Jump to content

array in while loop


An7hony
Go to solution Solved by kicken,

Recommended Posts

<?php
												   $count = 0;	
                                                    $query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$_GET['id']}'";
										$result2 =mysql_query($query2) or die(mysql_error());
										
										while(list($EventFees_id, $EventFees_item, $EventFees_fee, $EventFees_event) = mysql_fetch_array($result2, MYSQL_NUM))
										
										{
											
										$EventFees_item2 = str_replace(' ', '', $EventFees_item);
											$EventFees_item_qty = mysql_real_escape_string($_POST[$EventFees_item2 = str_replace(' ', '', $EventFees_item)]);
											
										
											 $merchData = array($EventFees_item2=>$EventFees_item_qty);
										
										++$count;
													 } 
													 
													 
													 
													
		$fields = '';
		foreach($merchData as $col => $val) {
      if ($count++ != 0) $fields .= ', ';
      $col = mysql_real_escape_string($col);
      $val = mysql_real_escape_string($val);
      $fields .= "`$col` = $val";
   }

   $query = "INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = $people_id, event_id = $event_id, event_total = $event_total, order_auth = '1', payment_type = $payment_type, $fields;";
									

            ?>                                          

produces : INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , , `Runners` = ;

 

I need $merchData = array($EventFees_item2=>$EventFees_item_qty); to provide 2 records. Currently its only showing results for 1

 

Should look like:

 

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Walkers` = , `Runners` = ;

 

I'm going somewhere wrong in the while loop. Its counting 2, but only showing results for 1

 

?

 

Link to comment
Share on other sites

if i change $merchdata to $merchdata[]

 

$merchData[] = array($EventFees_item2=>$EventFees_item_qty);

 

and then:

$fields = '';
	$merchData = $merchData[0];
		foreach($merchData as $col => $val) {
      if ($count++ != 0) $fields .= ', ';
      $fields .= "`$col` = $val";
   }
   ++$count;

i get

 

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Ridders` = ;

 

if i change it to:

 

$merchData = $merchData[1];

 

i get

 

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Walkers` = ;

 

Does anyone know how to get

 

INSERT INTO `EventSignUps` SET ordered_dateStamp = NOW(), people_id = , event_id = 9, event_total = , order_auth = '1', payment_type = , `Walkers` =, `Ridders` = ;

Edited by An7hony
Link to comment
Share on other sites

You're not sanitizing your database queries. Look at your first query where you insert a $_GET variable right into the SQL string. That means anything a user puts in that URL parameter goes right into your database. This can be devastating. Read more about it at the link below and here's how to solve that problem.

 

Instead of...

$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$_GET['id']}'";

Make it...

$idUrl = mysql_real_escape_string($_GET['id']);
$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$idUrl}'";

http://php.net/manual/en/security.database.sql-injection.php

Edited by wwwroth
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.