Having some trouble getting this query to work correctly.
mysql_query("DELETE FROM `table` WHERE `id` = '$id' AND 'username' = '$username' ");
tried replacing variables with actual data and running it in phpmyadmin to no success
any thoughts?
You're quoting the username column with ' instead of `
use:
mysql_query("DELETE FROM `table` WHERE `id` = '$id' AND `username` = '$username'");
not:
mysql_query("DELETE FROM `table` WHERE `id` = '$id' AND 'username' = '$username'");
Please, for the love of the internet, don't built an SQL query yourself. Use PDO.
Related
I am trying to save a string which is just $id = "27491"; into a database table called users under a field called user id here's what I have tried currently but it's not working...
mysqli_query($DB,"INSERT INTO `users` SET `id` = '".$id."'");
EDIT: The content just does not go into the database, the issue before was just a typo.
Also does not work with my $title string.
mysqli_query($DB,"INSERT INTO `users` SET `title` = '".mysqli_real_escape_string($DB,$title)."'");
You can use like below, One more suggetion for you, this is not good practice to use space in field name. So, you can use field name like user_id, this is good to go.:
mysqli_query($DB,"INSERT INTO `users` SET `user id` = '".$id."'");
// ^ you miss
OR
mysqli_query($DB,"INSERT INTO `users` (`user id`) VALUES('".$id."')";
Parenthesis aren't closing in your code...
mysqli_query($DB,"INSERT INTO `users` SET `user id` = '".$id."'");
Please try this. I hope this will help you.
Change your query to -
mysqli_query($DB,"INSERT INTO `users` SET `title` = ".mysqli_real_escape_string($DB,$title));
below is what I am trying to accomplish. I am trying to retrieve an integer value using a SELECT statement which I will inturn pass into the UPDATE statement, but I have not been sucessful with it. Below is what I have done so far and it doesn't work. Please any suggestion will be highly appreciated. the $empID is passed from a form using php.
$getemID ="SELECT `addressID` FROM `address` WHERE `userID` =$empID";
$myemID = mysql_query($getemID) or die(mysql_error());
$addrID = $myemID["addressID"];
$sql4="UPDATE `address`
SET `line1`='$line1', `line2`='$line2', `city`='$city', `zip`='$zip'
WHERE `addressID`=$addrID";
$res = mysql_query($sql4) or die(mysql_error());
While you should not use the deprecated mysql_* functions, the following still stands:
The return value of the mysql_query call is not an array, but a resource. Use this resource in a call like mysql_fetch_array to get the data. Then you can use that data for the other query.
Why not do it in a single query like below
UPDATE `address`
SET `line1`='$line1', `line2`='$line2', `city`='$city', `zip`='$zip'
WHERE `addressID` IN (
SELECT `addressID` FROM `address` WHERE `userID` =$empID
)
After select query you have to fetch them using mysql_fetch_array. As given below:
$getemID ="SELECT `addressID` FROM `address` WHERE `userID` =$empID";
$myemID = mysql_query($getemID) or die(mysql_error());
$row = mysql_fetch_array($myemID);
$addrID = $row["addressID"];
$sql4="UPDATE `address`
SET `line1`='$line1', `line2`='$line2', `city`='$city', `zip`='$zip'
WHERE `addressID`='$addrID' ";
$res = mysql_query($sql4) or die(mysql_error());
Hey I have a query that will insert into the table a new data and I want that in the same time update an outher table with the id of the new data that I have entered. ex:
mysql_query("INSERT INTO `test` (`name`) VALUES ('Mark')");
$query = mysql_query("SELECT `id` FROM `test` WHERE `name` = 'Mark'");
$id = mysql_result($query,0);
mysql_quey("UPDATE `test2` SET `test_id` = $id WHERE `name` = 'Mark'");
How do I do it at same time? because doing it this way I only insert the new data and I dont update the other.
Cumps.
Try this :
mysql_query("INSERT INTO `test` (`name`) VALUES ('Mark')");
$id = mysql_insert_id();
mysql_quey("UPDATE `test2` SET `test_id` = $id WHERE `name` = 'Mark'");
I've changed the backticks to single quotes in your first insert for the values, backticks should never be used for field values.
Also I've changed it to use only two queries, the mysql_insert_id() will get the last inserted id without you needing to query it.
Ref : http://www.php.net/manual/en/function.mysql-insert-id.php
First of all, you do not need the select to get the id, there is mysql_insert_id() for that.
Then you have to use a transaction to make both queries feel like executed at the same time:
mysql_query('BEGIN');
mysql_query("INSERT INTO `test` (`name`) VALUES ('Mark')");
$id = mysql_insert_id();
mysql_query("UPDATE `test2` SET `test_id` = $id WHERE `name` = 'Mark'");
mysql_query('COMMIT');
A transaction makes sure both statements are executed, and no other script can come between them in any way.
I'm sending form data to db with UPDATE query:
mysql_query("UPDATE users SET price = '100-200' WHERE login = '$login'");
mysql_query("UPDATE users SET city = '$city' WHERE login = '$login'");
My question is: how to rebuild it to have query which writes data in db, but do not remove older posts.
For example: If user enters data 'price' and 'city', and after this, he wants to change only 'city', script with update will cancel 'price' and leave blank field in db.
How to make it to update (like in example) only city, but to leave price as it was before (100-200). Is there a proper query for this?
You will want to do a check for NULL or empty variables before running the SQL Statements. Something like this:
if(!empty($price))
{
mysql_query("UPDATE `users` SET `price` = '".$price."' WHERE `login` = '".$login."';");
}
if(!empty($city))
{
mysql_query("UPDATE `users` SET `city` = '".$city."' WHERE `login` = '".$login."';");
}
use "INSERT INTO table (column1, column2,column3) VALUES (val1,val2,val3)";
ps: mysql_* is deprecated update to PDO or MySQLi
I've created a little login strucuture:
If you had wrote your data into fields you receive a link to confirm the account.
e.g. confirm.php?email=a#a.com
When you visit the link the following code executes:
$sql = mysqli_connect("localhost", "name", "password");
mysqli_select_db($sql, "db");
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
mysqli_query($sql, $set_active);
mysqli_close($sql);
But after that the active-value is still 0 like deafult.
The users table:
email (varchar 100) active (int 1)
a#a.com 0
Use a prepared statement:
$stmt = mysqli_prepare($sql, "UPDATE `users` SET `active` = 1 WHERE `email` = ?") or die(mysqli_error($sql));
mysqli_bind_param($stmt, "s", $_GET['email']);
mysqli_stmt_execute($stmt) or die(mysqli_error($sql));
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";
You have missed ' in email. So the query is wrong. to check that do:
echo("UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."");
This will give you an error.
Things get evaluated in double quotes but not in single
change
set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
to
set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";