|
PHP - Apostrophe And Mysql Update
I am having trouble, because I am trying to enter a string, such as this into a database field:
$string = "There's trouble ahead because they're silly."; Ofcourse, MySQL craps out because of the apostrophes. So I did this: $string = mysql_real_escape_string($string); This is entered into the database, however it is entered as this: "There\'s trouble ahead because they\'re silly." I was wondering how I can enter apostrophes, without entering a backslash, because now when I pull the text from the DB and display it on a page, I get a backslash in front of all apostrophes. HELP! Please! Is the only way around this to add slashes, then use stripslashes() when displaying text?? Similar TutorialsLet me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid... I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries . In the past I've never done this. What does the ` do? I understand about single quotes and double quotes, but haven't come across the ` being used. What's the deal? This is something I've been trying to figure out for some time. I've read blogs and other forums and am still not clear.
Seems that when I pass a variable that has Apostrophe's in the variable, from a form page to the submit page and insert it into the MySql DB table, it inserts OK without any / before the apostrophe.
On the other hand on the same submit page, there is a select query from another table and there are variables with apostrophe's. These queried variables keep the variables from the form page and the queried DB from inserting into a new table.
So I use mysql_real_escape_string () for the variables queried from the table to be inserted into the new table, don't use mysql_real_escape_string () on the variables passed frm the form page, and everything inserts into the new table just fine. Displays with no forward slashes.
My confusion comes from when to use mysql_real_escape_string (), stripslashes () and htmlspecialchars().
Also in the reading I was doing, it looks like mysql_real_escape_string () is being replaced with mysqli_real_escape_string (), but when I tried to use it on a variable queried from the DB something like
$username = mysqli_real_escape_string ( $s['username'] )( $s being 'foreach ( $result as $s )' from the select query. Thanks in advance for shedding any light on this. Can anyone post a generic update function to update mysql table. The manual approach: update $tablename set $column1='a', $column2='b' where $id=$value; Please help me with this: been doing this for 2 days and still cannot solve it. it won't update... I have attached my file: <?php include('connect-database.php'); if (isset($_POST['submit']) AND $_POST['submit'] == 'update') { $error = false; extract($_POST); if (empty($full_name)) $error = true; if (!$error) { $update = "UPDATE users SET full_name = '$full_name', WHERE id=$id "; mysql_query($update) or die(mysql_error() . "<br><br>" . $update); $full_name = ''; $message = "Record successfully updated."; } else { $message = "There is an error in your entry"; } } else { $id = intval(isset($_GET['id']) ? $_GET['id'] : 0); } if ($id == 0) { echo "<div style='margin-bottom:10px'>Invalid ID.</div>"; exit; } $query = "SELECT * FROM users WHERE id=$id"; $result = mysql_query($query) or die(mysql_error() . "<br><br>" . $query); if (mysql_num_rows($result) == 0) { echo "<div style='margin-bottom:10px'>Record Not Found in Database!</div>"; exit; } $row = mysql_fetch_array($result); extract($row); ?> <div id="mainContent" class="tab_container"> <div id="tab1" class="tab_content"> <h1>Edit Personal Data</h1> <div style="color:red;font-weight:bold"><? echo $message; ?></div> <form name="submit" action="" method="post"> <ul> <li><b>ID # :</b> <?php echo $id?></li> <li><b>Name :</b> <input type="text" name="full_name" id="" size="30" value="<?php echo $full_name ?>" /></li> <li><b>Address :</b> <input type="text" name="address" id="" size="55" maxlength="100" value="<?php echo $address ?>" /></li> <li><b>Contact Number :</b> <input type="text" name="contact_number" id="" size="11" value="<?php echo $contact_number ?>" /></li> <li><b>Email Address :</b> <input type="text" name="user_email" id="" size="30" value="<?php echo $user_email ?>" /></li> <li><b>Status :</b> <input type="text" name="status" id="" size="10" value="<?php echo $status ?>" /></li> <li><b>Nationality :</b> <input type="text" name="nationality" id="" size="20" value="<?php echo $nationality ?>" /></li> <li><b>Religion :</b> <input type="text" name="religion" id="" size="20" value="<?php echo $religion ?>" /></li> </ul> <h2>Self Description</h2> <p><textarea rows="9" cols="40" name="self_description" ><?php echo $self_description ?></textarea></p> <input type="hidden" name="id" value="<?php echo $id; ?>" /> <input type="submit" name="submit" value="update" /> </form> </div> I have made this, although i can not seem to the status... changeapp.php Code: [Select] <form method="post" name="memberadd" action="change_app_complete.php"> <label>Name:</label> <select name="member"> <?php $con = mysql_connect("host","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("database",$con); $sqlquery="SELECT * FROM `application` Order By Name"; $result=mysql_query($sqlquery,$con); while($row=mysql_fetch_array($result)) { echo "<option value='".$row['ID']."'>".$row['Name']." (".$row['Status'].")</option>"; } ?> </select> <br> <label>Status:</label> <select name="Status"> <option value="PENDING">PENDING</option> <option value="ACCEPTED">ACCEPTED</option> <option value="DENIED">DENIED</option> <br> <input type="submit" value="submit" /> </form> change_app_complete.php Code: [Select] <?php $status=$_POST['Status']; $con = mysql_connect("host","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("database",$con); $sql="UPDATE application SET Status = '$status' WHERE Name= '$member'"; if(mysql_query($sql,$con)) { echo 'Status Changed.<br /><a href="../applications.php">Return To Members List</a>'; } else { die('Could not submit: ' . mysql_error()); } mysql_close($con); ?> What is wrong? I have lost my record when I run the code below, all fields are empty... Code: [Select] <a href='edit.php?id={$info['person_id']}'><font color='#00AE0A'>Edit User</font> </a> Code: [Select] $sql = "SELECT * FROM person WHERE person_id='{$_REQUEST['id']}' "; $result = mysql_query($sql); if (!$result) { echo("<p>Error performing query: " . mysql_error() . "</p>"); exit(); } if ($row = @mysql_fetch_array($result, MYSQL_ASSOC)) { print " <form action='<?php echo $PHP_SELF;?>' method=\"post\"> <table> <tr> <td><strong>Name</strong></td> <td><input type=\"text\" name=\"fname\" size=\"60\" value=\"$row[fname]\"></td> </tr> <tr> <td><strong>Surname</strong></td> <td><input type=\"text\" name=\"lname\" size=\"60\" value=\"$row[lname]\"></td> </tr> <tr> <td><strong>Email</strong></td> <td><input type=\"text\" name=\"email\" size=\"60\" value=\"$row[email]\"></td> </tr> <tr> <td><strong>Committee</strong></td> <td><input type=\"text\" name=\"committee_no\" size=\"60\" value=\"$row[committee_no]\"></td> </tr> <tr> <td><INPUT type=\"submit\" value=\"Send\"> </td> </tr> </table></form> "; } else { echo("There has been an error" . mysql_error()); } /* closes connection */ ?> <?php $control = mysql_query(" UPDATE person SET fname='{$_REQUEST['fname']}' , lname='{$_REQUEST['lname']}' , email='{$_REQUEST['email']}', committee_no='{$_REQUEST['committee_no']}' WHERE person_id='{$_REQUEST['id']}'"); if($control) { header("Location:".$_SERVER["HTTP_REFERER"].""); } ?> Hey, I have this code, and it's ment to change the name / content of a page that is being put onto a page. Both of the include files are fine as it works for other actions, but this one just returns the error. <?php include "../includes/mysql_connect.php"; include "../includes/info_files.php"; if(isset($_POST['submitted'])) { mysql_query("UPDATE `pages` SET name='$_POST[name]' AND SET content='$_POST[content]' AND SET catt='$_POST[catt]' AND SET page='$_POST[page]' WHERE id='$_POST[id]'") or die('Edit failed'); echo "Page made.<br /><br />"; }else{ $result = mysql_query("SELECT * FROM pages WHERE id='$_GET[page]'"); while($row = mysql_fetch_array($result)) { echo '<form action="" method="post">'; echo '<input type="hidden" name="id" value="' . $row['id'] . '" /><br />'; echo '<strong>Edit: ' . $row['name'] . '</strong><br />'; echo 'Name: <input type="text" name="name" value="' . $row['name'] . '" /><br />'; echo 'Category: <input type="text" name="catt" value="' . $row['catt'] . '" /><br />'; echo 'Page: <input type="text" name="page" value="' . $row['page'] . '" /><br />'; echo '<textarea rows="25" cols="60" name="content">' . $row['content'] . '</textarea><br />'; echo '<input type="submit" name="submitted" value="Edit" />'; echo '</form>'; } } ?> Any help would be great. So i have this following code that doesn't work So there is this code I have here : http://pastebin.com/rwcN7FeJ and I need to find a way to incorporate this code that user Barand gave me Code: [Select] $referName = mysql_real_escape_string($gateway_data['refer']); $query = "UPDATE users a INNER JOIN users b ON a.refer = b.nick SET a.refer = '', b.balance = b.balance + 5 WHERE b.refer = '$referName'"; mysql_query($query); But I havent the damnedest how to do that. If anyone could help me at all, it would be appreciated. Code: [Select] if(isset($_POST['npassword']) and ($_POST['cpassword'])){ $npassword = $_POST['npassword']; $cpassword = $_POST['cpassword']; $username = $_SESSION['SESS_login']; if($npassword==$cpassword){ $password = md5($npassword); $lol = mysql_query("UPDATE `members` SET `passwd` = '$password' WHERE `login`= '$username';"); echo"Password Changed!"; } } It echos password changed, but its not updating the password. If I run it in phpmyadmin it works fine... So i'm really stuck. Is there something seriously wrong with this code that im missing ? I have written it at least 10-12 different ways and it will NOT update my db.. Code: [Select] <?php mysql_connect('localhost','root',''); mysql_select_db('myDB'); $dates = $_POST['date']; $store = $_POST['store']; // these actually display the correct information mysql_query = ("UPDATE Agency Stores - Table 1 SET date = '".$date."' WHERE F3 = '".$store."' "); ?> there are several other columns in the table. I have tried to put them in as the value they already have and it still didnt work... any ideas ? I have this query: Code: [Select] $sql3 = "UPDATE users SET hours = '$newHours', pay = '$newPay', virtualLocation = '$arrival', expDate = '$expDate' WHERE pilotID = '$pilotid'"; I've echoed it out and all the variables put out the correct values. The query works except for the pay section of it. It will update the hours, virtual location, and expiration date but it will not update the pay. It inputs 1.00 when the value echoed in the query is not 1.00. I'm not sure if, because it is a decimal, it changes how the query works. Any help? Thanks. Code: [Select] <?php $querySelect = mysql_query("SELECT * FROM `G4V_Videos` WHERE `counter`"); $row = mysql_fetch_assoc($querySelect); $counter = $row['counter']; if (empty($counter)) { $counter = 1; $insert = mysql_query ("INSERT INTO counter VALUES ('counter')"); $printid = (print $data['id']); $printlink = (print $data['link']); } $add = $counter+1; $insertNew = mysql_query("UPDATE G4V_Videos SET counter=('$add') WHERE id = ('$printid') AND link = ('$printlink')") or die (mysql_error()); echo "Video Views"; echo ":"; echo" "; echo"<br />"; echo "$counter"; ?> It shows the same amount of hits on everyvideo instead of just the one video with the id www.game4vids.com this is what i have so far but i cant get it to update the data update page <?php $host="localhost"; // Host name $username="**"; // Mysql username $password="*****"; // Mysql password $db_name="manews"; // Database name $tbl_name="Shows"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // get value of id that sent from address bar $id=$_GET['id']; // Retrieve data from database $sql="SELECT * FROM $tbl_name WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="update_ac.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td> </td> <td colspan="3"><strong>Update data in mysql</strong> </td> </tr> <tr> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> </tr> <tr> <td align="center"> </td> <td align="center"><strong>Day</strong></td> <td align="center"><strong>Month</strong></td> <td align="center"><strong>Year</strong></td> <td align="center"><strong>Song</strong></td> <td align="center"><strong>Data</strong></td> </tr> <tr> <td> </td> <td align="center"><input name="Day" type="text" id="Day" value="<? echo $rows['Day']; ?>"></td> <td align="center"><input name="Month" type="text" id="Month" value="<? echo $rows['Month']; ?>"></td> <td align="center"><input name="Year" type="text" id="Year" value="<? echo $rows['Year']; ?>" size="15"></td> <td align="center"><input name="Song" type="text" id="Song" value="<? echo $rows['Song']; ?>"></td> <td align="center"><input name="Data" type="text" id="Data" value="<? echo $rows['Data']; ?>" size="15"></td> </tr> <tr> <td> </td> <td><input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"></td> <td align="center"><input type="submit" name="Submit" value="Submit"></td> <td> </td> </tr> </table> </td> </form> </tr> </table> <? // close connection mysql_close(); ?> update script <?php $host="localhost"; // Host name $username="**"; // Mysql username $password="**"; // Mysql password $db_name="manews"; // Database name $tbl_name="Shows"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // update data in mysql database $sql="UPDATE $tbl_name SET Day='$Day', Month='$Month', Year='$Year', Year='$Song', Year='$Data' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; } else { echo "ERROR"; } ?> I am trying to update the content of my website which is all stored in a MySQL database. Currently on the page I am displaying all the data stored in the database using MySQL SELECT and a while loop. Using JavaScript when the text is clicked the element changes into a text box allowing the text to be edited. What I want to do is be able to change the data in the text box and then store it into the database updating the current data. Code: [Select] <form method="post" action="editindex.php"> <?php $sql = "SELECT * FROM home ORDER BY id ASC"; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)){ echo "<span id=\"itm1\" onclick=\"exchange(this);\">" . $row['title'] . "</span><input ondblclick=\"exchange(this);\" id=\"itm1b\" class=\"replace\" type=\"text\ name=\"title\">";?> <input type="submit" value="Save" name="submit"> <input type="hidden" name="id" value="<?php $row['id'] ?>" </form> <?php if (isset ($_POST['submit'])) { $update = "UPDATE home SET title=".$_POST['title']." WHERE id=".$_POST['id'].""; mysql_query($update); } ?> I have more text being output from the while loop below but I just want to get it working on the title first. Any ideas of why the update is not working? I have the following code that when used seperately work. How would I write an if..else statement that will make them work together? The following code give me an Parse Error, syntax error unexpected T_string. The following if my code I have tried, Code: [Select] if (SELECT tournament FROM weekly_picks WHERE tournament = '$tournament') mysql_query("UPDATE weekly_picks SET player = '$golfer' WHERE tournament = '$tournament' AND user = '$usr'"); else mysql_query("INSERT INTO weekly_picks (t_id, tournament, user, player, backup, timestamp) VALUES ('$t_id', '$tournament', '$usr', '$golfer', '$backup', '$time')",$link) or die('Error, insert query failed'); I also know that values are being stored in the variables. Thanks for reading my post. How can I update the ten rows from MYSQL Thanks in advance Hi guys, I am trying to UPDATE some records on a mySQL database but can't seem to find out why it is not working. This is my code. Code: [Select] <?php $latitude = $_POST['lat_location']; $longitude = $_POST['long_location']; $unique_ID = $_POST['unique_ID']; include('connect2.php'); $query = mysql_query("SELECT * FROM user_location WHERE unit = '$unique_ID'"); $numrows = mysql_num_rows($query); if ($numrows == 1) { $query2="UPDATE user_location SET lat = '$latitude', long = '$longitude' WHERE unit = '$unique_ID'"; mysql_query($query2); $test = "matches"; } else { mysql_query("INSERT INTO user_location VALUES ('','$unique_ID','$latitude','$longitude')"); $test = "not match"; } echo $test . "<br />"; echo $numrows; ?> The script receives the data via the POST method and assigns it to variables. Then I query the database for one of those variables and check how many results are found. If 0 results are found then a new record is created on the database, but if there is 1 record found then the record that is found has to be UPDATED. When the result is 0 the scripts creates the new record fine, but if the result is 1 it doesn't update. I just can't figure out why. Any help will be greatly appreciated. Thanks in advanced, Hi,
Im having a problem and I can't seem to figure it out or find anything on the net.
If I use the following code the script successfully updates every row in the table:
mysqli_query($con,"UPDATE Ads SET Ads_LocalArea='Stroud'");However if I try updating the table using the WHERE clause in any of the combinations below nothing happens. mysqli_query($con,"UPDATE Ads SET Ads_LocalArea='Stroud' WHERE Ads_ID=$DBROWID");---------------------------------------------------------------------- My Script:
mysqli_query($con,"INSERT INTO Ads (Ads_ID, Ads_AID, Ads_Title)
VALUES ('', '$Polished_AdRef', '$Polished_AdTitle')");
$DBROWID = mysqli_insert_id($con);
mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID=$DBROWID");
// TRIED THESE TOO
// mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID='$DBROWID'");
// mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID='5'");
Does any one know where I am going wrong?
Is there any visible error in my code? Code: [Select] if (isset($_POST['country'], $_POST['state'], $_POST['city'])) { if ($_POST['state'] = '') { $details = $_POST['city'].', '.$_POST['country']; update_user_location($details); } else { $details = $_POST['city'].', '.$_POST['state']; update_user_location($details); } } Code: [Select] function update_user_location($details) { global $user_info; $details = mres($details); mysql_query("INSERT INTO `user_actions` (`user_id`, `action_id`, `time`, `details`) VALUES (${user_info['uid']}, 1, NOW(), {$details})"); } |
|||||||