www.webdeveloper.com
Results 1 to 8 of 8

Thread: update values from array

  1. #1
    Join Date
    May 2008
    Posts
    53

    update values from array

    Hi......

    I have a form which includes 3 drop downs to add 3 results in 3 subjects.Once the save buttons clicked i want to update subject 1 from the 1st value in array.like wise other subject 2 from array value 2 .same as the other values.

    i have mentioned my coding.

    as print_r(); i get below output

    UPDATE results SET results='A' where student_id=01' and subject_id='3'
    UPDATE results SET results='B' where student_id=01' and subject_id='3'
    UPDATE results SET results='C' where student_id='01' and subject_id='3'

    but i want somthing like

    UPDATE results SET results='A' where student_id=01' and subject_id='1'
    UPDATE results SET results='B' where student_id=01' and subject_id='2'
    UPDATE results SET results='C' where student_id='01' and subject_id='3'




    PHP Code:
    if(isset($_REQUEST['Save']))
    {
      
     foreach(
    $_REQUEST['result'] as $value)
     {

     for(
    $i=1$i<=3$i++)
     {


    $sql " UPDATE results SET results='".$value."' where student_id='01' and subject_id='".$i."'";

     }

    mysql_query($sql,$connection);


     
      }



    pls help. thanks

  2. #2
    Join Date
    Mar 2010
    Posts
    29
    Have a look at your "for"-instance ... you have to fire your query three times - not only once or you just get "the last result"! Insert your "mysql_query($sql,$connection);" into your for()-loop ...

    Security/other things:
    - always use $_POST (just read it in a "PHP security" book)
    - think about SQL injection (your $value (!) is a high risk problem!)
    - if student_id is unique, try "LIMIT 1" at the end of your query (speeds up, if found in db)
    - use "`" around fields and tablenames (if using mySQL (!); speeds up!; in your case: UPDATE `results` SET `results`='A' WHERE `student_id`='01' AND `subject_id`='1'
    - write defaults like UPDATE, SELECT, INSERT, AND, WHERE, SET always uppercase ... no performance tuning, but a better overview

    Pls have a look at your update-query ... >>> student_id=01' <<< is possibly wrong because of "'" ...

    More questions? More answers ...

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,178
    I might try something like the following to reduce the number of queries sent to MySQL:
    PHP Code:
    if (isset($_REQUEST['Save'])) {
       foreach(
    $_REQUEST['result'] as $value) {
          
    $subjIds implode(','range(1,3));
          
    $sql "UPDATE results SET results='" .
                 
    mysql_real_escape_string($value) .  // don't forget to sanitize!
                 
    "' WHERE student_id='01' and subject_id IN($subjIds)";
          
    mysql_query($sql$connection);
       }

    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  4. #4
    Join Date
    May 2008
    Posts
    53
    thanks guys for your replys.I have managed to write it somehow.Below is the coding i have written

    PHP Code:
    if(isset($_REQUEST['Save']))
    {

    for(
    $i=0;$i<=2;$i++)
    {
    $j=$i+1;
    $sql "UPDATE results SET results='".$_REQUEST['result'][$i]."' where student_id='01' and subject_id='".$j."'";
    $result=mysql_query($sql);

     }


    for more info
    http://www.phpeasystep.com/mysql/10.html

    thanks guys & i'll try your ones also.

  5. #5
    Join Date
    Nov 2008
    Posts
    2,477
    You are still wide open to SQL injection attacks. You'd be wise to heed the advice from the previous posters.
    The first rule of Tautology Club is the first rule of Tautology Club.

  6. #6
    Join Date
    May 2008
    Posts
    53
    OOOps.Actually i don't have a clear idea about SQL injections , how it attacks & what harm it can do. Please let me know.

    I highly appreciate you guys comments.
    Thanks a lot

  7. #7
    Join Date
    Nov 2008
    Posts
    2,477
    Have a read of the PHPSec Guide, particularly the SQL Injection section.
    The first rule of Tautology Club is the first rule of Tautology Club.

  8. #8
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,178
    The main thing is the use of an applicable escaping mechanism for any value used in a query which has any possibility of containing uncontrolled data or any characters which could be problematic in SQL; thus the use of mysql_real_escape_string() in my previous reply.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles