0

I created a html form with html and had inputs of item, comment and visible. What i would like to do is to be able to input these variables to sql by creating a code that cycles through with these protocols: if all fields are blank, all are filled or only one or two are filled so it can only add said filled data to mysql table. Example of one of the codes i used was

            if($nitem != ' ' and $comment != ' ')
{$query = "UPDATE shop.titem  SET 
item = '$nitem', comment = '$comment', visible = $visible
WHERE titem.item ='$item'";
$sqlhandle = mysql_query($query, $connection);}
if (!$sqlhandle){echo 'create all failed' . mysql_error();
}else{break;}

I used the break but it keeps cycling through ALL the queries done and thats where i need help. As usual, i'm a total noob in this so i'd appreciate it if you have patience and understanding with me. Thank you.

UPDATE: i did an echo to generate sql and it returns a statement where all the codes wher run, i.e if only the item field had been edited with to eg: milk, it gives me item as milk, comment as blank and visible as 1 (i set default values as blank and visible as 1 if fields weren't filled with anything)

full code

    $item = $_POST['item'];
$nitem = $_POST['nitem'];
$comment = $_POST['comment'];
if(!isset($_POST['visible']))
{$visible = 1;}
else
{$visible = $_POST['visible'];}


     //for when all is true
if($nitem != ' ' and $comment != ' ')
{$query = "UPDATE shop.titem  SET 
item = '$nitem', comment = '$comment', visible = $visible
WHERE titem.item ='$item'";
$sqlhandle = mysql_query($query, $connection);}
if (!$sqlhandle){echo 'create all failed' . mysql_error();
}else{break;}



//for when all is false
if($nitem = ' ' and $comment = ' ' )
{echo 'please go back and edit a field.';
}else{break;}


//for when nitem and comment is true
if($nitem != ' ' and $comment != ' ')
{$query = "UPDATE shop.titem SET item = $nitem, comment = $comment
WHERE item = $item";
$sqlhandle = mysql_query($query, $connection);}
if (!$sqlhandle){echo 'item and comment write failed' . mysql_error();
}else{break;}


//for when nitem only is true
if($nitem !=' ' and $comment = ' ')
{$query = "UPDATE shop.titem SET item = $nitem
WHERE item = $item";
$sqlhandle = mysql_query($query, $connection);}
if (!$sqlhandle){echo 'item write failed' . mysql_error();
}else{break;}


//for where comment only is true
if($comment != ' ' and $nitem = ' ')
{$query = "UPDATE shop.titem SET 
        comment = $comment WHERE titem.item = $item";
$sqlhandle = mysql_query($query, $connection);}
if(!$sqlhandle){echo 'comment write failed' . mysql_error();
}
Improve this question
3
  • Is this a legacy application? Using the ancient mysql_query method is usually a really bad idea, it's very easy to introduce SQL injection bugs if you forget to properly escape user data. It doesn't look like you're doing any escaping here which is very worrying. Commented Mar 12, 2014 at 0:58
  • Do an echo to get generated SQL and let us know what SQL is executed. Commented Mar 12, 2014 at 0:58
  • i dont know much about using mysqli at the moment so i'm just sticking to this for learning purposes. However, for some reason, replacing mysql_fetch_array with mysqli_fetch_array didn't work for me as with some other mysqli commands and i dont know why. Commented Mar 12, 2014 at 1:06

1 Answer 1

Reset to default
1

I think most of your validation checks for a space and some of them assigning spaces instead of validating (you had "=" instead of "==") , I have minimised and fixed some stuff from your code you posted and came up with following,

    $item   = $_POST['item'];
    $nitem  = $_POST['nitem'];
    $comment= $_POST['comment'];

   if(!isset($_POST['visible'])){
        $visible = 1;
   }else{
        $visible = $_POST['visible'];
   }


     //for when all is true
   if(trim($nitem)!= '' and trim($comment) != ''){
           $query = " item = '".$nitem."', comment = '".$comment."', visible = $visible ";
   }else{
           $message = 'please go back and edit a field.';   
   }

   //for when nitem and comment is true
   if(trim($nitem)!= '' and trim($comment) != ''){
       $query = " item = '".$nitem."', comment = '".$comment."' ";
   }

   //for when nitem only is true
   if(trim($nitem) != '' and trim($comment) == ''){
       $query = " item = '".$nitem ."' ";
   }

   //for where comment only is true
   if(trim($comment) != '' and trim($nitem) == ''){
       $query = " comment ='". $comment ."' " ;
   }

    $mainquery = "UPDATE shop.titem  SET ". $query ." WHERE titem.item = '".$item."'";
    $sqlhandle = mysql_query($mainquery, $connection);

   if(!$sqlhandle){
      echo $message . mysql_error();
   }

If I were you, and I had this requirement I would take a different approach, but I didn't want to change your concept which will confuse you. Also I dont know whats the full requirement is. Anyway try to adapt my code and see how it goes, I have removed all the breaks and there is only one place that sql queries get execute.

Think this will help you to fix the issue...

P.S : Always try to write readable code, it will help you in future :)

Improve this answer
Sign up to request clarification or add additional context in comments.

19 Comments

can i use an elseif instead as i have several more queries?
Yes you can use elseif, but the reason you code wont break, is because you if condition was failing
whenever i use "" it gives me an error with the returned data at $_POST['item'] or whatever it is, hence why i do ' ' or " " as they are both the same thing. I think POST actually returns a white space cuz i dont get errors when i do if ($item = ' '){echo $item} after doing $item = $_POST['item'] else i get error "undefined variable $item"
Can you post the full code where you assign $_POST variables as well (Edit your question to add the extra code bit)
post edited to contain all the data. What do you think?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.