0

Here's the code i am using withing a for loop which run 10 times: 

$query = "UPDATE fblikes SET likes = '$var[$i]' WHERE link = '$web[$i]'";

if(mysql_query($query))
{
    echo $query;
}                         
else
{
    echo mysql_error();
}

The code runs, I do get ok! printed 10 times but nothing happens in the table. I also checked the 2 arrays i.e. $var and $web, they contain the correct values.

The query looks okay to me. Here's what i got (one of the 10 outputs) : UPDATE fblikes SET likes = '5' WHERE link = 'xxxxxxx.com/xxxx/iet.php';

Improve this question
12
  • 3
    The problem is WHERE link = '$web[$i]'", you should escape that variable properly. Commented Feb 17, 2013 at 10:00
  • 2
    Why not to print the query itself, instead of meaningless "ok"? Commented Feb 17, 2013 at 10:00
  • @MahmoudGamal what do u mean by escape that variable? I dont understand Commented Feb 17, 2013 at 10:02
  • mysql_real_escape_string() Commented Feb 17, 2013 at 10:04
  • @YourCommonSense the query looks okay to me. Here's what i got (one of the 10 outputs) : UPDATE fblikes SET likes = '5' WHERE link = 'xxxxxxx.com/xxxx/iet.php' Commented Feb 17, 2013 at 10:07

1 Answer 1

Reset to default
2

I don't know what the problem exactly is, and to figure out you should print the value of $query, and show us what you get. More, please tell us the value of mysql_affected_rows() after the call to mysql_query().

However, your code implements some wrong patterns.

First of all, you are not escaping $var[$i] and $web[$i] with two potential effects:

  • You can produce wrong queries
  • You don't sanitize the input to the database, thus exposing your application to security issues

Moreover, you perform several similar queries that differ only on the inputs provided.

The solution, for both issues, is the use of prepared statements that will give you more control, security and performance. Consider abandoning mysql_* functions and switching to mysqli_* or PDO, and read about prepared statements.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.