mysql_error on an update

Re: mysql_error on an update

>What's the best practice for handling the following situation, when I[color=blue]
>do an update like this:
>
>$sql = "UPDATE haha SET papa="loco" WHERE id=$var";
>$res = mysql_query($sq l,$db);
>
>If I don't get a match in my where clause, i.e., 12!=44 the UPDATE does
>not occur but mysql_errno == 0 and mysql_error = "" so I can't capture
>the failure.[/color]

It's NOT a failure. The query did what you wanted it to.

From an application point of view, sometimes affecting or
retrieving any rows is a failure (consider black lists).

I believe you can look at mysql_affected_ rows() and see how many
rows it changed.

Gordon L. Burditt

Re: mysql_error on an update

> On 31 Jan 2006 07:44:15 -0800, "Jeff" <joesiege@gmail .com> wrote:[color=blue]
>[color=green]
>>What's the best practice for handling the following situation, when I
>>do an update like this:
>>
>>$sql = "UPDATE haha SET papa="loco" WHERE id=$var";
>>$res = mysql_query($sq l,$db);
>>
>>If I don't get a match in my where clause, i.e., 12!=44 the UPDATE does
>>not occur but mysql_errno == 0 and mysql_error = "" so I can't capture
>>the failure.
>>
>>Any thoughts?[/color][/color]

Hi Jeff,

It's actually not an error for an update or delete statement to affect zero
rows, believe it or not. Just as it's not an error for a select query to
return zero rows.

But there may be a solution for you. Check out the mysql_affected_ rows
function in PHP.


By the way, I'd like to give you a gentle reminder to do some verification
on the $var variable in your code to make sure it contains a valid integer
and no other string. If the value is coming from a request parameter, a
malicious user could enter a string such as "44 OR 1=1" and mess up your
database! This is called SQL injection, it's a common security
vulnerability.
See http://en.wikipedia.org/wiki/Sql_injection

Regards,
Bill K.

Re: mysql_error on an update


"Jeff" <joesiege@gmail .com> wrote in message
news:1138722255 .036505.213460@ f14g2000cwb.goo glegroups.com.. .[color=blue]
> What's the best practice for handling the following situation, when I
> do an update like this:
>
> $sql = "UPDATE haha SET papa="loco" WHERE id=$var";
> $res = mysql_query($sq l,$db);[/color]

Why are you not escaping your \" quotes around loco?
[color=blue]
>
> If I don't get a match in my where clause, i.e., 12!=44 the UPDATE does
> not occur but mysql_errno == 0 and mysql_error = "" so I can't capture
> the failure.
>
> Any thoughts?
>
> Jeff
>[/color]

Re: mysql_error on an update


"Jim Michaels" <jmichae3@nospa m.yahoo.com> wrote in message
news:Bu6dnV71AO zYxHPenZ2dnUVZ_ t6dnZ2d@comcast .com...[color=blue]
>
> "Jeff" <joesiege@gmail .com> wrote in message
> news:1138722255 .036505.213460@ f14g2000cwb.goo glegroups.com.. .[color=green]
>> What's the best practice for handling the following situation, when I
>> do an update like this:
>>
>> $sql = "UPDATE haha SET papa="loco" WHERE id=$var";
>> $res = mysql_query($sq l,$db);[/color]
>
> Why are you not escaping your \" quotes around loco?[/color]

I am surprised you didn't get a parse error from PHP. that middle quote
causes a premature end of string. so your query would be "UPDATE haha SET
papa=" and that's it. that's probably why it was failing. if you want to
really see what it looks like, echo it to see how the parser sees it.
[color=blue]
>[color=green]
>>
>> If I don't get a match in my where clause, i.e., 12!=44 the UPDATE does
>> not occur but mysql_errno == 0 and mysql_error = "" so I can't capture
>> the failure.
>>
>> Any thoughts?
>>
>> Jeff
>>[/color]
>
>[/color]