Update table A with the player ID in registered in table B

Question

$stmt2 = $conn->prepare("SELECT idCoureur 
                        FROM dossard 
                        WHERE numeroRFID= '12345678' ");
$valeurCoureur =  $stmt2->execute();

// i already checked and my variable indeed found 5800 for $valeurCoureur

  $stmt = $conn->prepare("UPDATE chrono 
                            SET t_depart = 58 
                        WHERE idCoureur= $valeurCoureur");   
$stmt->execute();

numeroRFID is "the runner" of a race, t_depart is just the time he did from start to checkpoint1.

My probleme is, at this part:

$stmt = $conn->prepare("UPDATE chrono SET t_depart = 58 WHERE idCoureur= $valeurCoureur");

when write 5800 instead of $valeurCoureur it works, the value in my database change but when i write WHERE idCoureur= $valeurCoureurthe table doesn't change the value. so i checked the value of $valeurCoureur is 5800 so it should change in the database but it doesn't ...

i hope it was clear enough

What have you tried to resolve the problem? Also, be warned that the given query is widely open for SQL injection - please use prepared statements to avoid getting hacked — Nico Haase, Mar 10 '22 at 16:36
You can do this in one SQL statement, no need to mess about with multiple queries. One way: `UPDATE chrono SET t_depart = 58 WHERE idCourer IN (SELECT idCoureur FROM dossard WHERE numberRFID = '12345678')`. Or a JOIN would work, too. — ADyson, Mar 10 '22 at 16:37
You have to `->fetch()` the value of `idCoureur` from the queries resultset. Spend a little time reading the manual, are you using PDO or MYSQLI_ — RiggsFolly, Mar 10 '22 at 16:37
@NicoHaase thanks for the advice but it's for a school project so it's fine, i sloved it now — Yissou, Mar 10 '22 at 19:11
@ADyson thanks a lot it worked, i never though about doing it like that, i just didn't knew i could do in that way — Yissou, Mar 10 '22 at 19:12
Yes you can do all sorts, e.g. https://stackoverflow.com/questions/2334712/how-do-i-update-from-a-select-in-sql-server — ADyson, Mar 10 '22 at 22:54
P.s. regardless if it's a school project you should still learn to write the queries the proper way. Then you won't have to learn to do it all over again when you come to do a more serious project. You're using prepared statements which is a good start, but for them to be fully effective you also need to use parameter for any values which are not hard coded into the query (e.g variables). There are plenty of examples online on documentation, tutorials etc to show you what to do — ADyson, Mar 10 '22 at 22:56

score -2 · Answer 1 · answered Mar 10 '22 at 16:47

-2

I think this is a big mistake writing the query below.

"UPDATE chrono SET t_depart = 58 WHERE idCoureur= $valeurCoureur"

As you see, the query is double quoted (like this, "[query_string]") which indicates that content inside between quotes is just string so $valeurCoureur would not be translated to actual value but rather string as the letters describes. Then you might be able to expect what would happen if you run this query on sql server or any databases.

If you want to bind the values in string, you should wrap your query with ` instead of ".

However, when you do database query in your application, you should consider you would be responsible for protecting your app from any available injection attacks.

So why don't use bind param to keep your app more secure?

answered Mar 10 '22 at 16:47

leosun

7
2

1

`$valeurCoureur would not be translated to actual value but rather string as the letters describes`...no. Variables within double-quotes strings in PHP are _interpolated_. Read the manual: https://www.php.net/manual/en/language.types.string.php#language.types.string.parsing – ADyson Mar 10 '22 at 16:50
The real issue is that `$valeurCoureur` contains the SQL library's result object, not the actual data returned by the query. As per the comment already made by RiggsFolly, the OP needs to fetch the data itself. The only good part of this answer is the suggestion to use prepared statements. But again as I said above in the comments _already before you posted this_, there's really no need for two separate queries for this task to begin with anyway, so the whole part of the code which is causing the OP an error is redundant. – ADyson Mar 10 '22 at 16:50
_If you want to bind the values in string, you should wrap your query with ` instead of "_ ...again, no. Are you thinking of JavaScript or something? Again, read the manual to find out what backticks do in PHP: https://www.php.net/manual/en/language.operators.execution.php . May I politely suggest a little more research and testing goes into your answers, and a little less guesswork or assumptions? – ADyson Mar 10 '22 at 16:57

Update table A with the player ID in registered in table B

1 Answers1