www.webdeveloper.com
Results 1 to 8 of 8

Thread: update values from array

  1. #1
    Join Date
    May 2008
    Posts
    53

    update values from array

    Hi......

    I have a form which includes 3 drop downs to add 3 results in 3 subjects.Once the save buttons clicked i want to update subject 1 from the 1st value in array.like wise other subject 2 from array value 2 .same as the other values.

    i have mentioned my coding.

    as print_r(); i get below output

    UPDATE results SET results='A' where student_id=01' and subject_id='3'
    UPDATE results SET results='B' where student_id=01' and subject_id='3'
    UPDATE results SET results='C' where student_id='01' and subject_id='3'

    but i want somthing like

    UPDATE results SET results='A' where student_id=01' and subject_id='1'
    UPDATE results SET results='B' where student_id=01' and subject_id='2'
    UPDATE results SET results='C' where student_id='01' and subject_id='3'




    PHP Code:
    if(isset($_REQUEST['Save']))
    {
      
     foreach(
    $_REQUEST['result'] as $value)
     {

     for(
    $i=1$i<=3$i++)
     {


    $sql " UPDATE results SET results='".$value."' where student_id='01' and subject_id='".$i."'";

     }

    mysql_query($sql,$connection);


     
      }



    pls help. thanks

  2. #2
    Join Date
    Mar 2010
    Posts
    29
    Have a look at your "for"-instance ... you have to fire your query three times - not only once or you just get "the last result"! Insert your "mysql_query($sql,$connection);" into your for()-loop ...

    Security/other things:
    - always use $_POST (just read it in a "PHP security" book)
    - think about SQL injection (your $value (!) is a high risk problem!)
    - if student_id is unique, try "LIMIT 1" at the end of your query (speeds up, if found in db)
    - use "`" around fields and tablenames (if using mySQL (!); speeds up!; in your case: UPDATE `results` SET `results`='A' WHERE `student_id`='01' AND `subject_id`='1'
    - write defaults like UPDATE, SELECT, INSERT, AND, WHERE, SET always uppercase ... no performance tuning, but a better overview

    Pls have a look at your update-query ... >>> student_id=01' <<< is possibly wrong because of "'" ...

    More questions? More answers ...

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,535
    I might try something like the following to reduce the number of queries sent to MySQL:
    PHP Code:
    if (isset($_REQUEST['Save'])) {
       foreach(
    $_REQUEST['result'] as $value) {
          
    $subjIds implode(','range(1,3));
          
    $sql "UPDATE results SET results='" .
                 
    mysql_real_escape_string($value) .  // don't forget to sanitize!
                 
    "' WHERE student_id='01' and subject_id IN($subjIds)";
          
    mysql_query($sql$connection);
       }

    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  4. #4
    Join Date
    May 2008
    Posts
    53
    thanks guys for your replys.I have managed to write it somehow.Below is the coding i have written

    PHP Code:
    if(isset($_REQUEST['Save']))
    {

    for(
    $i=0;$i<=2;$i++)
    {
    $j=$i+1;
    $sql "UPDATE results SET results='".$_REQUEST['result'][$i]."' where student_id='01' and subject_id='".$j."'";
    $result=mysql_query($sql);

     }


    for more info
    http://www.phpeasystep.com/mysql/10.html

    thanks guys & i'll try your ones also.

  5. #5
    Join Date
    Nov 2008
    Posts
    2,477
    You are still wide open to SQL injection attacks. You'd be wise to heed the advice from the previous posters.

  6. #6
    Join Date
    May 2008
    Posts
    53
    OOOps.Actually i don't have a clear idea about SQL injections , how it attacks & what harm it can do. Please let me know.

    I highly appreciate you guys comments.
    Thanks a lot

  7. #7
    Join Date
    Nov 2008
    Posts
    2,477
    Have a read of the PHPSec Guide, particularly the SQL Injection section.

  8. #8
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,535
    The main thing is the use of an applicable escaping mechanism for any value used in a query which has any possibility of containing uncontrolled data or any characters which could be problematic in SQL; thus the use of mysql_real_escape_string() in my previous reply.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles