0

Hello guys I need help with the following code.

I am building a Customer Management System. What I am trying here is to update multi rows for ORDERS table => Multi rows with one click submit. Before this page I have another page i have inputs in my form:

<input type="text" name="qty[]" value="<?php echo $row["qty"]; ?>" />
<input type="text" name="desc[]" value="<?php echo $row["desc"]; ?>" />
<input type="text" name="price[]"value="<?php echo $row["price"]; ?>" />

When submitted the form it will go to next page that follow:

  <?php
    if(isset($_POST["submit"])){


        $qty    =  $_POST['qty'];
        $desc   = $_POST['desc'];
        $price  = $_POST['price'];
        $order  = $_POST['order'];
        $customer   = $_POST['customer'];

    $i = 0;
    $count = count($qty);

    for($i=0; $i < $count; $i++){
        $qty      = $qty[$i];
        $desc     = $desc[$i];
        $price    = $price[$i];


        $update = mysql_query("UPDATE `orders` SET `qty` = '".$qty."', `desc` = '".$desc."', `price` = '".$price."' WHERE `order_id` = '".$order."' ");
    }

?>

This code looks likes update sometimes and not, also I am getting this error for this code when I Update multi rows.

Notice: Uninitialized string offset: 1 in

Please help guys to solve this one.

Thanks From Eddy

Improve this question
8
  • 1
    Uuurgh; ?qty[0]=1 OR 1=1; SELECT * FROM users; -- Commented Apr 15, 2013 at 10:08
  • 1
    Looks like something of $_POST['qty'], $_POST['desc'] or $_POST['price'] is string, rather than array. Commented Apr 15, 2013 at 10:09
  • php.net/manual/en/intro.pdo.php please, please read this. Commented Apr 15, 2013 at 10:15
  • #STT LCU Do you think I should read that? I dont know how to use PDO, sorry. Commented Apr 15, 2013 at 10:18
  • @Eddy Blackpool Then you should learn it – that's why someone posted a link to the manual for you. Commented Apr 15, 2013 at 10:19

5 Answers 5

Reset to default
1

You have overwritten variables, like $qty.

Try this:

$qty    = $_POST['qty'];
$desc   = $_POST['desc'];
$price  = $_POST['price'];
$order  = $_POST['order'];
$customer   = $_POST['customer'];

$count = count($qty);

for($i = 0; $i < $count; $i++){
    $qty1      = $qty[$i];
    $desc1     = $desc[$i];
    $price1    = $price[$i];

    $update = mysql_query("UPDATE `orders` SET `qty` = '{$qty1}', `desc` = '{$desc1}', `price` = '{$price1}' WHERE `order_id` = '{$order}';");
}

** I suggest use MySQLi or PDO extension instead of MySQL.

UPD:

There might be a possibility, that your $qty, $desc & $price may have different length. I suggest you, to modify cycle like this:

$sql = "UPDATE `orders` SET `qty` = '{$qty1}', `desc` = '{$desc1}', `price` = '{$price1}' WHERE `order_id` = '{$order}';";

$update = mysql_query($sql);

if(mysql_errno())echo PHP_EOL, mysql_error();

It might help you obtain MySQL errors.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I did the changes and nothing is updating
Strange. Everything else seems to be fine. o_0
it just not updating my database... dont know why?
Then I dont know... It already should, unless I dont know something that really matters.
0

You are overriding the $qty, $desc and $price variables in each iteration, so they will only work in the first one 

    $qty    =  $_POST['qty'];
    $desc   = $_POST['desc'];
    $price  = $_POST['price'];
    $order  = $_POST['order'];
    $customer   = $_POST['customer'];

$i = 0;
$count = count($qty);

for($i=0; $i < $count; $i++){
    $currentQty      = mysql_real_escape_string($qty[$i]);
    $currentDesc     = mysql_real_escape_string($desc[$i]);
    $currentPrice    = mysql_real_escape_string($price[$i]);


    $update = mysql_query("UPDATE `orders` SET `qty` = '".$currentQty."', `desc` = '".$currentDesc."', `price` = '".$currentPrice."' WHERE `order_id` = '".$order."' ");
}

Anyway there are so much things wrong in that code. You should filter or escape your entries before sending them to mysql and all your order items will have same qty, desc and price, as you are continuously overwriting the data using the same order_id.

Improve this answer

3 Comments

yea #CORRUPT already said that and I tried and still not updating
Allright, call it an update, but you are still updating multiple entries with a unique row data. If you have an array of 5 products, but you only use the order_id as the condition for the update, you will get the data from the last product in all your rows.
@EddyBlackpool Yes you do: $qty = $qty stores a variable to itself; you need to read from the original POST value on each iteration, instead of reading the overwritten variable.
0

Use foreach instead of for, but we assume that your arrays keep synchronized indexes:

 foreach ($qty as $index => $quantity_entry){
    $update = mysql_query("UPDATE `orders` SET
              `qty` = '" . mysql_real_escape_string($quantity_entry) . "',
              `desc` = '" . mysql_real_escape_string($desc[$index]) . "',
              `price` = '" . mysql_real_escape_string($price[$index]) . "'
               WHERE `order_id` = '" . mysql_real_escape_string($order) . "' ");
}

This way you don't have to worry about non-existent indexes... PS: notice the mysql escape - which you should never skip!

Improve this answer

1 Comment

When I am updating it makes all my rows with same values="test"
0

check value is set or not.. And use mysqli or PDO instead of mysql to avoid sql injection

for($i=0; $i < $count; $i++){

    $qty_val      = isset($qty[$i])?$qty[$i]:'';
    $desc_val     = isset($desc[$i])?$desc[$i]:'';
    $price_val    = isset($price[$i])?$price[$i]:'';


    $update = mysql_query("UPDATE `orders` SET `qty` = '".$qty_val."', `desc` = '".$desc_val."', `price` = '".$price_val."' WHERE `order_id` = '".$order."' ");
}
Improve this answer

1 Comment

The Error is gone but its not updating my fields, fields just go blank when I update them.
0

You are not assuring that all three arrays have an equal length. If one doesn't insert a price or description, the item would not get send with the request (only non-empty values are sent by a browser).

You should rework the HTML output and setup a single array with multiple key-named columns, so that you only will need to iterate over one array, instead of three.

An example would be:

<input type="text" name="product[0][qty]" value="QTY_1" />
<input type="text" name="product[0][desc]" value="DESC_1" />
<input type="text" name="product[0][price]"value="PRICE_1" />

<input type="text" name="product[1][qty]" value="QTY_2" />
<input type="text" name="product[1][desc]" value="DESC_2" />
<input type="text" name="product[1][price]"value="PRICE_2" />

Iterate over the products array with foreach and additionally check, whether the columns are set:

foreach( $_POST['product'] as $inputRow )
{
    if( !isset( $inputRow['qty'] ) || !isset( $inputRow['desc'] ) || !isset( $inputRow['price'] ) )
    {
        echo 'Some input is missing; can\'t store to database';
        continue;
    }

    /* insert to DB here, but please use prepared statement or at least escape the user inputs properly! */
}
Improve this answer

2 Comments

So you want me to use Loop for my inputs?
@EddyBlackpool Yes – as you already use loops for your inputs!?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.