RON_ron Posted November 29, 2012 Share Posted November 29, 2012 Hello All For some reason the below code does not update the db? What am I doing wrong? I trying to update 30 records in 2 databases uring loop. The data is sent as item_0, item_1,..... and codeID_0, codeID_1, etc.... foreach ($_POST as $key => $value) { $$key = $value; } $query = "UPDATE db1 SET "; for($i=0;$i<30;$i++){ if(isset(${"codeID_".$i})){ $query .= "item='" .${'item_'.$i}."' WHERE Code ='".${'codeID_'.$i}.'","; if ('" .${'item_'.$i}."'==2) { $query = "UPDATE db2 SET availability='Stage 1' WHERE Code ='".${'codeID_'.$i}.'","; } else if ('" .${'item_'.$i}."'==3) { $query = "UPDATE db2 SET availability='Stage 3' WHERE Code ='".${'codeID_'.$i}.'","; } } } $query = substr($query, 0, -2); $result= mysql_query($query); Quote Link to comment https://forums.phpfreaks.com/topic/271321-updating-multipledata/ Share on other sites More sharing options...
MDCode Posted November 29, 2012 Share Posted November 29, 2012 $query .= "item='" .${'item_'.$i}."' WHERE Code ='".${'codeID_'.$i}.'","; $query = "UPDATE db2 SET availability='Stage 1' WHERE Code ='".${'codeID_'.$i}.'","; $query = "UPDATE db2 SET availability='Stage 3' WHERE Code ='".${'codeID_'.$i}.'","; Look at your quotation placement in your query after their WHERE clauses Quote Link to comment https://forums.phpfreaks.com/topic/271321-updating-multipledata/#findComment-1396153 Share on other sites More sharing options...
RON_ron Posted November 29, 2012 Author Share Posted November 29, 2012 this is my code so far. something is still wong here. Can someone help? <?php require_once("doc.php"); foreach ($_POST as $key => $value) { $$key = $value; } $query = "UPDATE db1 SET "; for($i=0;$i<30;$i++){ if(isset(${"codeID_".$i})){ $query .= "item= '".${'item_'.$i}."' WHERE Code ='".${'codeID_'.$i}."'"; if (${'item_'.$i}.==2) { $query = "UPDATE db2 SET availability='Stage 1' WHERE Code ='".${'codeID_'.$i}."'"; } else if (${'item_'.$i}.==3) { $query = "UPDATE db2 SET availability='Stage 3' WHERE Code ='".${'codeID_'.$i}."'"; } } } $query = substr($query, 0, -2); $result= mysql_query($query); ?> Quote Link to comment https://forums.phpfreaks.com/topic/271321-updating-multipledata/#findComment-1396243 Share on other sites More sharing options...
PFMaBiSmAd Posted November 29, 2012 Share Posted November 29, 2012 That's not the syntax for an UPDATE query. Have you echoed the $query variable to see what it contains? The only thing that is a comma separated list in an UPDATE query is the list of column_name1 = value1, column_name2 = value2, ... that are between the SET keyword and the WHERE keyword. The following is the UPDATE query definition with the most commonly used parts in red - UPDATE [LOW_PRIORITY] [iGNORE] table_reference SET col_name1={expr1|DEFAULT} [, col_name2={expr2|DEFAULT}] ... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count] Quote Link to comment https://forums.phpfreaks.com/topic/271321-updating-multipledata/#findComment-1396247 Share on other sites More sharing options...
PFMaBiSmAd Posted November 29, 2012 Share Posted November 29, 2012 By not using an array for the form field name (suggested in one of your previous threads on this problem), which would allow you to use the id as the array key and the submitted data as the array value, your code is overly complicated. Also, your use of variable variables will allow a hacker to set any of your existing program variables to any value he wants, so it's possible to bypass things like your log in security after the point where you run that foreach(){} loop. If you are going to do it that way, you would need a list of the expected form fields and iterate over the list and only create program variables for the expected form fields. Quote Link to comment https://forums.phpfreaks.com/topic/271321-updating-multipledata/#findComment-1396249 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.