Still struggling.....

Still struggling.....

am 17.02.2006 20:53:42 von UKuser

This code is still not working. I have adjusted it so the table
displays however, what I'm after is that when you update any number of
fields, and click update, the whole table gets updated.

Also, what is the smallest code to add to avoid SQL/XSS injectiony
stuff?

Thanks


test 4


function check_mysql()
{
if (mysql_errno() > 0)
{
die("
MySQL error " . mysql_errno() . ": " .mysql_error());
}
}

$db = mysql_connect("coconia.net", "nana46_nana46", "hello");
if (!$db)
{
die("Failed to open connection to MySQL server.");
}

mysql_select_db("nana46_nana46");
check_mysql();

$requete = "SELECT id,lowerval,upperval,result FROM fig_lookup";
$resulta = mysql_query($requete) or die (mysql_error());

echo '';

$edit = "Edit record";

echo "
";
echo "";
echo "";
echo "";
echo "";

if($_POST["mode"] == "Update")
{
for ($i=0; $i {
$post1 = $_POST[f2][$i];
$post2 = $_POST[f3][$i];
$post3 = $_POST[f4][$i];
$post0 = $_POST[f1][$i];
mysql_query ("UPDATE fig_lookup SET
lowerval='$post1',upperval='$post2',result='$post3' WHERE id=$post0 ");

}
}

while ($l = mysql_fetch_array($resulta, MYSQL_ASSOC))
{ ?>





}
echo "
idLowervalUppervalResult
"> "> "> ">
";
echo "$post1";
?>





http://nana46.coconia.net/test4.php

Re: Still struggling.....

am 17.02.2006 21:19:00 von zeldorblat

UKuser wrote:
> This code is still not working. I have adjusted it so the table
> displays however, what I'm after is that when you update any number of
> fields, and click update, the whole table gets updated.
>
> Also, what is the smallest code to add to avoid SQL/XSS injectiony
> stuff?
>
> Thanks
>
>
> test 4
>


> > function check_mysql()
> {
> if (mysql_errno() > 0)
> {
> die("
MySQL error " . mysql_errno() . ": " .mysql_error());
> }
> }
>
> $db = mysql_connect("coconia.net", "nana46_nana46", "hello");
> if (!$db)
> {
> die("Failed to open connection to MySQL server.");
> }
>
> mysql_select_db("nana46_nana46");
> check_mysql();
>
> $requete = "SELECT id,lowerval,upperval,result FROM fig_lookup";
> $resulta = mysql_query($requete) or die (mysql_error());
>
> echo '';
>
> $edit = "Edit record";
>
> echo "
";
> echo "";
> echo "";
> echo "";
> echo "";
>
> if($_POST["mode"] == "Update")
> {
> for ($i=0; $i > {
> $post1 = $_POST[f2][$i];
> $post2 = $_POST[f3][$i];
> $post3 = $_POST[f4][$i];
> $post0 = $_POST[f1][$i];
> mysql_query ("UPDATE fig_lookup SET
> lowerval='$post1',upperval='$post2',result='$post3' WHERE id=$post0 ");
>
> }
> }
>
> while ($l = mysql_fetch_array($resulta, MYSQL_ASSOC))
> { ?>
>
>
>
>
>
> > }
> echo "
idLowervalUppervalResult
">">">">
";
> echo "$post1";
> ?>
>
>
>

>
>
> http://nana46.coconia.net/test4.php

I think your problem is in this line:

for ($i=0; $i
Looking at your form, you have no input element called 'id', so count
is likely always zero and the loop never gets executed. Even if you
did have an input called 'id', you should have quotes around it inside
the [].

Re: Still struggling.....

am 17.02.2006 22:33:24 von UKuser

That is superb. After a few weeks I appear to be finally there! I am
just working on linking my update button to a refresh option, as it
won't refresh. But thanks a lot!

Re: Still struggling.....

am 18.02.2006 05:01:27 von zeldorblat

UKuser wrote:
> That is superb. After a few weeks I appear to be finally there! I am
> just working on linking my update button to a refresh option, as it
> won't refresh. But thanks a lot!

It doesn't refresh because you draw the HTML and then update the
database. Why not just update the database first?

Re: Still struggling.....

am 24.02.2006 00:20:06 von Jim Michaels

"UKuser" wrote in message
news:1140206022.118491.266180@f14g2000cwb.googlegroups.com.. .
> This code is still not working. I have adjusted it so the table
> displays however, what I'm after is that when you update any number of
> fields, and click update, the whole table gets updated.
>
> Also, what is the smallest code to add to avoid SQL/XSS injectiony
> stuff?

just google SQL Injection. here's one.
http://en.wikipedia.org/wiki/SQL_injection
this depends on that type in input string you've got. If the user is
putting in HTML and you know that, then of course you are going to have to
use maybe the first one here. the -- maybe a bad hair-trigger.
if (preg_match("/'\s*;/", $string) || preg_match("/--/",$string)) {
//lockout user or do something
}
or just ignore them:
$string=mysql_real_escape_string(str_replace(";","",$string) );

mysql_escape_string and its like do not handle semicolons, so that's the
reason for str_replace.

if you really want to avoid it, use mysqli functions and mysqli_prepare()
and use variable binding.

>
> Thanks
>
>
> test 4
>


> > function check_mysql()
> {
> if (mysql_errno() > 0)
> {
> die("
MySQL error " . mysql_errno() . ": " .mysql_error());
> }
> }
>
> $db = mysql_connect("coconia.net", "nana46_nana46", "hello");
> if (!$db)
> {
> die("Failed to open connection to MySQL server.");
> }
>
> mysql_select_db("nana46_nana46");
> check_mysql();
>
> $requete = "SELECT id,lowerval,upperval,result FROM fig_lookup";
> $resulta = mysql_query($requete) or die (mysql_error());
>
> echo '';
>
> $edit = "Edit record";
>
> echo "
";
> echo "";
> echo "";
> echo "";
> echo "";
>
> if($_POST["mode"] == "Update")
> {
> for ($i=0; $i > {
> $post1 = $_POST[f2][$i];
> $post2 = $_POST[f3][$i];
> $post3 = $_POST[f4][$i];
> $post0 = $_POST[f1][$i];
> mysql_query ("UPDATE fig_lookup SET
> lowerval='$post1',upperval='$post2',result='$post3' WHERE id=$post0 ");
>
> }
> }
>
> while ($l = mysql_fetch_array($resulta, MYSQL_ASSOC))
> { ?>
>
>
>
>
>
> > }
> echo "
idLowervalUppervalResult
">">">">
";
> echo "$post1";
> ?>
>
>
>

>
>
> http://nana46.coconia.net/test4.php
>