-2

The majority of this code works just fine, the database get updated when I click on the button, but the last query (the UPDATE one) doesn't execute for some reason. I tried turning on mysql log on phpmyadmin, but even there it's not executed. It doesn't show me any error, and I really don't know what could be wrong. 

$query = "SELECT username, coins FROM users WHERE userid='$userid' LIMIT 1";
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
$_SESSION['username'] = $user['username'];
$_SESSION['coins'] = $user['coins'];

$op = $user['username'];
$op = mysqli_real_escape_string($forumdb, $op);
$postcontent = $_POST['postcontent'];
$postcontent = mysqli_real_escape_string($forumdb, $postcontent);
$posttitle = $_POST['posttitle'];
$posttitle = mysqli_real_escape_string($forumdb, $posttitle);
$sectionid = $_GET['sectionid'];
$sectionid = mysqli_real_escape_string($forumdb, $sectionid);

$query = "INSERT INTO topic (section_id, name, replies, op, lastpost, lastuserid, views, sticked) values('$sectionid', '$posttitle', '0','$op', CURRENT_TIMESTAMP(),'$userid', '0', '0')";
$result = mysqli_query($forumdb, $query) or trigger_error("Query Failed! SQL: $query - Error: ".mysqli_error($forumdb), E_USER_ERROR);

$last_id = mysqli_insert_id($forumdb);

$query = "INSERT INTO posts (topic_id, content, user_id) values('$last_id', '$postcontent', '$userid')";
mysqli_query($forumdb, $query);

$query = "UPDATE section SET lastpost='$username', threads=threads+1, posts=posts+1 WHERE id='$sectionid'";
mysqli_query($forumdb, $query) or trigger_error("Query Failed! SQL: $query - Error: ".mysqli_error($forumdb), E_USER_ERROR);
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Marius Bauld
  • 11
  • 5
  • You are always updating the same section record with id=1? – maxhb Sep 01 '18 at 20:00
  • No, It's just that I was so frustrated that I tried inserting values manually in order to get if that was a typo or what. I updated it though – Marius Bauld Sep 01 '18 at 20:01
  • never seen this before: threads=threads+1, posts=posts+1, if you need to increment the value of a column you must do it using php in this case. You can try to echo your query, and try to execute it in db and see the error result. – Sigma Sep 01 '18 at 20:08
  • https://www.tech-recipes.com/rx/2139/mysql_increment_an_exisitng_value/ I am not 100% sure about that, but I think I had used it before, and it worked EDIT: I tried executing it chaging $username to a random name, and it actually worked – Marius Bauld Sep 01 '18 at 20:11
  • Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any mysqli_ errors to generate an Exception that you can see on the browser as well as normal PHP errors. – RiggsFolly Sep 01 '18 at 20:16
  • Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Sep 01 '18 at 20:16
  • Yeah I knew about SQL Injection vulnerability, I was just throwing down a sketch this way, since I find it more immediate. I tried adding those lines to the php file and doesn't log anything anyway – Marius Bauld Sep 01 '18 at 20:20
  • The `$username` variable is undefined. – Pieter De Clercq Sep 01 '18 at 20:35
  • It is defined, even if I manually write a string like lastpost='luigi' it doesn't work – Marius Bauld Sep 01 '18 at 20:38

2 Answers2

0

It would have been helpful if you explained what "doesn't execute for some reason" means.

Either you get an error indicating that the SQL was invalid at runtime or the execution continued and no data was changed.

Without knowing what the error was, we can't advise what would have caused an error. If execution continued, but the record was not (obviously) updated, then it must be because the WHERE clause of the update statement did not match any rows. You could verify this by checking mysqli_affected_rows().

The queries you have run previously wil be in the mysql general log. You might want to echo the SQL statement to the output and check that it is populated as you expect

symcbean
  • 47,736
  • 6
  • 59
  • 94
  • It doesn't show any error, it keeps executing, but it doesn't change any row. I tried inserting the same exact code directly on phpmyadmin, and it works, so it's not either a problem regarding the WHERE clause – Marius Bauld Sep 01 '18 at 20:40
0

You can use the following to solve your problem:

"UPDATE `section` SET `lastpost`='$username', `threads`=threads+1, `posts`=posts+1 WHERE `id`='$sectioni
Grant Miller
  • 27,532
  • 16
  • 147
  • 165
BadPiggie
  • 5,471
  • 1
  • 14
  • 28