我试图用ajax按类没有标识更新的行数量 我看过对谷歌几个小时努力工作了这一点，但所有我能找到没有似乎工作

我的code迄今

 包括（'config.php文件'）;


的$ id = $ _ GET [ID]

$ SQL2 =SELECT * FROM`orders` WHERE`ID` =的$ id。;

$结果2 =请求mysql_query（$ SQL2）;

$ ROW2 = mysql_fetch_array（$结果2）;

$为了= $ _ GET [为了]
$数量= $ _ GET [数量];

$ SQL =SELECT * FROM`stock` WHERE`part` =$一部分。;

$结果= mysql_query（$ SQL）;

$ ROW1 = mysql_fetch_array（$结果）;

$ lineprice = $数量* $ ROW2 [价格];

$ sqlins1 =UPDATE`orders` SET数量='$数量'，lineprice ='$ lineprice'WHERE ID ='的$ id。';

如果（！的mysql_query（$ sqlins1，$ CON））
  {
  死亡（错误：mysql_error（））;
  }

$ SQL =SELECT * FROM`orders` WHERE`invoice` ='ORDER BY ID DESC$秩序。;

$结果= mysql_query（$ SQL）;
回声＆LT;表ID ='POITableWIDTH =100％的边界='1'＆GT;
        ＆其中; TR＆GT;
            ＆LT; TD＆GT; SKU＆LT; / TD＆GT;
            ＆LT; TD＆GT;数量＆LT; / TD＆GT;
            ＆LT; TD宽度= '45％'＆GT;项目＆lt; / TD＆GT;
            ＆LT; TD＆GT;单价＆LT; / TD＆GT;
            ＆LT; TD＆GT;线路价格与LT; / TD＆GT;
            ＆LT; TD＆GT;删除＆LT; / TD＆GT;
        ＆所述; / TR＆gt;中;
而（$行= mysql_fetch_array（$结果））
  {

回声＆LT; TR＆GT;＆LT; TD＆gt;中。 $行[部分。 ＆LT; / TD＆GT;＆LT; TD＆GT;＆LT;表格名称='测试'＆GT;
   ＆LT;输入类型=隐藏值=$行[ID]。'ID ='一部分'＆GT; ＆LT;输入类型='文本'ID ='数量'值=的onblur =updateqty（this.id）'＆GT'[数量'。$行。'';＆LT; /形式GT;＆LT; / TD＆GT; ＆LT; TD＆GT;＆LT$行['说明']。; / TD＆GT;＆LT; TD＆gt;中$行[价格]。＆LT; / TD＆GT;＆LT; TD＆gt;中$行['。 lineprice']＆LT; / TD＆GT;＆LT; TD＆GT; ＆LT;输入类型=形象SRC =图像/ btn_delete.png'值=$行[ID]。的onclick ='deletesku（THIS.VALUE）身高= '30'/＆GT;＆LT; / TD＆GT;
;

 }
 

有这方面的帮助将不胜AP preciated，

感谢

解决方案 您$​​ C $ c是容易受到SQL注入。 您使用的是它不支持$ P $脱precated API ppared语句prevent SQL注入 您可以将您的更新和 SELECT 组合成一个单独的语句。 Here's一个想法

您扣减应基于数据库的，基于没有价值

更新TBL更新COL = COL - 1

i'm trying to update rows quantity using ajax by class not id i have looked on google for hours trying to work this out but everything i could find didnt seem to work

my code so far is

include('config.php');


$id=$_GET[id];

$sql2="SELECT * FROM  `orders` WHERE  `id` = '".$id."'";

$result2 = mysql_query($sql2);

$row2 = mysql_fetch_array($result2);

$order=$_GET[order];
$qty=$_GET[qty];

$sql="SELECT * FROM  `stock` WHERE  `part` = '".$part."'";

$result = mysql_query($sql);

$row1 = mysql_fetch_array($result);

$lineprice=$qty * $row2[price];

$sqlins1 = "UPDATE `orders` SET qty='$qty', lineprice='$lineprice' WHERE id = '".$id."'";

if (!mysql_query($sqlins1,$con))
  {
  die('Error: ' . mysql_error());
  }

$sql="SELECT * FROM `orders` WHERE  `invoice` = '".$order."' ORDER BY id DESC";

$result = mysql_query($sql);
echo"   <table id='POITable' width='100%' border='1'>
        <tr>
            <td>SKU</td>
            <td>QTY</td>
            <td width='45%'>item</td>
            <td>Unit Price</td>
            <td>Line Price</td>
            <td>Delete</td>
        </tr>";
while($row = mysql_fetch_array($result))
  {

echo"<tr><td>" . $row['part'] . "</td><td><form name='test'>
   <input type='hidden' value='" . $row[id] . "' id='part'>   <input type='text' id='qty' value='" . $row['qty'] . "' onblur='updateqty(this.id)'></form></td><td>" . $row['description'] . "</td><td>" . $row['price'] . "</td><td>" . $row['lineprice'] . "</td><td> <input type='image' src='images/btn_delete.png' value='" . $row[id] . "' onclick='deletesku(this.value)' height='30'/></td>
";

 }

any help on this would be greatly appreciated,

Many thanks

解决方案

Your code is vulnerable to SQL injection. You're using a deprecated API which does not support prepared statements to prevent SQL injection You can combine your UPDATE and SELECT into a single statement. Here's an idea

Your deduction should be database based, not value based

UPDATE tbl UPDATE col = col - 1