer in case it helps someone out there to step back, look at there own issue from 5000m meters...instead of from 5 inches. Hopefully this helps someone to pull themselves out of the rabbit hole to get a better perspective.
Earlier before the duplication, I'd set up a variable $title that was generated by an initial sql select
$row = mysqli_fetch_array($rdata);
$title = $row['title'];
...then concatenate the title and a datetimestamp.
date_default_timezone_set(DEFAULT_TZ); // Default timezone set as Australia/Melbourne
$timestamp = date('Y/m/d h:i:s:a');
$titleStamp = $title." COPY ".$timestamp;
This $title variable is where the issue was occurring. The new string had to be escaped before the content could be inserted back into the new row.
$title = mysqli_real_escape_string($dbc, trim($row['title']));
Voila!
<?php
/** Connect to DB */
mysql_connect("localhost", "dbuser", "pass") or die(mysql_error());
mysql_select_db("dbname") or die(mysql_error());
$link_id = $_GET['link_id'];
/** increase the counter of the URL*/
mysql_query("UPDATE link_count SET count = count + 1 WHERE ID = $link_id") or die(mysql_error());
/** retrieve URL */
$result = mysql_query("SELECT * FROM link_count WHERE ID = $link_id") or die(mysql_error());
$row = mysql_fetch_array($result);
header( "Location:" .$row['URL'] );
?>
Of course db info has been changed for posting here. Where I try to use
count.php?link_id=1
in a link I get "Unknown column 'ID' in 'where clause'"
I checked to make sure there were all single quotes instead of backticks....
EDIT: Solution provided by #Kai Qing in a comment to CanSpice's answer.
I would suggest making sure your column is actually called ID and not id. It's telling you the column doesn't exist and that may be because it actually doesn't exist as typed. Also, count is a reserved mysql term. change it to this:
mysql_query("UPDATE link_count SET `count` = `count` + 1 WHERE ID = $link_id") or die(mysql_error());
and before you get lectured on injection holes, wrap your $link_id like so:
mysql_real_escape_string($link_id)
Your column is probably named id, not ID. Column names are case-sensitive.
$sql = sprintf("UPDATE link_count SET count = count + 1 WHERE ID = %s",mysql_real_escape_string($_GET['link_id']));
mysql_query($sql) or die(mysql_error());
Also you might not want to print all of your mysql_errors out once this is in production.
I'm not sure how to do this or even if it's possible. I have a table of entries, but I'd like to change the running order of the entries. I've got a field called 'ID' which is set to auto-increment. I want the people in the back end to change the order of the entries themselves. So for example, if they move one entry up then the one above will automatically move down.
I've put up and down arrows by each entry, but am not sure what to do next. The code I've written is:
<?php
$id = $_GET['id'];
$direction = $_GET['direction'];
$menu = $_GET['menu'];
con = mysql_connect("hostname", "user", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("table", $con);
$sql = "SELECT priority FROM Menu WHERE ID = $_GET[id]";
list($curpos) = mysql_fetch_array(mysql_query($sql));
// Find new position
if ($direction > 0)
{
// To be moved up
$sql = "SELECT priority FROM Menu WHERE priority < $curpos AND ID = $id ORDER BY priority DESC LIMIT 1";
list($newpos) = #mysql_fetch_array(mysql_query($sql));
}
else
{
// To be moved down
$sql = "SELECT priority FROM Menu WHERE priority > $curpos AND ID = $id ORDER BY priority ASC LIMIT 1";
list($newpos) = #mysql_fetch_array(mysql_query($sql));
}
if ($newpos)
{
$sql = "UPDATE Menu SET priority = $curpos WHERE priority = $newpos AND Menu = $menu";
mysql_query($sql);
$sql = "UPDATE Menu SET priority = $newpos WHERE ID = $id";
mysql_query($sql);
}
echo $msg; ?>
but this doesn't seem to do anything, I've seen it working in things like cPanel's but really don't know how to implement it myself.
I'd be grateful for any help.
Do not touch the ids for that. Create a new column "sorting" and use that. Changing the ID might cause problems and is not nice
It's better to have priority field for the records to do it. It's not good to change primary key-s of records.
If you have added the priority field, you need to change your SQL to order by priority and also to make sure the code that changes the order is updating the priority field.
I have a query that looks like this:
$sql = "UPDATE tbl SET amt_field='amt_field+1' WHERE username='" .mysql_real_escape_string($_SESSION['username']). "'";
mysql_select_db('db',$con);
mysql_query($sql,$con);
I want to increment the value as easily as possible.
I have tried:
"UPDATE tbl SET amt_field='amt_field+1' WHERE
"UPDATE tbl SET amt_field='amt_field' + 1 WHERE
"UPDATE tbl SET amt_field='amt_field++' WHERE
I don't get error messages, but the value in my db does not increase either.
UPDATE tbl SET amt_field = amt_field + 1 WHERE ...
If you use the single quotes ', you're telling the enclosed value to be interpreted as a string You were probably thinking about the tick marks. This is also valid:
UPDATE tbl SET `amt_field` = `amt_field` + 1 WHERE ...
This must be used when the column (or table etc.) has a reserved name.
Hello did you initialize a new session. Below worked perfectly for me.
public static function insert_search($pdo)
{
#session_start();
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_SESSION['username'];
//$username = self::username();
$date = date('Y-m-d');
//Adding the total searches for the logged in user
$query = $pdo->query("UPDATE `users` SET `total_searches` = `total_searches` +1 WHERE username = '$username'");
}
/* What you could potentially do is the following.
Make sure if you're doing it the procedural way
you put #session_start(); at the top of the page */
#session_start();
$sql = "UPDATE tbl SET amt_field ='amt_field' +1 WHERE username ='" .mysql_real_escape_string($_SESSION['username']). "'";
mysql_select_db('db',$con);
mysql_query($sql,$con);