Drupal version 6.12
I have a page whose input format is PHP.
I simply want to update a database table. The SQL code appears to be too complex for db_query. I can not make db_query work nor does including php nor does dropping custom php code into the “Body” seem to work either. Any advise on how I can make the following code work inside Drupal?
Here is the code we put in the body. I tried creating a PHP file and just including the PHP file with an INCLUDE statement too.
I know the PHP is error free. it was taken from a site that does not use Drupal!
<?php
if( isset( $_GET['file'] ) )
{
$fileno = $_GET['file'];
$client = $_POST["Client"];
$DBLink = pg_connect("host=XXXX dbname=XXXX user=XXX password=XXXX" );
$sql = "update
webform_submitted_data sd set data = 'A'
where
sd.nid = '27' and
sd.cid = (select wc.cid from webform_component wc where wc.nid = sd.nid and wc.form_key = 'status') and
sd.sid = (select wd.sid from webform_submitted_data wd, webform_component wc
where wc.nid = sd.nid and wc.form_key = 'your_file_' and wd.nid = wc.nid and
wd.data = '$fileno');"
if( ! pg_query($DBLink, $sql) )
{
print( "Database Connection Failure: " . pg_last_error($DBLink));
exit;
}
else
{
print "File: $fileno is now Assigned to $client";
}
pg_close($DBLink);
}
?>
I also tried calling the Drupal APIs for sending an update to the database with no luck either, see code that follows. I actually tried this method first before giving up and trying the code above.
I also tried two versions of the db_query. The one you see below and one where I replaced %s with $fileno in the $sql string and called db_query($sql).
<?php
if( isset( $_GET['file'] ) )
{
$fileno = $_GET['file'];
$client = $_POST["Client"];
$sql = "update
webform_submitted_data sd set data = 'A'
where
sd.nid = '27' and
sd.cid = (select wc.cid from webform_component wc where wc.nid = sd.nid and wc.form_key = 'status') and
sd.sid = (select wd.sid from webform_submitted_data wd, webform_component wc
where wc.nid = sd.nid and wc.form_key = 'your_file_' and wd.nid = wc.nid and
wd.data = '%s');"
db_query($sql, $fileno);
print "File: $fileno is now Assigned to $client";
}
?>
I also put my database in full logging mode, logging connections and all statements and neither query hits the database. In the first case, if I INCLUDE the PHP I get just a white/blank screen -- it's like the PHP code is running but drupal is parsing the code before running it. I just want the code to run AS-IS.
Also, I'm really not interested in creating drupal modules. If it's possible to make this work without a lot of Drupal customizattion, that's what I'm after. This is a short-term tactical fix while we work on a more strategic goal...
Thanks all!
A couple of questions and thoughts:
Are there any database errors that appear on the screen? They usually appear in red 'warning' message boxes at the top of the content after an error has occurred.
Instead of webform_component you should be using {webform_component}. All table names should be in brackets.
The proper way to use data from a form input is to use $form_values[] for a form or $node for a node (if the data is part of a node). Additionally, if you are using the webform module, you can add steps to the submission of a webform. There are some tutorials here.
Last, does php actually reach the if if( isset( $_GET['file'] ) )? Drupal will complain heavily about database errors. So if you don't receive an error message, it means that the query was not executed (never got to that step) or it executed cleanly (but perhaps not with the intended effect).
In my experience, there haven't been queries that have been too complex for drupal because you are entering SQL (sanitized and parametrized) directly.
Related
I,ve trying to save some data in my DB, but it just don't save, no error thrown, i used the echo query_orcN; to see if the data that was input by the form is valid, and its all fine, the form can input up to 5 services ($servicoN), so the cod is kinda repetetive, as i am new with php and mySql, expect to see some newbie coding.
I also verified and the logic to choose what if statement will be used is working fine too, so i will post just the case with one service:
...
<?php
include('login/conexao.php');
$nome_cli = $_POST['nome_cli'];
$nome_orc = $_POST['nome_orc'];
$obs_trab = $_POST['obs_orc'];
$servico1 = $_POST['serv1'];
$obs_serv1 = $_POST['obs_serv1'];
$total1 = $_POST['total1'];
$servico2 = $_POST['serv2'];
$obs_serv2 = $_POST['obs_serv2'];
$total2 = $_POST['total2'];
$servico3 = $_POST['serv3'];
$obs_serv3 = $_POST['obs_serv3'];
$total3 = $_POST['total3'];
$servico4 = $_POST['serv4'];
$obs_serv4 = $_POST['obs_serv4'];
$total4 = $_POST['total4'];
$servico5 = $_POST['serv5'];
$obs_serv5 = $_POST['obs_serv5'];
$total5 = $_POST['total5'];
//um serviço
if($servico1 != '' && $servico2 == '' && $servico3 == '' && $servico4 == '' && $servico5 == ''){
$query_orc1 = "START TRANSACTION;
SET #cod_cli = (SELECT cod_cliente
FROM CLIENTE
WHERE nome_cliente = '$nome_cli');
INSERT INTO TRABALHO(nome_trabalho, cod_cliente, obs_trabalho, statuspag_trabalho)
VALUES ('$nome_orc', #cod_cli, '$obs_trab', 0);
SET #orc = LAST_INSERT_ID();
SET #cod_serv1 = (SELECT cod_servicos
FROM SERVICOS
WHERE descri_servicos = '$servico1');
INSERT INTO SERV_TRAB(cod_trabalho, cod_servicos, qtt_serv_trab, obs_serv_trab)
VALUES (#orc, #cod_serv1, $total1, '$obs_serv1');
COMMIT;";
if($resultado_query_orc1 = mysqli_multi_query($conexao, $query_orc1))
{
//echo $query_orc1;
header('Location: sucesso_orc.php');
exit();
}
else
{
echo "<h3>Falha </h3>".$valid;
echo $result_msg_cliente;
}}
...
I'm using myawardspace to host my project, and already set de engine of the tables to InnoDB as for what i,ve understood, it's one that can support the TRANSACTION.
Already thanks anyone in advance for any help and attention, its the first time a post a question here, hope it's well structered.
You have two problems.
PROBLEM 1: failure of the script to produce expected results (i.e., the question you asked).
PROBLEM 2: Lack of diagnostic information.
To solve problem 2, put the following three lines at the start of your script:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Running the script with this change might produce error messages that will lead to a solution for your script. If not, run simple php with a known error, such as:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
echo '1' //no semi colon is an error
echo '2';
If this produces no error messages, it means there is something in the php or web server (such as Apache) configuration stopping them. Find error logs for php and and the web server (probably apache). Exact details for accessing logs are available myawardspace.
SOLVING PROBLEM 1 - Your Script
Whenever running sql through php, there are two major steps involved in getting it to work.
STEP 1: Verify the sql is valid.
The first shot at forming sql within a php script very often contains errors. That means an important milestone in the development of every php script interacting with a database is verifying the sql outside php. An easy way to do this is to put the following statement immediately after setting the value of query_orc1:
echo query_orc1;
exit;
This will put onto your screen the sql the script is attempting to running. Use copy/paste to run the sql using phpmyadmin or whatever interface you have for your database. If there are problems with the sql, you will see them here. If the sql runs as expected, then you know the part of your script creating the sql is working.
STEP 2: Fix php errors that are failing to submit sql correctly to the database.
Maybe someone can spot errors in this script without benefit of error messages. That is fantastic if someone can provide you that information. I would focus on getting your system to show you error message before trying to troubleshoot the php.
I have no experience with mysqli, therefore I use PDO.
At first: Maybe you should overthink the first part with servico1 to servico5. There is maybe a better solution.
My Changes:
Switch from mysqli to PDO
add prepare statements
replace two statements with subselects
I hope I have commented on every change.
The altered Code:
<?php
include('login/conexao.php');
// Build an PDO Instance (Documentation: https://www.php.net/manual/en/book.pdo.php)
// $db = new PDO("mysql:host=localhost;dbname=test;charset=UTF8", "username", "password", [
// PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
// ]);
$nome_cli = $_POST['nome_cli'];
$nome_orc = $_POST['nome_orc'];
$obs_trab = $_POST['obs_orc'];
$servico1 = $_POST['serv1'];
$obs_serv1 = $_POST['obs_serv1'];
$total1 = $_POST['total1'];
$servico2 = $_POST['serv2'];
$obs_serv2 = $_POST['obs_serv2'];
$total2 = $_POST['total2'];
$servico3 = $_POST['serv3'];
$obs_serv3 = $_POST['obs_serv3'];
$total3 = $_POST['total3'];
$servico4 = $_POST['serv4'];
$obs_serv4 = $_POST['obs_serv4'];
$total4 = $_POST['total4'];
$servico5 = $_POST['serv5'];
$obs_serv5 = $_POST['obs_serv5'];
$total5 = $_POST['total5'];
// switch from
// ($servico1 != '') to !empty($servico1)
// optional, if you like the syntax more, you could use: ($servico1 !== '')
// tripple equals or !== prevents type juggeling
// #see https://www.php.net/manual/en/language.types.type-juggling.php
if (!empty($servico1) && empty($servico2) && empty($servico3) && empty($servico4) && empty($servico5)) {
// Prepared statment to prevent sqlinjection
$stmt = $db->prepare("INSERT INTO TRABALHO (
nome_trabalho,
cod_cliente,
obs_trabalho,
statuspag_trabalho
) VALUES (
:nome_orc,
(SELECT cod_cliente FROM CLIENTE WHERE nome_cliente = :nome_cli ), -- with subselects we can remove unnecessary sql statments
:obs_trab,
0
)
");
try {
// Execute the query and bind the named paraments
// All variables a treated as string
$stmt->execute([
'nome_orc' => $nome_orc,
'nome_cli' => $nome_cli,
'obs_trab' => $obs_trab
]);
} catch (Exception $e) {
// #todo handle exception
echo $e->getMessage();
exit;
}
$stmt = $db->prepare("INSERT INTO SERV_TRAB (
cod_trabalho,
cod_servicos,
qtt_serv_trab,
obs_serv_trab
) VALUES (
:orc,
(SELECT cod_servicos FROM SERVICOS WHERE descri_servicos = :servico1),
$total1,
:obs_serv1
)
");
try {
// get last inserted id with pdo: $db->lastInsertId()
$stmt->execute([
'orc' => $db->lastInsertId(),
'servico1' => $servico1,
'obs_serv1' => $obs_serv1
]);
} catch (Exception $e) {
// #todo handle exception
echo $e->getMessage();
exit;
}
// we don't need an if at this point because if an error occures it will throw an exception
// and the try / catch will catch and handle it
header('Location: sucesso_orc.php');
exit;
}
I'm using Wordpress and I'm performing a query which gives me back this error:
Failed to load resource: the server responded with a status of 500
(Internal Server Error)
My query looks like:
global $wpdb;
$session_uid = isset($_POST["session_uid"]) ? trim(strip_tags($_POST["session_uid"])) : "";
$the_data = isset($_POST["the_data"]) ? trim(strip_tags($_POST["the_data"])) : "";
$ss = "select * from ".$wpdb->prefix."vp_pms_messages inner join ".$wpdb->prefix."vp_pms_group_users on ".$wpdb->prefix."vp_pms_messages.id = ".$wpdb->prefix."vp_pms_group_users.message_id and ".$wpdb->prefix."vp_pms_messages.group_id = ".$wpdb->prefix."vp_pms_group_users.group_id where ".$wpdb->prefix."vp_pms_group_users.from_username = '$session_uid' and ".$wpdb->prefix."vp_pms_group_users.from_del = '0' or ".$wpdb->prefix."vp_pms_group_users.to_username = '$session_uid' and ".$wpdb->prefix."vp_pms_group_users.to_del = '0' group by ".$wpdb->prefix."vp_pms_messages.group_id";
$check_last_conversation = $wpdb->get_results($ss);
$response = print $check_last_conversation;
I'm probably missing or misunderstanding something but if I comment out $check_last_conversation and I print something like "Hello", the error goes away.
This is ok:
global $wpdb;
$session_uid = isset($_POST["session_uid"]) ? trim(strip_tags($_POST["session_uid"])) : "";
$the_data = isset($_POST["the_data"]) ? trim(strip_tags($_POST["the_data"])) : "";
//$ss = "select * from ".$wpdb->prefix."vp_pms_messages inner join ".$wpdb->prefix."vp_pms_group_users on ".$wpdb->prefix."vp_pms_messages.id = ".$wpdb->prefix."vp_pms_group_users.message_id and ".$wpdb->prefix."vp_pms_messages.group_id = ".$wpdb->prefix."vp_pms_group_users.group_id where ".$wpdb->prefix."vp_pms_group_users.from_username = '$session_uid' and ".$wpdb->prefix."vp_pms_group_users.from_del = '0' or ".$wpdb->prefix."vp_pms_group_users.to_username = '$session_uid' and ".$wpdb->prefix."vp_pms_group_users.to_del = '0' group by ".$wpdb->prefix."vp_pms_messages.group_id";
//$check_last_conversation = $wpdb->get_results($ss);
$response = print 'hello';
So I suppose there is some problems on how I've written my query.
$ss = "select * from ".$wpdb->prefix."vp_pms_messages inner join ".$wpdb->prefix."vp_pms_group_users on ".$wpdb->prefix."vp_pms_messages.id = ".$wpdb->prefix."vp_pms_group_users.message_id and ".$wpdb->prefix."vp_pms_messages.group_id = ".$wpdb->prefix."vp_pms_group_users.group_id where ".$wpdb->prefix."vp_pms_group_users.from_username = '$session_uid' and ".$wpdb->prefix."vp_pms_group_users.from_del = '0' or ".$wpdb->prefix."vp_pms_group_users.to_username = '$session_uid' and ".$wpdb->prefix."vp_pms_group_users.to_del = '0' group by ".$wpdb->prefix."vp_pms_messages.group_id";
Said that, I can't see the error.
My apache_error.log and mysql_error_log.err don't report anything
about.
My tables are empty at now but should they print nothing than produce that error.
Can you please suggest something?
EDIT
I see this error in my console
MySQL table empty
My Wordpress Debug is active like:
My debug.log file (wp-content) is not showing any error in my code.
I've discovered that there is a fatal error in the same file of my query:
PHP Fatal error: Call to undefined function get_bloginfo()
I could check it trough the server php error log. Working on MAMP you can find it here:
MAMP/logs/php_error.log
In my case, Wordpress didn't report it in wp-content/debug.log. So you know. It takes me to the conclusion that my file.php doesn't recognise wordpress hooks and could happen for $wpdb too, throughout my query.
As OP mentioned that he is working on external wordpress script and is not able to access his wordpress functionality. To ensure that you retain your wordpress functionality on your external files, please put the following code, at the start of your external script page.
$path = $_SERVER['DOCUMENT_ROOT'];
include_once $path . '/wp-load.php';
The above lines, will include all the wordpress functionality for your script. $path variable stores the path of your wordpress installation folder.
During the development always turn on the error reporting to be aware of warnings notice or fatal errors which can occur very easily if you forget something or miss place something. So better to be aware or errors and turn the error reporting on to see the errors and when in production do disable the error reporting.
go into wp-config.php file and search for : define('WP_DEBUG',false); and change it to define('WP_DEBUG',true);
Even if your query is okay , you will still result to an error , which you will be getting due to incorrect printing of an array:
function get_results of $wpdb , is an function that will return an array as result of multi rows , and for dumping it use :
print_r($check_last_conversation);
or
var_dump($check_last_conversation);
print 'hello; works because it is a string , and $check_last_conversation is an array. Don't wrap the print_r or var_dump or print or echo inside an variable. as they are supposed to print the data inside from variables.
so in case you have more errors , you can look at the errors , by turning the error reporting on.
Sort of going on from Ajit's answer. I was also having issues similar to this that was caused by character collation which was fixed by adding one extra line.
At the top of any php external file that used wpdb I was using the following:
$path = $_SERVER['DOCUMENT_ROOT'];
include_once $path . '/wp-load.php';
global $wpdb;
$charset_collate = $wpdb->get_charset_collate();
You can then use the $charset_collate in your sql statement, e.g.
$sql = "CREATE TABLE `{$wpdb->base_prefix}my_nice_table` (
id MEDIUMINT NOT NULL AUTO_INCREMENT,
PRIMARY KEY (id)
) $charset_collate;";
Hope that helps!
I've been trying to update my data according to the user session (UserLogin) but it kept saying: Data type mismatch in criteria expression. The print_r is just for testing purposes.
Thanks in advance,
Z
function Employee1_BeforeShow(& $sender)
{
$Employee1_BeforeShow = true;
$Component = & $sender;
$Container = & CCGetParentContainer($sender);
global $Employee1; //Compatibility
$Page = CCGetParentPage($sender);
$db = $Page->Connections["PettyCashMDB"];
$sql1 = "UPDATE Employee SET Employee.LastActive = Date() WHERE Employee.[EmpID] = ". $_SESSION['UserLogin'];
$db->query($sql1);
print_r($_SESSION['UserLogin']);
$db->close();
Employee1_BeforeShow #67-67106FAD
return $Employee1_BeforeShow;
}
EDIT: I've tried #NanaPartykar 's method and by accident I've noticed that it does get the value from $_SESSION['UserLogin'], just that somehow the datatype is different.
EDIT: It displays the error Data type mismatch but both of them are string and returns string.
Instead of Employee.[EmpID], use Employee.EmpID
You need some quotes:
$sql1 = "UPDATE Employee SET Employee.LastActive = Date() WHERE Employee.[EmpID] = \'". $_SESSION['UserLogin'] . "\'";
Z - There are a bunch of built-in Codecharge functions to assist with getting values from querystring, sessions and controls.
eg: CCGetSession("UserLogin", "default");
http://docs.codecharge.com/studio50/html/index.html?http://docs.codecharge.com/studio50/html/Components/Functions/PHP/Overview.html
and executing SQL with some validating (from 'Execute Custom SQL' help topic):
$db = new clsDBConnection1();
$SQL = "INSERT INTO report (report_task_id,report_creator) ".
"VALUES (". $db->ToSQL(CCGetFromGet("task_id",0),ccsInteger) .",". $db->ToSQL(CCGetUserID(),ccsInteger) .")";
$db->query($SQL);
$db->close();
The $db->ToSQL (and CCToSQL) functions convert and add quotes for relevant data types (ccsText, ccsDate).
There are many examples in the Manual under 'Examples' and 'Programming Reference' for PHP (and ASP, .NET, etc)
http://support.codecharge.com/tutorials.asp
I strongly suggest looking at some of the examples, as Codecharge will handle a lot of the 'plumbing' and adding a lot of custom code will causing problems with the generation of code. In your example, you should add a 'Custom Code' action to the Record's 'Before Show' Event and add your code there. If you add code just anywhere, the entire section of code (eg: Before Show) will change colour and no longer be updated if you change something.
For example, if you manually edited the 'Update' function to change a default value, then no changes through the IDE/Properties will change the 'Update' function (such as adding a new field to the Record).
Finally got it to work, this is the code $sql1 = "UPDATE Employee SET LastActive = Date() WHERE EmpID = '$_SESSION[UserLogin]' "; Thanks to everyone that helped out.
I have the following code which should result in an UPDATE occuring yet I see no change on the table row. Any clues as to why? Below the code I list what I have tried. I've stared at this code for hours!
if (in_array( $topicid , $allowed )) {
$query = $db->query("SELECT lastpost FROM table_topics WHERE forumid=$forumid AND topicid=$topicid");
$thelpost = $db->fetch_array($query);
$db->free_result($query);
$lastpost = explode("|", $thelpost['lastpost']);
$initialtime = $lastpost[2];
$timerightnow = time();
$db->query("UPDATE table_topics SET lastpost='$timerightnow|$loginname|$initialtime' WHERE topicid=$topicid AND forumid=$forumid");
}
Tried printing the query:
$query = $db->query("UPDATE table_topics SET lastpost='$timerightnow|$loginname|$initialtime' WHERE topicid=$topicid AND forumid=$forumid");
print $query;
which resulted in output of 1 which I figure is true.
Tried echoing out variables and they all have the expected output. $loginname and other variables were set in preceeding code not shown.
Tried running the UPDATE manually through phpmyadmin with preset variables. Worked.
Yes, CSV delimiting is bad. It's a legacy app that needs overhauling in the long term.
I'm sending some data through to a mysql server via android in an attempt to update some details. Currently the php side looks something like
this:
for($i=0; $i<(10); $i++){
for($k=0; $k<(10); $k++){
mysql_query("UPDATE sometable SET data_".$i."_".$k." = '10'
WHERE id = '".$_REQUEST['id']."'");
}
}
I have to use a loop becuase I'll be building up lots of generic types of data with the style "data_x". Unfortunately, this layout doesn't
seem to update any fields in the database.
Does this method create some type of space, or just simply disrupt a complete variable when read in a statement?
Thanks
Ok, couple of things about current iteration.
Log/output your errors!
`$res = mysql_query( $query ); if( !$res ) log( myslq_error() );/* or die or whatever */`
Do one update, not 100.
$query = "UPDATE sometable SET";
for($i=0; $i<(10); $i++){
for($k=0; $k<(10); $k++){
$query .= ' data_'.$i.'_'.$k.' = \'10\''
if( !( $k == $i && $i == 10 ) ) $query .= ',';
}
}
//see side note below
$query .= 'WHERE id = ' . mysql_real_escape_string( $_REQUEST['id'] );
$res = mysql_query( $query );
if( !$res ) do_something_with_error( mysql_error() );
100 updates can make your database/PHP angry and the last thing you want is an angry database. Further, this only does one array lookup in REQUEST, whereas the code above does 100. (O(1) * 100 is still 100).
As a side note: just because something is supposed to be sent from Android, that is no reason to expect that it does not need to be properly escaped. Remember the lessons of Bobby Tables!
I also cannot suggest strongly enough that you reconsider your schema. That may seem to be the easiest way to handle things right now, but later developers (including yourself) will wonder what the heck was supposed to be stored there. I've worked on projects like that and they were not fun. (On the other hand, I don't know your specifics, so I could be completely wrong).
This was addressing an initial copy paste error:
At a bare minimum, PHP can't parse this line:
for(ik=0; $i<(10); $i++)
Rewrite it with the dollar sign:
for($i=0; $i<(10); $i++)
Did you debug the code at all?
Is the query actually valid and does the generated field 'data_X_X' definitely exist in the table 'sometable'?
My guess is that the generated field name does not exist in your table.