I’m trying to get a form to show all of the results from a table in the database so that they can be updated at the same time but it’s only showing one result.
I’ve getting all of the entries using this:
$query="select country_id,cost,country.id,country.name from country, shipping where country_id=country.id and owner_id=".$_GET['id'];
$shipping=dbselect( $query,"dbPublic" );
which does work, but when I try to create the form I only get the last entry.
The names of the country are stored in a different table to the costs so that’s why I’m calling two different tables. Thanks for pointing it out though as I have made that mistake in the past!
How would I change it so that the same values aren’t being called every time? I’ve added a new field to the query but don’t know who to get that into the form.
The query is now:
$query="select shipping.id as shipping_id,country_id,cost,country.id,country.name from country, shipping where country_id=country.id and owner_id=".$_GET['id'];
$shipping=dbselect( $query,"dbPublic" );
But when I try to change a field name to m_“.$value[‘country_id’].” I get a syntax error
What will be $a equals to after that loop? We re-assign (rewrite) this variable on each iteration, so after the loop $a will contain the last $value, right? You’re doing the same thing.
For example:
foreach( $shipping as $key=>$value ) {
$FORM[$formid]['field']['owner_id']['type']="hidden";
$formid doesn’t change inside the loop, so that means you’re assigning value to the same variable each time. To store values of all rows you should use additional arrays:
if( is_array( $shipping ) ) {
$FORM[$formid]['field']['owner_id']['type'][] ="hidden"; //note the brackets []
$FORM[$formid]['field']['owner_id']['value'][] =$_GET['id'];
$FORM[$formid]['field']['country_id']['type'][] ="hidden";
//..and so on...
After that you will be able to get values for each row separately:
That’s leaving you a sitting duck for sql injection attack as you’re letting user submitted data near the database without escaping it. You should be using prepared statements when dealing with user submitted data and you need to be validating the user submitted data.
If the id is a numeric then you could do:
$id = (int) $_GET['id'];
That would typecast $id as a numeric, if the value for id in the $_GET array isn’t a numeric then $id will be 0. You then pass $id on for either more validation or to go into a prepared statement.
The query uses an old outdated join syntax, assuming country_id is a field in the shipping table:
$query = "
SELECT
shipping.country_id
, cost
, country.id
, country.name
FROM
country
INNER JOIN
shipping
ON shipping.country_id = country.id
WHERE
owner_id=".$_GET['id'];
Which tables are the fields cost and owner_id in, try and get into the habbit of qualifying all fields when dealing with joins. What code are you using to get the results set from the database?