0

For the life of me I cannot figure this one out, still new so I am probably overlooking.

Based on a POST value, I would like to perform 1 of 3 MySQL queries. I have verified that each query works on its own, when I add the if statement nothing updates. Also not receiving any MySQL errors.

If the POST value is "on" or "off" run the corresponding query to update all columns. If the POST value is anything else (would be a column number), toggle that column.

<!-- language: lang-php -->
mysql_select_db("lightup") or die(mysql_error());

if ($light=="on")
    {
        $query = mysql_query("UPDATE Homes SET     L1Status='0',L2Status='0',L3Status='0',L4Status='0',L5Status='0',L6Status='0',L7Status='0',L8Status='0',L9Status='0',L10Status='0' WHERE HomeID=$id") or die(mysql_error());
    }

elseif ($light=="off")
    {
    $query = mysql_query("UPDATE Homes SET L1Status='0',L2Status='0',L3Status='0',L4Status='0',L5Status='0',L6Status='0',L7Status='0',L8Status='0',L9Status='0',L10Status='0' WHERE HomeID=$id") or die(mysql_error());
    }

else()
    {
    $query = mysql_query("UPDATE Homes SET $lightcolumn = !$lightcolumn WHERE HomeID=$id") or die(mysql_error());   
    }

mysql_close($link);

Any thoughts?

Improve this question
5
  • I know you don't need it, but is it an error to include () after the last else? I assume $light is correctly getting set using $_POST correct? Commented Sep 21, 2012 at 20:36
  • 1
    I hope $lightcolumn and $id aren't coming directly from _GET/_POST... Commented Sep 21, 2012 at 20:46
  • Marc B, they are. Is that a no no? Suggestion? Commented Sep 21, 2012 at 20:59
  • 1
    Marc B is right that you should be really aware that anything that comes from $_POST, $_GET, $_COOKIE and some from $_SERVER cannot be trusted. You should always filter anything that comes from anywhere you don't control. A quick example (and the least of your problems) would be if someone sends $id as: "0 OR HomeID>0". You can see that that would not give the desired result. This is called SQL INJECTION and there's plenty of material on the subject. Commented Sep 21, 2012 at 21:16
  • Thanks Ramon for the explanation, I can definitely see the issue. I will update my queries. Commented Sep 22, 2012 at 3:48

1 Answer 1

Reset to default
4

You have an error in your syntax in your last else, remove the parens, so instead of this:

else()

it should be this

else
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ugh...wow... I have a love hate relationship with this website. I feel like an idiot but learn so much :-) Works perfectly.
Don't bother, we all have made an overlooked that took us time to find.. but here you'll find plenty of eyes to catch it :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.