Help with update query

This is my Update - work perfect

if ($HTTP_SERVER_VARS['REQUEST_METHOD'] == "POST"){
if($_POST['save'] == 'yes'){
         $id = 0+$_POST['id'];
         $update[] = "fullname = ".sqlesc($_POST['fullname']);
         $update[] = "company = ".sqlesc($_POST['company']);
         $update[] = "adress = ".sqlesc($_POST['adress']);
         $update[] = "email = ".sqlesc($_POST['email']);
         $update[] = "telephone = ".sqlesc($_POST['telephone']);
         $update[] = "fax = ".sqlesc($_POST['fax']);
         $update[] = "more = ".sqlesc($_POST['more']);
mysql_query("UPDATE orders SET ".join(",", $update)." WHERE id = ".$id."") or sqlerr(__FILE__, __LINE__);
header('Location: ./orders.php');
}
}

i was add new fileds vibrannii_tovar , sum

$pairs = explode(',', $order['order']);
$a = array();
foreach ($pairs as $pair) {
    list($k,$v) = explode('-', $pair);
    $a[$k] = $v;
}

$catdropdown = "";
foreach ($a as $k => $v) {

$catdropdown .= "<select style=\\"FONT-WEIGHT: bold\\" name=\\"vibrannii_tovar\\">";
$results = do_mysql_query("SELECT id, russian_name, code_production, price FROM production") or sqlerr(__FILE__, __LINE__);
while($prod = mysql_fetch_array($results)){
$catdropdown .= "<option ".($prod['id'] == $k ? " selected" : "")." value=\\"".$prod['id']."\\">".$prod['russian_name']."</option>";
}
$catdropdown .= "</select> <input name=\\"sum\\" size=\\"2\\" value=\\"".$v."\\"><br />";
}

How to Update new fileds ?

to do like (1-2,3-4,5-6,7-8,)

before minus its vibrannii_tovar and after it’s a sum

i try like this (but not work)

$a = 0+$_POST['vibrannii_tovar'];
$b = 0+$_POST['sum'];
$c = "".$a."-".$b."";
$update[] = "order = ".sqlesc(implode(",", $c));

help please

I didn’t test your code but I can see two potential problems:

  1. “order” is a reserved word in mysql so you may be getting an error when running the query, it’s a good idea to enclose it in backticks

  2. You run implode() on $c while $c is a string. implode() needs an array, anyway I don’t know what it’s supposed to do here, I think you should get rid of this function altogether:


$a = 0+$_POST['vibrannii_tovar'];
$b = 0+$_POST['sum'];
$c = $a."-".$b;
$update[] = "`order` = ".sqlesc($c);

Anyway, I think you should consider normalizing you database and stuff like vibrannii_tovar should be kept in a separate table (for example ordered_products) where each product is a separate row with foreign keys to the orders table and to the production table. Then you don’t have to use hacks like joining product ID and quantity with a - character.

Also, I encourage you to use more descriptive variable names than $a, $b, $c. You’ll have a hard time understanding your code when you look at it after a few weeks!

Standard “My Query Doesnt Work” response. (#3)