Solve : mysqli update? – InterviewSolution

InterviewSolution

1.	Solve : mysqli update?
Answer» Hi, the code below creates the result I want (don't know how to post a localhost screenshot). My issue is that I don't know how to link that code, (code 1) to (code 2) which updates the "lastused" file, the current date. ------------------------------------------------------- (code 1) Code: [Select]<!DOCTYPE html><html> <title>email menu</title> <head></head> <BODY><center> <FORM name=lastused method="post" action=""> <?php error_reporting(E_ALL^E_NOTICE); //error_reporting(0); echo"<center>";echodate('m/d/y');echo"</center>"; $id="''"; $con=mysqli_connect("localhost","root","cookie","homedb"); //==============checkconnection if(mysqli_errno($con)) {echo"Can'tConnecttomySQL:".mysqli_connect_error();} else {echo"</br>";} //==========Thiscreatesthedropdownboxusingrecordsinthetable echo"<selectname='target'>"; echo'<optionvalue="">'.'---selectemailaccount---'.'</option>'; $query=mysqli_query($con,"SELECTtargetFROMemailtbl"); $query_display=mysqli_query($con,"SELECTFROMemailtbl"); while($row=mysqli_fetch_array($query)) {echo"<optionclass=highlightvalue='".$row['target']."'>".$rowtarget'] .'</option>';} echo'</select>'; ?> <input type="submit" name="submit" value="Submit"/> </form></body></html>Code: [Select] <?php error_reporting(E_ALL^E_NOTICE); //error_reporting(0); $con=mysqli_connect("localhost","root","cookie","homedb"); if(mysqli_errno($con)) {echo"Can'tConnecttomySQL:".mysqli_connect_error();} if(isset($_POST['target'])) { $id=$_POST['id']; $lastused=$_POST['lastused']; $name=$_POST['target']; $fetch="SELECTtarget,username,password,emailused,lastused,purpose,savedFROMemailtblWHEREtarget='".$name."'"; $result=mysqli_query($con,$fetch); if(!$result) {echo"Error:".(mysqli_error($con));} //===============================thisdisplaysthetable echo'<tableborder="1">'.'<tr>'.'<tdbgcolor="#FFD47F"align="center">'.'emailmenu'.'</td>'.'</tr>'; echo'<tr>'.'<td>'.'<tableborder="1">'.'<tr>'.'<tdbgcolor="#ccffff">'.'target'.'</td>'.'<tdbgcolor="#ccffff">'.'username'.'</td>'.'<tdbgcolor="#ccffff">'.'password'.'</td>'.'<tdbgcolor="#ccffff">'.'emailused'.'</td>'.'<tdbgcolor="#FFD47F">'.'lastused'.'</td>'.'<tdbgcolor="#ccffff">'.'purpose'.'</td>'.'<tdbgcolor="#ccffff">'.'saved'.'</td>'.'</tr>'; //while($data=mysqli_fetch_row($fetch)) while($data=mysqli_fetch_row($result)) {echo("<tr><td>$data[0]</td><td>$data[1]</td><td>$data[2]</td><td>$data[3]</td><td>$data[4]</td><td>$data[5]</td><td>$data[6]</td></tr>");} echo'</table>'.'</td>'.'</tr>'.'</table>'; } ?> </body></html>----------------------------------------------------------- (code 2) Code: [Select]<?php error_reporting(E_ALL^E_NOTICE); $servername="localhost";$username="root";$password="cookie"; $dbname="homedb"; //Createconnection $conn=mysqli_connect($servername,$username,$password,$dbname); //Checkconnection if(!$conn) {die("Connectionfailed:".mysqli_connect_error());} $name=$_POST['target']; $SQL="UPDATEemailtblSETvisits=visits+1,lastused=NOW()WHERE target='".$name."'"; if(mysqli_query($conn,$sql)) {echo"Recordupdatedsuccessfully";} else {echo"Errorupdatingrecord:".mysqli_error($conn);} ?>----------------------------------------------------------- First things first, I suggest that rather than jumping straight in and building this you go and learn how to properly perform database QUERIES in PHP. At the moment you are putting user input directly into queries which leaves you wide open to SQL Injection Attacks. You need to read up on how to properly escape inputs coming from the user before putting them into a query or use something like PDO to work with prepared statements.camerongray has a point here. You should not be developing code that leaves user input unfiltered. However, I realize we all start somewhere, just that I would advise you to keep your testing code on a local server, or on a server with a .htaccess entry to restrict access to only your IP address. This is how I started, throwing myself into development and learning what I needed to as the need arose. Moving on: Correct me if I am wrong, but it looks like you are trying to essentially timestamp when the records were accessed and increment the "views" each time the script is called. There are two ways you could do this. SINCE you have the "$name = $_POST['target']" therefore requiring a POST request, you could look into a JQuery call in JavaScript to run the code2.php page when code1.php also loads. You could also use an include or require or require_once and include the code2.php file that way, and find a way of naming the "$name" variable before the include (As variables from your code1.php are run in your includes) and then get rid of the $_POST variable. Still, the code is vulnerable to SQL Injection attacks and I would keep this on a private server. I claim not to be an expert so if anyone else has some better SOLUTION let us know. Thanks for the response. My past was in data proc., now, with memory probs, it's my pastime, localhost only. Having written hundreds of docs using mysql I'm attempting to learn mysqli. I intend going to prepared statements, if only for the learning exp. The following code is my current stab at it. My object is just to update fields in a database table. The 3 records in the table are shown in the subsequent report. All the fields DO have a value and the recur values are 'Y', payrec 'P' and periodic '1 or 6' but nothing GETS updated. No errors indicated. Any help? Code: [Select] <?php echo"<center>";echodate('m/d/y');echo"</center>"; $id="''"; $periodic=''; $duedate=''; $con=mysqli_connect("localhost","user","passwd","mydb"); //==============checkconnectiont if(mysqli_errno($con)) {echo"Can'tConnecttomySQL:".mysqli_connect_error();} else {echo"connectedtodatabase</br>";} //----------------------------------------- $fetch="SELECT acctno,recur,pd,payrec,bname,duedate,datepaid,purpose,amtdue FROMtestbl WHERErecur='Y'ANDpayrec='P'"; $result=mysqli_query($con,$fetch); if(!$result) {echo"Error:".(mysqli_error($con));} else {echo"databasetableselected</br>";} //---------------------------------------- //outputdataofeachrow while($data=mysqli_fetch_row($result)) { //---------------------------------------- if($periodic==1) {$duedate=date('Y-m-d',strtotime('+4week'))."\n";} if($periodic==6) {$duedate=date('Y-m-d',strtotime('+25week'))."\n";} $pd='P';$dayslate=0; //------------------------------------------------- $sql="UPDATEtestblSET duedate=$duedate, pd=$pd, dayslate=$dayslate, datepaid=NOW() WHERErecur='Y'ANDpayrec='P'"; //------------------------------------------------ } header("refresh:3;url='http://localhost/invoice/autolist.php'"); ?>I have checked the validity of the table and in all 3 records "recur" ='Y', "payrec" ='p', values are in "duedate", "datepaid" (type is DATE) and "periodic". I'm looping thru the data; var_dump() displays NULL NULL NULL, It seems that my DATEDIFF is flawed. I've spent considerable time viewing forums, manuals, code types. How about some advice? Code: [Select]<?php error_reporting(E_ALL^E_NOTICE); //error_reporting(0); $servername="localhost";$username="root"; $password="cookie";$dbname="test"; //Createconnection $conn=newmysqli($servername,$username,$password,$dbname); //Checkconnection if($conn->connect_error) {die("Connectionfailed:".$conn->connect_error);} //================================================== $sql="SELECTrecur,periodic,pd,payrec,duedate,datepaid, [b]DATEDIFF(CURDATE(),duedate)ASdayslate[/b] FROMtestblWHERErecur='Y'&&payrec='P'"; $result=$conn->query($sql); if($result->num_rows>0) { //outputdataofeachrow while($row=$result->fetch_assoc())//*3records* { //*********************************************** var_dump($dayslate);//NULLNULLNULL //************************************************* if($dayslate>0) { if($dayslate>120) {$pastdue="PASTDUE";} if($periodic==1) {$duedate=date('Y-m-d',strtotime('+4week'))."\n";} if($periodic==6) {$duedate=date('Y-m-d',strtotime('+25week'))."\n";} $pd='P';$daylate=0; //================================================== $sql="UPDATEtestblSET pd='$pd', duedate='$duedate', $datepaid='NOW()', dayslate='$dayslate' WHEREdayslate=0"; if($conn->query($sql)===TRUE) {echo"Recordupdatedsuccessfully";} else {echo"Errorupdatingrecord:".$conn->error;} $conn->close(); } } } //header("refresh:3;url='http://localhost/invoice/autolist.php'"); ?>

Discussion

No Comment Found

Related InterviewSolutions