Posted by UKuser on 02/17/06 21:53

This code is still not working. I have adjusted it so the table
displays however, what I'm after is that when you update any number of
fields, and click update, the whole table gets updated.

Also, what is the smallest code to add to avoid SQL/XSS injectiony
stuff?

Thanks

<HTML>
<TITLE>test 4</title>
<form method='post' action='test4.php'>
<?php
function check_mysql()
{
if (mysql_errno() > 0)
{
die("<BR> MySQL error " . mysql_errno() . ": " .mysql_error());
}
}

$db = mysql_connect("coconia.net", "nana46_nana46", "hello");
if (!$db)
{
die("Failed to open connection to MySQL server.");
}

mysql_select_db("nana46_nana46");
check_mysql();

$requete = "SELECT id,lowerval,upperval,result FROM fig_lookup";
$resulta = mysql_query($requete) or die (mysql_error());

echo '<table border="2" cellpadding="0" cellspacing="0" width="100%">';

$edit = "<img src='edit.gif' border='0' alt='Edit record'>";

echo "<table border='2'>";
echo "<td>id</td>";
echo "<td>Lowerval</td>";
echo "<td>Upperval</td>";
echo "<td>Result</td></tr>";

if($_POST["mode"] == "Update")
{
for ($i=0; $i<count($_POST[id]); $i++)
{
$post1 = $_POST[f2][$i];
$post2 = $_POST[f3][$i];
$post3 = $_POST[f4][$i];
$post0 = $_POST[f1][$i];
mysql_query ("UPDATE fig_lookup SET
lowerval='$post1',upperval='$post2',result='$post3' WHERE id=$post0 ");

}
}

while ($l = mysql_fetch_array($resulta, MYSQL_ASSOC))
{ ?>
<tr>
<td><input type="text" name="f1[]" value="<?= $l["id"]?>"></td>
<td><input type="text" name="f2[]" value="<?= $l["lowerval"]?>"></td>
<td><input type="text" name="f3[]" value="<?= $l["upperval"]?>"></td>
<td><input type="text" name="f4[]" value="<?=
$l["result"]?>"></td></tr>
<?
}
echo "</tr></table>";
echo "$post1";
?>
<input type='submit' name='mode' value='Update'>

</form>
</HTML>

http://nana46.coconia.net/test4.php

[Back to original message]