I need help with my php Code which is supposed to update my mysql database. I tried it this way:
<?php mysql_connect("servername","name","passwort");
mysql_select_db("dbname");
$name = $_GET["name"]; $points = $_GET["points"];
$query = "UPDATE highscore SET points=".$points." WHERE name='".$name."'";
mysql_query($query)
mysql_close(); ?>
I called it with:
http://.../write.php?name=%22Alexa%20Bomkamp%22&points=%22100
But literally nothing happened. No error, but also no update. Does anyone know what im doing wrong?
Thanks for help :)
url is wrong %22 takes " htmlentity avoid it and number contains also %22
call with this url: .../write.php?name=Alexa%20Bomkamp&points=100
Try this code:
<?php
$conn = mysql_connect("servername","name","passwort");
mysql_select_db("dbname");
if (mysql_error()) {
echo "<br />". mysql_errno(). " : ". mysql_error();
}
$name = $_GET["name"]; $points = $_GET["points"];
$query = "UPDATE highscore SET points=$points WHERE name='$name'";
mysql_query($query, $conn);
mysql_close($conn);
?>
First, you should check that $_GET gets the parameters you call the script with. A print_r($_GET); is sufficient for this.
Secondly, your code looks horrid. You are missing linebreaks, and all. What is more terrifying, that you are totally vulnearable to SQL injection. NEVER let the SQL execute a command which contains unescaped and unchecked user input. With a little addition to the parameters, you could easily lose your database.
The other thing is, that judging from your code, you are using a bad practice. What if I enter a name which is new to the database. In that case, the UPDATE statement will fail, you will need to use INSERT INTO instead.
<?php
$link = mysql_connect( 'servername', 'loginname', 'password' ) or die('Unable to connect.');
mysql_select_db( 'database', $link ) or die('Unable to select database.');
$query = 'UPDATE `highscore` SET `points`=' .mysql_real_escape_string($_GET['points']). ' WHERE `name`="' .mysql_real_escape_string($_GET['name']). '";';
mysql_query( $query, $link );
mysql_close($link);
?>
Also, you have an unneeded %22 in your request. Call the code with ?name=Alexa Bompkamp&points=100.
If you are encoding the parameters while sending the request then please decode it. One more thing please use mysql_real_escape_string() for avoiding SQL injection while assigning get values to your parameters