0

I've got a weird little problem.

I'm writing a script that inserts multiple rows into a MySQL DB, quirk is that their IDs are not necessarily a nice neat 1,2,3 set as they're being edited. The continue statement must be skipping every row as it times out in PHP. This has been doing my head in for the past few hours. Any ideas?

Thanks!

$items = $_POST['invItemQuantity'];
$i = 1;
while($i <= $items) {
    if(!isset($_POST['item'.$i])) continue;
        //assign posts to variables
        $date = $_POST["item_date".$i];
        $description = $_POST["description".$i];
        $price = $_POST["price".$i];
        $ID = $_POST["item".$i];

        $que = "UPDATE invoice_items SET date='".$date."', description ='".$description."', price ='".$price."' WHERE item_ID=".$ID;
        $test .= $que."<br>";
        $i++; 

}
Improve this question
1
  • 1
    Think of using a for statement instead of a while in this case. for ($i = 0; $i <= $items; $i++) {...} will increment even if you do a continue; Commented Feb 17, 2013 at 1:48

3 Answers 3

Reset to default
4 
if(!isset($_POST['item'.$i])) continue;

You forgot to increment i in that case. Fix it to :

if(!isset($_POST['item'.$i])) { $i++; continue; }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice catch. Nothing below the continue will run.
1

Since you need to iterate over all the item fields no matter what, a for loop might make it easier to not forget your increment action.

$items = $_POST['invItemQuantity'];
for($i=1; $i<=$items; $i++)
{
    if(!isset($_POST['item'.$i])) continue;

    // ...
}

You might also want to perform some validation on "$_POST['invItemQuantity']" before you use it in your code (e.g. verify it contains a number of expected range).

Improve this answer

Comments

0

Your whole approach to this is very strange. I'm guessing in your form you have item1, item2, item3 etc. Instead you should have items[] for all of them to submit it as an array. Do the same for each item_date, description and price. Then simply run:

foreach($_POST['items'] as $i => $item) {
    if(!empty($item)) {
        $date = mysql_real_escape_string(trim($_POST['item_date'][$i]));
        $description = mysql_real_escape_string(trim($_POST['description'][$i]));
        $price = mysql_real_escape_string(trim($_POST['price'][$i]));
        $ID = (int)$_POST['item'][$i];

        //UPDATE QUERY...
    }
}

The other thing is you should never take user input and directly input it into the database as that leaves you wide open to SQL injections. You should always escape it first using mysql_real_escape_string (for mysql). Even better would be to learn MySQLi or PDO.

You may also wish to look at filter_input, a good way to make sure that your inputs are clean. You should never trust user input and should always test it against a white list of suitable variables if possible.

Improve this answer

3 Comments

I have divs containing items, not necessarily item1, item2, item3. could be item23, item 34, item 16. I want a way to loop through all numbers and only update those which are posted. Can you clarify what you mean by items[]? Thanks so much.
Sure, when you post the data I assume it's using a form and inputs, thus you have inputs with names item1, item2 etc.. What you can do is submit them as an array by changing the name of the input to items[] for all of the inputs. $_POST['items'] will then be an array of results you can go through one by one, and that array will only contain posted results.
Thanks @Styphon. I've tried the following, but echoing $test is doing nothing. foreach($_POST['items'] as $i => $item) { if(!empty($item)) { $date = mysql_real_escape_string(trim($_POST['item_date'][$i])); $description = mysql_real_escape_string(trim($_POST['description'][$i])); $price = mysql_real_escape_string(trim($_POST['price'][$i])); $ID = (int)$_POST['item'][$i]; $test = "UPDATE invoice_items SET date='".$date."', description='".$description."', price ='".$price."' WHERE inv_ID=".$_POST["id"]; }

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.