Foreach update sql loop don't create loops

Question

I have some strange problems with this codes:

The while loopp that contains a form inside

  <?php 
  $sql = "SELECT *  FROM sessions WHERE SES = '$SES' ORDER BY ID DESC";
  $preorders = mysql_query($sql);
  while ($pre = mysql_fetch_array($preorders)) { ?>

   <tr>
     <td class="center">
     <form id="update" action="update" method="post">
     <input type="number" name="QTY[]" value="<?=$pre[QTY]?>" min="1" max="100">
    <input type="hidden" name="ID[]" value="<?=$pre[ID]?>">
    </form></td>
  </tr>

<?php } ?>

The submit button

<button type="submit" form="update">Update</button>

Process page

foreach ($_POST['ID'] as $key => $ID) {
$QTY = $_POST['QTY'][$key]; 
mysql_query("UPDATE sessions SET QTY= '$QTY' WHERE ID = '$ID' ");
}

THE ISSUE

That foreach update only the first item. Mostly, I need to update more than one item. Where is the problem?

Thank you so much!

You are vulnerable to [sql-injection](http://bobby-tables.com/). Please, take a look at [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — FirstOne, Jul 17 '16 at 19:48
Is everything ok with the forms? Are they printed on screen exactly as you want them? — dimlucas, Jul 17 '16 at 19:49
Inspect the page and check if everything is correctly being filled. var_dump variables and check their values. Also, you have a variable called `$book` but you don't use it in your code.. — FirstOne, Jul 17 '16 at 19:51
@dimlucas yes. on the process page the first item values is printed fine. — Adrian, Jul 17 '16 at 19:52
@FirstOne you're right. i forgot to remove that variable. helps to generate the price value for other — Adrian, Jul 17 '16 at 19:54
@Adrian So only the first item is printed? Or all of them? I mean is there any issue with the first block of code you posted or is it just for reference? — dimlucas, Jul 17 '16 at 19:54
@dimlucas only the first is printed. i can't figured it out what is the problem. the first block is just for reference. — Adrian, Jul 17 '16 at 19:56
Well unless there is some JS you omitted, you actually have multiple forms so hitting you update button is only going to submit one of them. — prodigitalson, Jul 17 '16 at 20:01

score 0 · Answer 1 · answered Jul 17 '16 at 20:07

There are multiple things going wrong with your code. First you use [] in this input's name:

<input type="number" name="QTY[]" value="<?=$pre[QTY]?>" min="1" max="100">

and this input as well:

<input type="hidden" name="ID[]" value="<?=$pre[ID]?>">

You probably want to place them inside <?php ... ?> tags.

Second. You only have one update button but multiple forms. Each form needs its own update button which needs to be included inside each <form> element.

Third. You're using the deprecated mysql functions. Change to mysqli or PDO.

Fourth. You should use Prepared Statements for your update query or else your code is susceptible to SQL Injection.

Foreach update sql loop don't create loops

1 Answers1