mysql - PHP UPDATE not updating -

mysql - PHP UPDATE not updating -

<?php $db = "db_name"; $host = 'db_host'; $username = "db_username"; $password = 'db_password'; $link = mysql_connect($host,$username,$password) or die("no se puede conectar"); @mysql_select_db($db) or die ("no se ha podido seleccionar la base of operations de datos"); $arr = array(); $usernameuser = $_get[username]; $consulta = mysql_query("update users (favorites,ratingsnumbers,ratingsnames) set ('$_get[favorites]','$_get[ratingsnumbers]','$_get[ratingsnames]') username='$usernameuser'"); ?>

when run this, nil happens. database values not alter supposed to.

any help appreciated, -nick

major edit:

<?php $dbhost = 'db_host'; $dbuser = 'db_user'; $dbpass = 'db_pass'; $conn = mysqli_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('could not connect: ' . mysqli_error()); } $favorites = ($_get[favorites]); $ratingsnumber = ($_get[ratingsnumbers]); $ratingsnames = ($_get[ratingsnames]); $name = ($_get[username]); $sql = "update users set favorites='$favorites', ratingsnumbers='$ratingsnumbers', ratingsnames='$ratingsnames' username='$name'"; mysqli_select_db($conn,'db_name'); $retval = mysqli_query( $conn, $sql ); if ( !$retval ){ die('could not connect: ' . mysqli_error()); } echo "file updated sucessfully"; mysqli_close($conn); ?>

this new code, which, while still not safe sql injections, testing moment, trying functionally work.

however, there weird issue still it. not update if $name variable has /r, /n or space in it, of need do.

does have advice on this?

ps: here code used activate php script.

+(void)sendusertosqltable { nsstring *favorites; nsstring *ratingsnumbers; nsstring *ratingsnames; favorites = [[[user favorites] allkeys] componentsjoinedbystring:@"\r\n"]; ratingsnumbers = [[[user ratings] allvalues] componentsjoinedbystring:@"\r\n"]; ratingsnames = [[[user ratings] allkeys] componentsjoinedbystring:@"\r\n"]; nsurl *url = [nsurl urlwithstring:[nsstring stringwithformat:@"http://appname.companyname.com/updateuserservice.php?username=%@&favorites=%@&ratingsnumbers=%@&ratingsnames=%@", [user username], favorites, ratingsnumbers, ratingsnames]]; nsdata *dataurl = [nsdata datawithcontentsofurl:url]; //nslog([nsstring stringwithformat:@"http://appname.companyname.com/updateuserservice.php?username=%@&favorites=%@&ratingsnumbers=%@&ratingsnames=%@", [user username], favorites, ratingsnumbers, ratingsnames]); nsstring *strresult = [[nsstring alloc] initwithdata:dataurl encoding:nsutf8stringencoding]; nslog(@"%@",strresult); }

editedit: found workaround @ least. leaving here future searchers.

$search = '~'; $replace = '\r\n'; $favorites = str_replace($search , $replace , $favorites);

putting in php file allows newline sql table.

the whole script rather insecure , prone errors.

never trust input user can manipulate or database open door.

additionally: "@mysql_select_db" hides error messages, in case made typo there..you never , think okay although not.

and lastly not least.. mysql_* functions deprecated of php5, might want http://de1.php.net/manual/en/book.mysqli.php

so seek this:

class="lang-php prettyprint-override">$mysqli = new mysqli($host,$username,$password,$db); if(!$mysqli->connect_errno){ die("couldn't connect database"); } $usernameuser = (empty($_get["username"])) ? "" : mysqli->real_escape_string($_get["username"]); $favorites = (empty($_get["favorites"])) ? "" : mysqli->real_escape_string($_get["favorites"]); $ratingsnumbers = (empty($_get["ratingsnumbers"])) ? "" : mysqli->real_escape_string($_get["ratingsnumbers"]); $ratingsnames = (empty($_get["ratingsnames"])) ? "" : mysqli->real_escape_string($_get["ratingsnames"]); if($result = $mysqli->query('update users (favorites,ratingsnumbers,ratingsnames) set ("'.$favorites.'","'.$ratingsnumbers.'","'.$ratingsnames.'") username="'.$usernameuser.'"'){ // whatever wanted /* free result set */ $result->close(); } $mysqli->close();

php mysql sql-update