<form id="form1" name="form1" method="post" action="update_grade.php">
<?php
$AssNo=$_GET['ass-number'];
$i=0;
//connect to database
include ("connect.php");
$query = "SELECT * FROM
(SELECT date, firstname, lastname, ass_type, ass_no, mark
FROM users u, assessments a, stdass s
WHERE u.username = s.username AND s.ass_id = a.ass_id ) AS yusuf
WHERE ass_no ='$AssNo' ";
$query1 = "SELECT * from assessments WHERE ass_no ='$AssNo'";
$result1 = mysql_query($query1);
$row1 = mysql_fetch_array($result1);
$result = mysql_query($query) or die (mysql_error());
$count = mysql_num_rows($result);
echo'<table width="625" border="1" align="right">';
echo" <tr>";
echo' <td width="107">Submitted-date</td>';
echo' <td width="86">Firstname</td>';
echo'<td width="81">Lastname</td>';
echo'<td width="79">Ass-type</td>';
echo' <td width="68">Ass-no</td>';
echo' <td width="79">Grading</td>';
echo"</tr>";
while($row=mysql_fetch_array($result)){
echo"<tr>";
echo"<td align=center>";
echo"$row[date]";
echo"</td>";
echo"<td align=center>";
echo"$row[firstname]";
echo"</td>";
echo"<td align=center>";
echo"$row[lastname]";
echo"</td>";
echo"<td align=center>";
echo"$row[ass_type]";
echo"</td>";
echo"<td align=center>";
echo'<input name="ass_no" type="text" id="ass_no"value ="'.
$row['ass_no'].'" size="2" maxlength="10" readonly/>';
echo"</td>";
echo"<td align=center>";
echo'<input name="grade[$i]" type="text" id="grade"value ="'.
$row['mark'].'" size="5" maxlength="10" />';
echo"</td>";
echo"</tr>";
}
echo "</table>";
echo'<input name="ass_id[$i]" type="hidden" id="ass_id" value="'.
$row1['ass_id'].'" />';
?>
</table>
// this is to update it
<?php
include ("Scripts/connect.php");
$count = count($_POST['grade']);
$i = 0;
while ($i < $count) {
$ass_id = $_POST['ass_id'][$i];
$grade = $_POST['grade'][$i];
$query = "UPDATE assessments a,stdass s SET mark='$grade'
WHERE ass_id = '$ass_id' ";
$result=mysql_query($query) or die (mysql_error());
if($result){ echo " UPDATED !!"; }
++$i;
}
// echo "<script> window.close(); </script>";
?>
Asked
Active
Viewed 179 times
0
-
What... ? You will need to provide more details. – Tanner Ottinger May 02 '11 at 16:32
-
You want to update in a loop. you did not say what is happening now! echo $ass_id and $grade. is the values coming properly .then echo query and see whats happening – zod May 02 '11 at 16:40
-
#1 This is a very hack prone way of coding... Assuming you are not sanatizing the POST vars somewhere else in your script, you are vulnerable to sql injection. #2 i think you are trying to use a join in your query but do not know how. #3 you might want to consider using a for loop instead of that hacked up while loop. – dqhendricks May 02 '11 at 16:41
-
echo "$ass_id"; echo "$grade"; Not showing output because of the array ..... basically i want update rows looping the grade text field and id for each rows – Lake May 02 '11 at 16:58
3 Answers
0
$query = "UPDATE
assessments a, stdass s SET a.mark='$grade', s.mark='$grade'
WHERE a.ass_id = s.ass_id AND a.ass_id='$ass_id'";
Elzo Valugi
- 27,240
- 15
- 95
- 114
psparrow
- 9,808
- 1
- 17
- 11
-
i am not getting any value for $grade and $mark .....saying Notice: Undefined offset: 0 – Lake May 02 '11 at 16:46
-
It looks like you're not incrementing the value of $i in your while loop outputting each table row. – psparrow May 02 '11 at 16:51
-
@Lake What an ass variable :-) please give proper names. Check that is a POST variable or GET . or try $_REQUEST – zod May 02 '11 at 16:51
-
still the same ... echo "$ass_id"; echo "$grade"; is not showing output because of the [] or so – Lake May 02 '11 at 16:54
-
All i want the code to do is to update the grade fields by looping through the rows identifying them by id – Lake May 02 '11 at 17:00
0
$query="update assessments a,stdass s set a.mark='$grade', s.mark='$grade' where a.ass_id = '$ass_id', s.ass_id = '$ass_id' ";
David Fells
- 6,678
- 1
- 22
- 34
0
Lake,
I'm not sure what your problem is or what you want to do that doesn't happen now, however...
You have a gaping SQL-injection hole in your code. Change this code
$AssNo=$_GET['ass-number'];
....
$ass_id = $_POST['ass_id'][$i];
$grade = $_POST['grade'][$i];
$query = "UPDATE assessments a,stdass s SET mark='$grade'
WHERE ass_id = '$ass_id' ";
Into this to fix it.
$AssNo = mysql_real_escape_string($_GET['ass-number']);
.....
$ass_id = mysql_real_escape_string($_POST['ass_id'][$i]);
$grade = mysql_real_escape_string($_POST['grade'][$i]);
$query = "UPDATE assessments a,stdass s SET mark='$grade'
WHERE ass_id = '$ass_id' ";
See: How does the SQL injection from the "Bobby Tables" XKCD comic work?
For more info on this issue.
-
Thank you ... I want the code to update many rows at a time thats the code – Lake May 02 '11 at 17:10