Reputation: 79
How to execute two queries in the same PHP code?
I'm new to PHP programming. I want to execute 2 queries at the same PHP code. The first query gave me expected results. But the second query seems to be not working. But it does not show me any error message. Can someone help me?
<?php
mysql_connect('localhost','root','');
mysql_select_db('health');
$query1="SELECT * FROM messages,doctor WHERE doctor.regNo=messages.regNo AND messages.ID='".$id."';";
$result1=mysql_query($query1) or die(mysql_error());
$row=mysql_fetch_array($result1);
echo '<table cellspacing="10">';
echo '<tr><td><b>From: </b></td><td>Dr. '.$row['firstName'].' '.$row['lastName'].'</td></tr>';
echo '<tr><td><b>Category: </b></td><td>'.$row['category'].'</td></tr>';
echo '</table>';
echo '<p style="padding-left:13px;">'.$row['reply'].'</p>';
echo '</br><b style="padding-left:13px;">Your question</b></br>';
echo '<p style="padding-left:13px;">'.$row['question'].'</p>';
$query2="UPDATE health.messages SET read='Y' WHERE messages.ID='".$id."';";
$result2=mysql_query($query2);
mysql_close();
?>
Upvotes: 0
Views: 542
Answers (2)
Reputation: 74217
Yes, it gave me an error. The error is "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read='Y' WHERE messages.ID='7'' at line 1"
read is a MySQL reserved word
Use backticks around the column name.
For example:
SET `read`='Y'
or use another word for it.
But it does not show me any error message.
That's because you're not checking for errors. Add error reporting to the top of your file(s) right after your opening <?php tag
error_reporting(E_ALL); ini_set('display_errors', 1); including or die(mysql_error()) for the second query, which you are not doing as you did for your first query.
Plus, your code is highly prone to SQL injection with the present (and deprecated) MySQL API you are using.
Use mysqli_* with prepared statements, or PDO with prepared statements.
Comments have been left under your question regarding other security-related issues with your code.
Quoting Brad's comment:
you are just echoing text data directly into HTML with no escaping. You must use
htmlspecialchars()or you risk creating invalid HTML and opening yourself up to XSS attacks.
Here are a few links you can read up on the subject of SQL injection:
- https://en.wikipedia.org/wiki/SQL_injection
- http://php.net/manual/en/security.database.sql-injection.php
- https://www.owasp.org/index.php/SQL_Injection
- How can I prevent SQL injection in PHP?
Cross-site scripting (XSS)
- https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
- https://en.wikipedia.org/wiki/Cross-site_scripting
Upvotes: 2
Reputation: 16502
You are using reserved MySQL words (such as READ) as column names.
To fix this, change the line
$query2="UPDATE health.messages SET read='Y' WHERE messages.ID='".$id."';";
to
$query2="UPDATE health.messages SET `read` = 'Y' WHERE messages.ID='".$id."';";
I would also suggest that you heed the warnings from everyone else about using depreceated MySQL functions and SQL injection issues.
You should also try to be more unique with naming columns that don't collide with reserved MySQL keywords. Try using a consistent prefix (e.g. messageRead or isRead)
Upvotes: 1
Related Questions
- How to execute two mysql queries as one in PHP/MYSQL?
- Running more than one Mysql Query using PHP
- Run 2 queries together but execute separately
- Two query at the same time
- PHP - 2 MySQL Queries in One PHP Function
- Getting 2 mysql queries into one?
- Execute two query at the same time
- Run two queries on the same table at once?
- How to execute two MySQL queries?
- How can I make two queries in one?