REPLACE and SET in mysql query - mysql

According to w3resource you can replace text using REPLACE keyword.
Now look at this code extracted from OpenCart
<?php
class ModelToolOnline extends Model {
public function addOnline($ip, $customer_id, $url, $referer) {
$this->db->query("DELETE FROM `" . DB_PREFIX . "customer_online` WHERE date_added < '" . date('Y-m-d H:i:s', strtotime('-1 hour')) . "'");
$this->db->query("REPLACE INTO `" . DB_PREFIX . "customer_online` SET `ip` = '" . $this->db->escape($ip) . "', `customer_id` = '" . (int)$customer_id . "', `url` = '" . $this->db->escape($url) . "', `referer` = '" . $this->db->escape($referer) . "', `date_added` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "'");
}
}
?>
They have Replace query with SET keyword and no WHERE condition. Now I couldn't find anything similar to this anywhere to understand whats happening in this query.
If anyone knows what is happening in this query please explain with authentic source link


That are two different things. There is a REPLACE() function and a REPLACE statement.
In the code the REPLACE statement is used. It is similar to an INSERT statement, and thus has no WHERE clause.
Here's what the documentatin says:
REPLACE works exactly like INSERT, except that if an old row in the
table has the same value as a new row for a PRIMARY KEY or a UNIQUE
index, the old row is deleted before the new row is inserted.

Related

PDO Statement accepting INDEX [0], [1], [2], but not [fieldname1], [fieldname2], [fieldname3]

Beginner here trying out PDO/MySQL. I am coding a simple SELECT * and displaying the results. The code below works fine to display the contents.
$sql = 'SELECT * FROM names'; //fieldnames are id, name, email
$stmt = $db->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch())
{echo $row[0] . " | " . $row[1] . " | " . $row[2] . "<br/>";}
However, when I use the fieldname as the index instead of the number, I get a PHP notice:
Notice: Undefined index: name
Codes below does not work.
{echo $row['id'] . " | " . $row['name'] . " | " . $row['email'] . "<br/>";}
I have seen several tutorials where they have used fieldname as the index. Can someone provide some further clarification on when/how the fieldname can be used instead of the number for the index?

Select coalesc max on key update?

My sql query is working fine, until I try to add the absolute last row. How can I get that part working?
INSERT INTO posts (ssp_order, ssp_id, ssp_ss_id, ssp_c_id)
SELECT COALESCE(MAX(ssp_order),0)+1 ,
" . $sspid . "," . $ssid . "," . $cid . "
FROM posts
WHERE ssp_ss_id = " . $ssid . "
ON DUPLICATE KEY UPDATE
ssp_status = 0,
ssp_order = SELECT COALESCE(MAX(ssp_order),0)+1 FROM posts
(please don't worry about the safety of the variables in there)

Reference the table used in the select statement rather than using a subquery
INSERT INTO posts (ssp_order, ssp_id, ssp_ss_id, ssp_c_id)
SELECT maxssporder ,sspid,ssid,cid from
(SELECT COALESCE(MAX(ssp_order),0)+1 as maxssporder,
" . $sspid . " as sspid," . $ssid . " as ssid," . $cid . " as cid
FROM posts p
WHERE ssp_ss_id = " . $ssid . ") q
ON DUPLICATE KEY UPDATE
ssp_status = 0,
ssp_order = q.maxssporder

How to INSERT a value with a name from another table

I am looking to have a value from my users table column name (profile_img) insert into my news table to column name (profile_img1) with the other information the users submits.
Here is the query I am using so far
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
$profile_img1=$_REQUEST["profile_img1"];
$rsvp=$_REQUEST["rsvp"];
$query = "INSERT INTO news (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user,profile_img1,rsvp) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','" . mysql_real_escape_string($city) . "','$state','$zip','".str_replace([",",":","\"","\\", "/", "*"," ","$","&","?",";","'","!","(",")","|","~","<",">","=","[","]","{","}","#","^","%","=","#","+","è","é"],"",$name) ."-".$stdate."-".$file."','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user','" . mysql_real_escape_string($rsvp)."')";
The name for the profile_img1 will go after the user value in the query but I cannot figure out how to get the name of the profile_img in the users table to the news table
here is what I have been trying:
$query = "INSERT INTO news (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user,profile_img1,rsvp) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','" . mysql_real_escape_string($city) . "','$state','$zip','".str_replace([",",":","\"","\\", "/", "*"," ","$","&","?",";","'","!","(",")","|","~","<",">","=","[","]","{","}","#","^","%","=","#","+","è","é"],"",$name) ."-".$stdate."-".$file."','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user','(SELECT profile_img FROM users WHERE username=`username`)''" . mysql_real_escape_string($rsvp)."')";
using this method causes the profile_img1 column in the news table to read (SELECT profile_img FROM users WHERE username=username) instead of what the profile_img column reads in the users table.
Also if I add a second INSERT query
$q2 = mysql_query("INSERT INTO news (profile_img1) SELECT profile_img FROM users WHERE username='username'");
the query causes a new row to be created in the news table displaying only the profile_img from the users table, separate from the other data the user will enter.
My desired result is to have the user submit the data to the news table and the user image from the users table will be inserted into the news table in the row with the other data submitted so the data submitted and the user image is displayed together.
If you need more clarification please let me know

Don't you already have the value for profile_img1 ?
$profile_img1=$_REQUEST["profile_img1"];
But anyway, of course if you do 2 inserts it will insert 2 lines.
You want to look up UPDATE .
And mysql_insert_id() to get the id of the last insert executed.
As in (at the end, after you know what you're doing):
UPDATE news SET profile_img1 = "whateveritis" where id = theidoftherowyoujustinserted

The short answer is to do INSERT (...) SELECT ...
e.g.
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
$profile_img1=$_REQUEST["profile_img1"];
$rsvp=$_REQUEST["rsvp"];
$query = "INSERT INTO news (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user,profile_img1,rsvp) SELECT '" .
mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) .
"','" . mysql_real_escape_string($addr2) . "','" . mysql_real_escape_string($city) . "','$state','$zip','".
str_replace([",",":","\"","\\", "/", "*"," ","$","&","?",";","'","!","(",")","|","~","<",">","=","[","]","{","}","#","^","%","=","#","+","è","é"],"",$name) .
"-".$stdate."-".$file."','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) .
"',provile_img,'" .
mysql_real_escape_string($rsvp)."'" .
" FROM users WHERE username = '{$username}'";
This should turn into something like:
INSERT INTO news (fname, stdate, profile_img1, rsvp)
SELECT 'Bob', '2017-09-02', profile_img, 0
FROM users
WHERE username = 'jimbob'
The long answer involves pleas to not do your own escaping and re-structuring this bit to make it easier to read, and by extension, easier to maintain later

Error in updating database row in MYSQL

I have a table
items: id, userid, item_name, item_description
I want to update a row and used the following sql statement for it.
$updateQuery = "UPDATE items SET item_name = '$item_name',
item_desc = '$item_desc' WHERE userid = '$userid'
AND item_name = '$old_name'";
But it fails. Is it because I used the item_name field, which is to be updated, for selecting the row?

I think I see the problem
item_desc = '$item_desc'
"4 columns id, userid, item_name, item_description."
Change your query to
$updateQuery = "UPDATE items SET item_name = '$item_name', item_description = '$item_desc' WHERE userid = '$userid' AND item_name = '$old_name'";

you not update item_name because you used it in where clause
or
you can echo this string and run in database terminal to verify.
Try :
$updateQuery = "UPDATE items SET item_name = '" . $item_name . "', item_desc = '" . $item_desc . "' WHERE userid = " . $userid . " AND item_name = '" . $old_name . "';"

Please notice, in your query, you are referring the last column as "item_desc" which does not exist, as the actual column name is "item_description" .
MySQL is treating "item_desc" as a separate column in your table, but unable to find it, and hence the error.
Also, it is a good idea to pay attention to how you are concatenating your variable to your query. After equal to(=) sign, always use this notation ' ".$variable_name." ' to concatenate. Example:
select column1, column2 from table1 where (column1 = ' ".$variable_name." ' && column2 = ' ".$variable_name." ') ";

You have to concatenate the strings.
$updateQuery = "UPDATE items SET item_name = '" . $item_name . "', item_desc = '" . $item_desc . "' WHERE userid = " . $userid . " AND item_name = '" . $old_name . "'";

Instead of item_desc, it should be item_description.

My Sql queries inorder to update it

How can I update over this query
$sqlquery = UPDATE("conference",
array('area_of_expertise' => $area_of_expertise_id1,
'long_name' => $_POST['longname'],
'short_name' => $_POST['shortname'],
'description' => $_POST['textarea'],
'creator_id' => $get_id
)
);
I inserted all the need data in the conference table while making sure that it was the same data the user had chosen.

Your UPDATE query syntax is wrong.
You're not saying what table you want to update and which column of that table.
You're just saying UPDATE.
Syntax should be like :
UPDATE tableName SET column = value [ WHERE someColumn = someValue ]
Reference :
http://www.w3schools.com/php/php_mysql_update.asp

I assume you're also using PHP. Is 'UPDATE' a self-defined function? I've never come across it before.
$update = mysql_query("UPDATE conference SET area_of_expertise = '" . $area_of_expertise_id1 . "', long_name = '" . $_POST["longname"] . "', short_name = '" . $_POST["shortname"] . "', description = '" . $_POST["textarea"] . "' WHERE creator_id = " . $get_id);
I'm only assuming your table and column names by the way.

$query = "UPDATE conference SET area_of_expertise='$area_of_expertise_id1', long_name='$_POST['longname']', short_name='$_POST['shortname']', description='$_POST['textarea']' WHERE creator_id='$get_id'");
$update_value = mysql_query($query);
Hope that Helps.