[PHP-DB] Verifying syntax executed correctly

2006-10-17 Thread Ron Piggott (PHP) 

If I give this command through PHP to mySQL

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( Unable to select database);
$query = UPDATE `table` SET `last_activity_field` = '$current_date'
WHERE `reference` = '$account_reference' LIMIT 1;;
mysql_query($query);
mysql_close();

is there a way to know if it executed successfully?

Ron

Re: [PHP-DB] Verifying syntax executed correctly

2006-10-17 Thread Chris 

Ron Piggott (PHP) wrote:

If I give this command through PHP to mySQL

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( Unable to select database);
$query = UPDATE `table` SET `last_activity_field` = '$current_date'
WHERE `reference` = '$account_reference' LIMIT 1;;
mysql_query($query);
mysql_close();

is there a way to know if it executed successfully?


Two ways.

Firstly:

$result = mysql_query($query);
if (!$result) {
  echo Bad Query or something!:  . mysql_error() . br/;
}

will tell you quickly whether the query worked at all.

Secondly php.net/mysql_affected_rows will tell you how many rows that 
query changed.


Lastly I hope that's just an example otherwise you will have problems 
with sql injection.


You can either validate your data before (ie make sure current_date only 
contains what you expect) or change


$query = UPDATE `table` SET `last_activity_field` = '$current_date'
WHERE `reference` = '$account_reference' LIMIT 1;;

to use either mysql_escape_string or mysql_real_escape_string:

$query = UPDATE `table` SET `last_activity_field` = ' . 
mysql_escape_string($current_date) . '
WHERE `reference` = ' . mysql_escape_string($account_reference) . ' 
LIMIT 1;;


Depending on which version of php you have (RTM).

--
Postgresql  php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Verifying syntax executed correctly

2006-10-17 Thread Niel Archer 
Hi

All of the MySQL functions you used, return FALSE on failure.

Niel

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] Verifying syntax executed correctly

2006-10-17 Thread Bastien Koert 


mysql_query($query) or die(mysql_error);

will give an error and stop the script if there is an issue, this also can 
work for the mysql_select_db


bastien


From: Ron Piggott (PHP) [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: PHP DB php-db@lists.php.net
Subject: [PHP-DB] Verifying syntax executed correctly
Date: Tue, 17 Oct 2006 22:35:28 -0400


If I give this command through PHP to mySQL

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( Unable to select database);
$query = UPDATE `table` SET `last_activity_field` = '$current_date'
WHERE `reference` = '$account_reference' LIMIT 1;;
mysql_query($query);
mysql_close();

is there a way to know if it executed successfully?

Ron


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php