php - mysql update table ajax by class -

-

i'm trying update rows quantity using ajax class not id have looked on google hours trying work out find didnt seem work

my code far is

include('config.php');   $id=$_get[id];  $sql2="select *  `orders`  `id` = '".$id."'";  $result2 = mysql_query($sql2);  $row2 = mysql_fetch_array($result2);  $order=$_get[order]; $qty=$_get[qty];  $sql="select *  `stock`  `part` = '".$part."'";  $result = mysql_query($sql);  $row1 = mysql_fetch_array($result);  $lineprice=$qty * $row2[price];  $sqlins1 = "update `orders` set qty='$qty', lineprice='$lineprice' id = '".$id."'";  if (!mysql_query($sqlins1,$con))   {   die('error: ' . mysql_error());   }  $sql="select * `orders`  `invoice` = '".$order."' order id desc";  $result = mysql_query($sql); echo"   <table id='poitable' width='100%' border='1'>         <tr>             <td>sku</td>             <td>qty</td>             <td width='45%'>item</td>             <td>unit price</td>             <td>line price</td>             <td>delete</td>         </tr>"; while($row = mysql_fetch_array($result))   {  echo"<tr><td>" . $row['part'] . "</td><td><form name='test'>    <input type='hidden' value='" . $row[id] . "' id='part'>   <input type='text' id='qty' value='" . $row['qty'] . "' onblur='updateqty(this.id)'></form></td><td>" . $row['description'] . "</td><td>" . $row['price'] . "</td><td>" . $row['lineprice'] . "</td><td> <input type='image' src='images/btn_delete.png' value='" . $row[id] . "' onclick='deletesku(this.value)' height='30'/></td> ";   }

any on appreciated,

many thanks

  1. your code vulnerable sql injection.
  2. you're using deprecated api not support prepared statements prevent sql injection
  3. you can combine update , select single statement. here's idea

  4. your deduction should database based, not value based

    update tbl update col = col - 1


Comments

Post a Comment

Popular posts from this blog

java - Jmockit String final length method mocking Issue -

-
using jmockit 1.2 jar, trying mock string's length method getting unexpected invocation exception: failed: test java.lang.illegalstateexception: missing invocation mocked type @ point; please make sure such invocations appear after declaration of suitable mock field or parameter @ stringdemo.testa$1.<init>(testa.java:17) @ stringdemo.testa.test(testa.java:13) i using testng: @test public void test() throws exception { new expectations() { @mocked("length") string astring; { astring.length(); result = 2; } }; system.out.println(a.showa("test")); } } actual class a: public class { public static int showa(string str){ int a= str.length(); return a; } } this wrong way of recording expected results. shouldn't mock , record string's length() method, record showa() instead. here solution @suppresswarnings("unused...
Read more

What is the difference between data design and data model(ERD) -

-
i have google question , find answer in day. know, data design many many table have list column,and mark pk , fk. why er-diagram have find this? data design process of designing database. main output of data design detailed logical data model of database. some people data design includes of needed logical , physical design choices , physical storage parameters needed generate design in data definition language. technically, database analysis, database analysts (dbas) trained do. while person can both data design , database analysis, these 2 different tasks. data design models data. database analysis takes model , applies 1 or more database engines (relational, hierarchical, nosql). a logical data model 1 of main outputs of data design. data model represented entity relationship diagram, or er diagram.
Read more

ios - Can NSManagedObject conform to NSCoding -

-
i need transfer single object across device. right converting nsmanagedobject dictionary , archiving , sending nsdata. upon receiving unarchiving it. transfer nsmanagedobject archiving , unarchiving instead of creating intermediate data object. @interface test : nsmanagedobject<nscoding> @property (nonatomic, retain) nsstring * title; @end @implementation test @dynamic title; - (id)initwithcoder:(nscoder *)coder { self = [super init]; if (self) { self.title = [coder decodeobjectforkey:@"title"]; //<crash } return self; } - (void)encodewithcoder:(nscoder *)coder { [coder encodeobject:self.title forkey:@"title"]; } @end nsdata *archivedobjects = [nskeyedarchiver archiveddatawithrootobject:testobj]; nsdata *objectsdata = archivedobjects; if ([objectsdata length] > 0) { nsarray *objects = [nskeyedunarchiver unarchiveobjectwithdata:objectsdata]; } the problem above code is. crashes @ self.title in initwithcoder sa...
Read more