simple Help - Update Mysql

[loren646]

it's not updating the rows...

 

 

<?php

 

$rent=$_POST['urent'];

$update=$_POST['uupdate'];

$apt=$_POST['uapt'];

$price=$_POST['uprice'];

$bedroom=$_POST['ubedroom'];

$movein=$_POST['uprice'];

$prim_id=$_POST['prim_id'];

$count=$_POST['countadd'];

  

    if (!get_magic_quotes_gpc())

  {

    $apt = addslashes($apt);

    $price = doubleval($price);

    $bedroom = addslashes($bedroom);

    $movein = addslashes($movein);

  }

 

$conn = mysql_connect("localhost","user","password");

mysql_select_db("listing");

 

for ($i2 = 0; $i2 <= $count; $i2++) {

mysql_query("UPDATE available

        SET apt='$apt[$i2]', price='$price[$i2]', bedroom='$bedroom[$i2]', movein='$movein[i2]'

        WHERE prim='$prim_id[$i2]'");

}

Edited March 18, 2013 by loren646

[Psycho]

And, your question is???

 

I see definite 'problems' with that code, but you could at least provide a description of the problems you are having and any error message you are receiving instead of expecting us to read your code and magically know what you expect to happen and what the problem is.

[Psycho]

 

if (!get_magic_quotes_gpc())
  {
    $apt = addslashes($apt);
    $price = doubleval($price);
    $bedroom = addslashes($bedroom);
    $movein = addslashes($movein);
  }

 

You should instead check of magic quotes are on and, if so, remove the slashes. THEN, use the appropriate methods to escape the data based upon the intended usage. In this case, you shoudl be using mysql_real_escape string(). However, you are also using doubleval() to enforce one of the values to be a float - which is appropriate - but you are ONLY doing that if magic quotes are off. So, if magic quotes are on you don't do anything with the value???

 

Lastly, you are performing those operations on what are assumed to be single input fields since none of those functions will work like that against an array (some may not generate an error, but they would definitely produce unintended results). But, in your query you are trying to reference array values from those variables

 

mysql_query("UPDATE available
        SET apt='$apt[$i2]', price='$price[$i2]', bedroom='$bedroom[$i2]', movein='$movein[i2]'
        WHERE prim='$prim_id[$i2]'");

 

So, not sure how to help you without knowing if the inputs really are arrays or single fields. Either you are receiving non-array values and the variables in the query are wrong OR you are receiving array values and processing them incorrectly.

[loren646]

thanks!

 

got it to work. 

 

 

if (!get_magic_quotes_gpc())
  {
    $apt = addslashes($apt);
    $price = doubleval($price);
    $bedroom = addslashes($bedroom);
    $movein = addslashes($movein);
  }

 

You should instead check of magic quotes are on and, if so, remove the slashes. THEN, use the appropriate methods to escape the data based upon the intended usage. In this case, you shoudl be using mysql_real_escape string(). However, you are also using doubleval() to enforce one of the values to be a float - which is appropriate - but you are ONLY doing that if magic quotes are off. So, if magic quotes are on you don't do anything with the value???

 

Lastly, you are performing those operations on what are assumed to be single input fields since none of those functions will work like that against an array (some may not generate an error, but they would definitely produce unintended results). But, in your query you are trying to reference array values from those variables

 

mysql_query("UPDATE available
        SET apt='$apt[$i2]', price='$price[$i2]', bedroom='$bedroom[$i2]', movein='$movein[i2]'
        WHERE prim='$prim_id[$i2]'");

 

So, not sure how to help you without knowing if the inputs really are arrays or single fields. Either you are receiving non-array values and the variables in the query are wrong OR you are receiving array values and processing them incorrectly.