table Help..

wendymelon

I'm having a problem with this code.
I have build a table with the number of row according to the SQL query from the database.

 if(isset($_POST['btnUpdate'])){
           for($i=0;$i<=$record;$i++){
               $Emp = echo '<script type="text/javascript">document.getElementById(\'clmEmpID'.$i.'\').value</script>';

           $query5="UPDATE application,employee,supervisor SET application.OT_Rate='".($_POST['OT_Rate'.$i.''\''.]).",
           application.Time_Start='".$_POST(['TimeStart'.$i.'\''.])."', application.Time_End='".$_POST(['TimeEnd'.$i.'\''.])."',
           application.ApplyStatus='".$_POST(['Status'.$i.'\''.])."' WHERE application.Emp_ID='".$Emp."' AND application.Date_Apply='".$Date[$i]."';";

           mysql_query($query5);
       }
   }

Is there anything wrong with this code? The javascript that I use.....is for the purpose of getting the value inside a cell according to the row.

poison

well there is a relative easy way to find out ...
do an

echo $query5;

before mysql_query() and post the output here...and also post the errors from MySQL if any
regards =D

btw: your NOT going to put that thing someplace public available ? ...at least I hope for your server

wendymelon

There is a parse error:

<script type="text/javascript">
document.getElementById('row1').value</script>;

at this line of code:
$Emp = echo '<script type="text/javascript">document.getElementById(\'clmEmpID'.$i.'\').value</script>';

poison

ok....i didn't mind to take a closer look...
one parsing error is a little bit understated 😉
1. you DON'T echo to a variable gg
2. learn how to quote...
3. $POST is a array(hash) and not a function...
4. ESCAPE data that is gonna be used in a SQL query...
sorry...I don't want to sound insulting...and I really don't wanna...but this thing is so messed up I could only guess what you where trying to do =(

if(isset($_POST['btnUpdate'])){
	for($i=0;$i<=$record;$i++){
		$Emp = '<script type="text/javascript">document.getElementById(\\'clmEmpID' . $i . '\\').value</script>';

	$query5="UPDATE application,employee,supervisor SET application.OT_Rate='" . mysql_escape_string($_POST['OT_Rate'.$i]) . "',
           application.Time_Start='" . mysql_escape_string($_POST['TimeStart'.$i]) . "', application.Time_End='" . mysql_escape_string($_POST['TimeEnd'.$i]) . "', 
           application.ApplyStatus='" . mysql_escape_string($_POST['Status'. $i]) . "' WHERE application.Emp_ID='" . mysql_escape_string($Emp) . "' AND application.Date_Apply='" . mysql_escape_string($Date[$i]); 

	mysql_query($query5);
}
}

regards

wendymelon

If this is the case, how should I code it? I'm still a beginner.

if(isset($_POST['btnUpdate'])){
for($i=0;$i<=$record;$i++){
$Emp = echo '<script type="text/javascript">document.getElementById(\'clmEmpID'.$i.'\').value</script>';

           $query5="UPDATE application,employee,supervisor SET application.OT_Rate='".($_POST['OT_Rate'.$i.''\''.]).",
           application.Time_Start='".$_POST(['TimeStart'.$i.'\''.])."', application.Time_End='".$_POST(['TimeEnd'.$i.'\''.])."',
           application.ApplyStatus='".$_POST(['Status'.$i.'\''.])."' WHERE application.Emp_ID='".$Emp."' AND application.Date_Apply='".$Date[$i]."';";
           echo $query5;
           mysql_query($query5);
       }
   }

poison

if(isset($_POST['btnUpdate'])){
	for($i=0;$i<=$record;$i++){
		$Emp = '<script type="text/javascript">document.getElementById(\\'clmEmpID' . $i . '\\').value</script>';

	$query5="UPDATE application,employee,supervisor SET application.OT_Rate='" . mysql_escape_string($_POST['OT_Rate'.$i]) . "',
           application.Time_Start='" . mysql_escape_string($_POST['TimeStart'.$i]) . "', application.Time_End='" . mysql_escape_string($_POST['TimeEnd'.$i]) . "', 
           application.ApplyStatus='" . mysql_escape_string($_POST['Status'. $i]) . "' WHERE application.Emp_ID='" . mysql_escape_string($Emp) . "' AND application.Date_Apply='" . mysql_escape_string($Date[$i]); 
	echo $query5;
	mysql_query($query5);
}
}

wendymelon

Thanks...the current problem is...it doesn't update or show the query.

I would like to enquire on the usage of mysql_escape_string($_POST['TimeEnd'.$i.'\''])

The codes are as below:

$result = mysql_query($query) or die("Unable to connecto to database.");
      if(mysql_num_rows($result)){
          $record = 0;
          while($row = mysql_fetch_array($result,MYSQL_NUM)){
                $record++;
                echo '<tr id="row'.$record.'" bgcolor="#FFFFD7" bordercolor="#FFFFD7">';
                echo '<td id="clmEmpID'.$record.'"><font size="3">'.$row[0].'</font></td>';
                echo '<td id="clmName'.$record.'"><font size="3">'.$row[1].'</font></td>';
                echo '<td ><select name="OT_Rate'.$record.'"  style="width:150px;">';
                echo '<option selected>'.$row[2].'</option>';
                $query3="SELECT * FROM otcode;";
                $otcode=mysql_query($query3) or die("Unable to connect to db");
                while($code=mysql_fetch_array($otcode,MYSQL_NUM)){

                echo '<option><font size="3">'.$code[0].'</font></option>';
            }
            echo '</select></td>';
            echo '<td id="clmReason'.$record.'"><font size="3">'.$row[3].'</font></td>';
            echo '<td><input name="TimeStart'.$record.'" type="text" size="3" value='. str_pad($row[4],2,"0",STR_PAD_LEFT). str_pad($row[5],2,"0",STR_PAD_LEFT).'><font size="3"></input></font></td>';
            echo '<td><input name="TimeEnd'.$record.'"  type="text" size="3" value='. str_pad($row[6],2,"0",STR_PAD_LEFT). str_pad($row[7],2,"0",STR_PAD_LEFT).'><font size="3"></input></font></td>';
            echo '<td><select name="Status'.$record.'" style="width: 100px;">';
            echo '<option selected>'.$row[8].'</option>';
            echo '<option>APPROVED</option>';
            echo '<option>UNAPPROVED</option>';
            echo '<option>NOT YET</option>';
            echo '</select></td>';
            echo '<td id="clmDate'.$record.'"><font size="3">'.$row[9].'</font></td>';
            echo '</tr>';
            $Date[$record]=$row[10];

       }

   }

   echo '</table>';
   echo '<p></p>';
   echo '<input type="submit" name="btnUpdate" id="btnUpdate" value="Update" style="BACKGROUND: #B1724B; BORDER-BOTTOM: #444444  2px solid; BORDER-LEFT:  #444444 2px solid; BORDER-RIGHT: #444444 2px solid; BORDER-TOP: #444444 2px solid; CURSOR: hand; FONT-FAMILY: verdana,arial,helvetica;color:#FFFFFF;font-weight:bold;HEIGHT: 25px; WIDTH: 100px">';

   if(isset($_POST['btnUpdate'])){
       for($i=0;$i<=$record;$i++){
           $Emp = '<script type="text/javascript">document.getElementById(\'clmEmpID'.$i.'\').value</script>';


           $query5="UPDATE application,employee,supervisor SET application.OT_Rate='" . mysql_escape_string($_POST['OT_Rate'.$i.'\'']) . "',
           application.Time_Start='" . mysql_escape_string($_POST['TimeStart'.$i.'\'']) . "', application.Time_End='" . mysql_escape_string($_POST['TimeEnd'.$i.'\'']) . "',
           application.ApplyStatus='" . mysql_escape_string($_POST['Status'. $i.'\'']) . "' WHERE application.Emp_ID='" . mysql_escape_string($Emp) . "' AND application.Date_Apply='" . mysql_escape_string($Date[$i]);
	echo '<p>'. $query5.'</p>';
	mysql_query($query5);

       }
   }

poison

I would like to enquire on the usage of mysql_escape_string($_POST['TimeEnd'.$i.'''])

mysql_escape_string() escapes the string, so it can safely be used in an query string for MySQL (i.e. if you have quotes in an string)
http://de.php.net/manual/en/function.mysql-escape-string.php

sorry...but I'm really to tired to read the whole thing =(
maybe you should begin with the basics of debugging...
if echo '<p>'. $query5.'</p>'; doesn't output anything, it means it doesn't come that far, since $query5 would in every case contain some string...
so probably $_POST['btnUpdate'] isn't set...
you might search the net for a php debugger...I found a very good gdb plugin...if your on (GNU|BSD)...i'll see if I find the URL...