Delete last record only when a certain URL is present - php

I have an url as domain.com/abc?orderstatus=cancel
Now, when someone reaches this link, I want to run a query that deletes the last record from the database.
So this is what I tried:
<?php
// Code here for the way to connect to database and insert records which works
// Now I added this code so that only if its on the domain.com/abc?orderstatus=cancel url, it will delete the last record.
$orderstatus = $_GET['orderstatus'];
if($orderstatus == 'cancel') {
$sql3 = "delete from table order by CustomerID desc limit 1";
}
?>
However, this is not working for me. May I know what am I doing wrong?
ps: I tried to cut out as many sql codes which work so that it makes reading easy. If there is any info that I am missing, please do let me know and I'll put it in.

You can use MAX() for MySQL if you have autoincremented on the ID or whatever. MAX() will delete the highest number on the field you specify.
$sql3 = "DELETE FROM table_name
WHERE CustomerID = (SELECT x.id FROM (SELECT MAX(t.CustomerID) AS id FROM table_name t) x)";
//Execute that query
$query3 = mysqli_query($db_conn, $sql3);

If you want to perform DELETE on the basis of ORDER BY then you may have to write nested query. You will get a SQL syntax error if you go with delete from table order by CustomerID desc limit 1
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$orderstatus = $_GET['orderstatus']; // check for sql injections or XSS
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// sql to delete a record
$sql = "DELETE FROM {YOUR TABLE_NAME} WHERE {YOUR WHERE CLAUSE} ";
if ($conn->query($sql) === TRUE) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . $conn->error;
}
$conn->close();
?>

Related

PHP mysqli increase value

First off all, i need to say that im begginer on php, mysqli, but i want to learn.
i am trying to build an quiz script wich store "SCORE" information into database.
I have the following "final.php" page script, wich collect and insert into database, the curent score of user.
What i need is that i want to keep the current score from database "eg: 213" , and increase with curent session score wich will be "eg :10" , so total score after that will be "213(old) + 10(current) = 223(total)
<?php
$servername = "localhost";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE users SET scor='".$_SESSION['score']."' WHERE id=2";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Everything working fine with that code, but all what i need is that to increase score.
Thank you to everyone for you patience and because you understand me that i am begginer :)
You can update the existing value in the database by adding your amount to it. There is no need to select the score first.
So in your example:
UPDATE users SET scor=scor + '".$_SESSION['score']."' WHERE id=2
This can be exploited by sql injection, but its out of the scope of the question.
you can use the following statement
$sql = "SELECT scor FROM users (UPDATE users SET scor= scor + '".$_SESSION['score']."' WHERE id=2)";

SQL EXISTS Operator never returns True

i`ve got a sql Table named "pwt" with the columns "usr" and "pw".
There is only one entry with the values "admin" and "chat".
I get 2 values transfered via a php-form. Now should I compare the given values with the two in the sql table, and if they`re both right ("admin" and "chat"), than should the script redirect to another site, otherwise it should echo "password incorrect"
I know that this isn`t a real password mechanism, but it just runs on a virtual machine, and i just want to get the mechanism working.
This is the code:
<?php
$servername = "localhost";
$username = "name";
$password = "password";
$dbname = "chat";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$us1 = $_GET["user"];
$pw1 = $_GET["pswd"];
// sql for compare record
$sql = "SELECT usr, pw FROM pwt WHERE EXISTS (SELECT usr, pw FROM pwt WHERE usr = '$us1' AND pw = '$pw1')";
if ($conn->query($sql) === TRUE) {
header('Location: http://192.168.56.101/testat/source/admin.php');
} else {
echo "Falsches Passwort " . $conn->error;
echo "Passwort ist $pw1";
echo "Name ist $us1";
}
$conn->close();
?>
Where is my mistake?
Thanks so far.
This query function
$conn->query($sql)
only returns false if your query failed (as in error). You want to check if you actually get results. Try
if ($result->num_rows > 0) {
header('Location: http://192.168.56.101/testat/source/admin.php');
} else {
echo "Falsches Passwort " . $conn->error;
echo "Passwort ist $pw1";
echo "Name ist $us1";
}
Aside from that, you should just use this query in stead since yours should return every single row from pwt when the exist clause is true even just for one row:
$sql = "SELECT usr, pw FROM pwt WHERE usr = '$us1' AND pw = '$pw1'";
I solved this issue
// sql for compare record
$sql = "SELECT usr, pw FROM pwt WHERE EXISTS (SELECT usr, pw FROM pwt WHERE usr = '$us1' AND pw = '$pw1')";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
header('Location: http://192.168.56.101/testat/source/admin.php');
This works fine :), Thank you all for your help.

PHP script, select on server 1 and insert on server 2 if iD doesn't exist (i.e. new records)

We have a phone system database on one server that we cloned/dumped to our local server, but now we need to keep our version updated. Obviously, tables and schema are the same, I just want to run this scheduled script to update with new records that don't exist on the local table (i.e. records that were created since last update).
Below is a test select/insert block. The select query worked on it's own originally, but now I've modified it to use a loop with hopes of using numrows and a foreach to capture everything in the select.
The session table has about 35 columns so I'm looking for the best way to go about this without having to declare every column. I originally tried to do this using update on duplicate key or insert/ignore using a not exists but I don't really know what I'm doing.
Basically, once I select everything, if my table on server 2 doesn't contain a record with the SESSIONID primary key, I want to insert it. I just need some assistance creating this loop script.
Example:
if the table on server 1 has 2 rows with sessionID 12345, and 12346, but my table on server 2 only has up to sessionID 12344, I want to insert the whole records for those two IDs.
//Defining credentials
$servername = "";
$username = "";
$password = "";
$servername2 = "";
$username2 = "";
$password2 = "";
// Create connection
$conn = new mysqli($servername, $username, $password);
$conn2 = new mysqli($servername2, $username2, $password2);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
// Check connection2
if ($conn2->connect_error) {
die("Connection failed: " . $conn2->connect_error);
}
echo "Connected successfully";
//Query to select * from Session table on server 1
$query1 = "select * from cdrdb.session";
$results = mysqli_query($conn1, $query1);
foreach ($results as $r => $result) {
$stmt1 = mysqli_prepare($conn2, "insert into ambition.session a where not
exists(a.SESSIONID)");
mysqli_stmt_execute($stmt1) or die(mysqli_error($conn2));
}

Query records belonging to the logged in user

I've written the below query:
At the moment this pulls back everything from the MarketingCampaigns table, regardless of which user created the record.
I need to be able to return the result, which counts only the records created by that user.
<?php
$servername = "localhost";
$username = "root";
$password = "doimkr943k3f";
$dbname = "crm4";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT format(count(id),0) as id12 FROM MarketingCampaigns";
$result2 = $conn->query($sql);
$row = $result2->fetch_assoc();
echo $row["id12"];
?>
The below is a query I can see has been 'auto-generated' by the tool I use, which checks which fields the user should see in table view. I'm just really unsure how to convert this into the simple, single value SQL queries I have above.
// mm: build the query based on current member's permissions
$DisplayRecords = $_REQUEST['DisplayRecords'];
if(!in_array($DisplayRecords, array('user', 'group'))){ $DisplayRecords = 'all'; }
if($perm[2]==1 || ($perm[2]>1 && $DisplayRecords=='user' && !$_REQUEST['NoFilter_x'])){ // view owner only
$x->QueryFrom.=', membership_userrecords';
$x->QueryWhere="where `Complaints`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='Complaints' and lcase(membership_userrecords.memberID)='".getLoggedMemberID()."'";
}elseif($perm[2]==2 || ($perm[2]>2 && $DisplayRecords=='group' && !$_REQUEST['NoFilter_x'])){ // view group only
$x->QueryFrom.=', membership_userrecords';
$x->QueryWhere="where `Complaints`.`id`=membership_userrecords.pkValue and membership_userrecords.tableName='Complaints' and membership_userrecords.groupID='".getLoggedGroupID()."'";
}elseif($perm[2]==3){ // view all
// no further action
}elseif($perm[2]==0){ // view none
$x->QueryFields = array("Not enough permissions" => "NEP");
$x->QueryFrom = '`Complaints`';
$x->QueryWhere = '';
$x->DefaultSortField = '';
}
I have a table called membership_userrecords which includes the below fields.
You can see the PK value in the table and which user owns it.
I'm just not sure how to do the SQL query.
Can you help?
EDIT: I really need to work on my PHP syntax lol. Thanks #aynber
Assuming the username and the memberID are the same, this should be your query.
$sql= $conn->prepare("SELECT format(count(*),0) as id12 FROM MarketingCampaigns where memberID = ?");
$sql->bind_param("s", $username);
$sql->execute();
$sql->bind_result($row);
$sql->fetch();
echo $row;
I'm really unsure about your data here.

Query working in PHPMyAdmin but not in PHP

I am new to PHP and I have taken up an online tutorial, till now I had been working fine but now my database is not returning the query, though when I go to PHPmyadmin there I can get the query working fine.
Following is the code
<?php
ob_start();
//Delete Item question to admin and delete product
include"../storescripts/connect_to_mysql.php";
if (isset($_GET['deleteid'])) {
echo 'Do you really want to delete the item with ID '.$_GET['deleteid'].'?Yes|No';
exit();
}
if(isset($_GET['yesdelete'])){
// Delete the actual product and delete picture also
//delete from database
//$id_to_delete = $_GET['yesdelete'];
//echo $id_to_delete;
$sql =mysqli_query( "DELETE * FROM `products` WHERE `id`=2 LIMIT1 ");
//mysql_query("DELETE * FROM `products` WHERE `id`='$id_to_delete'LIMIT1") or (mysql_error());
//mysqli_query("DELETE * FROM products WHERE id=`$id_to_delete`LIMIT1");// or (mysql_error());
//Unlink file from server
$pictodelete=("../inventory_images/$id_to_delete");
//echo $pictodelete;
if(file_exists($pictodelete)){
unlink($pictodelete);
}
header("location:inventory_list.php");
exit();
}
?>
I would really appreciate the help, my server reads PHP Extension :mysqli .
i dont know what is inside connect_to_mysql.php but at first there is a procedure to connect to a database which i am assuming that you have done correctly, it consist of code which looks something like that at default settings
<?php
$servername = "localhost";
$username = "root";
$password = "";
$databasename="abc";
// Create connection
$conn = mysqli_connect($servername, $username, $password,$databasename);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
?>
the second things i see in your code
$sql =mysqli_query( "DELETE * FROM `products` WHERE `id`=2 LIMIT1 ");
it contains syntax errors,it should be
$sql =mysqli_query( $conn,"DELETE FROM `products` WHERE `id`=2 LIMIT 1 ");
A space after Limit.
You have not specified the connection in mysqli_query() function.
eg:
<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Perform queries
mysqli_query($con,"SELECT * FROM Persons");
mysqli_query($con,"INSERT INTO Persons (FirstName,LastName,Age)
VALUES ('Glenn','Quagmire',33)");
mysqli_close($con);
?>
In your case
$sql =mysqli_query( $connectionname,"DELETE * FROM `products` WHERE `id`=2 LIMIT 1 ");
Error at query : $sql =mysqli_query( "DELETE * FROM products WHERE id=2 LIMIT1 ");
replace DELETE * FROM products with DELETE FROM products.DELETE delete row from table.
Procedure like mysqli_query takes at least two argument
Link identifier returned form mysqli_connect
Query string
And you haven't specified link as first arguments you should use returned link in to mysqi_query.
$con = mysqli_connect('localhost','root','password','db');
$sql =mysqli_query( $con,"DELETE FROM `products` WHERE `id`=2 LIMIT1 ");
This link helps you link mysqli_query

Resources