| Author |
Thread Statistics | Show CCP posts - 0 post(s) |

Manhim
Cyan Ventures
2
|
Posted - 2013.07.11 01:40:00 -
[1] - Quote
UPDATE tb1 SET row1 = row9 |

Manhim
Cyan Ventures
2
|
Posted - 2013.07.11 01:52:00 -
[2] - Quote
You add the columns and then update it.
ALTER TABLE tb1 ADD row9 VARCHAR(60); UPDATE tb1 SET row1 = row9; |

Manhim
Cyan Ventures
2
|
Posted - 2013.07.11 02:40:00 -
[3] - Quote
UPDATE tb1, tb2 SET tb1.field1 = tb2.field9 WHERE tb1.field2 = tb2.field2; |

Manhim
Cyan Ventures
2
|
Posted - 2013.07.11 07:54:00 -
[4] - Quote
Ok, first think I noticed, mysql_connect and al are deprecated, you should avoid using this method to connect to a database as it will dissapear in the next PHP version. It is also slow and makes it too easy to create insecure queries (like yours).
You should start reading about PDO and prepared statements.
Your error: UPDATE members, walletJournal SET $isk = $isk + $amount WHERE $username = $ownerID1;
This is not good, you seem to be confusing the concept of variable and sql query. This is why I usually avoid using variables straight into a string. Here's a fix (not sure about the columns names, might want to double check):
mysql_query('UPDATE members, walletJournal SET member.isk = \'' . mysql_real_escape_string($isk + $amount) . '\' WHERE username = \' . mysql_real_escape_string($ownerID1) . \'') or die(mysql_error());
Using single quotes, you cannot but variable straight into the string like you can with double quotes. I've pretty much always choosen this code style to make sure that everyone I work with doesn't put variables into a string which can cause confusions. The mysql_real_escape_string function is there to secure your inputs and to "make sure" that it won't screw the query ("make sure" is in quotations because it still can be screwed-up, just harder to do, prepared statements basically protect you from all potential screw-ups [with some small exceptions that should be fixed by now]). |

Manhim
Cyan Ventures
4
|
Posted - 2013.07.11 21:15:00 -
[5] - Quote
Also, please note that the code I provided is merely a fix to what I saw and I'm not even sure if it does the right thing. I'd need more specific information in order to help. |

Manhim
Cyan Ventures
4
|
Posted - 2013.07.12 03:08:00 -
[6] - Quote
This is a good site: http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/ |
| |
|