I'm using php for making queries for mysql. Here is one:
UPDATE `subscribers` SET `curDate` = NOW() WHERE `e_mail` = "$resEmail"
curDate - DateTime type. The problem is that after this query curDate of given email is
0000-00-00 00:00:00
What's wrong?
Your PHP probably looks like this now:
$sql = 'UPDATE `subscribers` SET `curDate` = NOW() WHERE `e_mail` = "$resEmail"';
The single quotes prevent the variable's value from being substituted into the string. You will need to change it to this:
$sql = "UPDATE `subscribers` SET `curDate` = NOW() WHERE `e_mail` = '$resEmail'";
You should also be aware that you may have an SQL injection vulnerability here. Consider using mysql_real_escape_string to escape the email address.
$sql = "UPDATE `subscribers` SET `curDate` = NOW() WHERE `e_mail` = '" .
mysql_real_escape_string($resEmail) . "'";
Since you're using timedate function which is based on proper timestamp, try setting it with Timestamp(Now()).
Related
I have a DATE field in my table, and I'm trying to update it using the following code:
$query = mysqli_query($conn,$sql);
$todaydate = date("Y-m-d");
$sqlDate = date('Y-m-d', strtotime($todaydate));
$sql="UPDATE Library SET Loaned=1, LoanedDate=$sqlDate WHERE BookId=$bookId";
$query = mysqli_query($conn,$sql);
It updates the "Loaned" field fine, but always sets the Date field to "0000-00-00". Can anyone indicate what I'm doing wrong?
Youre missing ' quotes in your update query
Just use something like this
$sql="UPDATE Library SET Loaned=1, LoanedDate='$sqlDate' WHERE BookId='$bookId'";
$query = mysqli_query($conn,$sql);
You must have to add Quotes to the values... other wise the date may seem like an invalid integer to mysql. Here's how:
$query = mysqli_query($conn,$sql);
$todaydate = date("Y-m-d", time()); //<== DON'T FORGET THE 2ND ARGUMENT TO date(): TIME-STAMP. YOU MAY USE: time()
$sqlDate = date('Y-m-d', strtotime($todaydate));
$sql ="UPDATE Library SET Loaned=1, LoanedDate='{$sqlDate}' WHERE BookId='{$bookId}'";
$query = mysqli_query($conn,$sql);
Why don't you use only MySQL function to update date
Use this
$sql = "UPDATE Library SET Loaned = 1, LoanedDate = DATE(NOW())
WHERE BookId = '".$bookId."'";
Change your query with this code
$sql="UPDATE Library SET Loaned=1, LoanedDate= current_date() WHERE BookId='".$bookId."'";
Also check data structure in database.
This query is working fine:
$current_date = strtotime(date('Y-m-d H:i:s'));
$sql = "UPDATE user SET dt_added = '".$current_date."' WHERE id = '$id' ";
You're not concatenating the Date string properly in the SQL query.
Use ' and . operator to concatenate the string. Like this,
$sql="UPDATE Library SET Loaned=1, LoanedDate='".$sqlDate."' WHERE BookId='".$bookId."'";
Altough it's good practice to use Prepared statement to pass arguments in SQL query.
Learn more about PHP Prepared Statements
Looking closer, I would just do:
$sql="UPDATE Library SET Loaned=1, LoanedDate='".$todaydate."' WHERE BookId='".$bookId."'";
instead of
$sql="UPDATE Library SET Loaned=1, LoanedDate='".$sqlDate."' WHERE BookId=$bookId";
There is some error when I am executing this php code:
$today = date("Y-m-d H:i:s");
$sql = "UPDATE `deposit_admin_report` SET `READING`=$item,`Timestamp`=$today WHERE `METER_NUMBER`='NP-1353-'";
Error:
UPDATE `deposit_admin_report` SET `READING`=395,`Timestamp`=2015-11-27 09:08:33 WHERE `METER_NUMBER`='NP-1353-'
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '09:08:33 WHERE `METER_NUMBER`='NP-1353-'' at line 1
The column Timestamp has a type "timestamp" and default is "null" in the mysql table.
Will appreciate if anyone could help me out.
Thanks in advance
here is what you need:
$today = date("Y-m-d H:i:s");
$sql = "UPDATE `deposit_admin_report` SET `READING`=$item,`Timestamp`='".$today."' WHERE `METER_NUMBER`='NP-1353-'";
Also there is another way:
Simply use NOW()
Like this:
$sql = "UPDATE deposit_admin_report SET READING='$item',Timestamp=NOW()
WHERE METER_NUMBER='NP-1353-'";
That's it :)
use MySQL NOW() or change this $item to this '$item'
$sql = "UPDATE `deposit_admin_report` SET `READING`='$item',`Timestamp`=NOW()
WHERE `METER_NUMBER`='NP-1353-'";
$today = date("Y-m-d H:i:s");
$sql = "UPDATE `deposit_admin_report` SET `READING`= '" . $item . "',`Timestamp`= '" . $today . "' WHERE `METER_NUMBER`='NP-1353-'";
It sees the space in your date as a seperate word, and not as value of your timestamp.
Also, it is way easier to just use NOW()
$sql = "UPDATE `deposit_admin_report` SET `READING`= '" . $item . "',`Timestamp`= 'NOW()' WHERE `METER_NUMBER`='NP-1353-'";
Date field accepts a string which you should enclose in single quotes.
$sql = "UPDATE `deposit_admin_report` SET `READING`= $item, `Timestamp`= '$today' WHERE `METER_NUMBER`='NP-1353-'";
The question is already answered. Would like to bring into notice the caveat of using NOW() in Master / Slave architecture.
If timezone of slave server is different than that of master, the timestamp value stored on master will be different than the one on slave.
Its recommended to use following steps:
date_default_timezone_set('UTC'); // UTC is an example
$today = date("Y-m-d H:i:s");
$sql = "
UPDATE `deposit_admin_report`
SET `READING`=$item,`Timestamp`='".$today."'
WHERE `METER_NUMBER`='NP-1353-'
";
i am trying to make a last online system and this is the code that (should) run after the login
$name = $user['username']
mysql_query("UPDATE users SET last_activity = now() WHERE username = $name");
$message = "Connected";
normally, If i type this code in php tags the name is displayed
echo $user['username']
but it seems that this variable in the mysql_query doesn't work
why?
how should I set "$name" to make it work?
You must use quotes in '$name'.
Try:
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
You need quotes around your variables
mysql_query("UPDATE users SET last_activity = now() WHERE username = '$name'");
The problem here is that you need to quote a string in a mysql query so your query should be
"UPDATE users SET last_activity = now() WHERE username = \"$name\""
However I would still caution against direct query manipulation like this for many reasons. Have you looked into using a library like PDO http://www.php.net/manual/en/book.pdo.php?
You have to concatenate the query with the variable like
mysql_query("UPDATE users SET last_activity = now() WHERE username = '" . $name . "');
I solved by myself using another variable
with this code in index.php everything worked :)
mysql_query("UPDATE users SET last_activity = now() WHERE uid = {$user['uid']}");
I am running a php function with this line in it:
mysql_query("UPDATE `user-table` SET `$field` = '$value' WHERE `user_id` = $user_id");
For some reason this is not working. I have echoed out the $user_id variable, taken that integer and placed it in place of the variable in the query, so it looks like this:
mysql_query("UPDATE `user-table` SET `$field` = '$value' WHERE `user_id` = 11");
And it updated fine! So the issue must be something to do with the variable, but I can't figure out what.
Any thoughts?
It can depend on the settings in your php.ini. I can't remember the name of the environment variable, but if you build the string like so:
mysql_query("UPDATE `user-table` SET `$field` = '".$value."' WHERE `user_id` = ".$user_id.";");
It should work regardless of your php.ini settings, assuming you've already escaped your $value, and are sure your $user_id is an integer.
If you are assigning both the field (column) name & value to the variables $name & $value like that then;
field/column names aren't required to be in ticks. Therefore;
a) Change " SET `$field` to SET $field &
b) Change " `user-table` to user-table
Because you're quoting the entire sql statement, - "UPDATE..." - when you insert a
$variable into a string and its required to be quoted, you need to escape the
quotes or concatenate the string like:
"... = '" . $value . "' ... ";
You should probably also use a mysql_real_escape_string() on your variable to avoid
most common types of sql injection like:
"... = '" . mysql_real_escape_string($value) . "' ... ";
So, putting it all together, the following should work just fine:
mysql_query("
UPDATE user-table
SET $field = '" . mysql_real_escape_string($value) . "'
WHERE user_id = (int)$user_id
");
Hope it helps!
Gez
I was accidentally passing an undefined variable thinking it was an integer.
If I remember correctly, you should wrap variable into {}, because in your example you actually pushing $user_id as a string.
mysql_query("UPDATE `user-table` SET `$field` = '$value' WHERE `user_id` = {$user_id}");
This is simple one i am using the following insert query
mysql_query(insert into table1 set saltval = 'Y'Z' where uid ='1');
but i does not work becaues the value for the field saltval is Y'Z . my question is how to considered this value is as a string .
You need to escape any single quotes with a backslash.
mysql_query("insert into table1 set saltval = 'Y\'Z' where uid ='1'");
However your SQL is invalid as well... Did you mean to do an update? Insert statements don't have a where.
As mentioned in other answers, if the input is from a user then you should use mysql_real_escape_string()
http://www.php.net/manual/en/function.mysql-real-escape-string.php
$string = mysql_real_escape_string("Y'Z");
mysql_query("insert into table1 set saltval = '{$string}' where uid ='1'");
Always use mysql_real_escape_string() function for this if values come from user input
$query="insert into table1 set saltval = '".mysql_real_escape_string($InputVal)."' where uid ='1'";
See http://php.net/manual/en/function.mysql-real-escape-string.php
You have to add a backslash to certain characters to make your string fit into SQL syntax rules.
Assuming you're creating your query dynamically, PHP has special escaping function for this and you should use it for the every quoted string in the query, no exceptions.
So, write your code like this:
$salt = "Y'Z";
$id = 1;
$salt = mysql_real_escape_string($salt);
$id = mysql_real_escape_string($id);
$sql = "update table1 set saltval = '$salt' where uid ='$id'";
mysql_query($sql) or trigger_error(mysql_error()." ".$sql);
to make it safe and fault-tolerant