0

I'm trying to debug a table update and struggling for the next idea. I extract values from an XML and attempt to update columns with them (row matched on an id).

if ($r2 != false)

Is reached suggesting it doesn't fail but no data is updated. If I run the same query in phpmyadmin it will update no problem. Before each update (because of this issue) I query the db & find the row successfully. I also tried explicitly casting the XML results to (float) as the columns are decimal but no luck :( Larger code example below:

$home_lay = 99.99;
    $draw_lay = 99.99;
    $away_lay = 99.99;
    if(count($home) > 0) { 
        $home_lay = $home[0]["decimal"];
    }
    if(count($draw) > 0) { 
        $draw_lay = $draw[0]["decimal"];
    }
    if(count($away) > 0) { 
        $away_lay = $away[0]["decimal"];
    }
    $q3 = "SELECT * FROM tab4 where match_id = " . $matchid;
      $r3 = mysqli_query($dbc, $q);

      if (mysqli_num_rows($r3) > 0) { 
          echo 'THIS ROW EXISTS <br />';
      } else {
          echo 'NO ROW!!!! <br />';
      }

    $q2 = 'update tab4 set smark_home = '.$home_lay. ' , smark_draw ='. $draw_lay .' , smark_away ='. $away_lay .' 
                where match_id='. $matchid; 
    $r2 = mysqli_query($dbc, $q);
        if ($r2 != false) {
            echo "Odds updated <br />";

I've been echoing at it goes (cut from code) with output like the following:

match id: 755094
home: 3.90
draw: 3.50
away: 2.38
THIS ROW EXISTS
update tab4 set smark_home = 3.90 , smark_draw =3.50 , smark_away =2.38 where match_id=755094

Edit: Following a now deleted comment I just tried doing a prepared statement with this correct answer example: PHP UPDATE prepared statement with 'dddi' but still no error or update

Community
  • 1
  • 1
Dird
  • 39
  • 5
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Aug 24 '16 at 20:17
  • Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of yuor script. This will force any `mysqli_` errors to generate an Exception that you cannot miss or ignore. – RiggsFolly Aug 24 '16 at 20:24
  • Are any of those columns in the UPDATE text values? – RiggsFolly Aug 24 '16 at 20:28
  • Presumably mysqli_report wouldn't have thrown an error in this case as I was running the wrong query (but still a valid operation) – Dird Aug 24 '16 at 21:02

1 Answers1

0

FML. 

$q2 = "update";
$r2 = mysqli_query($dbc, $q); // not $q2!

Damn tard. Thanks for the suggestions, I will be using prepared statements now assuming it will work

Dird
  • 39
  • 5