im trying to update a particular user that is logged in using UPDATE mysql command, but instead it is going to the first user that is in the database itself, if you can help id appreciate it
Edit: Im wanting to increment the number of 'items' that a user has, but for the code below its only going to the first user in the database
<?php
session_start();
$dbhost = 'localhost';
$dbuser = '';
$dbpass = '';
$dbname = '';
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
or die ('Error connecting to mysql');
mysql_select_db($dbname);
$query = sprintf("UPDATE users SET item = item + 1 ",
mysql_real_escape_string($_POST['item']));
mysql_query($query);
?>
Your sprintf() call has a parameter, but no placeholder:
$query = sprintf("UPDATE users SET item = item + 1 ",
mysql_real_escape_string($_POST['item']));
Probably this is supposed to be something like the following, assuming an INT column named item
$query = sprintf("UPDATE users SET item = item + 1 WHERE item = %d ",
mysql_real_escape_string($_POST['item']));
UPDATE
If you are trying to target a specific user only, then you need that user's id or username in $_POST instead of item. You'll need to post the output of var_dump($_POST) for us to see just what values you've received in post.
Assuming a string username, use:
$query = sprintf("UPDATE users SET item = item + 1 WHERE username = '%s' ",
mysql_real_escape_string($_POST['username']));
you need some kind of where clause. specify which user you want to actually update with extra conditions.
YOu need to know which user you want to update...
$query = sprintf("UPDATE users SET item = item + 1 WHERE userId="+ $userId,
or something like that...
Related
I want to update members_roosevelt table ACCOUNT column starting with 3000+ value I also want to update ACCOUNT column on loan_roosevelt table that is related to my member_roosevelt. What's wrong with my query? Thank you!
$query1 = "SELECT ACCOUNT
FROM
`members_roosevelt`";
$result_q1 = $link->query($query1) or die($link->error);
while ($obj = $result_q1->fetch_object()) {
$members[] = $obj->ACCOUNT;
}
$ids = implode(',', $members);
$sql = "UPDATE `members_roosevelt` as `memb`
JOIN `loan_roosevelt` as `loan`
ON `memb`.`ACCOUNT` = `loan`.`ACCOUNT`
SET
(`memb`.`ACCOUNT`,
`loan`.`ACCOUNT`) = CASE ACCOUNT";
foreach ($members as $id => $ordinal) {
$sql .= sprintf("WHEN %d THEN %d ", $ordinal, (3000+$id));
}
$sql .= "END WHERE memb.ACCOUNT IN ($ids)";
$link->query($sql) or die($link->error);
SET (`memb`.`ACCOUNT`, `loan`.`ACCOUNT`) = CASE ACCOUNT...
This is simply not part of SQL syntax. You can't set two columns at a time like this. The left side of an assignment operator must be one column.
A better solution is to use a session variable.
SET #acct = 3000;
UPDATE members_roosevelt as memb
JOIN loan_roosevelt as loan
ON memb.ACCOUNT = loan.ACCOUNT
SET memb.ACCOUNT = (#acct:=#acct+1),
loan.ACCOUNT = (#acct);
This way you don't have to run the SELECT query at all, and you don't have to create a huge UPDATE statement with potentially thousands of WHEN clauses.
Demo: SQLFiddle
i was doing a insert statement and i want 2 username become 1 data and insert into database. i no sure how to do it.
here is my php and mysql
$target = $_GET['user'];
$id = $_SESSION['id'];
$targetusername = mysqli_query($connection,"SELECT username FROM user WHERE id='$target' ")or die(mysqli_error($connection));
$username= mysqli_query($connection,"SELECT username FROM user WHERE id='$id'") or die(mysqli_error($connection));
$direct_message_room_name ="INSERT INTO direct_message_room(`direct_message_room_name`,`user_1_id`,`user_2_id`) VALUES (('$targetusername' + ' and ' + '$username'),'$id','$target')";
In order to have two variables in one column, you can serialize an array, though this is generally frowned upon unless it's for a good reason.
$array = array('username'=>'user1','username2'=>'user2');
$serialize = serialize($array);
Gives you:
a:2:{s:8:"username";s:5:"user1";s:9:"username2";s:5:"user2";}
Use the unserialize() function to return it to an array. Wordpress is one notable web application that stores arrays in such a way.
On a side note, you need to use bind parameter to avoid injectable sql queries:
// Do not do this
$target = $_GET['user'];
mysqli_query($connection,"SELECT username FROM user WHERE id='$target' ")
Here is a reference:
What does bind_param accomplish?
You can concat two strings in php like so:
$StringAB = $StringA . " something " . $StringB;
$target = $_GET['user'];
$id = $_SESSION['id'];
$targetusername = mysqli_query($connection,"SELECT username FROM user WHERE id='$target' ")or die(mysqli_error($connection));
$username= mysqli_query($connection,"SELECT username FROM user WHERE id='$id'") or die(mysqli_error($connection));
$rowUserName = mysql_fetch_array($username);
$rowTargetUserName = mysql_fetch_array($targetusername );
$room_name = $rowUserName["username"] . ' and ' . $rowTargetUserName["username"]; // Create room name (assuming both exist)
$direct_message_room_name ="INSERT INTO direct_message_room(`direct_message_room_name`,`user_1_id`,`user_2_id`) VALUES ('$room_name','$id','$target')";
Low level question but, I understand that you can select elements from a table using:
$sql = "SELECT blah FROM TABLE WHERE this = 'something' ";
But when I try to select a specific value from my table, where let's say a user has no tries left so if I try to grab how many tries they have left with:
$sql = "SELECT tries FROM table WHERE user = 'something'";
How would I grab that value specifically if it was 5 or 9? I tried setting a variable equal to something I $sql off my table but it doesn't grab the value.
Edit
I have a database that has a table called Item which contains: id, name, value, and stock of a particular item. If a user wants to order that item I will first check it if's in stock with a function, to see if it is not in stock then a error message is printed, otherwise accept the order.
Extremely primitive since I'm just trying to get grab the stock value first.
$query = $_GET['query']; //id I get from the specified item
echo 'the id is: ' .$query.''; //test purposes
$mysql_handle = mysql_connect($dbhost, $dbuser, $dbpass)
or die("Error connecting to database server");
mysql_select_db($dbname, $mysql_handle)
or die("Error selecting database: $dbname");
$sql1 = "SELECT item_stock FROM chat-db.Item WHERE id = '".$query."'";
echo '' .$sql2. ''; //test purposes
whats the correct way to assign the value from that specific stock to a variable?
If you want to grab rows with a set of possible values you can use 'IN' such as:
Get all columns from users table where users have 5 or 9 tries:
SELECT * FROM users WHERE tries IN('5', '9'); or
If you want to select where the user has no tries left, assuming the tries column is a numeric type you can look for rows with 0 tries:
Get all columns from Item table where stock is 0:
SELECT * FROM db_inv.Item WHERE stock = '0';
Get all columns from users table where tries is 0:
SELECT * FROM users WHERE tries = '0';
As for your php code you should be able to do the following:
$query = $_GET['query']; //id I get from the specified item
echo 'the id is: ' . $query; //test purposes
$mysql_handle = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Error connecting to database server");
$sql1 = "SELECT item_stock FROM chat-db.Item WHERE id = '".$query."'";
$results = mysqli_query($mysql_handle, $sql1);
if (!empty($results) && mysqli_num_rows($results) > 0) {
while($rec = mysqli_fetch_array($results)) {
echo $rec['item_stock'];
}
}
I'm trying to add 2 numbers together. The first number is from the database say it's 150 it comes from the $sql1 and the second number comes from the form and is in the POST array say it's 25. Once the $sql2 is run the number in the database should be 175 but it's still 150, any ideas on what i'm missing/doing wrong?
$sql1 = "SELECT points FROM users WHERE userID = ?";
$qc1 = $pdo_conn->prepare($sql1);
$qc1->execute(array($_POST['userID']));
$result = $qc1->fetch(PDO::FETCH_ASSOC);
$points = $result + $_POST['addPoints'];
$sql2 = "UPDATE users SET points = ? WHERE userID = ?";
$qc2 = $pdo_conn->prepare($sql2);
$qc2->execute(array($points, $_POST['userID']));
Based on your code, the $result variable is going to return the response from the database as an array. Thus, in order to get the number, you need to pass the field name from your SELECT statement.
Therefore,
$points = $result + $_POST['addPoints'];
should be:
$points = $result['points'] + $_POST['addPoints'];
I would like to know if it's possible to update a MySQL value for a logged in user if he accessed a certain URL. If possible, what's the best way to do so?
Example:
MySQL, 3 columns:
username id count
Each time the user access count.php?ref=12 the "count" value should be changed (if it was 10) to 9.
I have the found the following solution and seems to be working:
$data = mysql_query("SELECT * FROM admin where username='$user_check' ")
or die(mysql_error());
while($info = mysql_fetch_array( $data ))
$status = $_GET['urlvalue'];
if($status == "0")
{
$sql = mysql_query("UPDATE admin SET count = (count - 1) where username='$user_check'");
}