#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2

    PHP MySQL Update Not Working


    PHP Code:
    $queryUpdate mysql_query("UPDATE servers SET serverStatus='1', serverMessage='$serverMOTD', serverPlayersOnline='$serverPOnline', serverPlayersTotal='$serverMPlayers'") or die(mysql_error()); 

    $serverMOTD $stats->motd
    $serverPOnline $stats->online_players
    $serverMPlayers $stats->max_players
    When I use this, my rows in the database are not being updated. Well, there is one and it is serverStatus. I really think there is something wrong with using variables ($serverMPlayers).

    I am not sure on what to do. Any help is greatly appreciated.
    Thanks,
    TJ
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,183
    Rep Power
    9398
    You're trying to use the variables before you've actually given them values.
  4. #3
  5. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    apart from that, you need to work on the security of your code:

    Do not insert raw values into query strings.
    Do not display internal error messages.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Thanks for the replies. But right now security isn't that important as I am going to rewrite my code later. I put my variables before the query and it still doesn't work.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by tjswebdev
    But right now security isn't that important as I am going to rewrite my code later.
    ... famous last words.

    No, seriously: This isn't "only" about security. Inserting unescaped variables is technically wrong, because the whole thing will blow up with a syntax error as soon your variables happen to contain special characters like quotes, slashes, hyphens etc. If your query doesn't do anything at all, this "tiny security issue" could very well be the reason.

    So don't even start with sloppy programming. Make it right from the beginning. This includes replacing the ancient mysql_ functions with one of the contemporary extensions.



    Originally Posted by tjswebdev
    I put my variables before the query and it still doesn't work.
    "Doesn't work" doesn't tell us anything. What exactly happens? What's the content of the variables?
    PHP Code:
    var_dump($serverMOTD);  
    var_dump($serverPOnline);  
    var_dump($serverMPlayers); 
    Last edited by Jacques1; February 10th, 2013 at 07:47 AM.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Originally Posted by Jacques1
    ... famous last words.

    No, seriously: This isn't "only" about security. Inserting unescaped variables is technically wrong, because the whole thing will blow up with a syntax error as soon your variables happen to contain special characters like quotes, slashes, hyphens etc. If your query doesn't do anything at all, this "tiny security issue" could very well be the reason.

    So don't even start with sloppy programming. Make it right from the beginning. This includes replacing the ancient mysql_ functions with one of the contemporary extensions.
    "Doesn't work" doesn't tell us anything. What exactly happens? What's the content of the variables?
    PHP Code:
    var_dump($serverMOTD);  
    var_dump($serverPOnline);  
    var_dump($serverMPlayers); 

    Oh. PHP is such an involving code. I'm pretty intermediate to it but this project I am doing paused me here. I'm only 16.5 so college isn't really an option at this time, so I'm stuck to reason books, tutorials, and YouTube videos. I also communicate with a few people that have been to college, but finding them is a hit an miss operation.

    So enough chit-chat, I was seeing the var dump.

    So is this code here correct?
    PHP Code:
    $serverMOTD $stats->motd;  
    $serverPOnline $stats->online_players;  
    $serverMPlayers $stats->max_players
    These var dumps:
    PHP Code:
    var_dump($serverMOTD);  
    var_dump($serverPOnline);  
    var_dump($serverMPlayers); 
    Should those vars be put into the main query? Instead of having just $serverMOTD

    Thanks,
    And sorry from any headaches!
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Alright. Amazing discovery - lol. I put the following in the body and I finally got it working - well somewhat.
    PHP Code:
    <?php
    var_dump
    ($serverMOTD);
    var_dump($serverPOnline);
    var_dump($serverMPlayers);
    ?>
    So, I'm not sure why but only the last server is being ran through this and it updates ALL servers in the database. Not really sure why. But here is my code:

    PHP Code:
    foreach(array('Server''Stats') as $file) {
        include 
    sprintf('../MCServerStatus/Minecraft/%s.php'$file);
    }

    // I have my connection code here, but I excluded it.

    $query mysql_query("SELECT * FROM servers") or die(mysql_error());
    $servers = array(); 
    while(
    $row mysql_fetch_assoc($query)) { 
     
    array_push($servers"{$row['serverIP']}"); 


    foreach(
    $servers as $server) {
        
    $stats = \Minecraft\Stats::retrieve(new \Minecraft\Server($server));
        if(
    $stats->is_online){
            
    $serverMOTD $stats->motd;
            
    $server;
            
    $serverPOnline $stats->online_players;
            
    $serverMPlayers $stats->max_players;
        } else {
            
    $serverMOTD offline;
            
    $server;
            
    $serverPOnline offline;
            
    $serverMPlayers offline;
        }
    }

    $queryUpdate mysql_query("UPDATE servers SET serverStatus='1', serverMessage='$serverMOTD', serverPlayersOnline='$serverPOnline', serverPlayersTotal='$serverMPlayers'") or die(mysql_error()); 
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by tjswebdev
    I put the following in the body and I finally got it working - well somewhat.
    PHP Code:
    <?php
    var_dump
    ($serverMOTD);
    var_dump($serverPOnline);
    var_dump($serverMPlayers);
    ?>
    That's not possible. The var_dump()s were supposed to tell us the content of the variables. That's all they do.

    Please put the var_dump()s after the
    PHP Code:
    foreach($servers as $server) {
        ...

    and post the output here.

    You should also turn on your error messages and fix the syntax errors with the unquoted "offline" string:
    PHP Code:
    $serverMOTD offline
    And what is the line
    PHP Code:
    $server
    supposed to do? An expression alone doesn't do anything, it's just evaluated and then discarded.



    Originally Posted by tjswebdev
    So, I'm not sure why but only the last server is being ran through this and it updates ALL servers in the database. Not really sure why.
    As long as you don't have a condition in your UPDATE query, the query will indeed update every single row in the table. That's how SQL works. If you only want to update certain rows, you need to actually specify them with a WHERE clause:
    http://dev.mysql.com/doc/refman/5.5/en/update.html
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Originally Posted by Jacques1
    That's not possible. The var_dump()s were supposed to tell us the content of the variables. That's all they do.

    Please put the var_dump()s after the
    PHP Code:
    foreach($servers as $server) {
        ...

    and post the output here.

    You should also turn on your error messages and fix the syntax errors with the unquoted "offline" string:
    PHP Code:
    $serverMOTD offline
    And what is the line
    PHP Code:
    $server
    supposed to do? An expression alone doesn't do anything, it's just evaluated and then discarded.





    As long as you don't have a condition in your UPDATE query, the query will indeed update every single row in the table. That's how SQL works. If you only want to update certain rows, you need to actually specify them with a WHERE clause:
    http://dev.mysql.com/doc/refman/5.5/en/update.html
    I want to let you know I have got the script working. I want to thank you for your help. Do you want to know what I did?
  18. #10
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by tjswebdev
    Do you want to know what I did?
    Sure.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Originally Posted by Jacques1
    Sure.
    All I had to do was copy the line to both.

    PHP Code:
    foreach($servers as $server) {
        
    $stats = \Minecraft\Stats::retrieve(new \Minecraft\Server($server));
        if(
    $stats->is_online){
            
    $serverStatus 1;
            
    $serverMOTD $stats->motd;
            
    $server;
            
    $serverPOnline $stats->online_players;
            
    $serverMPlayers $stats->max_players;
            
    $serverVersion $stats->game_version;
            
    $queryUpdate mysql_query("UPDATE servers SET serverStatus='$serverStatus', serverMessage='$serverMOTD', serverPlayersOnline='$serverPOnline', serverPlayersTotal='$serverMPlayers', serverVersion='$serverVersion' WHERE serverIP='$server'") or die(mysql_error());
        } else {
            
    $serverStatus 0;
            
    $serverMOTD '?';
            
    $server;
            
    $serverPOnline '?';
            
    $serverMPlayers '?';
            
    $serverVersion '?';
            
    $queryUpdate mysql_query("UPDATE servers SET serverStatus='$serverStatus', serverMessage='$serverMOTD', serverPlayersOnline='$serverPOnline', serverPlayersTotal='$serverMPlayers', serverVersion='$serverVersion' WHERE serverIP='$server'") or die(mysql_error());
        }


IMN logo majestic logo threadwatch logo seochat tools logo