mysql / php: Update multiple rows

Question

I try to use the below code to update multiple rows, the below code can view the results of rows but it can not be updated, where is wrong place? How to modify it ?

<?php

$host="localhost"; // Host name 
$username="abc"; // Mysql username 
$password="abc123"; // Mysql password 
$db_name="abc"; // Database name 
$tbl_name="BRAddress"; // Table name 


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("Cannot connect"); 
mysql_select_db("$db_name")or die("Cannot select Database");

$sql="SELECT * FROM $tbl_name WHERE br_no='62779457'"; 
$result=mysql_query($sql);

// Count table rows 
$count=mysql_num_rows($result);
?>

<table width="100%" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr> 
<td>
<table width="100%" border="0" cellspacing="1" cellpadding="0">

<tr>
<td align="center"><strong>BR No.</strong></td>
<td align="center"><strong>Date of Register</strong></td>
<td align="center"><strong>Address</strong></td>
</tr>

<?php
while($rows=mysql_fetch_array($result)){
?>

<tr>
<td align="center">
<? $br_no[]=$rows['br_no']; ?><? echo $rows['br_no']; ?>
</td>
<td align="center">
<input name="br_date_of_register[]" type="date" id="br_date_of_register" value="<? echo $rows['br_date_of_register']; ?>">
</td>
<td align="center">
<input name="br_address[]" type="text" size="60" id="br_address" value="<? echo $rows['br_address']; ?>">
</td>
</tr>

<?php
}
?>

<tr>
<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>

<?php

// Check if button name "Submit" is active, do this 
if($Submit){
for($i=0;$i<$count;$i++){
$sql1="UPDATE $tbl_name SET 
br_date_of_register='$br_date_of_register[$i]', 
br_address='$br_address[$i]' 
WHERE br_no='$br_no[$i]'";
$result1=mysql_query($sql1);
}
}

if($result1){
header("location:update_sample.php");
}
mysql_close();
?>

Thank you very much for your help & support !

Assuming `$br_date_of_register` and similar are intended to read straight from `$_POST`, your code is vulnerable to SQL injection. Please read [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for information on how to fix it. Also the `mysql_*` functions in PHP are deprecated and shouldn't be used. Please read [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) for information on why and what to replace them with. — Matt Raines, Mar 27 '16 at 15:52

score 0 · Answer 1 · answered Mar 27 '16 at 08:36

0

I think that you need to change this part

if($Submit){

to

if($_POST('Submit')){

I haven't run the whole or looked at entire code, but you have nothing that defines $Submit variable though from what I see.

Or you can put in

$Submit = $_POST('Submit');

before the if statement. Let me know how you go. Cheers

answered Mar 27 '16 at 08:36

AceWebDesign

579
2
11

After try to add : $Submit = $_POST('Submit'); it still cannot updated. Please help ! Thanks a lot. – Kong Hong Mar 27 '16 at 08:48
@AceWebDesign think you have a typo for `$_POST['Submit']`? – Matt Raines Mar 27 '16 at 17:39

score 0 · Answer 2 · answered Mar 27 '16 at 08:50

0

Your POST variable are empty. $br_date_of_register has no value. You must use this like following

$br_date_of_register = $_POST[br_date_of_register];
$br_address = $_POST[br_address];


for($i=0;$i<$count;$i++){
$sql1="UPDATE $tbl_name SET 
br_date_of_register='$br_date_of_register[$i]', 
br_address='$br_address[$i]' 
WHERE br_no='$br_no[$i]'";
$result1=mysql_query($sql1);
}

Edit

if($Submit)

To

if($_SERVER['REQUEST_METHOD'] == "POST")

answered Mar 27 '16 at 08:50

Basti

261
3
7

$br_date_of_register = $_POST[br_date_of_register]; $br_address = $_POST[br_address]; $br_no = $_POST[br_no]; if($_SERVER['REQUEST_METHOD'] == "POST"){ for($i=0;$i<$count;$i++){ $sql1="UPDATE $tbl_name SET br_date_of_register='$br_date_of_register[$i]', br_address='$br_address[$i]' WHERE br_no='$br_no[$i]'"; $result1=mysql_query($sql1); } } It cannot work. – Kong Hong Mar 27 '16 at 09:03
The value of $br_no is not clear. This value will be not through POST transferd. So remove this $br_no = $_POST[be_no]; – Basti Mar 27 '16 at 09:19

score 0 · Answer 3 · answered Mar 27 '16 at 08:50

Considering your Submit check, you can use this,

if(isset($_POST["Submit"]))
{
}

Further in your SQL statement, do this,

$sql1='UPDATE ' . $tbl_name . ' SET 

br_date_of_register = ' . $br_date_of_register[$i] .

' , br_address = ' . $br_address[$i] .

' WHERE br_no = ' . $br_no[$i];

mysql / php: Update multiple rows

3 Answers3