0

This program is now allowing me to update record in a row, can anyone solve this please?

This is the code: I'm using Dreamweaver for this

PHP code: needs more answer

<?php require_once('Connections/tlsc_conn.php');
 mysql_select_db($database_tlsc_conn, $tlsc_conn);
  $query_Recordset1 = "SELECT * FROM tbl_name";
 $Recordset1 = mysql_query($query_Recordset1, $tlsc_conn) or die(mysql_error());

  $totalRows_Recordset1 = mysql_num_rows($Recordset1);


 if(isset($_POST['submit'])) {

//    $count = count($_POST['id']);
//  $count=mysql_num_rows($Recordset1);
    $submit = $_GET['submit'];
$i = ($_POST['count']);
$name = ($_POST['name']);
$lastname = ($_POST['lastname']);
$email = ($_POST['email']);
$id = ($_POST['id']);

    for($i=0;$i<$count;$i++){

        $sql1="UPDATE $tbl_name SET name='$name[$i]', lastname='$lastname[$i]', email='$email[$i]' WHERE id='$id[$i]'";

        $row_Recordset1=mysql_query($sql1);
    }

    if($row_Recordset1){
            header("location:lulu.php");
            exit;
    }   
 }


?>

HTML code: i don't think if it is fixed, but i think it is...

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org    /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 <title>Untitled Document</title>
</head>

<body>
  <form name="form2" method="post" action="">
  <table width="634" border="1">
    <tr>
       <td>id</td>
       <td>name</td>
       <td>lastname</td>
       <td>email</td>
    </tr>

<?php while($row_Recordset1 = mysql_fetch_assoc($Recordset1)){ ?> 
    <tr>
      <td><?php $id[]=$row_Recordset1['id']; ?><?php echo $row_Recordset1['id']; ?> 
      <input name="id[]" type="hidden" value="<?php echo $row_Recordset1['id'];   ?>" />
      </td>
      <td>
        <input name="name[]" type="text" value="<?php echo $row_Recordset1['name']; ?>">                       
      </td>
      <td>
        <input name="lastname[]" type="text" value="<?php echo $row_Recordset1['lastname']; ?>">
      </td>
      <td>
        <input name="email[]" type="text" value="<?php echo  $row_Recordset1['email']; ?>">       </td>
    </tr>
    <?php }  ?>  
   </table>
    <p>
    <input type="submit" name="submit" value="Submit" />
    </p>
  </form>
   <p>
</body>
</html>
Marc Delisle
  • 8,879
  • 3
  • 29
  • 29
Lacson Cruz
  • 41
  • 5
  • my first bet would to `print_r($_POST)` and verify that it has the correct data after submit in it. And... why the hell does NO ONE start with correct queries ( injection, validation, santisation ) but uses that stupid brute force mysql_query command. – Najzero Sep 19 '13 at 08:02
  • yes I am ;-). But this is not towards you, because you learned that code from somwhere. its either from the web or from books, and all sources tend to start with the basics and do not stress THE DANGER enough what queries like `SET name='$varfromPOST/GET' ` can cause (http://xkcd.com/327/‎ ). A good start is having a look here: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Najzero Sep 19 '13 at 09:44
  • 1
    Typo related questions (partial code related issues) are off topic – random Oct 06 '13 at 06:10

3 Answers3

3
$sql1="UPDATE $tbl_name

There is no variable named $tbl_name, hence your query fails: it does not know which table to update and that is a syntax error.

Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
3

There is no Variable with the $tbl_name in the above Code. Use this variable properly then it will work.

<?php
$i = ($_POST['count']);
$name = ($_POST['name']);
$lastname = ($_POST['lastname']);
$email = ($_POST['email']);
$id = ($_POST['id']);
$tbl_name = ???

$sql1="UPDATE $tbl_name SET name='$name[$i]', lastname='$lastname[$i]', email='$email[$i]' WHERE id='$id[$i]'";

?>

Zeeshan
  • 1,659
  • 13
  • 17
0

open and close the form inside the loop

manish sasmal
  • 19
  • 1