Try this.
PHP Code:
<?php
if (is_array($_POST['entrytwo']) && !empty($_POST['entrytwo']))
{
foreach ($_POST['entrytwo'] as $primary_key=>$data) {
//Sanitize data
$teamb = quoteSmart($data['teamb']);
$team = quoteSmart($data['team']);
$wl = quoteSmart($data['wl']);
$gb = quoteSmart($data['gb']);
$pcage = quoteSmart($data['pcage']);
$rs = quoteSmart($data['rs']);
$ra = quoteSmart($data['ra']);
$ags = quoteSmart($data['ags']);
$records = quoteSmart($data['records']);
//Create SQL query
$sql = "UPDATE majortwo SET teamb=".$teamb.", team=".$team.", wl=".$wl.", gb=".$gb.", pcage=".$pcage.", rs=".$rs.", ra=".$ra.", ags=".$ags.", records=".$records." WHERE id=".((int)$primary_key)." LIMIT 1";
if (!mysql_query($sql)) {
echo 'Error Updating '.$teamb.' vs '.$team.'.<br /> The database reported: '.mysql_error().'<br />';
}
}
header("location:setup.html");
}
mysql_close($mysql);
//Function for protecting against SQL injection hacks
function quoteSmart($value, $add_quotes=true, $allow_wildcards=true, $require_quotes=false) {
// Taken from the PHP site, with modifications for quotes and wildcards.
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (is_numeric($value)) {
if ($require_quotes) {
$value = "'" . $value . "'";
}
} else {
if ($add_quotes){
$value = "'" . mysql_real_escape_string($value) . "'";
} else {
$value = $database->mysql_real_escape_string($value);
}
}
//Use for SELECT queries where % and _ have a wildcard meaning.
if (!$allow_wildcards) {
$value = str_replace('%','\%',$value);
$value = str_replace('_','\_',$value);
}
return $value;
}
?>
You probably don't want all your fields as VARCHAR(65) either -- they should be what's appropriate for the type of information being entered in. Check the MySQL site for documentation on types. PHPMyAdmin is great for creating tables.
Also, you had not protected against SQL injection, so I added that -- it's the quoteSmart() function.
Finally, you were detecting whether the button itself had been pressed, but forms can be submitted without pressing the button (sometimes by hitting ENTER), so I changed it to look for whether the array needed is present.
Good luck and if your project gets bigger, you may want to consider hiring a pro to ensure your site runs efficiently and as securely as is reasonably possible. |
