0
<?php
include('core/init.php');//database connection


if(isset($_POST['btn_submit'])){
   $sqlQuery = mysql_query("UPDATE `position` SET `ATR`='".mysql_real_escape_string($_POST['ATR'])."', 
  $resultQuery = mysql_query($connection, $sqlQuery) or die (mysql_error($connection));

  if(mysql_affected_rows($resultQuery) > 0){
  echo "updated";
 }else{
  echo "failed";
 }
  header('Location:position2.php');
   $result = mysql_query("SELECT * FROM position WHERE ID='" .$_POST["id"]. "'");
   $row2 = mysql_fetch_array($result);
 }
 ?>

//What this code does it it updates the database based on user input and I am trying to loop through each of the user input as update and display but it doesn't seem to work

Don't Panic
  • 41,125
  • 10
  • 61
  • 80
Ben
  • 41
  • 4
  • 5
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 12 '16 at 21:16
  • 4
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jul 12 '16 at 21:16
  • 3
    You have obvious syntax issues. Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Jul 12 '16 at 21:17
  • 1
    SQL injection aside, I can tell by the color of the text here that something else is wrong. – Don't Panic Jul 12 '16 at 21:17
  • ok but how do I display the user input like print it out? – Ben Jul 12 '16 at 21:21
  • `echo $_POST['ATR']` will display the user input. – Barmar Jul 12 '16 at 21:22
  • I tried that tried many things but didn't work – Ben Jul 12 '16 at 21:26

1 Answers1

1

($_POST['ATR'])."', Is missing a closing " Also formatting code makes it easier to read and debug.

William Booth
  • 1,146
  • 8
  • 9