Trouble with updating Data trough PHP

Question

I have a problem with this code, it does delete a row but not editing one. I cannot figure out how to make it work. Here's the script:

<?php
if($_POST['delete']){

    $i = 0;
    while(list($key, $val) = each($_POST['checkbox'])) {
        $sql = "DELETE FROM $tbl_name WHERE id='$val'";
        mysql_query($sql);
        $i += mysql_affected_rows();
    }

    // if successful redirect to delete_multiple.php
    if($i > 0){
        echo '<meta http-equiv="refresh" content="0;URL=data.php">';
    }
}

if($Submit){
    for($i=0;$i<$count;$i++){
        $sql="UPDATE $tbl_name SET naam='$naam[$i]', achternaam='$achternaam[$i]', leeftijd='$leeftijd[$i]', straat='$straat[$i]', postcode='$postcode[$i]', telefoon='$telefoon[$i]', email='$email[$i]', geslacht='$geslacht[$i]', pakket='$pakket[$i]', WHERE id='$id[$i]'";
        $result1=mysql_query($sql1);
    }
}

mysql_close(); 
?>

Answer 1

$Submit is not defined (as others already mentioned). Also, if you do define $Submit then $count is still undefined. So you still won't get into the for loop. And if $count is defined, your code still does not update the database. You store your sql query in $sql but pass $sql1 , which has not been set, as query that should be executed.

And your code is wide open for sql injection. You should not want that.

Answer 2

As others have pointed out $Submit isn't defined before the if statement - also $tbl_name isn't defined either so it would bring back an error if the if statement was triggered.

Also in $result1 you used $sql1 - $sql1 has not been defined.

You're vulnerable to SQL injections like Pekka said, so I advise reading up on it, always, ALWAYS validate user inputted data, never trust anyone :)

Also, you don't need to print a meta refresh, you can just use header

header ("Location: data.php");

Answer 3

$Submit is not defined before it is used. So, its value will be null which is a falsy value. Hence if loop will never get executed.