<?php
require("header.inc.php");
?>
<?php
if (isLoggedIn()) {
if (isset($_POST['CKey_Button'])) {
if (!isset($_POST['CKey'])) {
die("Error: The Character Key field was not set.");
}
}
$CKey = $_POST['CKey_Button'];
mysql_select_db("samp");
$query = mysql_query("SELECT `id` FROM `players` WHERE `CharacterKey` = '" . mysql_real_escape_string($_POST['CKey']) . "' LIMIT 1");
if (mysql_num_rows($query)) {
mysql_select_db("ucp");
mysql_query("UPDATE `users` SET `CharacterID` = '" . $CKey . "' WHERE `name` = '" . $user['name'] . "'");
header("./Dashboard.php");
exit;
}
else {
header("./index.php");
exit;
}
}
else {
header("./index.php");
exit;
}
?>
That is the code but it isn't updating and it just a blank screen, does anyone know why this could be happening(I have just started coding php so be nice if it's a newbie error).
EDIT: I have fixed it I was using $CKey as the button and not the actual key, hope this makes sense, I also changed = '" . $CKey . "' to = " . $CKey
Use mysql_error() to see if there is any error in your query
mysql_query($query) or die ('Error updating database: '.mysql_error());
Related
I am receiving a syntax error when typing punctuation into my website form such as ' or &. I am using the below code on the page when receiving this error. What am I missing or doing wrong that will fix this issue?
$name=$_REQUEST["title"];
$stdate=$_REQUEST["sdate"];
$endate=$_REQUEST["edate"];
$staddr=$_REQUEST["staddr"];
$addr2=$_REQUEST["staddr2"];
$city=$_REQUEST["city"];
$state=$_REQUEST["state"];
$zip=$_REQUEST["zip"];
$desc=$_REQUEST["desc"];
$file=$_REQUEST['photo'];
$link=$_REQUEST["link"];
$user=$_REQUEST["user"];
/***************** DELETE QUERY ****************************/
$date2 = date('Y-m-d');
$qry = "DELETE FROM table WHERE STR_TO_DATE(`endate`, '%Y-%m-%d') < '".$date2."'";
$del = mysql_query($qry);
$query = "INSERT INTO table (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip','".str_replace(' ','',$name)."-".$stdate."-".$file.".png','0',' ',' ','" . mysql_real_escape_string($link)."','" . mysql_real_escape_string($desc) . "','$user')";
$q2=mysql_query($query) or die('Error, query failed'. mysql_error());
if($q2) {
echo "ok";
} else {
echo "error ".$query.mysql_error();
}
?>
The issue stems from the query line
What can I add to this to make the record delete automatically after the endate has passed? I would like to post to automatically delete from the database after the endate has passed.
<?php
require "../login/config.php";
$host='';
$db = 'db';
$dbuser = 'dbo';
$dbpass = '';
$conn = mysql_connect($host, $dbuser, $dbpass,$db);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('db');
if(isset($_POST['submit'])) {
$name=$_POST["element_1"];
$stdatemm=$_POST["element_2_1"];
$stdatedd=$_POST["element_2_2"];
$stdateyy=$_POST["element_2_3"];
$endatemm=$_POST["element_3_1"];
$endatedd=$_POST["element_3_2"];
$endateyy=$_POST["element_3_3"];
$stdate=$stdatemm."/".$stdatedd."/".$stdateyy;
$endate=$endatemm."/".$endatedd."/".$endateyy;
$user=$_POST["postuser"];
$query = "INSERT INTO (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip','" . mysql_real_escape_string($fileName) . "','$fileSize','$fileType','" . mysql_real_escape_string($content) . "','$_POST[element_7]','" . mysql_real_escape_string($desc) . "','$user')";
} } } else
$query = "INSERT INTO (fname,stdate,endate,addr1,addr2,city,state,zip,name,size,type,content,link,description,user) VALUES('" . mysql_real_escape_string($name) . "','$stdate','$endate','" . mysql_real_escape_string($staddr) . "','" . mysql_real_escape_string($addr2) . "','$city','$state','$zip',' ','0',' ',' ','$_POST[element_7]','" . mysql_real_escape_string($desc) . "','$user')";
$q2=mysql_query($query) or die('Error, query failed'. mysql_error());
if($q2) {
echo ""; } else {
echo "error";
}
?>
There is no way to "automatically delete records". What you could do however includes:
cause all of your queries to disregard rows that have surpassed their end date.
Create a scheduled task/job that runs on an interval that removes records that have surpassed their end date
Write a trigger to check for outdated records to remove which could fire prior to select, update, and deletes.
I'm trying to build a members-system in which you can view certain values from a database.
It worked, so that was great, but I'm having a problem now because I'm using a NULL value on 'age'.
When viewing a profile page, it looks like this:
$id = $_GET["id"];
$result = mysql_query("SELECT * FROM membersfromsite WHERE `idofmember`=$_GET[id]");
$row = mysql_fetch_array($result);
echo "<b>" . $row['userusername'] . "</b>: </p>"; ?>
<?php
$id = $_GET["id"];
$result = mysql_query("SELECT * FROM membersfromsite WHERE `idofmember`=$_GET[id]");
$noage = mysql_query("SELECT ISNULL([age]) FROM membersfromsite WHERE `idofmember`=$_GET[id]");
while ($row = mysql_fetch_array($result))
{
echo "<p class='middle'>id-number: " . $row['idofmember'] . "<br>";
echo "Username: " . $row['userusername'] . "<br>";
if ($noage)
{
echo "Age not specified";
}
else
{
echo "Age: " .$row['age'] ;
}
}
I have tried all kinds of other things, but the problem which I 'm having is that it either returns 'Age not specified' on every userpage or the age on every userpage, including the pages with a NULL value, which makes it look like:
Age:
The code which you can see above returns the age on every page, including the pages with an age which is set to NULL. What I don't understand is if I change the code to this:
$noage = mysql_query("SELECT * FROM membersfromsite WHERE `idofmember`=$_GET[id] AND age IS NULL");
it simply doesn't work. Since I'm using IS NULL instead of = NULL I don't really see why this shouldn't work, but I guess it has to do with the IF which is inside the 'while' thing, I don't really see in what other way I could fix this though...
I'm having an idea what the problem is, because I think that there is already a MyQS, Query done with Results and $noage is maybe ignored because of this, but I don't know how to solve this.
You don't need to do a whole separate $noage query.
Just do:
if(!$row['age'])
{
echo "Age not specified";
}
else
{
echo "Age: " .$row['age'] ;
}
Instead of if($noage) use if(!$row['age']) and skip the second query.
The other reason your code does not work is that the second query returns an array with something like array('expr1' => 0) which is not false. You only get a false result if nothing is found.
The reason why = NULL does not work? There are books written about it, it is just as it is.
Rather than relying on MySQL to tell us if no age was found or not, we can programatically determine whether the age value is Null right in PHP.
Here is an example:
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM membersfromsite WHERE `idofmember` = '" . mysql_real_escape_string($id) . "'");
while($row = mysql_fetch_array($result)) {
echo '<p class='middle'>id-number: ' . $row['idofmember'] . '<br>';
echo 'Username: ' . $row['userusername'] . '<br>';
if($row['age'] === Null) {
echo "Age not specified";
} else {
echo "Age: " .$row['age'] ;
}
}
I have a form to user registry. Form send dates to InsertUser.php, which is the next file:
<?php
$link = mysql_connect("localhost", "root", "");
if (!$link) {
echo("ERROR");
}
else {
if (!mysql_select_db("myfacebook", $link)) {
echo("ERROR");
}
else {
$Consulta = "insert into usuarios(Nombre,Apellidos,Nick,Contraseña,Foto) values('" . $_POST["nombre"] . "','" . $_POST["apellidos"] . "','" . $_POST["nick"] . "','" . $_POST["contraseña"] . "','PruebaFoto')";
echo $Consulta;
$resultado = mysql_query($Consulta, $link) or die("Problema al insertar los datos.");
echo($resultado);
}
}
?>
When I sending and insert data, the form returns:
"Problema al insertar los datos."
I think that function mysql_query() is the problem, but I don't know repair the problem.
Let's clean this up a bit and make it a little easier to see what's going on
<?php
$link = mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("myfacebook", $link) or die(mysql_error());
$Consulta = "insert into usuarios(Nombre,Apellidos,Nick,Contraseña,Foto) values('".mysql_real_escape_string($_POST["nombre"])."','".mysql_real_escape_string($_POST["apellidos"])."','".mysql_real_escape_string($_POST["nick"])."','".mysql_real_escape_string($_POST["contraseña"])."','PruebaFoto')";
if($sql = mysql_query($Consulta)) {
echo 'success';
} else {
echo 'error';
}
You need to escape your input so you're not open to SQL injection. I used mysql_real_escape_string().
You should learn mysqli or POD instead of mysql.
I used die() in my example just to keep things clean and easy to understand.
I made a function to print all the comments from a id-page. But I want to protect my site from being hacked with htmlspecialchars. So I put them arround my post that will be printed. The problem is that it isn't working? I can do whatever I want with the <>-signs.
CODE FUNCTION
public function GetAllComments($id)
{
$db = new Db();
$select = "SELECT * FROM tblcomments WHERE bug_id =" . $id . " ORDER BY comment_id DESC";
$result = $db->conn->query($select);
while($row = mysqli_fetch_assoc($result))
{
echo "<li class='description'>" . htmlspecialchars($row["comment_text"]) . "</li>";
echo "<li class='user'>" . $row['name'] . "</li>";
}
}
CODE PRINTING
if(isset($bugs)){
foreach ($bugs as $bug) {
echo " " .
$bug['bug_title'] . "" .
$bug['bug_status'] . "From:
" . $bug['name'] . " To: " .
$bug['bug_to'] . " Project: " .
$bug['project_title'] . "";
}
}
depends on what you want to save from you should use htmlspecialchars like this
htmlspecialchars(trim($variable), ENT_QUOTES);