Is there something wrong with the syntax on this MySQL query?
Thanks in advance,
John
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = ".$row['username']."");
EDIT: Okay, per Pekka's request, I echoed out the actual query value, and that gave me some ideas. Now I'm using this:
$ttquery = "Update login SET ttemail = 1 WHERE username = ".$row['username']."";
and I get this error: Unknown column 'admin' in 'where clause'. "admin" is the first username that meets the condition I want to run this query for... it's not the name of a field. Any ideas on why I'm getting the error?
EDIT: Here is the MySQL echoed MySQL query if that helps:
Update login SET ttemail = 1 WHERE username = admin
You probably need single quotes around username
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
If you're using sprintf, you would have:
$ttquery = sprintf("Update login SET %1$s = '1' WHERE username = '%2$s'", $row['ttemail'],$row['username']);
Update login SET ttemail = 1 WHERE username = admin
In SQL, strings are surrounded by single quotes and table/column names are unquoted. You need to fix your PHP code so you generate this:
Update login SET ttemail = 1 WHERE username = 'admin'
Try to make sure you understand basic SQL before banging your head against PHP ;-)
try this
$ttquery = sprintf("Update login SET ".$row['ttemail']." = '1' WHERE username = '" . $row['username'] ."'"
i.e., username='[your value]'
This should work:
$ttquery = "Update login SET ".$row['ttemail']." = '1' WHERE username = '".$row['username']."'";
man, be careful about sql injections.
Also, why call sprintf() if you dont actually use it?
Related
I have a Mysql Database named user. Here is a picture:
I want to change the Username of the user "dodlo.rg" programmatically.
Actually, I have the PHP-Version 7.1. And this is a part of my PHPCode:
EDITED CODE:
$newName= $_POST["changeT"];
$userId = $_POST["userId"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '$newName' WHERE user_id = '$userId'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
But I get the Error: "You gave an Error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM user' at line 1"
Thanks in advance.
The problem lies in 2 parts.
Firstly, since this column is a varchar field it needs to be inside quotes else it produces an sql error.
Secondly the SELECT statement just after is not valid, but i guess it was a copy/paste error.
Therefore your working code should be:
$newName= $_POST["changeT"];
$db = mysqli_connect("trolö", "trolö", "trolö123", "trolö")
$sql = "UPDATE user SET username = '".addslashes($newName)."' WHERE username = 'dodlo.rg'";
$query = mysqli_query($db, $sql);
$response["successU"] = true;
Also, please consider using your primary keys on your where statement rather a varchar field, as it'll improve speed when more complex queries. (eg. where user_id = 35 instead of where username = 'dodlo.rg' ).
Lastly, but quite important this code might be vulnerable to sql injections. You need to use prepared statements.
You have to convert this query into two parts
$sql1 = "UPDATE user SET username = $newName WHERE username = 'dodlo.rg'";
$sql2 = "SELECT * FROM user";
My sql table is not updating. I have looked through tons of documentation and I do not see why it is not working.
if (!empty($_POST['services'])){
$username = mysql_real_escape_string($_POST['username']);
$service = mysql_real_escape_string($_POST['services']);
$registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".username."'");
}
Please update your code to use PDO. Inserting into the database could be much easier and safer using prepared statements.
For example:
<?php
$stmt = $db->prepare("UPDATE `users` SET `services`=:service WHERE `username`=:username");
$stmt->execute(array(':username' => $username, ':service' => $service));
?>
Here's a good resource when learning the basics of PDO.
http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
Have a good one!
- Scott
My error was that I wrote this: $registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".username."'"); and I was missing the $ and an s in services. To correct this: $registerquery = mysql_query("UPDATE users SET services = '".$service."' WHERE Username = '".$username."'"); Thank you all for your help. I submitted another answer last night saying I found the error.
I have tried to close this twice. All I had to do was add a "s" at the end of "service" in the update command. I overlooked the fact it did not match the requested field in the table.
Please replace like this and execute.
$registerquery = mysql_query("UPDATE users SET service = '".$service."' WHERE Username = '".$username."'");
i am trying to make a last online system and this is the code that (should) run after the login
$name = $user['username']
mysql_query("UPDATE users SET last_activity = now() WHERE username = $name");
$message = "Connected";
normally, If i type this code in php tags the name is displayed
echo $user['username']
but it seems that this variable in the mysql_query doesn't work
why?
how should I set "$name" to make it work?
You must use quotes in '$name'.
Try:
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
You need quotes around your variables
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
The problem here is that you need to quote a string in a mysql query so your query should be
"UPDATE users SET last_activity = now() WHERE username = \"$name\""
However I would still caution against direct query manipulation like this for many reasons. Have you looked into using a library like PDO http://www.php.net/manual/en/book.pdo.php?
You have to concatenate the query with the variable like
mysql_query("UPDATE users SET last_activity = now() WHERE username = '" . $name . "');
I solved by myself using another variable
with this code in index.php everything worked :)
mysql_query("UPDATE users SET last_activity = now() WHERE uid = {$user['uid']}");
I know this is a short question but i can't figure out the syntactical error in this line:
$insert = mysql_query("UPDATE user SET userName = '$username_change' WHERE userID = '$_SESSION['userid']' ");
I know the problem is with $_SESSION variable but don't what, if anything, i need to escape or alter for the statement to work.
Try wrapping your array variables within curly brackets:
UPDATE user SET userName = '$username_change' WHERE userID =
'{$_SESSION['userid']}'
Also think about moving away from the mysql_* functions.
try:
$insert = mysql_query("UPDATE user SET userName = '".$username_change."' WHERE userID = ".$_SESSION['userid']);
Try this
UPDATE user SET userName = '$username_change' WHERE userID = "'.$_SESSION['userid']."' "
Whats wrong with my code?
Basically what I'm trying to do is add a number and update a field in the sql with what is connected to the variable. But since steamids look like this STEAM_0:0:123123123 or STEAM_0:1:123123123 I get this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':0:14166834' at line 1
This is just for learning, so I know my code has useless echos, but its just to see it being added and making sure i was doing it correctly anyways
addmoney.php
<?php
include("inc/config.php");
$mysteamid=mysql_real_escape_string($_POST['mysteamid']);
$sql = "SELECT * FROM $tbl_name WHERE steamid='$mysteamid'";
$result=mysql_query($sql);
$cash=mysql_result($result, 0, 'cash'); // outputs 7th
echo $cash;
$newcash= $cash + "10000";
echo "\n";
echo $newcash;
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
?>
index.php contains a working formdata its not really required with the error in my code.
my main problem is this line from addmoney.php which is
$mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = $mysteamid") or die(mysql_error());
As your steamid field in your DB is a string (it seems to be, as possible values are STEAM_0:0:123123123 and STEAM_0:1:123123123), you must use quotes arround the value :
mysql_query("UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` = '$mysteamid'");
Using mysql_real_escape_string() is necessary, as it escapes quotes inside the variable you pass it as a parameter -- but you still have to put quotes arround the string, in your SQL queries.
In the first query you surrounded your $mysteamid value with simple quotes, and in the second query you didn't. If the steamid is a string type, you need to surround the value with quotes, like
"UPDATE $tbl_name SET `cash` = $newcash WHERE `steamid` =' $mysteamid'"