I'm not sure what's missing with this update call, here's my code:
$table = new Application_Model_DbTable_ProductContaminant();
$db = $table->getAdapter();
$db->getProfiler()->setEnabled(true);
$data = array('value' => '999');
$where[] = $db->quoteInto('product_id = ?', $q['product_id']);
$where[] = $db->quoteInto('contaminant_id = ?', $k);
$table->update($data, $where);
print $db->getProfiler()->getLastQueryProfile()->getQuery();
And the profiler output is:
UPDATE `product_contaminants` SET `value` = ? WHERE (product_id = '4802') AND (contaminant_id = 69)
Why isn't 'value' being populated??
Value isn't populated because getQuery will only return a prepared statement with parameter placeholders. If you want the parameters used when it updates try this:
$db->getProfiler()->getLastQueryProfile()->getQueryParams()
More info here.
Related
After uploading a csv file, I am trying to insert its contents into my database table. I have this query:
$connect = mysql_connect("localhost","root","");
mysql_select_db("dbtest",$connect);
//get the file
$handle = fopen($filename,"r");
do {
if (isset($data[0])) {
$data0 = mysql_real_escape_string($data[0]); //rcode
$data1 = mysql_real_escape_string($data[1]); //pcode
$data2 = mysql_real_escape_string($data[2]); //mcode
$data3 = mysql_real_escape_string($data[3]); //bcode
$data4 = mysql_real_escape_string($data[4]); //ecode
$data5 = mysql_real_escape_string($data[5]); //filetype
$data6 = mysql_real_escape_string($data[6]); //rec_count
$data7 = mysql_real_escape_string($data[7]); //gen_count
$data8 = mysql_real_escape_string($data[8]); //qc_count
$data9 = mysql_real_escape_string($data[9]); //be_count
$data10 = mysql_real_escape_string($data[10]); //trn_count
$query = "INSERT INTO tbltest(rcode,pcode,mcode,bcode,ecode,filetype,rec_count,
gen_count,qc_count,be_count,trn_count) VALUES ('$data0','$data1','$data2',
'$data3', '$data4', '$data5', '$data6', '$data7', '$data8', '$data9', '$data10')
ON DUPLICATE KEY UPDATE rec_count=values(rec_count),gen_count=values(gen_count),
qc_count=values(qc_count), be_count=values(be_count), trn_count=values(trn_count)";
mysql_query ($query,$connect) ;
}
} while ($data = fgetcsv($handle,1000,"|"));
And it's working neatly but then as the database was re-structured, I just then need to update the database table as rcode to filetype has values already and I just need to insert values of rec_count to trn_count. So my first query INSERT INTO ... ON DUPLICATE KEY UPDATE has been change to UPDATE only. And so I did this:
$query = "UPDATE tbltest SET (rec_count='$data6', gen_count = '$data7',
qc_count = '$data8', be_count = '$data9', trn_count= '$data10') WHERE
(rcode = '$data0', pcode = '$data1', mcode = '$data2', bcode = '$data3',
ecode = '$data4', filetype = '$data5')";
My problem now is that, my UPDATE seems to be not working as it doesn't update the database table. Bu when I did this;
$query = "UPDATE tbltest SET rcode = '5'";
The database is being updated. When I tried echo $query;, the echo responds the correct data (from the csv). I just cannot figure why it doesn't insert these data into the database. Kindly help. Thanks
Your SQL syntax is incorrect. The statement should read something like
UPDATE tbltest
SET rec_count='...', gen_count = '...', ...
WHERE rcode = '...' AND pcode = '...' AND ...
See MySQL UPDATE syntax.
I am a relative novice and could use some help with this problem.
This will be used in a search filter situation.
Users need to search by a value and 1 or more other values passed by the search form.
$name = $_POST['name'];
$sdate = $_POST['sdate'];
$startdate = $_POST['startdate'];
$enddate = $_POST['enddate'];
$vehicle = $_POST['vehicle'];
$triptype = $_POST['triptype'];
If any of these values are '' I do not want them in the query, If they contain a value I do want them in the query.
SELECT * FROM form_data WHERE `resp_person` = '$name',
IF $sdate != '' then `sdate` = '$sdate',
IF $startdate != '' then `sdate` = *all values between $startdate and $enddate*,
IF $triptype != '' then `triptype` = '$vehicle',
IF $vehicle != '' then `vehicle` = '$vehicle', `sdate`
ORDER BY `sdate` DESC, `stime` DESC")
I know the code is wrong but it should give you a good idea of what I am trying to accomplish. Any guidance would be greatly appreciated.
A better way is to not use string concatenation to build the entire query, but rather use an sql library that supports prepared statements, such as PDO.
$pdo = new PDO('... connection string ...', username, password);
$where = '';
$possible_values = array('name', 'sdate', 'startdate', 'enddate', 'vehicle', 'triptype' );
$params = array();
foreach($possible_values as $val)
{
if(isset($_POST[$val]))
{
$params[] = $_POST[$val];
if($where == '')
{
$where = "WHERE $val = ?";
}
else
{
$where .= " AND $val = ?";
}
}
}
$stmt = $pdo->prepare("SELECT * FROM form_data " . $where);
$stmt->execute($params);
In cases like this, I prefer to build the query in pieces...
$wheres = array(); // Collect things to AND together
if ($searchterm != 'All') $wheres[] = "subject LIKE '%searchterm'";
if (...) $wheres[] = "...'";
...
if (count($wheres) > 0)
$where_str = "WHERE " . implode(' AND ', $wheres);
else
$where_str = '';
$order_str = (...) ? "ORDER BY ..." : '';
$limit_str = $limit ? "LIMIT $limit" : '';
$query = "SELECT ... FROM foo $where_str $order_str $limit_str";
Oh, and don't forget to use escape the strings on any data coming in from a form -- else a user can do nasty things to the SQL statement!
I have two query:
$select1 = $this->select()
->from(array('o'=>'table1'), array('*', 'o.field2 AS shared'))
->where('field4= ?', $input);
$select2 = $this->select()
->from(array('i'=>'table2'), array('*', 'ch.field1 AS shared'))
->where('ch.field5= ?', $input);
Both query works successfully. However, it does not work with the following union function even with shared parameter name. How come?
//Merge both query
$selectboth = $this->select()
->union(array($select1, $select2))
->order('shared');
$obj = $this->dbo->fetchRow($selectboth);
I am suspecting my fetchRow is the one causing this error in fetching.
if you have number of column same in both sql so you can ran into this issue:
http://framework.zend.com/issues/browse/ZF-4338
for example:
$select_q1 = $db->select()->...;
$select_q2 = $db->select()->...;
$main_select = $db->select()->union( array( '('.$select_q1 .')', '('.$select_q2 .')' ) );
In making database queries in Zend Framework 2, how should I be sanitizing user submitted values? For example, $id in the following SQL
$this->tableGateway->adapter->query(
"UPDATE comments SET spam_votes = spam_votes + 1 WHERE comment_id = '$id'",
\Zend\Db\Adapter\Adapter::QUERY_MODE_EXECUTE
);
You can pass parameters when you execute..
$statement = $this->getAdapter()->query("Select * from test WHERE id = ?");
$result = $statement->execute(array(99));
$resultSet = new ResultSet;
$resultSet->initialize($result);
You can also pass them directly to the query method
$statement = $this->getAdapter()->query(
"Select * from test WHERE id = ?",
array(99)
);
$result = $statement->execute();
$resultSet = new ResultSet;
$resultSet->initialize($result);
Both will produce the query "Select * from test WHERE id = '99'"
If you want to use named parameters:
$statement = $this->getAdapter()->query("Select * from test WHERE id = :id");
$result = $statement->execute(array(
':id' => 99
));
$resultSet = new ResultSet;
$resultSet->initialize($result);
If you want to quote your table/field names etc:
$tablename = $adapter->platform->quoteIdentifier('tablename');
$statement = $this->getAdapter()->query("Select * from {$tablename} WHERE id = :id");
$result = $statement->execute(array(
':id' => 99
));
I am using Zend Framework. I have tree tables. Users and Groups and one table linking them.
I want to increment a field from users of a given group. To increment one User I do:
$table = 'users';
$update = array(
'ACLVersion' => new Zend_Db_Expr('ACLVersion + 1')
);
$where[] = $db->quoteInto('id = ?', $user);
$db->update($table, $update, $where);
I tried to use multiple wheres.
I have no clue how to join the tables in a where with Zend.
To use a JOIN with Zend_Db_Table, you have to disable the integrity check.
See example #27 in the ZF Reference Guide for Zend_Db_Table:
$table = new Bugs();
// retrieve with from part set, important when joining
$select = $table->select(Zend_Db_Table::SELECT_WITH_FROM_PART);
$select->setIntegrityCheck(false)
->where('bug_status = ?', 'NEW')
->join('accounts', 'accounts.account_name = bugs.reported_by')
->where('accounts.account_name = ?', 'Bob');
$rows = $table->fetchAll($select);
Note that disabling the integrity check will also disable some of the automagic of the resulting recordset:
The resulting row or rowset will be
returned as a 'locked' row (meaning
the save(), delete() and any
field-setting methods will throw an
exception).
Load $num with a array of id's from a given group
The following code will do the job
$table = 'users';
$update = array(
'ACLVersion' => new Zend_Db_Expr('ACLVersion + 1')
);
$where = $db->quoteInto('id IN (?)', $num);
$db->update($table, $update, $where);