-1

please, help me to solve the problem I want to get result like this --> 

UPDATE anggota SET id = '1000',name = 'Danti',Address = 'Jalan Mawar' WHERE Kode_anggota='10000'

I use $_GET for my table name so I can use a query for all of table, this is my code :

<?php
  function updateData($value) {
      $table = $_GET['tujuan'];
       $id = $_GET['id'];
      $query1 = mysql_query("SELECT * FROM $table ORDER BY Kode_$table");
      $fieldNum = mysql_num_fields($query1);
        for($q=0;$q<$fieldNum;$q++){
          $fieldName = mysql_field_name($query1, $q);
          $name [] = $fieldName;
        }
        $output1 = explode (" ",$name);

        foreach ($value as $arrVal) {
          $total [] = $arrVal;
        }
      $output = explode("", $total);
      echo "UPDATE $table SET";
      for($a=0;$a<$fieldNum;$a++){
        $akhir = "$output1".$a." = $output".$a.""; 
        $akhir1 [] = $akhir;
      }
      $akhir2 = implode (",",$akhir1);
      echo $akhir2;
      echo " WHERE Kode_$table='$id'"; 
    }
?>

But, when I'm running my program I got 2 notifications like this -->

Warning: explode() expects parameter 2 to be string, array given in C:\xampp\htdocs\Proyek 2\cobalagi\koneksi_class.php on line 88

Warning: explode() expects parameter 2 to be string, array given in C:\xampp\htdocs\Proyek 2\cobalagi\koneksi_class.php on line 93 UPDATE anggota SET0 = 0,1 = 1,2 = 2 WHERE Kode_anggota='10000'

What should I do?

marian0
  • 3,336
  • 3
  • 27
  • 37
Danti Iswandhari
  • 35
  • 1
  • 3
  • because var $name is array not a string – Nuriddin Rashidov Oct 20 '15 at 13:19
  • First and most important you should fix the sql injection vulnerability. Never ever use unfiltered and unescaped request data in sql statements. Have a look at http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – l-x Oct 20 '15 at 13:36

3 Answers3

2
  • explode() function is used to break string into array.So string should be provided as a second parameter parameter.
  • The implode() function returns a string from the elements of an array.So array should be provided as a second parameter parameter.

So your $output1 = explode (" ",$name); should be $output1 = implode(" ",$name);

And $output = explode("", $total); should be $output = implode(" ", $total);

Dinesh Belkare
  • 639
  • 8
  • 24
1

the $name is an array and thus the error

you dont need the explode function

Lucky Chingi
  • 2,248
  • 1
  • 10
  • 15
0

There are various serious problems with this. As Nuriddin Rashidov points out, the technical reason for the error is that you are misusing the explode() function.

More importantly, you are opening yourself up for serious SQL injection exploits with your query construction based on client-provided data. Please check into those keywords and consider using prepared statements and reconsidering your database architecture to avoid having to specify table names at runtime.

kungphu
  • 4,592
  • 3
  • 28
  • 37