Inserting time stamp broke my database:

[J450n]

I have a MySQL DB and everything is working perfectly.  I wanted to expand it with a time stamp entry.  I added all the required code and now cannot update the UPDATE querywhen exiting my app.

I deleted all the code associated with the time stamp and everything works as expected.

Is there something I do not know about time stamps?  I have used it before with C# .net with no issues at all.

I'm not a pro PHP guy and have no clue why it would break the UPDATE query.

[mac_gyver]

34 minutes ago, J450n said:

and have no clue why it would break the UPDATE query.

neither do we since we cannot see the problematic code from where we are sitting.

[J450n]

I deleted it as it didn't work.  I should have just commented it out but I was pissed.

$timeStamp = $_POST["timeStamp"];

$updatequery = "UPDATE userData SET timeStamp= " . $timeStamp. " WHERE GUID = '" . $LoggedIn_guid . "';";

In the database I had that row set to varchar  not TimeStamp.

[Barand]

A time stamp (eg 2019-12-15 19:02:00) is a string value and should therefore be inside single quotes in your query.

(This would be the same in C# as it is purely SQL related, not C# or PHP).

You should (in either language) be using prepared queries and not embedding variables in the query. For example (using PDO)

$stmt = $conn->prepare("UPDATE userData SET timestamp = ? WHERE GUID = ?")
$stmt->execute([ $timeStamp, $LoggedIn_guid ]);

 

[J450n]

Is that to stop the sql injections?

[Barand]

Mainly, but it also saves having to escape string data too (For example, if you were trying to add "O'Reilly" as a name value.

[J450n]

Oh I see.  Thank you.  Now I'll know how to fix that problem when I hit it..lol