CODEWITHSUNDEEP
phpsql-server-2008odbc
JustJeffy
JustJeffy

Reputation: 97

Cant track error cause in PHP page updating a MS SQL database

Simple PHP page (I'm no PHP expert, just learning) to update a MS SQL database. The following code generates an error that I dont know how to solve.

    include '/connections/SFU.php';
$query = "UPDATE Person SET PhotoURL = '".$file["name"]."' WHERE USERID='".$_REQUEST['user_id']."';";
if ($result =  odbc_exec($dbconnect, $query)) {
    echo "// Success!";
}
else {
    echo "// Failure!";
}
odbc_close($dbconnect);
//End Update

This fails every time in the "if ($result ..." section

However, if I run virtually the same code 

    include '/connections/SFU.php';
$query = "UPDATE Person SET PhotoURL = '89990.jpg' WHERE USERID='80'";
if ($result =  odbc_exec($dbconnect, $query)) {
// Success!
}
else {
// Failure!
} 
odbc_close($dbconnect);
//End Update

It works just fine. I have echoed the $query string to the screen and the string is the same for both. I can't figure out why it fails in one and not the other?

Also weird is when I use a parameterized query such as

include '/connections/SFU.php';
$query = "UPDATE dbo.Person SET PhotoURL=? WHERE USERID=?";
if ($res = odbc_prepare($dbconnect,$query)) {
    echo "Prepare Success";
} else {
    echo "Prepare Failed".odbc_errormsg();
}
$uid = $_REQUEST['user_id'];
$fn = $file["name"];
echo "query=".$query." userid=".$uid." filename=".$fn;  
if ($result =  odbc_exec($res, array($fn, $uid))) {     
    echo "// Success!";
}
else {
    echo odbc_errormsg();
    echo "// Failure!";
}
odbc_close($dbconnect);

The query fails in the prepare section above, but fails in the odbc_exec section below:

include '/connections/SFU.php';
$query = "UPDATE Person SET PhotoURL=? WHERE USERID=?";
if ($res = odbc_prepare($dbconnect,$query)) {
    echo "Prepare Success";
} else {
    echo "Prepare Failed".odbc_errormsg();
}
$uid = "80";
$fn = "samplefile.jpg";
echo "query=".$query." userid=".$uid." filename=".$fn;  
if ($result =  odbc_exec($res, array($fn, $uid))) {     
    echo "// Success!";
}
else {
    echo odbc_errormsg();
    echo "// Failure!";
}
odbc_close($dbconnect);

In all cases I do not get any odbc_errormsg ().

Upvotes: 0

Views: 216

Answers (1)

Rikesh
Rikesh

Reputation: 26431

Remove the extra ; from your query.

$query = "UPDATE Person SET PhotoURL = '".$file["name"]."' WHERE
          USERID='".$_REQUEST['user_id']."';";
                                           ^

So your query should be,

$query = "UPDATE Person SET PhotoURL = '".$file["name"]."' WHERE
          USERID='".$_REQUEST['user_id'];

Also have practice of using odbc_errormsg() so you can have a better idea why your query gets failed.

Warning: Your code is vulnerable to sql injection attacks!

Upvotes: 1

Related Questions