Hi, Weedpacket,
Many thanks for your reply and additional comments concerning sql injection.
In my original post I tried to cut down on the amount of code which did leave out a lot of stuff, here is the complete script with the amendment from your reply:
<?php
if (!isset($_SESSION)) {
session_start();
}
print_r($_POST);
require_once('../../Connections/flightq.php');
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_flightq, $flightq);
$query_sql = "SELECT * FROM FLIGHTx_sms WHERE FlightAck IS NULL";
$sql = mysql_query($query_sql, $flightq) or die(mysql_error());
$row_sql = mysql_fetch_assoc($sql);
$totalRows_sql = mysql_num_rows($sql);
?>
<link href="css/alert.css" rel="stylesheet" type="text/css" />
<form name="form1" method="post" action="" onSubmit="close_window()">
<table width="333" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="4" class="bodytext"><div align="center">
<img src="images/popup_banner.png" width="310" height="66" border="0" />
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td class="bodytext">ID</td>
<td class="bodytext">Flight No</td>
<td class="bodytext">Status</td>
<td class="bodytext"> </td>
</tr>
<?php
while($row_sql = mysql_fetch_assoc($sql)){
?>
<tr>
<td><span class="popupfields">
<input name="FlightID[]" type="text" class="bodytext2" id="FlightID" style="border:none" value="<?php print $row_sql['FlightID'];?>" size="12"/>
</span></td>
<td><span class="popupfields">
<input name="FlightNo[]" type="text" class="bodytext2" id="FlightNo" style="border:none" value="<?php print $row_sql['FlightNo'];?>" size="9" readonly="readonly"/>
</span></td>
<td><span class="popupfields">
<input name="FlightStatus" type="text" class="bodytext2" id="FlightStatus" style="border:none" value="<?php print $row_sql['FlightStatus'];?>" size="6" readonly="readonly"/>
</span></td>
<td><input name="FlightAck[]" type="hidden" id="FlightAck" value="1" /></td>
</tr>
<?php
}
?>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>
</div></td>
</tr>
<tr>
<td colspan="4" class="bodytext">
<div align="center">
<input type="image" src="images/ack_button.png" name="Submit" value="Submit" />
</div></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['Submit'])){
for($i=0;
$i<$totalRows_sql;
$i++){
$updateSQL = sprintf("UPDATE FLIGHTx_sms SET FlightAck=%s WHERE FlightID='".$row_sql['FlightID[$i]']."'",
GetSQLValueString($_POST['FlightAck[$i]'], "int"));
mysql_select_db($database_flightq, $flightq);
$Result1 = mysql_query($updateSQL, $flightq) or die(mysql_error());
}
}
mysql_free_result($sql);
?>
When the form is submitted the result of the print_r($_POST) is:
Array ( [FlightID] => Array ( [0] => 273809636 [1] => 273863209 [2] => 273859571 [3] => 273863078 [4] => 273960304 [5] => 273913059 [6] => 273960521 [7] => 273842651 ) [FlightNo] => Array ( [0] => AC848 [1] => BA177 [2] => KU103 [3] => BA187 [4] => KL1022 [5] => KL1021 [6] => BA187 [7] => BA186 ) [FlightStatus] => CANX [FlightAck] => Array ( [0] => 1 [1] => 1 [2] => 1 [3] => 1 [4] => 1 [5] => 1 [6] => 1 [7] => 1 ) [Submit_x] => 25 [Submit_y] => 31 )
This leads me back to square one, can you or anyone see why the records are not getting updated.
Again many thanks.
