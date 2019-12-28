The
[] that are in the syntax prototype definition are not part of the actual sql syntax. They indicate optional elements. I’m not sure if the MariaDb documentation contains a definition of these. Here’s the definition from the MySQL documentation - https://dev.mysql.com/doc/refman/8.0/en/manual-conventions.html This is also where reading examples showing actual usage comes in handy.
Can't update web page
One thing I’d suggest is trying to run your UPDATE statement directly on the database for starters to make sure you get the syntax correct (caveat: never in production, of course - but then, you’re not developing your PHP code in production, either. Are you.). Because if you can’t get it to work there, it probably won’t work when you try to translate your SQL to be used by PHP.
So, like other people already said, there are no square brackets in an UPDATE statement.
I only use MySQL, but I believe MariaDB is basically the same as it’s a fork. So here’s the corresponding MySQL UPDATE statement:
UPDATE recent_happenings SET recent_title = 'blah', recent_date = 'blah1', recent_pic_file = 'blah2' WHERE pic_number = 1;
INSERT will use parentheses, and I wonder if you’re getting confused with that type of command.)
We don’t know whether you are using mysqli or pdo in your PHP. Here’s how you might do it using mysqli (for some reason I assume you’re using this):
$conn = mysqli_connect(host, username, password, database); // use your params
$sql = "UPDATE recent_happenings SET recent_title = '".
mysqli_real_escape_string($conn, $recent_title).
"', recent_date = '".mysqli_real_escape_string($conn, $recent_date).
"', recent_pic_file = '".
mysqli_real_escape_string($conn, $recent_pic_file).
"' WHERE pic_number = '".
mysqli_real_escape_string($conn, $pic_number).
"'";
mysqli_query($conn, $sql);
It looks horrible, and it is horrible.
mysqli_real_escape_string will usually be required to make the SQL work with your variables - it rewrites strings that have special characters so that they will be read correctly by the database machinery.
Sometimes you can get away without
mysqli_real_escape_string (like for quick and dirty testing). But it won’t prevent SQL injection attacks. So, like @benanamen recommended, learn to use PDO and prepared statements.
$sql = "UPDATE
recent_happenings SET
recent_title=$recent_title ,
recent_date=$recent_date ,
recent_pic_file=$target_path WHERE
pic_number =
$pic_number";
UpDate Recent Pictures
The file 2018family3.jpg has been updateded
Unknown column ‘106’ in ‘where clause’
Comes up with this clause even if I put 106 as the pic_number or 118 or other # and there is a column with
Did you try echoing
$sql; and did you try posting the query into PhpMyAdmin which I hope you have installed.
For the benefit of other users I find it helpful if the $sql statement is formatted.
Pasting the script into PhpMyAdmin -> Sql -> Format
if(FALSE) :
$recent_title = 'RECENT_TITLE';
$recent_date = 'RECENT_DATE';
$target_path = 'TARGET_PATH';
$pic_number = 'PIC_NUMBER';
endif;
// using php strings Heredoc syntax
$sql = <<< ____EOF
UPDATE
recent_happenings
SET
recent_title = $recent_title,
recent_date = $recent_date,
recent_pic_file = $target_path
WHERE
pic_number = $pic_number
;
____EOF;
echo '<pre>', $sql, '</pre>'; die;
You might want to show more of your code.
I see this:
and it kinda makes me think your update statement worked. But I can’t tell because your code snippet is too short.
Is it possible that this - “Unknown column ‘106’ in ‘where clause’” - is a new error?
If what appears to be a number is being treated as a column name, it must start with non-numerical character(s). You either have a non-printing character (new-line, tab) or some html markup as part of the value. What does the ‘view source’ in your browser of the sql error message show? How are you entering/selecting the pic_number in the form and what is all the code between that point and the sql query?
It uploads a new picture but not the new file name or date etc.
Her is more of the script as requested by some.
$ID = $_POST['ID'];
$recent_pic_file = $_POST['recent_pic_file'];
$target_path = "uploads/images/";
$pic_number = $_POST['pic_number'];
$recent_date = $_POST['recent_date'];
$recent_title = $_POST['recent_title'];
/* Add the original filename to our target path. Result is "uploads/filename.extension" */
$target_path = $target_path . ( $_FILES['uploadedfile']['name']);
// This is how we will get the temporary file...
$_FILES['uploadedfile']['tmp_name'];
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been updateded<br><br>";
$sql = "UPDATE `recent_happenings` SET `recent_title`=$recent_title ,`recent_date`=$recent_date ,`recent_pic_file`=$target_path WHERE `pic_number` = `$pic_number`";
} else{
echo "There was an error uploading the file, please try again!";
}
$result = mysqli_query($conn, $sql) or die (mysqli_error($conn));
echo "<br><a href='index.php'>Return to Admin Index</a><br>";
exit();
}
?>
<form enctype="multipart/form-data" action="update_happenings.php" method="POST">
<input type="hidden" name="subclick" value="1">
Your script has numerous syntax errors.
Please modify your post and included all source code between lines starting and finishing with the back ticks.
Also try adding these the lives to the PHP script.
<?php
declare(strict_types=1);
error_reporting(-1);
ini_set('display_errors','1');
// Your script goes here
Can you log that $sql so we can see what it looks like? I’m guessing there’s a problem with quoting or backslashes not being escaped.
Now that your actual sql statement has been posted as being code, without the forum software operating on characters within it, the reason for the numerical value being treated as a column is clear. You are surrounding the value with back-tacks, which is the identifier (database, table, column) quote character.
I would ask why you are doing that, but I already know. You saw this somewhere and are just repeating what you saw, without learning what it is used for and when to use it - https://mariadb.com/kb/en/identifier-names/
Now would be the time for you to read the link that has been given to the PDO information in this thread, switch to use the PDO extension, and use a prepared query when supplying external/unknown values to a query. A prepared query simplifies the sql query syntax, by replacing each value with a simple ? place-holder.
Are you still getting this error?
From what I see, 106 is a character index not a name.
i.e. fix the grouping parentheses
UpDate Recent Pictures
The file 2017goodfood.jpg has been updateded
Unknown column ‘likes’ in ‘field list’
I have no Idea what’s going on! now i"m getting this error and “likes” is the recent title!
here is the script for it.
$sql = “UPDATE
recent_happenings SET recent_title = $recent_title ,recent_date= $recent_date , recent_pic_file= $target_path WHERE pic_number = pic_number”;
OP, how about putting ALL your code on a repo or provide a zip download from dropbox or something. Preferably a repo. People don’t like to download zip files.
This is the entire code
//check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function mysqli_result($res,$row=0,$col=0){
$numrows = mysqli_num_rows($res);
if ($numrows && $row <= ($numrows-1) && $row >=0){
mysqli_data_seek($res,$row);
$resrow = (is_numeric($col)) ? mysqli_fetch_row($res) : mysqli_fetch_assoc($res);
if (isset($resrow[$col])){
return $resrow[$col];
}
}
return false;
}
// Where the file is going to be placed
//$target_path = "c:/home/www/williamsburgcrc/www/uploads/";
$ID = $_POST['ID'];
$recent_pic_file = $_POST['recent_pic_file'];
$target_path = "uploads/images/";
$pic_number = $_POST['pic_number'];
$recent_date = $_POST['recent_date'];
$recent_title = $_POST['recent_title'];
/* Add the original filename to our target path. Result is "uploads/filename.extension" */
$target_path = $target_path . ( $_FILES['uploadedfile']['name']);
// This is how we will get the temporary file...
$_FILES['uploadedfile'] ['tmp_name'];
if(move_uploaded_file($_FILES['uploadedfile'] ['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile'] ['name']). " has been updateded<br><br>";
$sql = "UPDATE `recent_happenings` SET recent_title = $recent_title ,recent_date= $recent_date , recent_pic_file= $target_path WHERE pic_number = pic_number";
} else{
echo "There was an error uploading the file, please try again!";
}
$result = mysqli_query($conn, $sql) or die (mysqli_error($conn));
echo "<br><a href='index.php'>Return to Admin Index</a><br>";
exit();
}
?>
If you used a good IDE it would show you your mismatched brackets, and that you are missing an opening php tag. You also have html thrown right in the middle of logic where it doesnt belong. Your function looks pretty funky as well.
It’s a bit strange that the query is run whether or not the file uploads. If it runs, that is, given the WHERE clause:
WHERE pic_number = pic_number";
This line is incorrect:
// This is how we will get the temporary file...
$_FILES['uploadedfile'] ['tmp_name'];
and as there’s an
exit() just after the query is run, I don’t imagine all the HTML towards the end of the file is a problem.
You need to organize and simplify your code, which will eliminate some of the mistakes, and make it easier to fix problems in the simplified code. A laundry list based on the code in reply #21 -
- Use exceptions for database statement errors and in most cases let php catch the exception, where it will use its error related settings to control what happens with the actual error information (database errors will ‘automatically’ get displayed/logged the same as php errors.) In a previous thread, your code is enabling exceptions for mysqli errors. The result of this is that none of the error handling logic you have now will be executed if there is an error, which is good, because you should NOT output the raw database errors on a live web page as this only gives hackers useful information when they intentionally trigger errors. With exceptions, remove the existing error handling logic. You may want to add your own logic to catch the exception, when detecting if duplicate or out of range user submitted has gets inserted/updated, but you are not at this point yet.
- Forget the mysqli_result() function. This is left over from some old mysql_ based code and was never a good idea. Just directly fetch data from any select query.
- All the post method form processing code needs to be above the start of the html document.
- Your form processing code needs to detect if a post method form has been submitted at all, before referencing any of the form data.
- You must also detect if the total size of the form data exceeds the post_max_size setting (both the
$_FILES and $_POSTarrays will be empty) before using any of the form data (it simply won’t exist in this case.)
- Don’t copy variables to other variables without a good reason. This is just a waste of typing. A good reason to make a copy of data in variables, is if you trim the data. You can do this with a single php statement and store the result in an array variable, rather than to write out line after line of code for each form field.
- You must validate all the submitted form data before using it. You should store validation error messages in an array, using the field name as the array key. The array holding the validation errors is also an error flag. If the array is empty, there are no errors. If the array is not empty, there are errors. To display the errors, when you re-display the form, just output the content of the array holding the error messages.
- If after all the validation logic, there are no errors, use the submitted form data.
- You should only use back-ticks in an sql query when they are necessary, and you should avoid using them at all, by simply using database, table, and column names that don’t require any special handling.
- Your current error is because string values must be surrounded by single-quotes within the sql query statement. Since your previous INSERT query did this, why are you not doing this now? However, forget about putting external/unknown data values directly into an sql query statement. Use a correct prepared query as has been suggested several times (you previously had the statements for a prepared query, but were not using it correctly.)
- Any php code needed to get/produce data for the page should come before the start of the html document. For what you are doing, editing existing data, this is where you should initially retrieve that data, if the form has not been submitted, and use it to populate the form field values.
- You have multiple form tags. The html document should come near the end of the code in your file and there should only be one form tag for each form. The only php code inside the html document should be simple conditional logic and loops to display the dynamic content on the page.
- The select/option menu should be built using the result from a database query that gets the existing choices and in fact, you should select an existing choice as an input to this page to control what data is retrieved in item #11 in this list.
One more time, the code has been cleaned up and am still getting errors.
This time if the title is short 5 or 6 characters it prints.
UpDate Recent Pictures
The file 2017goodfood.jpg has been updateded
Unknown column ‘likes’ in ‘field list’
And if I use more characters like 1o or more I get this response.
UpDate Recent Pictures
The file 2017goodfood.jpg has been updateded
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘above picture , recent_date= 2018-12-15 , recent_pic_file= uploads/images/2017go’ at line 1
So now what is wrong?
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function mysqli_result($res,$row=0,$col=0){
$numrows = mysqli_num_rows($res);
if ($numrows && $row <= ($numrows-1) && $row >=0){
mysqli_data_seek($res,$row);
$resrow = (is_numeric($col)) ? mysqli_fetch_row($res) : mysqli_fetch_assoc($res);
if (isset($resrow[$col])){
return $resrow[$col];
}
}
return false;
}
// Where the file is going to be placed
//$target_path = "c:/home/www/williamsburgcrc/www/uploads/";
$ID = $_POST['ID'];
$recent_pic_file = $_POST['recent_pic_file'];
$target_path = 'uploads/images/';
$pic_number = $_POST['pic_number'];
$recent_date = $_POST['recent_date'];
$recent_title = $_POST['recent_title'];
/* Add the original filename to our target path. Result is "uploads/filename.extension" */
$target_path = $target_path . ( $_FILES['uploadedfile']['name']);
// This is how we will get the temporary file...
$_FILES['uploadedfile'] ['tmp_name'];
if(move_uploaded_file($_FILES['uploadedfile'] ['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile'] ['name']). " has been updateded<br><br>";
$query ="UPDATE recent_happenings SET recent_title = $recent_title , recent_date= $recent_date , recent_pic_file= $target_path WHERE pic_number =
pic_number";
} else{
echo "There was an error uploading the file, please try again!";
}
$result = mysqli_query($conn, $query) or die (mysqli_error($conn));
echo "<br><a href='index.php'>Return to Admin Index</a><br>";
exit();
}
?>
<form enctype="multipart/form-data" action="update_happenings.php" method="POST">
<input type="hidden" name="subclick" value="1">
<table
style="text-align: left; width: 525px;"
border="0" cellpadding="1" cellspacing="1">
<tr>
<td width="40%" valign="top" bgcolor="#f3f3f3"><strong>
Recentpic #: </strong></td>
<td width="51%" valign="top">
<select name="pic_number"><option value="" selected>Choose... </option>
<option value="101">Pic #1</option>
<option value="102">Pic #2</option>
<option value="103">Pic #3</option>
<option value="104">Pic #4</option>
<option value="105">Pic #5</option>
<option value="106">Pic #6</option>
<option value="107">Pic #7</option>
<option value="108">Pic #8</option>
<option value="109">Pic #9</option>
<option value="110">Pic #10</option>
<option value="112">Pic #12</option>
<option value="113">Pic #13</option>
<option value="114">Pic #14</option>
<option value="115">Pic #15</option>
<option value="116">Pic #16</option>
<option value="117">Pic #17</option>
<option value="118">Pic #18</option></select>
</td></tr>
<tr>
<td width="50%" valign="top" bgcolor="#f3f3f3"><strong>Happening Date: <font color=red>YYYY-MM-DD</font></strong></td>
<td width="50%" valign="top"> <input type="text" name="recent_date" value=""></td>
</tr>
<tr>
<td width="50%" valign="top" bgcolor="#f3f3f3"><strong>Recent Title Happening: </strong></td>
<td width="50%" valign="top"> <input type="text" name="recent_title" value=""></td>
</tr>
<tr><td width="50%" valign="top" bgcolor="#f3f3f3"><strong>Recent Picture:</strong></td>
<td width="50%" valign="top">
<input type="hidden" />
<input name="uploadedfile" type="file" /></td></tr>
<tr>
<td width="50%" valign="top"></td><td><input type="submit" value="Upload File" />
</td></tr></table></form>
<br>
<a href="../admin/index.php">Return to Admin Index</a>
</td></tr></table></center>
</body>
</html>
The reason for the current problem has already been given -