Queueon Posted November 3, 2015 Share Posted November 3, 2015 Hi, I'm going crazy with the following issue. I kept it simple for you to understand it quickly. The URL: http://localhost/savescores.php?score=222 <?php $score = strip_tags(mysql_real_escape_string($_GET['score'])); ECHO "Test 1"; ECHO "<h1>Your score is " . $_GET["score"] . "</h1>"; //Working! ECHO "Test 2"; ECHO "<h1>Your score is $score</h1>"; //Not working! ?> So the first echo test is working but its gets the information in another way as you can see.I need the second test to work because then I will be able to write the variable back into a database using url vars on a later stage. When I change the var $score manually to e.g. $score = '222'. Then all is working fine. I need it to work with the use of the URL. Anyone who can help? Quote Link to comment Share on other sites More sharing options...
Psycho Posted November 3, 2015 Share Posted November 3, 2015 (edited) Have you connected to the database? If not, mysql_real_escape_string() will not work (But, you should not be using the mysql_ functions anymore anyways). My guess is that the function is failing and returning FALSE (The Boolean value, not the string). Try running this to verify what, exactly $score contains: var_dump($score); Edited November 3, 2015 by Psycho Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 3, 2015 Share Posted November 3, 2015 mysql_real_escape_string() requires a database connection to work. therefore, you are getting a null value in $score and should be getting several php error messages. so, three problems - 1) you need to have php's error_reporting set to E_ALL and display_errors set to ON in the php.ini on your development system so that php would help you by reporting and displaying all the errors that it detects. you will save a ton of time. 2) don't use any database escape string function until right before you put data into your sql query statement (it's actually better to use prepared queries anyways.) 3) the msyql_ functions are obsolete and will be removed from php soon. you need to learn using the PDO (the best choice) or the mysqli_ database functions so that what you are learning isn't already out of date. Quote Link to comment Share on other sites More sharing options...
Queueon Posted November 4, 2015 Author Share Posted November 4, 2015 Thanks for the answers. As you might have noticed I'm a newbie and didn't realise that GET needs a connection. However, in my original code I'm having the same issue. The DB is updated with nothing or an empty string. At least it is connected. <?php$servername = "localhost";$username = "username";$password = "password";$dbname = "dbname";// Create connection$conn = new mysqli($servername, $username, $password, $dbname);// Check connectionif ($conn->connect_error) {die("Connection failed: " . $conn->connect_error);} //$id = strip_tags(mysql_real_escape_string($_GET['id']));$score = strip_tags(mysql_real_escape_string($_GET['score']));$sql = "UPDATE users SET score_03='$score' WHERE id=2";if ($conn->query($sql) === TRUE) {echo "Record updated successfully";} else {echo "Error updating record: " . $conn->error;}$conn->close();?> I will take your suggestions in consideration and step back to learn more about PDO or mysqli. Thanks a lot. Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted November 4, 2015 Solution Share Posted November 4, 2015 (edited) As you might have noticed I'm a newbie and didn't realise that GET needs a connection. No, You misunderstood Psycho and mac_gyver replies please read them again. I'm having the same issue. The DB is updated with nothing or an empty string. At least it is connected. Yes you are connected to the DB using mysqli (mysql improved). But you are using mysql_real_escape_string function which is not compatible with MySQLi Improved. The mysql_ functions and mysqli_ functions (note the i after mysql) are not compatible with each other. The mysql improved equivalent is mysqli_real_escape_string (has an i after mysql). However reading your post score should only contain a number, then you should not be using mysqli_real_escape_string. This function is should only be used for escaping string values, such as a persons name, contents of a blog post etc. Not for numbers. What you should do is only insert the new score value if $_GET['score'] is in fact a number. // validate $_GET['score'] exists and consist of digits if(isset($_GET['score']) && ctype_digit($_GET['score'])) { // assign $_GET['score'] to $score and convert to an integer (whole number) $score = intval($_GET['score']); $sql = "UPDATE users SET score_03='$score' WHERE id=2"; if ($conn->query($sql) === TRUE) { echo "Record updated successfully"; } else { echo "Error updating record: " . $conn->error; } } else { echo "Submitted score is invalid"; } Edited November 4, 2015 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
Queueon Posted November 4, 2015 Author Share Posted November 4, 2015 Alright I tested your code and it's working exactly how I need it. In the meanwhile, for me this is still a real brain breaker and luckily for now I don't need much more code for my application (Construct 2). I think I would have been trying for another few weeks by myself. In the other hand, it's definitely interesting to know more about MySQL. Do you have a book or site as a reference for me to start reading from the beginning and not dive straight into it like I'm doing now? Many thanks Ch0cu3r, Psycho and Mc_gyver for your help. I'd need pay you a beer someday. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.