Update via POST showing error

Asked

Viewed 50 times

0

Good evening, I’m starting to use mysql and I have a problem. I can access all the information from my database by making queries, entering data and everything else, but when it comes time to give an update, I’m in trouble. Follows the code.

$servername = "localhost";
$Susername = "meuuser";
$Spassword = "minhasenha";
$dbName = "obanco";
//Make Connection
    $conn = new mysqli($servername, $Susername, $Spassword, $dbName);
    if(!$conn){
        die("Connection Failed. ". mysqli_connect_error());
    }
    mysqli_query($conn, "SET SQL_SAFE_UPDATES = 0;");
    // Post Score

    $username = $_POST['name'];
    $newscore = $_POST['scoreDB'];

    // Check if exists
    $namecheckquery = "SELECT username FROM players WHERE username='" .$username. "';";

    $namecheck = mysqli_query($conn, $namecheckquery) or die ("2: Name check query failed");
    if(mysqli_num_rows($namecheck) != 1)
    {
        echo "5: Either no user with name, or more than one";
        exit();
    }

    $updatequery = "UPDATE players SET score = '".$newscore."' WHERE username = '".$username."';";
    mysqli_query($con, $updatequery) or die ("7: Save query failed");

    echo "0";
?>

As far as I could understand, my code is correct, but always presents error in $updatequery. I did tests to see if the problem was the connection, but it was not, if it was the data entry, the program is sending the normal data. Envio dos dados

Always present error 7, I no longer know what to do, someone could help me?

  • Change fixed error to or die(mysqli_error($db)); and add to your question the result of this

  • Nothing came up, message goes blank.

  • 1

    It had described wrong. The correct code is or die(mysqli_error($con));

  • Same thing, no return

  • Sorack, I discovered the problem, in the line mysqli_query($con, $updatequery) or die ("7: Save failed query"); it was wrong and I didn’t notice, it’s not $con, it’s $Conn. I lost 6 hours of my day because of a character kkkk Thank you so much for your help, sorry for the bother.

1 answer

0

As a good practice avoid concatenating string in SQL commands. Always choose to use the prepare statement to manipulate the database, this way you avoid possible SQL Injection attacks.

Read the documentation on Prepared Statements and try to do something like this:

$sql = "SELECT username FROM players WHERE username= ?;";
$statement = $conn->prepare($sql);
$statement->bind_param("s", $username);
$statement->execute();
$result = $statement->get_result();
$resultados = $result->num_rows;

$sql = "UPDATE players SET score = ? WHERE username = ?;";
$statement = $conn->prepare($sql);
$statement->bind_param("ss", $newscore,$username);
$statement->execute();
$result = $statement->get_result();
$resultados = $result->fetch_all(MYSQLI_ASSOC);
$statement->close();

Hugs and hope I helped ;)

  • Washington, good evening, I thank you for the reply, I will study on the statements.

  • @R.Gomes great studies and we are around if you need ;) Ah, solved your problem?

  • Good morning, settled, thanks again.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.