array in while loop

An7hony · August 21, 2013

<?php
												   $count = 0;	
                                                    $query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$_GET['id']}'";
										$result2 =mysql_query($query2) or die(mysql_error());
										
										while(list($EventFees_id, $EventFees_item, $EventFees_fee, $EventFees_event) = mysql_fetch_array($result2, MYSQL_NUM))
										
										{
											
										$EventFees_item2 = str_replace(' ', '', $EventFees_item);
											$EventFees_item_qty = mysql_real_escape_string($_POST[$EventFees_item2 = str_replace(' ', '', $EventFees_item)]);
											
										
											 $merchData = array($EventFees_item2=>$EventFees_item_qty);
										
										++$count;
													 } 
													 
													 
													 
													
		$fields = '';
		foreach($merchData as $col => $val) {
      if ($count++ != 0) $fields .= ', ';
      $col = mysql_real_escape_string($col);
      $val = mysql_real_escape_string($val);
      $fields .= "`$col` = $val";
   }

   $query = "INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = $people_id, event_id = $event_id, event_total = $event_total, order_auth = '1', payment_type = $payment_type, $fields;";
									

            ?>

produces : INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , , `Runners` = ;

I need $merchData = array($EventFees_item2=>$EventFees_item_qty); to provide 2 records. Currently its only showing results for 1

Should look like:

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Walkers` = , `Runners` = ;

I'm going somewhere wrong in the while loop. Its counting 2, but only showing results for 1

?

An7hony · August 21, 2013

if i change $merchdata to $merchdata[]

$merchData[] = array($EventFees_item2=>$EventFees_item_qty);

and then:

$fields = '';
	$merchData = $merchData[0];
		foreach($merchData as $col => $val) {
      if ($count++ != 0) $fields .= ', ';
      $fields .= "`$col` = $val";
   }
   ++$count;

i get

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Ridders` = ;

if i change it to:

$merchData = $merchData[1];

i get

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Walkers` = ;

Does anyone know how to get

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Walkers` =, `Ridders` = ;

kicken · August 21, 2013

Change $merchData = array($EventFees_item2=>$EventFees_item_qty); to $merchData[$EventFees_item2] = $EventFees_item_qty;

wwwroth · August 21, 2013

You're not sanitizing your database queries. Look at your first query where you insert a $_GET variable right into the SQL string. That means anything a user puts in that URL parameter goes right into your database. This can be devastating. Read more about it at the link below and here's how to solve that problem.

Instead of...

$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$_GET['id']}'";

Make it...

$idUrl = mysql_real_escape_string($_GET['id']);
$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$idUrl}'";

http://php.net/manual/en/security.database.sql-injection.php

An7hony · August 25, 2013

Brilliant. Made my day!

Sign In

array in while loop

Recommended Posts

An7hony

Link to comment

Share on other sites

An7hony

Link to comment

Share on other sites

kicken

Link to comment

Share on other sites

wwwroth

Link to comment

Share on other sites

An7hony

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information