Ok, I am querying my DB for a file. And I want to use a PHP global variable and stick it somewhere in that output using say a '$dir' in my table. Any possible way to do so?
Just use it in a string for the query like you would in any other string. eg:
$sql = "UPDATE TABLE x SET dir=" . $dir . " WHERE id=" . $id;
Though if you do this and your variables use user input it's VERY IMPORTANT to sanitize them against SQL injection and such. The function mysql_real_escape_string() is provided for just such instances.
$sql = "UPDATE TABLE x SET dir=" . mysql_real_escape_string($dir) . " WHERE id=" . mysql_real_escape_string($id);
$query = "SELECT '" . $dir . "' as myVariable, userName, userpassword from users where userName = ...."
The first reply was missing some quotes:
$sql = "UPDATE TABLE x SET dir=" . $dir . " WHERE id=" . $i
->
$sql = "UPDATE TABLE x SET dir='" . mysql_real_escape_string($dir) . "' WHERE id=" . $i
and
$sql = "UPDATE TABLE x SET dir=" . mysql_real_escape_string($dir) . " WHERE id=" . mysql_real_escape_string($id);
->
$sql = "UPDATE TABLE x SET dir='" . mysql_real_escape_string($dir) . "' WHERE id=" . mysql_real_escape_string($id);
Related
I am using codeigniter to build an app and I am really far in the code.
I have a table with column headers id, page, user and like. Now the problem is, in the mysql query, I realised I cant use the word like for the column name as its a sql keyword I belive.
I can't change the column name from like to something else because it would mean changing 100s of lines of php code.
Is there something that i can do to overcome the clash of the world like?
here is what I mean
$like_variable = 100;
$query = $this->db->query("SELECT * FROM `table_name`
WHERE id ='" . $qry . "' AND
page = '" . $_SESSION['p_id'] . "' AND
user_id = '" . $_SESSION['user_id'] . "' AND
like = '" . $like_variable . "'
");
// i think i cant use the world like above but I cant change the column header
Any solutions would be much appreciated thanks in advance
In SQL, you can use keywords as column names. Wrap them in ``.
SELECT * from `table_name` WHERE `like` = 100
Change like to:
`like`
Result:
$like_variable = 100;
$query = $this->db->query("SELECT * FROM `table_name`
WHERE id ='" . $qry . "' AND
page = '" . $_SESSION['p_id'] . "' AND
user_id = '" . $_SESSION['user_id'] . "' AND
`like` = '" . $like_variable . "'
");
Below is my small code for inserting some info into AthleteID. It doesn't actually insert the information to the table though, any help is appreciated. (sorry for asking twice, but I think my first question isn't addressing whatever issue is holding me up here!)
<?php
require_once('resources/connection.php');
echo 'hello noob' . '<br />';
$query = mysql_query('SELECT LName, MyWebSiteUserID FROM tuser WHERE MyWebSiteUserID = MyWebSiteUserID');
$athleteId = strtoupper(substr($row["LName"], 0, 2)) . $row["MyWebSiteUserID"];
$update = "UPDATE `tuser` SET `AthleteID`='$athleteId' WHERE `MyWebSiteUserID` = `MyWebSiteUserID`;";
while($row = mysql_fetch_array($query)){
mysql_query( $update);
}
Where to begin..
1) Your using mysql and not mysqli. mysql is now deprecated but you could be on a PHP 4 system so keep that in mind.
2) You are building the $athleteID before you have found out what LName and SkillshowUserID is.
3) Your using a where of 1 = 1. You dont need this as it will return true for every row.
4) So...
// Execute a query
$results = mysql_query('SELECT LName, MyWebsiteID FROM tuser WHERE SkillshowUserID = SkillshowUserID');
// Loop through the result set
while($row = mysql_fetch_array($query))
{
// Generate the athleteId
$athleteId = strtoupper(substr($row["LName"], 0, 2)) . $row["MyWebsiteID"];
// Generate an sql update statement
$update = "UPDATE `tuser` SET `AthleteID`='" . $athleteId . "' " .
" WHERE LName = '" . $row['LName'] . "' " .
" AND MyWebsiteID = '" . $row['MyWebsiteID'] . "';";
// Fire off that bad boy
mysql_query($update);
}
I have database with column "kredit". I want to add $dobitak to kredit.
So if is in database kredit=10, and $dobitak=15 kredit+dobitak=25 but my code return me kredit=15 in database.
$sql = "UPDATE user
SET kredit='kredit' + '".$dobitak."'
WHERE id='" . $info['user_id'] . "'";
What I need to change to get correct result in database?
try this ...
$sql = "UPDATE user
SET kredit=kredit + ".$dobitak."
WHERE id='" . $info['user_id'] . "'";
Because for integer type field you need not enclose with "'"
kredit = kredit + '". $dobitak ."'
WHERE id='" . $info['user_id'] . "'";
Remove the ' ' from around kredit
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating SET NumberOfSeats = " . $removeSeatingNumber . " WHERE DATE = " . $revertToStandardDate);
In the code above I am trying to update the value within the MYSQL table.
When I echo the variables they show the data I am expecting, however the database is not being updated.
There is no error being returned either.
What are other possibilities for the sql not to update properly??
This will work:
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating
SET NumberOfSeats = '" . $removeSeatingNumber . "'
WHERE DATE = '" . $revertToStandardDate . "'");
Long form:
$updateSeats = mysql_query("UPDATE FORM_dateAndSeating SET NumberOfSeats = '" . $removeSeatingNumber . "' WHERE DATE = '" . $revertToStandardDate . "'");
The variables need to be inside double quotes including single quotes
I.e.: '" . $removeSeatingNumber . "' WHERE DATE = '" . $revertToStandardDate . "'
-------^ --------------------------------------------^ -----------------------^ ----------------------------------------------^
Add apostrophes around your column values.
I am using pretty much all variables in my query and i am pretty sure my syntax is wrong somewhere. I have tried a lot of different ways to setup my query. Basically im trying to update a specific row with the id, and the column that is the variable $loc.
mysqli_query($con,"UPDATE `" . $tbvbr . "` SET $loc='".$addscore."' WHERE pid='".$pn."' ");
i also tried
mysqli_query($con,"UPDATE `" . $tbvbr . "` SET $loc='$addscore' WHERE pid='$pn' ");
and
mysqli_query($con,"UPDATE `" . $tbvbr . "` SET $loc=$addscore WHERE pid=$pn ");
Thanks
$sql = "UPDATE `" . $tbvbr . "` SET " . $loc . " = '" . $addscore . "' WHERE pid= '" . $pn . "'";
mysqli_query($con,$sql);
Does this work?
mysqli_query($con,"UPDATE ".$tbvbr." SET ".$loc." = '".$addscore."' WHERE pid = ".$pn);