Senior Coders
sql query
im trying to understand why this works. any help would be much appreciated
but this doesntCode:$sql = sprintf(" UPDATE login SET username='$username', password='$password', email='$email' WHERE PayerID LIKE '$PayerID' AND token LIKE '$token' ",
Code:$sql = sprintf(" UPDATE login (username, password, email) VALUE ('%s','%s','%s') WHERE token LIKE '$token' AND PayerID LIKE '$PayerID'"
Last edited by ggalan; 07-16-2011 at 01:48 PM.
global $Moderator;
you aren't passing any arguments.
Neither example works - not the way you think they are, at least; they're not "doing" anything. They're simply returning the same (unaltered) string you give them.
(The second example is probably giving you an error likeWarning: sprintf() [function.sprintf]: Too few arguments ..., yes?).
http://us3.php.net/manual/en/function.sprintf.php
try:PHP Code:// this assumes you have already defined the variables $username, $password, $email
$preparedStatement = "
UPDATE login (username, password, email)
VALUES ('%s','%s','%s')
WHERE token LIKE '$token' AND PayerID LIKE '$PayerID'";
$sql = sprintf($preparedStatement, $username, $password, $email);
// you also had a typo in your SQL statement -should be VALUES (corrected above), not VALUE
Last edited by traq; 07-14-2011 at 05:55 AM.
Senior Coders
thank you for responding. i should have been more clear from the beginning
the sql query is inside a function
and these variables are being passed in $username, $password, $password2, $emailCode:function registerNewUser($username, $password, $password2, $email){ if (!valid_username($username) || !valid_password($password) || !valid_email($email) || $password != $password2 || user_exists($username)) { return false; } $sql = sprintf("UPDATE login (username,password,email) VALUES ('%s','%s','%s') WHERE token LIKE '$token' AND PayerID LIKE '$PayerID' ", mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed)) , mysql_real_escape_string($email) }
the function was working before then something happened where these variables seem unresponsive
'%s','%s','%s'
Last edited by ggalan; 07-14-2011 at 07:24 PM.
Senior Coders
yup im getting errors when i try to print. i separated the sql query but still getting errors
Code:$format = '%s %s %s'; printf($format); Warning: printf() [function.printf]: Too few arguments in
re: getting closer with this
Code:$format = '%s %s %s %s'; printf($format,$username, $password, $password2, mysql_real_escape_string($email) );
Last edited by ggalan; 07-14-2011 at 08:18 PM.
global $Moderator;
well, in your first example, you were actually using variables - sprintf() wasn't making any changes to your string at all. When you added the references, there weren't any values being passed in as arguments. I'd recommend separating everything out, so it's easier to read. You had some syntax errors in your last example, as well:Originally Posted by ggalan
PHP Code:function registerNewUser($username, $password, $password2, $email){
if (!valid_username($username)
|| !valid_password($password)
|| !valid_email($email)
|| $password != $password2
|| user_exists($username)
){
return false;
}
$prepstatement = "
UPDATE login (username,password,email)
VALUES ('%s','%s','%s')
WHERE token LIKE '$token' AND PayerID LIKE '$PayerID' ";
// there is no $token or $PayerID defined in your function !!
$user = mysql_real_escape_string($username);
$hash = mysql_real_escape_string(sha1($password . $seed));
// there is no $seed defined in your function !!
$Email = mysql_real_escape_string($email);
$sql = sprintf($prepstatement, $user, $hash, $Email);
// ...and then nothing happens.
// are you returning $sql for use in another function?
// is there more to this function than what you've shown?
}
ggalan (07-14-2011)
Senior Coders
all of the variables are outputing correct values. when i use the commented out SQL query it works but then i have issues elsewhere so i want to use the top version. originally i thought it was my sql syntax but it looks fine
below there is this "if (mysql_query($sql))"
and it echo's '2' , bypassing mysql_query
Code:function registerNewUser($username, $password, $password2, $email)//register.php { global $seed, $token, $PayerID; //$format = '%s %s %s %s'; //printf($format,$username, $password, $password2, mysql_real_escape_string($email) ); //echo mysql_real_escape_string(sha1($password . $seed)); //echo $token . " & " . $PayerID; if (!valid_username($username) || !valid_password($password) || !valid_email($email) || $password != $password2 || user_exists($username)) { return false; } // $code = generate_code(20); $queryy = "UPDATE login (username,password,email) VALUES ('%s','%s','%s') WHERE token LIKE '$token' AND PayerID LIKE '$PayerID'"; $User = mysql_real_escape_string($username); $Hash = mysql_real_escape_string(sha1($password . $seed)); $Email = mysql_real_escape_string($email); $sql = sprintf($queryy, $User, $Hash, $Email); //$SHA1 = SHA1($password); /* $sql = sprintf("UPDATE login SET username='$username', password='$SHA1', email='$email' WHERE PayerID LIKE '$PayerID' AND token LIKE '$token' ", mysql_real_escape_string($username), mysql_real_escape_string(sha1($SHA1 . $seed)) , mysql_real_escape_string($email) //, mysql_real_escape_string($code) ); */ if (mysql_query($sql)) { $uid = $_SESSION['uid'];//review.php if (sendActivationEmail($username, $password, $uid, $email, $PayerID ))//mail.functions.inc.php { echo '0'; return true; } else { echo '1'; return false; } } else { echo '2'; return false; } echo '3'; return false; }
Senior Coders
seperating it out and doing this worked
Code:$User = mysql_real_escape_string($username); $Hash = mysql_real_escape_string(sha1($password . $seed)); $Email = mysql_real_escape_string($email); $sql = sprintf("UPDATE login SET username='$User', password='$Hash', email='$Email' WHERE PayerID LIKE '$PayerID' AND token LIKE '$token' ");
global $Moderator;
Yes, it would give you the desired output.
_however_, be aware that your sprintf() function is doing nothing at all.
You have no references and no arguments in your sprintf() call. It returns the string you gave it, completely unaltered. There is no point in doing this. It is actually wasting processing resources by calling and running a function that has no effect, and never will have any effect, whatsoever.PHP Code:// this
$sql = sprintf("UPDATE login SET
username='$User',
password='$Hash',
email='$Email'
WHERE PayerID LIKE '$PayerID'
AND token LIKE '$token' ");
// and this
$sql = "UPDATE login SET
username='$User',
password='$Hash',
email='$Email'
WHERE PayerID LIKE '$PayerID'
AND token LIKE '$token' ";
// give _exactly_identical_ results.
// in the above form, sprintf() will _never_ affect any changes to your string.
It's fine if you want to use $variables instead of %references. But if that's the case, just assign the value to $sql directly (as in the second form I show here), without calling sprintf().
Senior Coders
yes, very good point!You have no references and no arguments in your sprintf() call. It returns the string you gave it, completely unaltered. There is no point in doing this. It is actually wasting processing resources by calling and running a function that has no effect, and never will have any effect, whatsoever.
im still puzzled why the %references stopped working
global $Moderator;
basic test: try this and see what you get. (it works as expected for me.)PHP Code:$prepstatement = "UPDATE login (username,password,email) VALUES ('%s','%s','%s')";
$user = mysql_real_escape_string('test user');
$hash = sha1('testPass');
$email = mysql_real_escape_string('testuser@example.com');
$sql = sprintf($prepstatement, $user, $hash, $email);
print $sql;
// should output:
// "UPDATE login (username,password,email) VALUES ('test user','9a23b6d49aa244b7b0db52949c0932c365ec8191','testuser@example.com')"
Posting Permissions
Reply With Quote
Bookmarks