Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts

    Mysqli Update Help

    What am i doing wrong?

    PHP Code:
    $mysqli = new mysqli("localhost""user""pass""db");
    if (!
    $mysqli) {
    $mysqli=("UPDATE `home` SET `text`='$text' WHERE `home_id`='$home_id'");
    }
    mysqli_query($mysqli); 
    Thanks in advance.


    Slayer.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You're overwritting the $mysqli object with a string. I'm also not sure what you are trying to do with the if; mysqli will return an object even if you failed to connect, so you want to use mysqli_connect_error/errno to deal with connection errors.

    Procedural mysqli_query will also require two arguments, the first being the mysqli object and the second being the string to execute.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    Thanks Fou Lou.


    I have got this to work so far.

    PHP Code:
    $mysqli = new mysqli("localhost""user""pass""db");

    $stmt $mysqli->prepare("UPDATE `home` SET `text`='$text' WHERE `home_id`='$home_id'");
    $stmt->execute(); 
    $stmt->close(); 
    Still need to know what else is needed and what is correct..

    Thanks. Slayer.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You need to make sure you connect.
    PHP Code:
    if ($mysqli->connect_errno)
    {
        die(
    'Could not connect to database: ' mysqli_connect_error($mysqli)); // this bug is fixed in 5.3+ so you can use $mysqli->connect_error() instead if you have 5.3+

    That is also not the proper use of a prepared statement. If you are not making use of prepared statements (and you should be for anything that accepts variable data), than you may as well just use the query method.
    PHP Code:
    if ($stmt $mysqli->prepare("UPDATE `home` SET `text`=? WHERE `home_id`=?"))
    {
        
    $stmt->bind_param('ss'$text$home_id);
        
    $stmt->execute();
        
    $stmt->close();

    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • The Following 2 Users Say Thank You to Fou-Lu For This Useful Post:

    salesmachine (02-19-2013), SlayerACC (02-19-2013)

  • #5
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    What is an example of the query method?

    I am becoming lost again...

    What are the differences in how it works?:
    PHP Code:
    $mysqli = new mysqli("localhost""user""pass""db"); 

    $stmt $mysqli->prepare("UPDATE `home` SET `text`='$text' WHERE `home_id`='$home_id'"); 
    $stmt->execute();  
    $stmt->close(); 
    and yours?
    PHP Code:
    if ($stmt $mysqli->prepare("UPDATE `home` SET `text`=? WHERE `home_id`=?"))
    {
        
    $stmt->bind_param('ss'$text$home_id);
        
    $stmt->execute();
        
    $stmt->close();

    Thanks... Sorry Fou Lou...


    Slayer.

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,283
    Thanks
    57
    Thanked 523 Times in 510 Posts
    Blog Entries
    5
    Quote Originally Posted by SlayerACC View Post
    What are the differences in how it works?:
    PHP Code:
    $stmt $mysqli->prepare("UPDATE `home` SET `text`='$text' WHERE `home_id`='$home_id'"); 
    and yours?
    PHP Code:
    if ($stmt $mysqli->prepare("UPDATE `home` SET `text`=? WHERE `home_id`=?"))
    {
        
    $stmt->bind_param('ss'$text$home_id);

    The difference is pretty obvious .. The first one is a bog standard query and you should be using mysqli_query() for it.

    The second one is a prepared statement. You see those ? marks? They are called place holders. This tells mysqli that it is a place holder for data which will be supplied seperately. You then bind your data to the appropriate parameters and supply the data seperately. Mysqli then uses that data and does what the statement was telling it to do with it. As I understand this, it deals with the statement and the actual data seperately thus meaning that the query can't be injected with malicious instructions / data because the data is kept seperate.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #7
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    Hey Tango..

    What is the SS for and where did it come from?

    PHP Code:
    $stmt->bind_param('ss'$text$home_id); 

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,283
    Thanks
    57
    Thanked 523 Times in 510 Posts
    Blog Entries
    5
    It's the order and type of data.

    In this case, you have a string and then another string - hence ss. Then you put your types (in this case the ss) and variables in the same order as the statement - Say you had a string and an integer.. you'd use si and then put your $string and $Integer in bind_param() in that order like this:
    bind_param('si', $String, $Integer);

    See this page for more:
    http://www.php.net/manual/en/mysqli-stmt.bind-param.php
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • Users who have thanked tangoforce for this post:

    SlayerACC (02-19-2013)

  • #9
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    Hey thanks again Tango..


    This is all seeming to be alot more confusing and complicated to the standard mysql ways...

    I will see what I can figure out...Still not sure if I will get this..

    I will let ya know..


    Slayer.

  • #10
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    Okay I think I have this one now. at least I hope so...

    I just cant get over all the steps to get it done!!

    PHP Code:
    $text=$_POST['text'];

    $textaddslashes($text);

    $stmt = new mysqli("localhost""user""pass""db");

    /* check connection */
    if (mysqli_connect_errno()) {
        
    printf("Connect failed: %s\n"mysqli_connect_error());
        exit();
    }

    $stmt $mysqli->prepare("UPDATE `home` SET `text` = ? WHERE `home_id` = ?");
    $stmt->bind_param('si'$text$_POST['home_id']);
    $stmt->execute();
    $stmt->close(); 
    thanks Slayer.

  • #11
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    Why does this not work??

    PHP Code:
    $image=$filename;

    $stmt = new mysqli("localhost""user""pass""db");
    $stmt $mysqli->prepare("INSERT INTO artist(`artist_id`, `name`, `bio`, `email`, `specialities`, `photo`, `title`) VALUES (?, ?, ?, ?, ?, ?, ?)");
    $stmt->bind_param('issssss'$_POST['artist_id'], $_POST['name'], $_POST['bio'], $_POST['email'], $_POST['specialities'], $image$_POST['title']);
    $stmt->execute();
    $newId $stmt->artist_id;
    $stmt->close(); 
    This is really making me angry... I have tried so many examples to this point .. I should have got this insert by accicdent already..

    All help is appreciated.


    Thanks, Slayer.

  • #12
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    I have it figured out....


    Yahoo!!!


    PHP Code:
    $mysqli = new mysqli("localhost""user""pass""db");
    if (
    mysqli_connect_errno()) {
        
    printf("Connect failed: %s\n"mysqli_connect_error());
        exit();
    }
    $stmt $mysqli->prepare("INSERT INTO artist(`artist_id`, `name`, `bio`, `email`, `specialities`, `photo`, `title`) VALUES (?, ?, ?, ?, ?, ?, ?)");
    $stmt->bind_param('sssssss'$_POST['artist_id'], $_POST['name'], $_POST['bio'], $_POST['email'], $_POST['specialities'], $image$_POST['title']);
    $image=$filename;
    $stmt->execute();
    $newId $stmt->artist_id;
    $stmt->close(); 
    Slayer


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •