php - update query, updating multiple data -


i want update multiple data using code, problem is, when tried it, updates whole data has same category id , supposed update individually. solution. please help. in advance :)

<?php if (isset($_get['pid'])){     $view="";     $targetid = $_get['pid'];     $sql = mysql_query("select specs, category_id, price specs category_id='$targetid'");                                 $productcount = mysql_num_rows($sql);                                     if($productcount > 0){                                         while($row = mysql_fetch_array($sql)){                                         $specs = $row["specs"];                                         $category_id = $row["category_id"];                                          $price = $row["price"];                                         $view .=  '<div class="control-group">                             <label class="control-label" >specs</label>                             <div class="controls">                             <input type="text"  placeholder="specs" name="specs" value="'.$specs.'">                             </div>                             </div>                             <div class="control-group">                             <label class="control-label" >price</label>                             <div class="controls">                             <input type="text"  placeholder="price" name="price" value="php&nbsp;'.number_format($price, 2).'">                             </div>                             </div>';                                 }                                 }         }     ?>     <?php     if (isset($_post['specs'])){      $pid = mysql_real_escape_string($_post['thisid']);     $specs = mysql_real_escape_string($_post['specs']);;     $price = mysql_real_escape_string($_post['price']);     $sql= mysql_query("update specs set specs='$specs', price='$price' category_id='$pid'");      header("location: manageproducts.php");     exit();     }     ?> 

and heres html.

 <div class="container">     <div class="page-header">       <h1>manage products</h1>     </div>     <div class="row-fluid ">              <div class="box span12center-align" >                 <div class="box-header well" data-original-title>                     <center><h2><i class="icon-edit"></i> edit specifications </h2></center>                 </div>                  <div class="box-content" >                     <form class="form-horizontal" action="" method='post'>                          <fieldset>                           <?php echo $view; ?>                             <div class="form-actions">                             <input name="thisid" type="hidden" value="<?php echo $targetid; ?>">                             <button type="submit" class="btn btn-primary" name="add_product">update item</button>                             <button class="btn">cancel</button>                           </div>                         </fieldset>                     </form>                 </div>             </div><!--/span-->          </div><!--/row--></center>         </div>         </div>         </div> 

you need add primary key where-clause of row want update, you're updating rows category_id.

so add primary key id table (if table doesn't have 1 already) , set auto-increment. modify select query:

"select id, specs, category_id, price specs category_id='$targetid'" 

add id hidden input field.

then can modify update query this:

"update specs set specs='$specs', price='$price' category_id='$pid' , id='$id'" 

sql injection alert

you should know code have written dangerous , prone sql injection. never, ever, use get/post variables directly in query. please use mysqli prepared statements or pdo.


Comments

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

gcc - Calling fftR4() in c from assembly -

.htaccess - Matching full URL in RewriteCond -