#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Location
    Redditch, UK
    Posts
    11
    Rep Power
    0

    Anyone good with arrays?


    Hi

    I have an array that I need to update a row in a database with, I'm not really any good with these so I need a little pointer if possible:

    here's the var_dump of it...

    array(2) { ["stock_ID"]=> string(1) "1" ["stock_product"]=> array(1) { [0]=> string(15) "DIS-FRD HALOGEN" } }

    so I'd like to update the database 'sales__stock' and column 'stock_product' with the value 'DIS-FRD HALOGEN' using the stock_ID as the WHERE clause.

    here's the code I have done so far, I can get it to update the field but it just updates the stock_product with the stock_ID not the stock_product...so I'm stuck sorry if it's a bit messy it's a work in progress

    PHP Code:
    $i 0;
    while (isset(
    $_POST["stockid"][$i])) {
        
        
        
    $updatearray = array(   
              
            
    'stock_ID'  => $_POST['stockid'][$i],   
            
    'stock_product'  => $_POST['stock_product']    
            );   
       
    $i++;
        }
        

    function 
    removeEmptyRecursive($updatearray) {
    foreach(
    $updatearray as $k=>$v)
       {
           if (
    is_array($v))
           {
                
    $v=$updatearray[$k]=removeEmptyRecursive($updatearray[$k]);
           }
           if (
    $v==false)
           {
                unset(
    $updatearray[$k]);
           }
       }
       return 
    $updatearray;
     
       
       
       
       
    }
    //END OF FUNCTION



    removeEmptyRecursive($updatearray);
    $newupdatearray removeEmptyRecursive($updatearray);


    foreach (
    $newupdatearray as $key
    {
            
    $sql_update "UPDATE sales__stock set 
            stock_product ='
    {$key['stock_product']}'
            where stock_ID = '
    {$key['stock_ID']}'";

            
    $Result1 mysql_query($sql_update$Intranet) or die(mysql_error()); } 
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1015
    Hi,

    first of all: Do not dump raw variables into a query string.

    If possible, get rid of the ancient mysql_* functions altogether and use one of the contemporary database extensions. This will enable you to write secure queries using prepared statements.

    As to your question:

    The var dump tells you that your stock product is an array. You cannot insert an array into a string. Well, technically, you can. But you'll just get nonsense.

    So the first question is: Why is it an array? I guess in your loop above, you forgot the second index when accessing the stock product in $_POST:

    PHP Code:
    <?php

    $updatearray 
    = array(
        
    'stock_ID'  => $_POST['stockid'][$i],
        
    'stock_product'  => $_POST['stock_product'][$i// <---- note the [$I]
    );
    However, fixing the code vulnerabilities is much more important than this tiny bug.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Location
    Redditch, UK
    Posts
    11
    Rep Power
    0
    Hi Jaques1 thanks for replying, and yes I probably do need to update everything.

    But basically I'm trying to update an individual row with a set of option drop downs from a different database and a submit on each row...so it seemed an array was the best way of doing this. your [$i] helped in that the var_dump is now:

    array(2) { ["stock_ID"]=> string(1) "1" ["stock_product"]=> string(10) "EME-EUROTH" }
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1015
    So is it fixed now?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Location
    Redditch, UK
    Posts
    11
    Rep Power
    0
    Originally Posted by Jacques1
    So is it fixed now?
    Hi

    the update mysql isnt working but getting the array in a bit better shape was a step forward.
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1015
    I'd worry about that after rewriting the code.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Location
    Redditch, UK
    Posts
    11
    Rep Power
    0
    Originally Posted by Jacques1
    I'd worry about that after rewriting the code.
    Ok Jacques1 thanks for your help

IMN logo majestic logo threadwatch logo seochat tools logo