Mysqli update

ckir5951 · June 3, 2015, 10:11pm

Hi, the code below creates the result I want (don’t know how to post a localhost screenshot). My issue is that I don’t know how to link that code, (code 1) to (code 2) which updates the “lastused” file, the current date.

(code 1)

<!DOCTYPE html><html>
<title>email menu</title>
<head></head>
<BODY><center>
<FORM name=lastused method="post" action=""> 

    <?php
error_reporting(E_ALL ^ E_NOTICE);
// error_reporting(0);
echo "<center>";echo date('m/d/y');echo "</center>";
$id="''";
$con=mysqli_connect("localhost","root","password","homedb");

// ============== check connection

    if(mysqli_errno($con))
    {echo "Can't Connect to mySQL:".mysqli_connect_error();}
    else
    {echo "</br>";}

// ==========This creates the drop down box using records in the table

       echo "<select name= 'target'>";
    echo '<option value="">'.'---select email account ---'.'</option>';
    $query = mysqli_query($con,"SELECT target FROM emailtbl");
    $query_display = mysqli_query($con,"SELECT * FROM emailtbl");
    while($row=mysqli_fetch_array($query))
    
{ echo "<option class=highlight value='". $row['target']."'>".$row target']
    .'</option>';}

    echo '</select>';
    ?>
<input type="submit" name="submit" value="Submit"/>
    </form></body></html>

           <?php
error_reporting(E_ALL ^ E_NOTICE);
// error_reporting(0);
    $con=mysqli_connect("localhost","root","password","homedb");
    if(mysqli_errno($con))
    {echo "Can't Connect to mySQL:".mysqli_connect_error();}
        if(isset($_POST['target']))
 {
    $id = $_POST['id'];
    $lastused = $_POST['lastused']; 
    $name = $_POST['target'];
    $fetch="SELECT target, username, password, emailused, lastused, purpose, saved FROM emailtbl WHERE target = '".$name."'";
    $result = mysqli_query($con,$fetch);
    if(!$result)
    {echo "Error:".(mysqli_error($con));}

// =============================== this displays the table

    echo '<table border="1">'.'<tr>'.'<td bgcolor="#FFD47F" align="center">'. 'email menu'. '</td>'.'</tr>';
    echo '<tr>'.'<td>'.'<table border="1">'.'<tr>'.'<td bgcolor="#ccffff">'.'target'.'</td>'.'<td bgcolor="#ccffff">'.'username'.'</td>'.'<td bgcolor="#ccffff">'. 'password' .'</td>'.'<td bgcolor="#ccffff">'. 'emailused'. '</td>'.'<td bgcolor="#FFD47F">'. 'lastused' .'</td>'.'<td bgcolor="#ccffff">'. 'purpose'. '</td>'.'<td bgcolor="#ccffff">'. 'saved' .'</td>'.'</tr>';
    // while($data = mysqli_fetch_row($fetch))
    while($data=mysqli_fetch_row($result))
    {echo ("<tr><td>$data[0]</td><td>$data[1]</td><td>$data[2]</td><td>$data[3]</td><td>$data[4]</td><td>$data[5]</td><td>$data[6]</td></tr>");}
    echo '</table>'.'</td>'.'</tr>'.'</table>';
 }
    ?>
    </body></html>

(code 2)

<?php
error_reporting(E_ALL ^ E_NOTICE);
$servername = "localhost";$username = "root";$password = "password";
$dbname = "homedb";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn)
   { die("Connection failed: " . mysqli_connect_error()); }
        
      $name = $_POST['target'];
  $sql = "UPDATE emailtbl SET visits = visits + 1, lastused = NOW() WHERE 

target = '".$name."'";
if (mysqli_query($conn, $sql))
     {echo "Record updated successfully";}
else
     {echo "Error updating record: " . mysqli_error($conn);}
?>

StarLion · June 4, 2015, 1:03am

So… lastused is a field, not a file;
Where precisely is the second file being called FROM? Is it meant to be a generic include page that multiple files reference? (for the record, i’d make that a function instead)

PS: Even if it’s a localhost deployment, you may want to obfuscate your password before posting it to a public board

SpacePhoenix · June 4, 2015, 5:55am

ckir5951:

if (!$conn)
{ die("Connection failed: " . mysqli_connect_error()); }
  $name = $_POST['target'];
$sql = "UPDATE emailtbl SET visits = visits + 1, lastused = NOW() WHERE

target = ‘“.$name.”’";
if (mysqli_query($conn, $sql))
{echo “Record updated successfully”;}
else
{echo "Error updating record: " . mysqli_error($conn);}
?>

That section of your code is wide open to SQL Injection attack as the value for $name ($_POST[‘target’] from the form) is being let near the database without having first being sanitized. Once user submitted data has been sanitized you should use prepared statements to place the value within the query

ckir5951 · June 5, 2015, 11:53pm

<FORM name=lastused method="post" action=""> 

    <?php
error_reporting(E_ALL ^ E_NOTICE);
// error_reporting(0);
echo "<center>";echo date('m/d/y');echo "</center>";
$id="''";
$con=mysqli_connect("localhost","root","password","homedb");

// ============== check connection

    if(mysqli_errno($con))
{echo "Can't Connect to mySQL:".mysqli_connect_error();}
else
{echo "</br>";}
// ==========This creates the drop down box using records in the table

       echo "<select name= 'target'>";
echo '<option value="">'.'---select email account ---'.'</option>';
$query = mysqli_query($con,"SELECT target FROM emailtbl");
$query_display = mysqli_query($con,"SELECT * FROM emailtbl");
while($row=mysqli_fetch_array($query))
{ echo "<option class=highlight value='". $row['target']."'>".$row target']
    .'</option>';}

    echo '</select>';
?>
<input type="submit" name="submit" value="Submit"/>
    </form>

           <?php
error_reporting(E_ALL ^ E_NOTICE);
// error_reporting(0);
    $con=mysqli_connect("localhost","root","password","homedb");
    if(mysqli_errno($con))
    {echo "Can't Connect to mySQL:".mysqli_connect_error();}
        if(isset($_POST['target']))
 {
    $id = $_POST['id'];
    $lastused = $_POST['lastused']; 
    $name = $_POST['target'];
    $fetch="SELECT target, username, password, emailused, lastused,         purpose, saved FROM emailtbl WHERE target = '".$target."'";
    $result = mysqli_query($con,$fetch);
    if(!$result)
    {echo "Error:".(mysqli_error($con));}

// =============================== this displays the table

    echo '<table border="1">'.'<tr>'.'<td bgcolor="#FFD47F" align="center">'. 'email menu'. '</td>'.'</tr>';
echo '<tr>'.'<td>'.'<table border="1">'.'<tr>'.'<td bgcolor="#ccffff">'.'target'.'</td>'.'<td bgcolor="#ccffff">'.'username'.'</td>'.'<td bgcolor="#ccffff">'. 'password' .'</td>'.'<td bgcolor="#ccffff">'. 'emailused'. '</td>'.'<td bgcolor="#FFD47F">'. 'lastused' .'</td>'.'<td bgcolor="#ccffff">'. 'purpose'. '</td>'.'<td bgcolor="#ccffff">'. 'saved' .'</td>'.'</tr>';
// while($data = mysqli_fetch_row($fetch))
while($data=mysqli_fetch_row($result))
{echo ("<tr><td>$data[0]</td><td>$data[1]</td><td>$data[2]</td><td>$data[3]</td><td>$data[4]</td><td>$data[5]</td><td>$data[6]</td></tr>");}
echo '</table>'.'</td>'.'</tr>'.'</table>';
 }
        
  $sql = "UPDATE emailtbl SET visits = visits + 1, lastused = NOW() WHERE
target = '".$target."'";
if (mysqli_query($conn, $sql))
     {echo "Record updated successfully";}
else
     {echo "Error updating record: " . mysqli_error($conn);}
?>
</body></html>

quote: So… lastused is a field, not a file;
reply: Yes, lastused is a field, my bad.

quote: PS: Even if it’s a localhost deployment, you may want to obfuscate your password before posting it to a public board wink
reply: “Password” is not my actual password.

quote: Where precisely is the second file being called FROM? Is it meant to be a generic include page that multiple files reference? (for the record, i’d make that a function instead)
reply: My objective is to do it all in one file

system · September 5, 2015, 7:06am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Mysqli update

Hi, the code below creates the result I want (don’t know how to post a localhost screenshot). My issue is that I don’t know how to link that code, (code 1) to (code 2) which updates the “lastused” file, the current date.

quote: So… lastused is a field, not a file; reply: Yes, lastused is a field, my bad.

quote: PS: Even if it’s a localhost deployment, you may want to obfuscate your password before posting it to a public board wink reply: “Password” is not my actual password.

quote: Where precisely is the second file being called FROM? Is it meant to be a generic include page that multiple files reference? (for the record, i’d make that a function instead) reply: My objective is to do it all in one file

quote: So… lastused is a field, not a file;
reply: Yes, lastused is a field, my bad.

quote: PS: Even if it’s a localhost deployment, you may want to obfuscate your password before posting it to a public board wink
reply: “Password” is not my actual password.

quote: Where precisely is the second file being called FROM? Is it meant to be a generic include page that multiple files reference? (for the record, i’d make that a function instead)
reply: My objective is to do it all in one file