$result = mysql_query("UPDATE orders SET order_id='".$data['order_id']."',project_ref='".$data['project_ref']."',supp_short_code='".$data['supp_short_code']."',om_part_no='".$data['om_part_no']."',description='".$data['description']."',quantity='".$data['quantity_input']."',cost_of_items='".$data['cost_of_items']."',cost_total='".$data['cost_total_td']."' WHERE order_id = '".$data['order_id']."'") or die(mysql_error());
Oddly its set all fiel开发者_StackOverflowds to "2" (the order_id value) i'm trying to create an "edit orders" page but its not going to plan!?
EDIT:
How i send the data to the PHP:
$('#submit').live('click',function(){
var postData = {};
postData['data[order_id]'] = $('#order_id').text();
$('#items tr').not(':first').each(function(index, value) {
var keyPrefix = 'data[' + index + ']';
postData[keyPrefix + '[supp_short_code]'] = $(this).closest('tr').find('.supp_short_code').text();
postData[keyPrefix + '[project_ref]'] = $(this).closest('tr').find('.project_ref').text();
postData[keyPrefix + '[om_part_no]'] = $(this).closest('tr').find('.om_part_no').text();
postData[keyPrefix + '[description]'] = $(this).closest('tr').find('.description').text();
postData[keyPrefix + '[quantity_input]'] = $(this).closest('tr').find('.quantity_input').val();
postData[keyPrefix + '[cost_of_items]'] = $(this).closest('tr').find('.cost_of_items').text();
postData[keyPrefix + '[cost_total_td]'] = $(this).closest('tr').find('.cost_total_td').text();
});
$.ajax
({
type: "POST",
url: "updateorder.php",
dataType: "json",
data: postData,
cache: false,
success: function()
{
alert("Order Updated");
}
});
});
Complete PHP Code:
if (isset($_POST['data']) && is_array($_POST['data'])) {
foreach ($_POST['data'] as $row => $data) {
$result = mysql_query("UPDATE orders SET project_ref='".$data['project_ref']."',supp_short_code='".$data['supp_short_code']."',om_part_no='".$data['om_part_no']."',description='".$data['description']."',quantity='".$data['quantity_input']."',cost_of_items='".$data['cost_of_items']."',cost_total='".$data['cost_total_td']."' WHERE order_id = '".$data['order_id']."'") or die(mysql_error());
}
}
var_dump($data);
- This is unsafe. You should escape any values sent to MySQL, using
mysql_real_escape_string
- What does the data look like? Are you sure
$data
contains the right values? - What does the generated query look like, before it's sent to MySQL?
- There's no need to update the
order_id
(thanks, Fosco)
精彩评论