Post reply

Compare sql varchar in PHP

  • August 14, 2015 at 7:16 am

    #1820039

    ugbwuebfub (8/14/2015)

    Hello,

    I have the Database:

    (NumbersAndLetter is VARCHAR, utf8_general_ci)

    ID | NumbersAndLetter | switch

    1 | gwE23d67v6D | 1

    2 | fuBf737bf203 | 1

    I try to change the database entry with PHP through the NumbersAndLetter, but it will not compare

    $Something = 'gwE23d67v6D';

    $entry = $intoDB->GetRow("INSERT INTO database (switch) VALUES ('2') WHERE NumbersAndLetter=".$Something);

    It can not compare $Something with the NumbersAndLetter of the Database, even if it is the same.

    How can I get this work to compare $Something with NumbersAndLetter correctly?

    Your question doesn't make a lot of sense to me. You state you want to change a database row but then you posted an insert. I have no idea what that (switch) is in the middle there.

    If you want to change data you use an UPDATE statement. Also, you need to read about and understand sql injection. I don't know how to use parameters in PHP but you desperately need to update your code so that your queries are parameterized.

    _______________________________________________________________

    Need help? Help us help you.

    Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

    Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.

    Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
    Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
    Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
    Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/

  • August 14, 2015 at 7:44 am

    #1820049

    I agree with everything that Sean said. You need an UPDATE and probably a SELECT. That's when stored procedures come in handy, as you only need to execute one line of code to run different statements.

    I'd suggest you to try a basic SQL course to understand the most common commands used. There's one in this site: http://www.sqlservercentral.com/stairway/75773/

    But you can find plenty of them in the Internet.

    Even if you wanted to use an INSERT, if you use the construct INSERT INTO Table VALUES... it won't allow a WHERE clause. To use a WHERE clause you need to use INSERT INTO Table SELECT columns FROM SourceTable.... (or without from for one row of scalar values)

    For a basic introduction on parametrized queries, check this: http://bobby-tables.com/

    And this: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

    Luis C.
    General Disclaimer:
    Are you seriously taking the advice and code from someone from the internet without testing it? Do you at least understand it? Or can it easily kill your server?

    How to post data/code on a forum to get the best help: Option 1 / Option 2

  • August 14, 2015 at 10:14 am

    #1820123

    Thank you, UPDATE is working, I also must encapsulated the $Something to ('".$Something."')

    $entry = $intoDB->Execute("UPDATE database SET switch='2' WHERE NumbersAndLetter in ('".$Something."')");

    Nice help here

Viewing 3 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply