2

I don't understand this because I'm just getting into query's and php.

I'm trying to get the user's ID from the database and set that equal to a different users friendreq column.

Don't worry about me not escaping properly, this is only a test so I can practice! Thank you! (Although I'm not sure what escaping is, I'm going to do my research!)

$usernameID = "SELECT Id FROM Users WHERE Username = '$username'";
$sql = "UPDATE Users SET FriendReq = $usernameID WHERE Username =  '$usernamebeingreq'";

$result = mysqli_multi_query($con, $usernameID, $sql);

if(!$result)
{ 
    echo 'Failed';
} 
else
{
    echo 'Friend added!';
}
Improve this question
3
  • You should not only be escaping user inserted parts of the query, but rather use prepared statements. They're the safest way of handling a query in PHP. Commented Jul 11, 2014 at 5:49
  • Thank you very much, i'll make sure to look through that, any advice on the multi query? Commented Jul 11, 2014 at 5:50
  • 2
    If you're just practicing why bother with this multi_query thing? Just do the queries one after the other. Commented Jul 11, 2014 at 5:55

1 Answer 1

Reset to default
3

According to the PHP reference of mysqli_multi_query your two queries need to be concatenated with a semicolon. You're passing each query as its own parameter.

Use the following instead:

$result = mysqli_multi_query($con, $usernameID . "; " . $sql);

This will concatenate your two queries, so that it's the following:

SELECT Id FROM Users WHERE Username = '$username'; UPDATE Users SET FriendReq = $usernameID WHERE Username =  '$usernamebeingreq'
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Worked beautifully! Thank you for all the tips, I tried to concatenate them but without the semi-colin in the middle! Thanks!!
@LorenzMeyer Why shouldn't it? This is what the PHP reference told us.
because $sql becomes "UPDATE Users SET FriendReq = SELECT Id FROM Users WHERE Username = '$username' WHERE Username = '$usernamebeingreq'" and $usernameID . "; " . $sql becomes "SELECT Id FROM Users WHERE Username = '$username'; UPDATE Users SET FriendReq = SELECT Id FROM Users WHERE Username = '$username' WHERE Username = '$usernamebeingreq'" which is not what you want.
It's two queries, not one. The ; splits them and mysqli_multi_query executes them one after another.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.