Check if SQL statement actually ran

Question

I am posting this in order to see if someone could help me to solve this little problem. Right now I have this code:

visible $sqlUpdate = "UPDATE user.user SET level='1' WHERE id='".$_GET['char']."' AND level >249 AND power>0 LIMIT 1";

What I want to do is that if the query actually runs, print Correct, otherwise, Error.

What I tried:

visible       $sqlUpdate = "UPDATE user.user SET level='1' WHERE id='".$_GET['char']."' AND level >249 AND power>0 LIMIT 1";
              $updatePos = mysql_query($sqlUpdate);
              if($sqlUpdate==1) {

              }
              else { echo'<p class="as">Correct.</p>'; }

            }
            else {
              echo'<p class="as">Error .</p>';
            }

But that does not work.

What does `visible` do? I haven't come across that before. – Asad Saeeduddin Mar 21 '13 at 07:00 — Asad Saeeduddin, Mar 21 '13 at 07:00
Shouldn't you be checking `$updatePos`? – hjpotter92 Mar 21 '13 at 07:00 — hjpotter92, Mar 21 '13 at 07:00
Your script is probably vulnerable to SQL injection. – Gumbo Mar 21 '13 at 07:02 — Gumbo, Mar 21 '13 at 07:02

score 1 · Answer 1 · edited May 23 '17 at 12:11

use mysql_affected_rows() which returns the number of affected rows on success, and -1 if the last query failed.

$chrVal = $_GET['char'];
$sqlUpdate = "UPDATE user SET level = '1' WHERE id = '$chrVal' AND level > 249 AND power > 0 LIMIT 1";
$updatePos = mysql_query($sqlUpdate);
if(mysql_affected_rows() >= 1) 
{ 
    echo'<p class="as">Correct.</p>';
}
else
{
    echo'<p class="as">Error .</p>';
}

mysql_affected_rows()

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

Dino Babu · Answer 2 · 2013-03-21T07:08:03.057

if you want to know whether row updated or not. try mysql_affected_rows()

mysql_affected_rows()

$char = mysql_escape_string($_GET['char']);
$sqlUpdate = "UPDATE user.user SET level='1' WHERE id='" . $char . "' AND level >249 AND power>0 LIMIT 1";
$updatePos = mysql_query($sqlUpdate);
$affRows = mysql_affected_rows();
if ($affRows) {
  echo'<p class="as">Correct.</p>';
} else {
  echo'<p class="as">Error .</p>';
}

also use mysql_escape_string to avoid sql injections :)

score 1 · Answer 3 · answered Mar 21 '13 at 07:10

1

If condition should check the $updatePos. If it comes out to be true then it is correct else it will give you error.

you can check an example from here: http://php.net/manual/en/function.mysql-query.php

answered Mar 21 '13 at 07:10

gusainhimanshu

157
1
11

score 0 · Answer 4 · answered Mar 21 '13 at 07:03

change your variable name $sqlUpdate to $updatePos

$sqlUpdate = "UPDATE user.user SET level='1' WHERE id='".$_GET['char']."' AND level >249 AND power>0 LIMIT 1";
                  $updatePos = mysql_query($sqlUpdate);
                  if($updatePos==1) {

                  }
                  else { echo'<p class="as">Correct.</p>'; }

                }
                else {
                  echo'<p class="as">Error .</p>';
                }

score 0 · Answer 5 · answered Mar 21 '13 at 07:07

0

I use the following.

 if( $updatePos = mysql_query($sqlUpdate))
 {
 echo'<p class="as">Correct.</p>';     
 }
 else
 {
 echo'<p class="as">Error.</p>';     
 }

if the query is wrong, it will return error.

answered Mar 21 '13 at 07:07

Eng. M

48
5

score 0 · Answer 6 · answered Mar 21 '13 at 07:08

try this:

$sqlUpdate = "UPDATE user.user SET level='1' WHERE id='".$_GET['char']."' AND level >249 AND power>0 LIMIT 1";
              $updatePos = mysql_query($sqlUpdate);
              if($updatePos==1) {

              }
              else { echo'<p class="as">Correct.</p>'; }

            }
            else {
              echo'<p class="as">Error .</p>';
            }

You can also check it mysql_num_rows();

Like this

Check if SQL statement actually ran

6 Answers6