Looking for a more robust $sql_query (to update a MySQL rows of data in a table)

[j.smith1981]

Apologies the title is a bit veige.

 

But I have the following php sql query:

 

$db_query = "UPDATE xcart.xcart_orders SET status = 'C' WHERE xcart_orders.status = 'P'";

 

But what I was wanting it to do, is when a user goes into a web page, it brings up essentially a picksheet list of all items a customer has ordered.

 

When it does bring this up.

 

I want the code to take some kind of copy of all order number retrieved at that specific time, so the SQL query could change to something like:

 

$db_query = "UPDATE xcart.xcart_orders SET status = 'C' WHERE xcart_orders.orderid BETWEEN '1' AND '5' ";

 

Would this be possible?

 

So if a user was to run the picksheet page, and an order came in after they went into that page say orderid 6 and when they go to complete the order, it would leave orderid 6 alone as whatever status it was left at, (if successful P etc).

 

Can someone help me come up with a theory maybe some example code, I could amend?

 

This is just a theory thats been bugging me for a while and its ok at the moment with the old code, just needs firming up a bit to be honest.

 

I would appreciate a reply,

Jeremy.

[aeroswat]

You've got it right if i understand what you are trying to do. You are using BETWEEN correctly

[j.smith1981]

Thankyou so much for helping me with this.

 

What I have done, albeit its probably not the best way.

 

I have made a timestamp for when the user goes into a form where they complete all orders right?

 

I have therfore said, only go up to orders where the timestamp is no greater than the one they generated when going into the html form.

 

Basically, it makes the timestamp when they enter the page.

 

This populates a hidden field element with the time stamp in, dont need to do this but being the security concious person that I am, ive protected against SQL injection for the html part that will update the database.

 

The user clicks on the button and it processes orders no greater than the time stamp delcared in the form.

 

I am just keeping an eye on it with the users I am working with.

 

Regards,

Jeremy.