Two Queries in one PHP

Question

I have a php file called on POST from my android app. Currently I have a query that inserts post values to my violator table. And two of that values are officer name and reference . Now What I want to do is also run another query that will update the reference on my user_tbl where officer_name = oname. Officer_name is the column from the user_tbl and oname is the posted variable name. How or in what way can I achieve that?

Here is the php code.

<?php
$user_name = "dodolp"; 
$password = "dodolp";
$server = "localhost";
$db_name = "TMTRO";

$con = mysqli_connect($server,$user_name,$password,$db_name);
if ($con){

$Name = $_POST['name'];
$LName = $_POST['lname'];
$LNumber = $_POST['lnumber'];
$Violation = $_POST['violation'];
$Aplace = $_POST['aplace'];
$Address = $_POST['address'];
$PNumber = $_POST['pnumber'];
$OName = $_POST['oname'];
    $RNumber = (int) $_POST['rnumber'];
$DTime = $_POST['dtime'];
$query = "insert into violators (name,lname,lnumber,violation,aplace,address,pnumber,oname,reference,datetime) values ('".$Name."','".$LName."','".$LNumber."','".$Violation."','".$Aplace."','".$Address."','".$PNumber."','".$OName."','".$RNumber."','".$DTime."');";
    $sql = "UPDATE into user_tbl SET reference = '$RNumber' WHERE officer_name = '$OName'";
$result = mysqli_query ($con, $query);



if ($result)
{

    $status = 'OK';


}
else 
{
    $status = 'FAILED';
}

}

else { $status = 'FAILED'; }

echo json_encode(array("response"=>$status));

mysqli_close($con);

?>

_Can we please focus on my question and not on telling me it's a vulnerable to SQL Injections_ You guys will never learn how seriously this issue is — B001ᛦ, Sep 19 '17 at 14:48
^ And frankly, it also eliminates a whole host of quoting issues. When you'll never have to worry about escaping data again, why **wouldn't** you parameterize your queries? — aynber, Sep 19 '17 at 14:50
I am in the process of learning. I am very sorry. But I have tried adding `$result = mysqli_query ($con, $sql);` but not working. — ekkosky17, Sep 19 '17 at 15:12
If you don't have time to do it right the first time, when will you find the time to add it later? I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. — Jay Blanchard, Sep 19 '17 at 18:17

caryarit ferrer · Answer 1 · 2017-09-20T06:29:55.500

0

You need to run both queries like this:

$query = "insert into violators (name,lname,lnumber,violation,aplace,address,pnumber,oname,reference,datetime) values ('".$Name."','".$LName."','".$LNumber."','".$Violation."','".$Aplace."','".$Address."','".$PNumber."','".$OName."','".$RNumber."','".$DTime."');";
 $result = mysqli_query ($con, $query);    
$sql = "UPDATE user_tbl SET reference = '$RNumber' WHERE officer_name = '$OName'";
$result = mysqli_query ($con, $sql);

edited Sep 20 '17 at 06:29

answered Sep 19 '17 at 14:50

caryarit ferrer

326
3
12

3

Nooo.. Update "INTO" ? – Mr Pro Pop Sep 19 '17 at 15:28

Two Queries in one PHP

1 Answers1