I am having problems trying to update the two arrays of ‘redflag’ and ‘qty’, and i would like to know if i am on the right track or can someone please assist me with this simple coding, i’m a newbie in PHP. I have two input form fields once i submit the fields i am only able to update the ‘QTY’ array. How can i update both arrays?
foreach($_POST['update'] as $pid=>$nonce) // there will only ever be one
{
$selectql = $db->Execute("SELECT p.products_upc, p.products_isbn, p.products_id, p.products_quantity, p.products_image, p.products_model, pd.products_name FROM ".DB_PREFIX."products p LEFT JOIN ".DB_PREFIX."products_description pd ON p.products_id = pd.products_id WHERE p.products_id = " . (int)$pid);
$updated[$pid] = array(
'name' => stripslashes($selectql->fields['products_name']),
'model' => stripslashes($selectql->fields['products_model']),
'redflag' => $_POST['redflag'][$selectql->fields['products_isbn']],
'qty' => $_POST['qty'][$selectql->fields['products_id']],
'img' => stripslashes($selectql->fields['products_image']),
'notification_subscribed' => ''
);
}
}
} else if(isset($_POST['confirmed']) && $_POST['confirmed'] ==1) // show "done" page
{
$fields = array('qty', 'redflag');
foreach($_POST['update'] as $pid=>$qty)
{
$redflag = $_POST[$key];
$qty = $_POST[$key];
$selectql = $db->Execute("SELECT products_quantity, products_isbn FROM ".DB_PREFIX."products WHERE products_id = " . (int)$pid);
$updateql = $db->Execute("UPDATE ".DB_PREFIX."products SET products_quantity = " . (int)$qty ." WHERE products_id = " . (int)$pid);
You need to escape the contents of $_POST before letting it anywhere near the database or better still, use prepared statements. Looks like you’re using PDO, can you confirm if you’re using PDO.
Here is the complete coding, my code i inserted is in BOLD
<?php
require('includes/application_top.php');
if(isset($_POST['confirmed']) && $_POST['confirmed'] == 0) // show confirmation page
{
$updated = array();
if(isset($_POST['update_all'])) // multiple items
{
$selectql = $db->Execute("SELECT p.products_upc, p.products_isbn, p.products_id, p.products_quantity, p.products_image, p.products_model, pd.products_name FROM ".DB_PREFIX."products p LEFT JOIN ".DB_PREFIX."products_description pd ON p.products_id = pd.products_id WHERE p.products_status = 1");
while(!$selectql->EOF)
{
if(($_POST['qty'][$selectql->fields['products_id']] != $selectql->fields['products_quantity']) [&& ($_POST['redflag'][$selectql->fields['products_id']] != $selectql->fields['products_isbn'])){
$updated[$selectql->fields['products_id']] = array(
'name' => stripslashes($selectql->fields['products_name']),
'model' => stripslashes($selectql->fields['products_model']),
'redflag' => $_POST['redflag'][$selectql->fields['products_isbn']],
'qty' => $_POST['qty'][$selectql->fields['products_id']],
'img' => stripslashes($selectql->fields['products_image']),
'notification_subscribed' => ''
);
}
$selectql->MoveNext();
}
} else {
foreach($_POST['update'] as $pid=>$nonce) // there will only ever be one
{
$selectql = $db->Execute("SELECT p.products_upc, p.products_isbn, p.products_id, p.products_quantity, p.products_image, p.products_model, pd.products_name FROM ".DB_PREFIX."products p LEFT JOIN ".DB_PREFIX."products_description pd ON p.products_id = pd.products_id WHERE p.products_id = " . (int)$pid);
$updated[$pid] = array(
'name' => stripslashes($selectql->fields['products_name']),
'model' => stripslashes($selectql->fields['products_model']),
'redflag' => $_POST['redflag'][$selectql->fields['products_isbn']],
'qty' => $_POST['qty'][$selectql->fields['products_id']],
'img' => stripslashes($selectql->fields['products_image']),
'notification_subscribed' => ''
);
}
}
} else if(isset($_POST['confirmed']) && $_POST['confirmed'] ==1) // show "done" page
{
//require_once(DIR_FS_ADMIN . DIR_WS_FUNCTIONS . 'back_in_stock_notifications_functions.php');
$fields = array('qty', 'redflag');
foreach($_POST['update'] as $pid=>$qty)
{
$redflag = $_POST[$key];
$qty = $_POST[$key];
// get the old quantity for logging purposes
$selectql = $db->Execute("SELECT products_quantity, products_isbn FROM ".DB_PREFIX."products WHERE products_id = " . (int)$pid);
$updateql = $db->Execute("UPDATE ".DB_PREFIX."products SET products_quantity = " . (int)$qty ." WHERE products_id = " . (int)$pid);
}
zen_redirect('ez_update.php');
} else{
$all_products = array();
// generate all useful stats (remove sections if you don't need them)
$selectql = $db->Execute("SELECT p.products_upc, p.products_isbn, p.products_id, p.products_quantity, p.products_model, pd.products_name
FROM
`".DB_PREFIX."products` p
LEFT JOIN `".DB_PREFIX."products_description` pd on p.products_id = pd.products_id
WHERE products_status = 1");
while(!$selectql->EOF){
if($selectql->fields['products_id'] != '')
{
$all_products[$selectql->fields['products_id']] = array(
'products_upc' => $selectql->fields['products_upc'],
'products_isbn' => $selectql->fields['products_isbn'],
'products_name' => $selectql->fields['products_name'],
'products_model' => $selectql->fields['products_model'],
'products_quantity' => $selectql->fields['products_quantity'],
'ordered_not_shipped' => '0',
'notification_subscribed' =>0
);
}
$selectql->MoveNext();
}
$selectql = $db->Execute("SELECT op.products_id, SUM(op.products_quantity) ons FROM ".DB_PREFIX."orders_products op LEFT JOIN ".DB_PREFIX."orders o ON o.orders_id = op.orders_id WHERE o.orders_status != 3 GROUP BY op.products_id");
while(!$selectql->EOF){
if($selectql->fields['ons'] > 0){
$all_products[$selectql->fields['products_id']]['ordered_not_shipped'] = $selectql->fields['ons'];
}
$selectql->MoveNext();
}
}
?>