Advanced Search

Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: sql query

  1. #1
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default sql query

    im trying to understand why this works. any help would be much appreciated
    Code:
     $sql = sprintf("
     UPDATE login 
    SET  username='$username', 
     password='$password', 
     email='$email' 
     WHERE PayerID LIKE '$PayerID' 
     AND token LIKE '$token' ",
    but this doesnt
    Code:
    $sql = sprintf("
    UPDATE login (username, password, email) 
    VALUE ('%s','%s','%s') 
    WHERE token LIKE '$token' 
    AND PayerID LIKE '$PayerID'"
    Last edited by ggalan; 07-16-2011 at 01:48 PM.

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    you aren't passing any arguments.

    Neither example works - not the way you think they are, at least; they're not "doing" anything. They're simply returning the same (unaltered) string you give them.
    (The second example is probably giving you an error like Warning: sprintf() [function.sprintf]: Too few arguments ..., yes?).

    http://us3.php.net/manual/en/function.sprintf.php

    try:
    PHP Code:
    // this assumes you have already defined the variables $username, $password, $email

    $preparedStatement "
       UPDATE login (username, password, email) 
       VALUES ('%s','%s','%s') 
       WHERE token LIKE '
    $token' AND PayerID LIKE '$PayerID'";

    $sql sprintf($preparedStatement$username$password$email);

    // you also had a typo in your SQL statement -should be VALUES (corrected above), not VALUE 
    Last edited by traq; 07-14-2011 at 05:55 AM.
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  3. #3
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    thank you for responding. i should have been more clear from the beginning
    the sql query is inside a function
    Code:
    function registerNewUser($username, $password, $password2, $email){
    
     if (!valid_username($username) || !valid_password($password) || 
            	!valid_email($email) || $password != $password2 || user_exists($username))
        {
            return false;
        }
    
        $sql = sprintf("UPDATE login (username,password,email) 
        				VALUES ('%s','%s','%s') 
        				WHERE token LIKE '$token' AND PayerID LIKE '$PayerID' ",
            mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
    		, mysql_real_escape_string($email)
    		
    }
    and these variables are being passed in $username, $password, $password2, $email

    the function was working before then something happened where these variables seem unresponsive
    '%s','%s','%s'
    Last edited by ggalan; 07-14-2011 at 07:24 PM.

  4. #4
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    yup im getting errors when i try to print. i separated the sql query but still getting errors

    Code:
     $format = '%s %s %s';
    printf($format);
    
    Warning: printf() [function.printf]: Too few arguments in

    re: getting closer with this
    Code:
    $format = '%s %s %s %s';
    	printf($format,$username, $password, $password2, mysql_real_escape_string($email) );
    Last edited by ggalan; 07-14-2011 at 08:18 PM.

  5. #5
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by ggalan View Post
    the function was working before then something happened where these variables seem unresponsive
    '%s','%s','%s'
    well, in your first example, you were actually using variables - sprintf() wasn't making any changes to your string at all. When you added the references, there weren't any values being passed in as arguments. I'd recommend separating everything out, so it's easier to read. You had some syntax errors in your last example, as well:
    PHP Code:
    function registerNewUser($username$password$password2$email){

     if (!
    valid_username($username
       || !
    valid_password($password
       || !
    valid_email($email
       || 
    $password != $password2 
       
    || user_exists($username)
    ){
       return 
    false;
    }

    $prepstatement "
       UPDATE login (username,password,email) 
       VALUES ('%s','%s','%s') 
       WHERE token LIKE '
    $token' AND PayerID LIKE '$PayerID' ";
    // there is no $token or $PayerID defined in your function !!

    $user mysql_real_escape_string($username);
    $hash mysql_real_escape_string(sha1($password $seed));
    // there is no $seed defined in your function !!

    $Email mysql_real_escape_string($email);

    $sql sprintf($prepstatement$user$hash$Email);

    // ...and then nothing happens.  
    //  are you returning $sql for use in another function?
    //  is there more to this function than what you've shown?
            

    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  6. The Following User Says Thank You to traq For This Useful Post:

    ggalan (07-14-2011)

  7. #6
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    all of the variables are outputing correct values. when i use the commented out SQL query it works but then i have issues elsewhere so i want to use the top version. originally i thought it was my sql syntax but it looks fine

    below there is this "if (mysql_query($sql))"

    and it echo's '2' , bypassing mysql_query
    Code:
    function registerNewUser($username, $password, $password2, $email)//register.php
    {
        global $seed, $token, $PayerID;
      	
        //$format = '%s %s %s %s';
    	//printf($format,$username, $password, $password2, mysql_real_escape_string($email) );
    	//echo mysql_real_escape_string(sha1($password . $seed));
    	//echo $token . " & " . $PayerID;
    	
        if (!valid_username($username) || !valid_password($password) || 
            	!valid_email($email) || $password != $password2 || user_exists($username))
        {
            return false;
        }
     
     
       // $code = generate_code(20);
       $queryy = "UPDATE login (username,password,email) 
        		VALUES ('%s','%s','%s') 
        		WHERE token LIKE '$token' AND PayerID LIKE '$PayerID'";
    	$User = mysql_real_escape_string($username);
    	$Hash = mysql_real_escape_string(sha1($password . $seed));
    	$Email = mysql_real_escape_string($email);
       
    	$sql = sprintf($queryy, $User, $Hash, $Email);
    		
         //$SHA1 = SHA1($password);
         
     	/*  $sql = sprintf("UPDATE login SET 
     	 username='$username', 
     	 password='$SHA1', 
     	 email='$email' 
     	 WHERE PayerID LIKE '$PayerID' 
     	 AND token LIKE '$token' ",
            mysql_real_escape_string($username), mysql_real_escape_string(sha1($SHA1 . $seed))
    		, mysql_real_escape_string($email)
    		//, mysql_real_escape_string($code)
    		); */
     
        if (mysql_query($sql))
        {
          	$uid = $_SESSION['uid'];//review.php
          	
            if (sendActivationEmail($username, $password, $uid, $email, $PayerID ))//mail.functions.inc.php
            {
            	echo '0';
                return true;
            } else
            {
            	echo '1';
                return false;
            }
     
        } else
        {
        	echo '2';
            return false;
        }
        echo '3';
        return false;
     
    }

  8. #7
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    seperating it out and doing this worked
    Code:
    $User = mysql_real_escape_string($username);
    $Hash = mysql_real_escape_string(sha1($password . $seed));
    $Email = mysql_real_escape_string($email);
    		
    $sql = sprintf("UPDATE login SET 
     	 username='$User', 
     	 password='$Hash', 
     	 email='$Email' 
     	 WHERE PayerID LIKE '$PayerID' 
     	 AND token LIKE '$token' ");

  9. #8
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by ggalan View Post
    seperating it out and doing this worked
    Code:
    $User = mysql_real_escape_string($username);
    $Hash = mysql_real_escape_string(sha1($password . $seed));
    $Email = mysql_real_escape_string($email);
    		
    $sql = sprintf("UPDATE login SET 
     	 username='$User', 
     	 password='$Hash', 
     	 email='$Email' 
     	 WHERE PayerID LIKE '$PayerID' 
     	 AND token LIKE '$token' ");
    Yes, it would give you the desired output.

    _however_, be aware that your sprintf() function is doing nothing at all.
    PHP Code:
    // this
    $sql sprintf("UPDATE login SET 
          username='
    $User', 
          password='
    $Hash', 
          email='
    $Email
          WHERE PayerID LIKE '
    $PayerID
          AND token LIKE '
    $token' ");
    // and this
    $sql "UPDATE login SET 
          username='
    $User', 
          password='
    $Hash', 
          email='
    $Email
          WHERE PayerID LIKE '
    $PayerID
          AND token LIKE '
    $token' ";
    // give _exactly_identical_ results.
    // in the above form, sprintf() will _never_ affect any changes to your string. 
    You have no references and no arguments in your sprintf() call. It returns the string you gave it, completely unaltered. There is no point in doing this. It is actually wasting processing resources by calling and running a function that has no effect, and never will have any effect, whatsoever.

    It's fine if you want to use $variables instead of %references. But if that's the case, just assign the value to $sql directly (as in the second form I show here), without calling sprintf().
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  10. #9
    Join Date
    Jan 2008
    Posts
    441
    Thanks
    67
    Thanked 4 Times in 4 Posts

    Default

    You have no references and no arguments in your sprintf() call. It returns the string you gave it, completely unaltered. There is no point in doing this. It is actually wasting processing resources by calling and running a function that has no effect, and never will have any effect, whatsoever.
    yes, very good point!
    im still puzzled why the %references stopped working

  11. #10
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    basic test: try this and see what you get. (it works as expected for me.)
    PHP Code:
    $prepstatement "UPDATE login (username,password,email) VALUES ('%s','%s','%s')"

    $user mysql_real_escape_string('test user'); 
    $hash sha1('testPass');
    $email mysql_real_escape_string('testuser@example.com'); 

    $sql sprintf($prepstatement$user$hash$email); 

    print 
    $sql;
    // should output:
    // "UPDATE login (username,password,email) VALUES ('test user','9a23b6d49aa244b7b0db52949c0932c365ec8191','testuser@example.com')" 
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •