0

Hello I am running a server side database to process input from an android phone. I have two functions one to store the user information and one to update their location.

The second one to store location I cannot get to work.

   /**
 * Storing new user
 * returns user details
 */
public function storeUser($name, $email, $password) {
    $uuid = uniqid('', true);
    $hash = $this->hashSSHA($password);
    $encrypted_password = $hash["encrypted"]; // encrypted password
    $salt = $hash["salt"]; // salt
    $result = mysql_query("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())");
    // check for successful store
    if ($result) {
        // get user details 
        $uid = mysql_insert_id(); // last inserted id
        $result = mysql_query("SELECT * FROM users WHERE uid = $uid");
        // return user details
        return mysql_fetch_array($result);
    } else {
        return false;
    }
}

     /**
 * Updating a users
 * location
 */
public function updateLocation($email, $location) {
    $uuid = uniqid('', true);
    $result = mysql_query("UPDATE users SET location='$location' WHERE email='$email' NOW())");

    // check for successful store
    if ($result) {
        // get user details 
        $uid = mysql_insert_id(); // last inserted id
        $result = mysql_query("SELECT * FROM users WHERE email = $email");
        // return user details
        return mysql_fetch_array($result);
    } else {
        return false;
    }
}

Any help greatly appreciated.

Thanks

Improve this question
2
  • Are you sanitizing these variables with mysql_real_escape before trying to insert them in the database? This is an extremely dangerous way to write code. I strongly suggest you use a database abstraction layer like this instead php.net/manual/en/mysqli.quickstart.prepared-statements.php Commented Oct 16, 2012 at 11:52
  • Thank you for the advice. I will certainly look into abstraction layers in future however currently it it out of the scope of this project. Commented Oct 17, 2012 at 9:04

3 Answers 3

Reset to default
2

In looking at your update query $result = mysql_query("UPDATE users SET location='$location' WHERE email='$email' NOW())"); You appear to be missing part of it. You need to tell it what needs to be set to NOW(), perhaps updated_at, "UPDATE users SET location='$location', updated_at = NOW() WHERE email='$email'"

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Seems you have an error : "WHERE email='$email' NOW())" into "created_at='NOW()' WHERE email='$email'"

Improve this answer

Comments

0

You have an extra NOW() at the end of your SQL

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.