Auto delete from SQL database - mysql

What can I add to this to make the record delete automatically after the endate has passed? I would like to post to automatically delete from the database after the endate has passed.
<?php
require "../login/config.php";
$host='';
$db = 'db';
$dbuser = 'dbo';
$dbpass = '';
$conn = mysql_connect($host, $dbuser, $dbpass,$db);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('db');
if(isset($_POST['submit'])) {
$name=$_POST["element_1"];
$stdatemm=$_POST["element_2_1"];
$stdatedd=$_POST["element_2_2"];
$stdateyy=$_POST["element_2_3"];
$endatemm=$_POST["element_3_1"];
$endatedd=$_POST["element_3_2"];
$endateyy=$_POST["element_3_3"];
$stdate=$stdatemm."/".$stdatedd."/".$stdateyy;
$endate=$endatemm."/".$endatedd."/".$endateyy;
$user=$_POST["postuser"];
$query = "INSERT INTO (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip','" . mysql_real_escape_string($fileName) . "','$fileSize','$fileType','" . mysql_real_escape_string($content) . "','$_POST[element_7]','" . mysql_real_escape_string($desc) . "','$user')";
} } } else
$query = "INSERT INTO (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip',' ','0',' ',' ','$_POST[element_7]','" . mysql_real_escape_string($desc) . "','$user')";
$q2=mysql_query($query) or die('Error, query failed'. mysql_error());
if($q2) {
echo ""; } else {
echo "error";
}
?>

There is no way to "automatically delete records". What you could do however includes:
cause all of your queries to disregard rows that have surpassed their end date.
Create a scheduled task/job that runs on an interval that removes records that have surpassed their end date
Write a trigger to check for outdated records to remove which could fire prior to select, update, and deletes.

Related

How to add allow punctuation with sql

I am receiving a syntax error when typing punctuation into my website form such as ' or &. I am using the below code on the page when receiving this error. What am I missing or doing wrong that will fix this issue?
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
/***************** DELETE QUERY ****************************/
$date2 = date('Y-m-d');
$qry = "DELETE FROM table WHERE STR_TO_DATE(`endate`, '%Y-%m-%d') < '".$date2."'";
$del = mysql_query($qry);
$query = "INSERT INTO table (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip','".str_replace(' ','',$name)."-".$stdate."-".$file.".png','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user')";
$q2=mysql_query($query) or die('Error, query failed'. mysql_error());
if($q2) {
echo "ok";
} else {
echo "error ".$query.mysql_error();
}
?>
The issue stems from the query line

Inserting a table in a database without knowing prefix

I have a small script that will insert two tables in a database, which works fine unless the user has changed the default prefix. I am wondering how I can call and use the "prefix" from the config file. Here is my code.
<?php
include("../../Config/config.php");
$link = mysql_connect($CONFIG['host'], $CONFIG['login'], $CONFIG['password'];
$db = ($CONFIG['database']);
if (!$link)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("$db", $link);
$sql = 'INSERT INTO settings '.
'(id, field, value) '.
'VALUES ("NULL", "show_thumbs_down", "1")';
$exec = mysql_query($sql, $link);
if (!$exec) die(mysql_error());
mysql_close($link);
?>
You can see that I call "config.php" to get the database info. That would also work to get the prefix but I'm not sure how to implement the "prefix" with the rest of the code.
FYI: I'm a newbie :)
Thanks.
I got it, here's what worked.
<?php
require_once ("../../Config/config.php");
$link = mysql_connect($CONFIG['host'], $CONFIG['login'],$CONFIG['password']);
$table_prefix = ($CONFIG['prefix']);
$db = ($CONFIG['database']);
if (!$link)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("$db", $link);
$sql = 'INSERT INTO ' . $table_prefix . 'settings'.
'(id, field, value) '.
'VALUES ("NULL", "show_thumbs_down", "1")';
$exec = mysql_query($sql, $link);
if (!$exec) die(mysql_error());
mysql_close($link);
?>
Thanks for the help BK435
Welcome!
I am assuming you can get the prefix and store it in variable. When calling your sql add this to your code ' . $TABLE_PREFIX . '. so your above insert would look something like:
$sql = 'INSERT INTO ' . $TABLE_PREFIX . 'settings '.
'(id, field, value) '.
'VALUES ("NULL", "show_thumbs_down", "1")';

I can't access a MySQL table

I have a form to user registry. Form send dates to InsertUser.php, which is the next file:
<?php
$link = mysql_connect("localhost", "root", "");
if (!$link) {
echo("ERROR");
}
else {
if (!mysql_select_db("myfacebook", $link)) {
echo("ERROR");
}
else {
$Consulta = "insert into usuarios(Nombre,Apellidos,Nick,Contraseña,Foto) values('" . $_POST["nombre"] . "','" . $_POST["apellidos"] . "','" . $_POST["nick"] . "','" . $_POST["contraseña"] . "','PruebaFoto')";
echo $Consulta;
$resultado = mysql_query($Consulta, $link) or die("Problema al insertar los datos.");
echo($resultado);
}
}
?>
When I sending and insert data, the form returns:
"Problema al insertar los datos."
I think that function mysql_query() is the problem, but I don't know repair the problem.
Let's clean this up a bit and make it a little easier to see what's going on
<?php
$link = mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("myfacebook", $link) or die(mysql_error());
$Consulta = "insert into usuarios(Nombre,Apellidos,Nick,Contraseña,Foto) values('".mysql_real_escape_string($_POST["nombre"])."','".mysql_real_escape_string($_POST["apellidos"])."','".mysql_real_escape_string($_POST["nick"])."','".mysql_real_escape_string($_POST["contraseña"])."','PruebaFoto')";
if($sql = mysql_query($Consulta)) {
echo 'success';
} else {
echo 'error';
}
You need to escape your input so you're not open to SQL injection. I used mysql_real_escape_string().
You should learn mysqli or POD instead of mysql.
I used die() in my example just to keep things clean and easy to understand.

htmlspecialchars protection isn't working

I made a function to print all the comments from a id-page. But I want to protect my site from being hacked with htmlspecialchars. So I put them arround my post that will be printed. The problem is that it isn't working? I can do whatever I want with the <>-signs.
CODE FUNCTION
public function GetAllComments($id)
{
$db = new Db();
$select = "SELECT * FROM tblcomments WHERE bug_id =" . $id . " ORDER BY comment_id DESC";
$result = $db->conn->query($select);
while($row = mysqli_fetch_assoc($result))
{
echo "<li class='description'>" . htmlspecialchars($row["comment_text"]) . "</li>";
echo "<li class='user'>" . $row['name'] . "</li>";
}
}
CODE PRINTING
if(isset($bugs)){
foreach ($bugs as $bug) {
echo " " .
$bug['bug_title'] . "" .
$bug['bug_status'] . "From:
" . $bug['name'] . " To: " .
$bug['bug_to'] . " Project: " .
$bug['project_title'] . "";
}
}
depends on what you want to save from you should use htmlspecialchars like this
htmlspecialchars(trim($variable), ENT_QUOTES);

MySQL update isn't updating

<?php
require("header.inc.php");
?>
<?php
if (isLoggedIn()) {
if (isset($_POST['CKey_Button'])) {
if (!isset($_POST['CKey'])) {
die("Error: The Character Key field was not set.");
}
}
$CKey = $_POST['CKey_Button'];
mysql_select_db("samp");
$query = mysql_query("SELECT `id` FROM `players` WHERE `CharacterKey` = '" . mysql_real_escape_string($_POST['CKey']) . "' LIMIT 1");
if (mysql_num_rows($query)) {
mysql_select_db("ucp");
mysql_query("UPDATE `users` SET `CharacterID` = '" . $CKey . "' WHERE `name` = '" . $user['name'] . "'");
header("./Dashboard.php");
exit;
}
else {
header("./index.php");
exit;
}
}
else {
header("./index.php");
exit;
}
?>
That is the code but it isn't updating and it just a blank screen, does anyone know why this could be happening(I have just started coding php so be nice if it's a newbie error).
EDIT: I have fixed it I was using $CKey as the button and not the actual key, hope this makes sense, I also changed = '" . $CKey . "' to = " . $CKey
Use mysql_error() to see if there is any error in your query
mysql_query($query) or die ('Error updating database: '.mysql_error());