How can i loop all questions in a row to display as radio button answers?
I have 4 tables in $row that i want to print as radio button survey.
Question nr1 (Radiobutton)Answer0 (Radiobutton)ansewer1 (Radiobutton)answer2
Question nr2 (Radiobutton)Answer0 (Radiobutton)ansewer1 (Radiobutton)answer2
Question nr3 (Radiobutton)Answer0 (Radiobutton)ansewer1 (Radiobutton)answer2
and so on.....
<?php
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result)) {
echo $row['que_id'] . " " . $row['que_question'] . " " . $row['que_answer0'] . " " . $row['que_answer1'] . " " . $row['que_answer2'] ;
echo "<br>";
}
?>
Replace this:
<?php
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result)) {
echo $row['que_id'] . " " . $row['que_question'] . " " . $row['que_answer0'] . " " . $row['que_answer1'] . " " . $row['que_answer2'] ;
echo "<br>";
}
?>
to this:
<?php
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result)) {
echo '' . $row['que_question'] . '<br>
<input type="radio" name="' . $row['que_id'] . '" value="male">' . $row['que_answer0'] . '<br>
<input type="radio" name="' . $row['que_id'] . '" value="male">' . $row['que_answer1'] . '<br>
<input type="radio" name="' . $row['que_id'] . '" value="male">' . $row['que_answer0'] . '<br>';
}
?>
Use this
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result))
{
echo $row['que_question'].' ';
echo "<input type='radio' name='question[".$row['que_id']."]' value='".$row['que_answer1']."'">." ";
echo "<input type='radio' name='question[".$row['que_id']."]' value='".$row['que_answer2']."'">." ";
echo "<input type='radio' name='question[".$row['que_id']."]' value='".$row['que_answer3']."'">."<br>";
}
Related
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
How to prevent XSS with HTML/PHP?
(9 answers)
Closed 17 days ago.
I have the following code:
<?php
/*
Template Name: trial_app_review
*/
get_header();
?>
<div class="form-container">
<form style="margin-top: 150px;" method="post">
<?php
// Connect to the MySQL database using the MySQLi object
$mysqli = new mysqli('host', 'user', 'password', 'db');
// Check for errors
if ($mysqli->connect_error) {
echo "Error: " . $mysqli->connect_error;
} else {
// Check if the button was clicked
if (isset($_POST['insert_btn'])) {
// Get the values of the row that the button belongs to
$WK = $_POST['WK']; $WK = mysqli_real_escape_string($mysqli, $WK);
$Trial_Year = $_POST['Trial_Year']; $Trial_Year = mysqli_real_escape_string($mysqli, $Trial_Year);
$Trial_Dates = $_POST['Trial_Dates'];$Trial_Dates = mysqli_real_escape_string($mysqli, $Trial_Dates);
$Trial_Club = $_POST['Trial_Club']; $Trial_Club = mysqli_real_escape_string($mysqli, $Trial_Club);
$Trial_Classes = $_POST['Trial_Classes']; $Trial_Classes = mysqli_real_escape_string($mysqli, $Trial_Classes);
$Ring_Width = $_POST['Ring_Width']; $Ring_Width = mysqli_real_escape_string($mysqli, $Ring_Width);
$Ring_Height = $_POST['Ring_Height']; $Ring_Height = mysqli_real_escape_string($mysqli, $Ring_Height);
$double_yes_no = $_POST['double_yes_no']; $double_yes_no = mysqli_real_escape_string($mysqli, $double_yes_no);
$FeePd = $_POST['FeePd']; $FeePd = mysqli_real_escape_string($mysqli, $FeePd);
$num_days = $_POST['num_days']; $num_days = mysqli_real_escape_string($mysqli, $num_days);
$start_date = $_POST['start_date']; $start_date = mysqli_real_escape_string($mysqli, $start_date);
$Trial_City = $_POST['Trial_City']; $Trial_City = mysqli_real_escape_string($mysqli, $Trial_City);
$Trial_St = $_POST['Trial_St']; $Trial_St = mysqli_real_escape_string($mysqli, $Trial_St);
$trial_sec = $_POST['trial_sec']; $trial_sec = mysqli_real_escape_string($mysqli, $trial_sec);
$Trial_Email = $_POST['Trial_Email']; $Trial_Email = mysqli_real_escape_string($mysqli, $Trial_Email);
$Trial_Website = $_POST['Trial_Website']; $Trial_Website = mysqli_real_escape_string($mysqli, $Trial_Website);
$end_date = $_POST['end_date']; $end_date = mysqli_real_escape_string($mysqli, $end_date);
$street_addr = $_POST['street_addr']; $street_addr = mysqli_real_escape_string($mysqli, $street_addr);
$distckwk = $_POST['distckwk']; $distckwk = mysqli_real_escape_string($mysqli, $distckwk);
$club_id = $_POST['club_id']; $club_id = mysqli_real_escape_string($mysqli, $club_id);
$pend_id = $_POST['ID']; $pend_id = mysqli_real_escape_string($mysqli, $pend_id);
$query = "INSERT INTO Calendar (pend_id, WK, Trial_Year, Trial_Dates, Trial_Club, Trial_City, Trial_St, Trial_Classes, Ring_Width, Ring_Height, double_yes_no, Trial_FName, Trial_Email,
Trial_Website, FeePd, start_date, end_date, street_addr, distckwk, club_id,Pend_Confirm)
VALUES ('$pend_id', '$WK', '$Trial_Year', '$Trial_Dates', '$Trial_Club', '$Trial_City', '$Trial_St', '$Trial_Classes', '$Ring_Width', '$Ring_Height', '$double_yes_no', '$trial_sec',
'$Trial_Email', '$Trial_Website', '$FeePd', '$start_date', '$end_date', '$street_addr','$distckwk', '$club_id',CONCAT('Confirmed-', CURRENT_DATE()))";
$result = $mysqli->query($query);
if ($result) {
$update = "UPDATE PendingCalendar SET Pend_Confirm = CONCAT('Confirmed-', CURRENT_DATE()) WHERE ID = '$pend_id'";
$update_result = $mysqli->query($update);if ($update_result) {
echo '<script>window.location.href = "https://nadac.com/success.php";</script>';
} else {
echo "Error: " . $mysqli->error;
}
} else {
echo "Error: " . $mysqli->error;
}
}
else {
// Execute a SELECT query and check for errors
$result = $mysqli->query("SELECT * FROM PendingCalendar WHERE Pend_Confirm IS NULL OR Pend_Confirm ='' ORDER BY WK DESC");
if (!$result) {
echo "Error: " . $mysqli->error;
} else {
// Add the stylesheet
echo "<style>
table {
border-collapse: collapse;
}
table, td, th {
border: 1px solid black;
padding: 5px;
}
</style>";
// Create the updated HTML table
echo "<table>\n";
echo " <tr>\n";
echo " <th>Action</th>\n";
echo " <th>WK</th>\n";
echo " <th>Trial_Year</th>\n";
echo " <th>Trial_Club</th>\n";
echo " <th>Trial_Classes</th>\n";
echo " <th>Ring_Width</th>\n";
echo " <th>Ring_Height</th>\n";
echo " <th>double_yes_no</th>\n";
echo " <th>Fee Pd</th>\n";
echo " <th>start_date</th>\n";
echo " <th>end_date</th>\n";
echo " </tr>\n";
// Iterate over the results and print each row
while ($row =
$result->fetch_assoc()) {
// Print the table row
echo " <tr>\n";
echo " <td>\n";
echo " <form method='post' >\n";
echo " <input type='hidden' name='ID' value='" . $row['ID'] . "'>\n";
echo " <input type='hidden' name='WK' value='" . $row['WK'] . "'>\n";
echo " <input type='hidden' name='Trial_Year' value='" . $row['Trial_Year'] . "'>\n";
echo " <input type='hidden' name='Trial_Club' value='" . $row['Trial_Club'] . "'>\n";
echo " <input type='hidden' name='Trial_Classes' value='" . $row['Trial_Classes'] . "'>\n";
echo " <input type='hidden' name='Ring_Width' value='" . $row['Ring_Width'] . "'>\n";
echo " <input type='hidden' name='Ring_Height' value='" . $row['Ring_Height'] . "'>\n";
echo " <input type='hidden' name='double_yes_no' value='" . $row['double_yes_no'] . "'>\n";
echo " <input type='hidden' name='FeePd' value='" . $row['FeePd'] . "'>\n";
echo " <input type='hidden' name='start_date' value='" . $row['start_date'] . "'>\n";
echo " <input type='hidden' name='end_date' value='" . $row['end_date'] . "'>\n";
echo " <input type='hidden' name='Trial_Dates' value='" . $row['Trial_Dates'] . "'>\n";
echo " <input type='hidden' name='Trial_City' value='" . $row['Trial_City'] . "'>\n";
echo " <input type='hidden' name='Trial_St' value='" . $row['Trial_St'] . "'>\n";
echo " <input type='hidden' name='Trial_Email' value='" . $row['Trial_Email'] . "'>\n";
echo " <input type='hidden' name='Trial_Website' value='" . $row['Trial_Website'] . "'>\n";
echo " <input type='hidden' name='street_addr' value='" . $row['street_addr'] . "'>\n";
echo " <input type='hidden' name='distckwk' value='" . $row['distckwk'] . "'>\n";
echo " <input type='hidden' name='club_id' value='" . $row['club_id'] . "'>\n";
echo " <input type='hidden' name='trial_sec' value='" . $row['trial_sec'] . "'>\n";
echo " <button type='submit' name='insert_btn'>Insert</button>\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>" . $row['WK'] . "</td>\n";
echo " <td>" . $row['Trial_Year'] . "</td>\n";
echo " <td>" . $row['Trial_Club'] . "</td>\n";
echo " <td>" . $row['Trial_Classes'] . "</td>\n";
echo " <td>" . $row['Ring_Width'] . "</td>\n";
echo " <td>" . $row['Ring_Height'] . "</td>\n";
echo " <td>" . $row['double_yes_no'] . "</td>\n";
echo " <td>" . $row['FeePd'] . "</td>\n";
echo " <td>" . $row['start_date'] . "</td>\n";
echo " <td>" . $row['end_date'] . "</td>\n";
echo " </tr>\n";
} echo "</table>\n";
}
}
}
?>
</form>
</div>
And it works. But when a column has an apostrophe, it removes everything after the apostrophe.
I am definitely a beginner, but I thought the escape string would prevent that from happening?
I made a test record and using something like this: NADAC,Testing'testing"testing it gets shortened to: NADAC,Testing
What am I missing?
Please advice me as value for session data question_number not getting incremented and passed in Codeigniter project
The old value question_number of 1 is always passed as the question number
the code is supposed to set question_number as 1 initially and then when the user submits the form the first time, and the form data is processed by the same document, the question number is supposed to be incremented by one and passed to the same form below
but unfortunately, this new question number is not passed to the hidden input type
see the code below
$con = mysqli_connect($dbhost, $dbuser, $dbpass, $dbName);
if (!$this->session->userdata("user_id")) {
header("location:" . base_url() . "login");
}
$_SESSION['error'] = '';
$_SESSION['success'] = '';
// template methods start here ==========================================
if (isset($_POST["LaunchTest"])) {
$test_id = addslashes($_POST['id']);
echo("test_id: " . $test_id . "<br />");
$session_id = addslashes($_POST['session_id']);
echo("session_id: " . $session_id . "<br />");
$counter = addslashes($_POST['counter']);
echo("counter: " . $counter . "<br />");
$score = addslashes($_POST['score']);
echo("score: " . $score . "<br />");
$question_number = addslashes($_POST['question_number']);
echo("question_number: " . $question_number . "<br />");
$answer = addslashes($_POST['hidden_answer']);
echo("answer: " . $answer . "<br />");
$user_choice = addslashes($_POST['radio_choice']);
echo("user_choice: " . $user_choice . "<br />");
$start_id = addslashes($_POST['start_id']);
echo("start_id: " . $start_id . "<br />");
$end_id = addslashes($_POST['end_id']);
echo("end_id: " . $end_id . "<br />");
$current_question= $question_number;
if ($user_choice==$answer) {
$score++;
}
$preventRepeat = [];
$question_number = $question_number+1;
echo("new Question number: " . $question_number . "<br />");
$new_question = $question_number;
$_SESSION['question_number'] = $question_number;
$organisation = $_SESSION['organisation'];
date_default_timezone_set('Africa/Lagos');
$today = date('m/d/Y h:i:s a', time());
$sql_query = "UPDATE cbt_attempts_tbl SET "
. "currentQuestion ='"
. $current_question . "',"
. "score ='"
. $score . "',"
. "created_date ='"
. $today . "'"
. " WHERE session_id = '"
. $session_id .
"'";
; //$displayedRowCount = $rowCount;
echo $sql_query . "<br />";
$result = mysqli_query($con, $sql_query) or die("No data returned from DB Query");
//$candidate_quest_count++;
echo "database updated succesfully. <br />";
$current_question++;
if ($question_number > $_SESSION['total_questions']) {
//calculate score
$score_output = calculateScore($score, $_SESSION['total_questions']);
//end test
header("location:" . base_url() . "score?id=" . $test_id .
"&test_session=" . $session_id. "score=". $score_output);
} else {
// myRandomNum = generateSecondRandomNumber();
$myRandomNum = generateRandomNumber($start_id, $end_id);
echo("myRandomNum: " . $myRandomNum . "<br />");
//$myRandomNum = preventRepeatingQuestions($myRandomNum);
$quesionAtRand_str = getQuestionAtRandom($myRandomNum, $con);
$QuestData_arr = explode("~", $quesionAtRand_str);
//echo("QuestData_arr is: " . $QuestData_arr . "<br />");
$Question = $QuestData_arr[1];
//echo("Question is: " . $Question . "<br />");
$OptA = $QuestData_arr[2];
//echo("OptA is: " . $OptA . "<br />");
$OptB = $QuestData_arr[3];
//echo("OptB is: " . $OptB . "<br />");
$OptC = $QuestData_arr[4];
//echo("OptC is: " . $OptC . "<br />");
$OptD = $QuestData_arr[5];
//echo("OptD is: " . $OptD . "<br />");
$Answer = $QuestData_arr[6];
//echo("Answer is: " . $Answer . "<br />");
}
}
?>
<?php include('admin_block.php'); ?>
<br/>
<?php
if (!isset($_GET["id"])) {
$_SESSION['error'] = '<label class="text-danger">nothing selected.</label><br />';
header("location:" . base_url() . "launchtest");
exit();
}
$test_id = addslashes($_GET['id']);
//display deleted succesfully
//header return to update screen
$organisation = $_SESSION['organisation'];
$user_name = $_SESSION['user_name'];
// main start
//-----FIRST TIME RUN STARTS HERE---
if (!isset($test_session_id)) {
$arr_usr_choice = [];
$arr_correct_answer = [];
$arr_usr_choice[0] = "nothing";
$arr_correct_answer[0] = "nothing";
$candidate_quest_count = 1;
$question_number = 1;
$preventRepeat = [];
$counter = 1;
$current_question = 1;
$score = 0;
$_SESSION["score"] = 0;
$test_session_id = generateTestSessionId();
//echo("test_session_id is: " . $test_session_id . "<br />");
//gettestdetails from summary table
$testDetails = getTestDetailsFromSummary($con, $test_id);
//echo("testDetails: " . $testDetails . "<br />");
$dataFromSmryTble_arr = explode("~", $testDetails);
$test_name= $dataFromSmryTble_arr[2];
//echo("test_name: " . $test_name . "<br />");
$type = $dataFromSmryTble_arr[6];
//echo("type: " . $type . "<br />");
$subject = $dataFromSmryTble_arr[5];
//echo("subject: " . $subject . "<br />");
$total_questions = $dataFromSmryTble_arr[3];
//echo("total_questions: " . $total_questions . "<br />");
$start_id = $dataFromSmryTble_arr[0];
//echo("start_id: " . $start_id . "<br />");
$end_id = $dataFromSmryTble_arr[1];
//echo("end_id: " . $end_id . "<br />");
$_SESSION['total_questions'] = $total_questions;
loadDetailsToAttemptsTbl(
$con,
$test_id,
$test_session_id,
$test_name,
$type,
$subject,
$total_questions,
$start_id,
$end_id
);
//1. get test takers first name and lastname
if (!isset($_SESSION['firstname']) || !isset($_SESSION['lastname'])) {
header("location:" . base_url() . "enter_student_details?id=" . $test_id .
"&test_session=" . $test_session_id);
}
$firstname = $_SESSION['firstname'];
$lastname = $_SESSION['lastname'];
$output = displayFirstQuestion($con, $test_session_id); // duisplays one Question
//echo("output is: " . $output . "<br />");
$QuestData_arr = explode("~", $output);
//echo("output is: " . $output . "<br />");
$Question = $QuestData_arr[1];
//echo("Question is: " . $Question . "<br />");
$OptA = $QuestData_arr[2];
//echo("OptA is: " . $OptA . "<br />");
$OptB = $QuestData_arr[3];
//echo("OptB is: " . $OptB . "<br />");
$OptC = $QuestData_arr[4];
//echo("OptC is: " . $OptC . "<br />");
$OptD = $QuestData_arr[5];
//echo("OptD is: " . $OptD . "<br />");
$Answer = $QuestData_arr[6];
//echo("Answer is: " . $Answer . "<br />");
$_SESSION['question_number'] = $question_number;
}
//-----FIRST TIME RUN ENDS HERE---
echo '<form method="post" action="'. $_SERVER['PHP_SELF'].'?id=' . $test_id .
'&test_session=' . $test_session_id .'"';
echo '<h2 class="section-heading animated">'. $test_name .'</h2>';
echo '<TABLE class="my_style" border="0"><TR><TD>' . $firstname . " ". $lastname . '</TD></TR></TABLE>';
echo '<font color="#fff"><table class="my_style" border="0" cellpadding="2">';
echo '<tr >';
echo '<td valign="top" >' . $_SESSION["question_number"] . '</td>';
echo '<td valign="top" colspan="3" scope="col"><b>' . $Question . '</b></td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">A.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="A" required /></td><td valign="top" >' . $OptA . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">B.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="B" /></td><td valign="top" >' . $OptB . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">C.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="C" /><td valign="top" >' . $OptC . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">D.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="D" /><td valign="top" >' . $OptD. '</td> <input type="hidden" value="'.$Answer.'" name="hidden_answer" /> ';
echo '</tr>';
echo '</tr >';
echo '<td colspan="4" ><input type="submit" style="background-color: #008CBA;" value="Next Question" name ="LaunchTest" onClick="checkRadios()"/>';
echo '<input type="hidden" name="id" value="'. $test_id.'"/>';
echo '<input type="hidden" name="question_number" value="'. $_SESSION["question_number"] .'"/>';
echo '<input type="hidden" name="session_id" value="'.$test_session_id.'"/>';
echo '<input type="hidden" name="counter" value="'.$counter.'"/>';
echo '<input type="hidden" name="score" value="'.$_SESSION["score"] .'"/>';
echo '<input type="hidden" name="start_id" value="'.$start_id.'"/>';
echo '<input type="hidden" name="end_id" value="'.$end_id.'"/>';
echo '</td>';
echo '</tr >';
echo '</table></font>';
echo '</form>';
// main end
?>
#Ynhockey was right. test_session_id was causing the issues
I have a form that queries my server for data using MySQL. I am using a form that sends get requests. It doesn't show anything and I don't know why. I is so strange because my query is valid and I tested it on PHPmyadmin..I am not striving for answers only, I want to know why this happened and what is the reason behind it.
Here is my code:
<form name="get" action="Roster.php" method="get">
<select name="course" id="course">
<?php
$get = mysqli_query($con, "SELECT teaching.Course_ID FROM `teaching` WHERE teaching.F_ID=213000000 ");
while ($row = mysqli_fetch_assoc($get)) {
echo '<option value ="' . $row["Course_ID"] . '"> ' . $row["Course_ID"] . ' </option>';
}
?>
</select>
<select name="group">
<?php
$get = mysqli_query($con, "SELECT `Group_ID` FROM `teaching` WHERE `teaching`.F_ID= 213000000");
while ($row = mysqli_fetch_array($get)) {
echo '<option value ="' . $row["Group_ID"] . '"> ' . $row["Group_ID"] . ' </option>';
}
?>
</select>
<date-util format="yyyy-mm-dd">
<label for="Date" > Date </label><input id="meeting" name="date" type="date" />
</date-util>
<input type="submit" name="Send" value="Get"/>
</form>
<?php
if ($_GET['submit']) {
$sql = " SELECT enrollment.S_ID,student.ID,student.F_Name,student.L_name,attendance.Status,attendance.Date
From enrollment
INNER JOIN student On enrollment.S_ID
INNER JOIN attendance On enrollment.S_ID
where enrollment.Course_ID =" . $_GET["course"] . "and enrollment.Group_ID =" . $_GET["group"] . "and attendance.date =" . $_GET["date"] . " ";
$result = mysqli_query($con, $sql);
$message = "Please Choose Course_ID and Group_ID ";
if ($result > 0) {
while ($row = mysqli_fetch_assoc($result)) {
echo "Hello";
echo "<tr>";
echo '<td>' . $row['ID'] . '</td>';
echo '<td>' . $row['F_Name'] . " " . $row['L.name'] . '</td>';
echo '<td>' . $row['Date'] . '</td>';
echo '<td>' . $row['Status'] . '</td>';
echo "</tr>";
}
} else {
echo "<tr>";
echo '<td>' . $message . '</td>';
}
}
?>
$_GET['submit'] does not exist. You need to add submit as your name attribute to your button like so
<input type="submit" name="submit" value="Get"/>
Also you should use prepared statements to prevent SQL injection attacks.
This is my code but I don't seem to get anything in the dropdown list. Is there something else I'm supposed to do besides this? Or is there something wrong with my code?
<div class="span10 offset1">
<div class="row">
<h3> Add catagory</h3>
</div>
<select class="selectpicker" data-style="btn-success" >';
<?php
include('database.php');
$query = "SELECT cat_name FROM catagory";
$result = mysql_query ($query);
echo "<select name='dropdown' value=''><option>Dropdown</option>";
while($r = mysql_fetch_array($result)) {
echo "<option value=' " . $row['cat_name'] . " '>" . $row['cat_name'] . " </option>";
}
echo "</select>";
?>
</div>
You're referencing $row but assigning the result to $r. Just change the variable:
while($r = mysql_fetch_array($result)) {
echo "<option value=' " . $r['cat_name'] . " '>" . $r['cat_name'] . " </option>";
}
Your variables names look wrong
while($r = mysql_fetch_array($result)) {
echo "<option value=' " . $row['cat_name'] . " '>" . $row['cat_name'] . " </option>";
}
You loop through the results using $r but use $row[] within the loop. It should probably read
while($row = mysql_fetch_array($result)) {
echo "<option value=' " . $row['cat_name'] . " '>" . $row['cat_name'] . " </option>";
}
I know there are a lot of topics on this, and I've looked at them all, and they don't help me. My table name is correct, no spaces or anything out of the ordinary. I've checked 100 times and checked 100 more. I'll post both bits of my code, and hopefully someone can help.
I get this error when I try to use the submit button:
Error updating odds: Unknown column 'homeOdds' in 'field list'
POST:
if ($_POST['action'] == 'Update') {
foreach($_POST['game'] as $game) {
$homeScore = ((strlen($game['homeScore']) > 0) ? $game['homeScore'] : 'NULL');
$homeOdds = (str_replace("\xBD", ".5", $homeScore));
$visitorScore = ((strlen($game['visitorScore']) > 0) ? $game['visitorScore'] : 'NULL');
$visitorOdds = (str_replace("\xBD", ".5", $visitorScore));
$sql = "update " . $db_prefix . "schedule ";
$sql .= "set homeOdds = '" . $homeOdds . "', visitorOdds = '" . $visitorOdds . "' ";
$sql .= "where gameID = " . $game['gameID'];
mysql_query($sql) or die('Error updating odds: ' . mysql_error());
}
header('Location: index.php');
}
Table/Form & Update button:
<form id="scoresForm" name="scoresForm" action="odds.php" method="post">
<input type="hidden" name="week" value="<?php echo $week; ?>" />
<?php
$sql = "select s.*, ht.city, ht.team, ht.displayName, vt.city, vt.team, vt.displayName ";
$sql .= "from " . $db_prefix . "schedule s ";
$sql .= "inner join " . $db_prefix . "teams ht on s.homeID = ht.teamID ";
$sql .= "inner join " . $db_prefix . "teams vt on s.visitorID = vt.teamID ";
$sql .= "where weekNum = " . $week . " ";
$sql .= "order by gameTimeEastern";
$query = mysql_query($sql);
if (mysql_num_rows($query) > 0) {
echo '<table cellpadding="4" cellspacing="0" class="table1">' . "\n";
echo ' <tr><th colspan="6" align="left">Week ' . $week . '</th></tr>' . "\n";
$i = 0;
while ($result = mysql_fetch_array($query)) {
$homeTeam = new team($result['homeID']);
$visitorTeam = new team($result['visitorID']);
$rowclass = (($i % 2 == 0) ? ' class="altrow"' : '');
echo ' <tr' . $rowclass . '>' . "\n";
echo ' <td><input type="hidden" name="game[' . $result['gameID'] . '][gameID]" value="' . $result['gameID'] . '" />' . date('D n/j g:i a', strtotime($result['gameTimeEastern'])) . ' ET</td>' . "\n";
echo ' <td align="right"><input type="hidden" name="gameID[' . strtolower($visitorTeam->team) . ']" value="' . $result['gameID'] . '" />' . $visitorTeam->teamName . '</td>' . "\n";
echo ' <td><input type="text" name="game[' . $result['gameID'] . '][visitorScore]" id="game[' . $result['gameID'] . '][visitorScore]" value="' . $result['visitorOdds'] . '" size="3" /></td>' . "\n";
echo ' <td align="right"><input type="hidden" name="gameID[' . strtolower($homeTeam->team) . ']" value="' . $result['gameID'] . '" />at ' . $homeTeam->teamName . '</td>' . "\n";
echo ' <td><input type="text" name="game[' . $result['gameID'] . '][homeScore]" id="game[' . $result['gameID'] . '][homeScore]" value="' . $result['homeOdds'] . '" size="3" /></td>' . "\n";
echo ' </tr>' . "\n";
$i++;
}
echo '</table>' . "\n";
}
?>
<br><input type="submit" name="action" value="Update" />
</form>
Any help is appreciated.
For debugging this, echo (or var_dump) the dynamically generated SQL contained in the $sql variable, before you submit it to the database.
Then take that statement to another client to test it.
MySQL is telling you that the table schedule which you are referencing doesn't contain a column named homeOdds.
We don't see the contents of all the variables that are being incorporated into the SQL text. (The code appears to be vulnerable to SQL Injection.