My situation is that i have 2 tables in my db. The one is with alerts, the other is with devices. Alerts table has hostname, message, location, time_logged. In the alerts table I keep logs for all events happened. So the thing is that I want to take the alerts.message and for each log to update it in the devices.status (status will keep the message). So i have this sql for now:
$sql = 'SELECT alerter_db.alerts.hostname, message,time_logged, devices.hostname,status FROM
alerts,devices WHERE alerts.hostname = devices.hostname ORDER BY time_logged ASC';
and i have a
while($row = mysql_fetch_array($result) or die('error')){
$my_sql = "INSERT INTO alerter_db.devices (status) VALUE ('".$row['message']."') WHERE
devices.hostname = alerts.hostname";
mysql_query($my_sql);
But unfortunately I am little confused about the logic. So can anybody help me solve this problem ?
Related
I was happy when I got this to work but it submits the order twice unless I comment out the last two lines. Is there a better way to write it so that I don't get duplicates?
$sql = "INSERT INTO orders (weight, shipper, shipacct) VALUES ('$weight', '$shipper', '$shipacct')";
$conn->query($sql);
$recordid = $conn->insert_id;
I did this this way because I'm trying to use the record ID as the order ID. I echo this order ID back to the customer on the purchase receipt.
updated code:
$sql = "INSERT INTO orders (weight, shipper, shipacct) VALUES ('$weight', '$shipper', '$shipacct')";
$recordid = mysql_insert_id();
no duplicates, but does not return the record ID.
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
Instead, the MySQLi or PDO_MySQL extension should be used.
See also MySQL: choosing an API guide and related FAQ for more information.
Alternatives to this function include:
mysqli_insert_id()
PDO::lastInsertId()
Try the following:
$sql = "INSERT INTO orders (weight, shipper, shipacct) VALUES ('$weight', '$shipper', '$shipacct')";
$conn->query($sql);
$recordid = mysql_insert_id();
Note:
Because mysql_insert_id() acts on the last performed query, be sure to call mysql_insert_id() immediately after the query that generates the value.
Hopefully, this and this will help...
I'm working something with mysql and php and I'm trying to achieve some result for learning purposes.
So what I'm trying is to make conversation messages system and I have following:
I have 2 tables, first conversation and second conversation_messages
First table conversation looks like following:
c_id, user_one, user_two
Second table conversation_messages looks like this:
m_id, text, date, created_by, status, c_id
So in messages table I set Conversation ID and when user click conversation to open it, url change to messages.php?c_id=1 or something like that... And that's fine, becouse I get c_id from url and so on.
My question is following:
Lets say I wan't to get all messages for conversation c_id = 1. How do I query trough table and get all messages for that conversation id. Also I need to query so it return results only if logged user is involved into conversation... So logged in user can see conversation messages only if he is person/user A (user_one) or user B(user_two). How do I do that and do I need to join tables. So what is the best way to do this.
So when logged in user type manually into url messages.php?c_id=3 if he is not involved into that conversation I don't want him to see it.
Sorry I'm new here and don't know how to format code properly or anything.
Thanks in advance.
You need to get the logged user id from a session and put into the query like that
SELECT * FROM conversation_message, conversation
WHERE conversation.c_id = $ID_OF_CONVERSATION
AND (user_one = $ID_LOGGED_USER OR user_two = $ID_LOGGED_USER)
AND conversation_message.c_id = conversation.c_id
In the broad strokes, if you want to add security to a certain endpoint, you need to allow or deny access after validating user input. In the example you gave, your user input is the c_id value of 3. In a simple PHP example, you could do something like this:
$user_id = $_SESSION['user_id'];
$can_access = false;
$convo_id = $_GET['c_id'];
$safe_id = mysql_real_escape_string( $convo_id );
$rli = mysql_query( "SELECT * FROM conversation WHERE c_id = {$safe_id}" );
if( mysql_num_rows( $rli ) ) {
$convo = mysql_fetch_object( $rli );
$can_access = $convo->user_one == $user_id || $convo->user_two == $user_id;
}
Notice in this example that I pulled the "logged in" user's id from the session, which assumes that you are using sessions. There are many different ways to create "logged in" user views, and that is somewhat outside the scope of this answer. The end result here is a boolean value variable $can_access which indicates whether or not the user can access the page. Assuming they can access the page, you could pull all the messages from the now validated conversation like so:
$rli = mysql_query("SELECT * FROM conversation_messages WHERE c_id = {$safe_id}");
$messages = array();
while( $message = mysql_fetch_object( $rli ) ) {
$messages[ $message->m_id ] = $message;
}
The above gives you a PHP array containing all the messages associated with the conversation. Hope this is enough to get you started.
For my MySQL query, I need to select a specific value like:
$query = "Select * from playerdata where name = $name"
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
However, I want to take that grabbed specific table value (the * operator) and then edit that one like so:
$newquery = "insert into [I want to insert some values from the
old query's selection] [not the general table]"
I know how to use queries and how to execute them. It would be great if I could condense both the select and the insert into one query.
You can use the SQL INSERT INTO SELECT Statement
INSERT INTO table2
Select * from playerdata where name = 'Pedro';
To use this in your PHP script it would look something like this:
$nameSafe = mysql_real_escape_string($name);
$newquery = "INSERT INTO table2
Select * from playerdata where name = '$nameSafe';";
It's good to understand the aspects of security from early on and for that PHP Security Cheat Sheet is a good read.
My database system is pretty easy. I have a table with the users, and a table with 'guesses'. My site has logos, and a user can guess the name of each logo. There is a unique relation between the logo_id and the user_id. Here's the guesses table-structure:
|| id | user_id | logo_id | guess | guess_count | guessed | level | time ||
Now, when a user visits the page and isn't logged in, a user is made with the session_id and all the guesses and stuff are stored in the same structure. So the only difference is in the user-table.
Now I want the user to be able to login and keep whatever he/she just did. Of course, if the logged in account already has the logo as guessed, this shouldn't be altered. But when the logged in account has a logo as not-guessed, the guess_count of the session user should be added to the logged in user guess_count. Also the guessed should be updated. It should only do this if the time of the edit was more recent, but I think it's safe to assume that the session-guesses are more recent.
Now how I would do this, is loop through all the logos from the logged in id first where guessed = 0, then for each result do a query again to add the guess_count and store the guessed, then remove all the ones found from the session-id, then loop through all the old ones with the session-id and change the user_id to the one of the logged-in-user. Now, this is a ton of queries, so there must be a more efficiƫnt way.
Any thoughts? Sorry for the wall of text & bad explanation, databases are not my best thing.
Sorry havn't used mySQL in donkey's years, but here's an example of the stored procedure in SQL Server: Hopefully someone can help with the MySQL syntax, or you can infer it from the SQL below
CREATE PROC MergeGuesses
#UserSessionId INT,
#UserId INT
AS
--where the userId has already a guess for the logo update it
UPDATE gusr
SET gusr.guess_count = gusr.guess_count + gses.guess_count,
gusr.guessed = gses.guessed
FROM Guesses gusr
JOIN Guesses gses ON gusr.logo_id = gses.logo_id
AND gusr.time > gses.time -- more recent
WHERE gusr.user_id = #UserId
AND gses.user_id = #UserSessionId
AND gses.guessed = 0 --not yet guessed
--where there is no guess for the user yet - just update the userId
UPDATE gses
SET gses.user_id = #UserId
FROM Guesses gses
LEFT JOIN Guesses gusr ON gusr.logo_id = gses.logo_id
AND gusr.user_id = #UserId
WHERE gses.user_id = #UserSessionId
AND gusr.user_id = NULL -- there is no guess for the userId
--finally delete any rows for the sessionId that are left
DELETE FROM Guesses
WHERE user_id = #UserSessionId
Since I have no idea how to start stored procedures, I've just written it out in a few queries, but it's okay I guess.
$STH = $DBH->prepare("SELECT logo_id, guess_count, guessed, guess FROM guess WHERE user_id=:id GROUP BY logo_id");
$STH->bindParam(":id",$loginuser['id']);
$STH->execute();
while($row = $STH->fetch()){
if($row['guessed'] == 0){
$STH2 = $DBH->prepare("SELECT guess, guess_count, guessed FROM guess WHERE logo_id=:logo_id AND user_id=:id");
$STH2->bindParam(":logo_id",$row['logo_id'],PDO::PARAM_STR,20);
$STH2->bindParam(':id',$_SESSION['login'],PDO::PARAM_INT);
$STH2->execute();
$row2 = $STH2->fetch(PDO::FETCH_ASSOC);
if($row2){
$STH3 = $DBH->prepare("UPDATE guess SET guess_count=guess_count+:guess_count, guessed=:guessed, guess=:guess WHERE logo_id=:logo_id AND user_id=:id");
$data = array('guess_count'=>$row2['guess_count'],'guessed'=>$row2['guessed'],'guess'=>$row2['guess'],'logo_id'=>$row['logo_id'],'id'=>$loginuser['id']);
$STH3->execute($data);
$STH3 = $DBH->prepare("DELETE FROM guess WHERE logo_id=:logo_id AND user_id=:id");
$STH3->bindParam(":logo_id",$row['logo_id']);
$STH3->bindParam(':id',$_SESSION['login']);
$STH3->execute();
}
}else{
$STH2 = $DBH->prepare("DELETE FROM guess WHERE logo_id=:logo_id AND user_id=:id");
$STH2->bindParam(":logo_id",$row['logo_id']);
$STH2->bindParam(':id',$_SESSION['login']);
$STH2->execute();
}
}
$STH = $DBH->prepare("UPDATE guess SET user_id=:login WHERE user_id=:session"); // update all entries that are new from session
$STH->bindParam(':login',$loginuser['id']);
$STH->bindParam(':session',$_SESSION['login']);
$STH->execute();
I am trying to return a members firstname field from the table users from the last row of users.
my $dbh = DBI->connect($dsn, $db_user_name, $db_password) or die "$DBI::errstr";
my $LastID = $dbh->last_insert_id(`firstname`); ##but I want from table users
print qq~$LastID~;
This error is returned from above:
DBI last_insert_id: invalid number of arguments: got handle + 0, expected handle + between 4 and 5
Usage: $h->last_insert_id($catalog, $schema, $table_name, $field_name [, \%attr ])
So, what would be the "best" way (best being best for server, fastest, least memory, load, least amount of overhead.. whatever) to get the field firstname from the last row in the table users?
Realize my example above is not to be taken seriously as I have no idea how to do this without just doing something like my crude, but functional:
(p.s. UserID is NOT assigned by auto increment but, is in numeric order and a new user gets a higher UserID. Just the way this was when I tackled the pre existing problem.)
my $dbh = DBI->connect($dsn, $db_user_name, $db_password) or die "$DBI::errstr";
my $dsn = $dbh->prepare(qq{SELECT `firstname` FROM `users` ORDER BY ABS(UserID) DESC LIMIT ?,?});
$dsn->execute('1','1') or die "$DBI::errstr";
while(#nrow = $dsn->fetchrow_array()) {
$firstname = $nrow[0];
}
I assumed since I was using DBI that may provide the best solution but, I am inexperienced obviously and need some advice and guidance to learn the proper way to do this. Thanks for any assistance.
You mention that UserID is not auto incrementing, so I'm not sure if last_insert_id will work in this situation. It may, but I'm just not sure. The document states:
Typically this would be a value assigned by the database server to a
column with an auto_increment or serial type.
I would look to solve this by just using a SQL statement:
SELECT
u.firstname
FROM
users u
JOIN
(
SELECT
MAX(UserID) AS UserID
FROM
users
) t ON u.UserID = t.UserID
The code with DBI would then look like this:
my $stmt = 'SELECT u.firstname FROM users u JOIN(SELECT MAX(UserID) AS UserID FROM users) t ON u.UserID = t.UserID';
my $first_name = ($dbh->selectrow_array($stmt))[0];
last_insert_id method takes 4 args. Use like this:
my $id = $connection->last_insert_id(undef, 'myschemaname', 'mytablename', 'mycolumnname');
See the DBI pod.