|  | Posted by Curtis on 12/13/06 06:51 
I'm glad I started participating here, even when I try to help out, Iseem to learn a bit more. :-)
 
 I just had a question about a couple lines:
 >     if (strval(intval(val)) != val)
 >      $vals[] = val;
 -- Did you mean to have val without the $ preceding?
 
 Also:
 >      if (strval(intval(val)) != val)
 >        $vals[] = "'" . mysql_real_escape_string(val_ . "'";
 -- Same issue with "val". Also, the concatenation in the
 mysql_real_escape_string function call doesn't make sense. In addition,
 the closing parenthesis is missing.
 
 Curtis
 
 On Dec 12, 5:38 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
 > Curtis wrote:
 > > It would be better to just execute one query, rather than executing a
 > > query on each iteration. First, form the query from the submitted data,
 > > then execute:
 >
 > > <?php
 > > // sanitize input
 > > foreach ( $_POST['delete'] as $key => $val )
 > >    $_POST['delete'] = intval($val);
 >
 > > // init query
 > > $qry = 'DELETE FROM `table` WHERE `id` = ';
 > > $id = implode(' OR `id` = ', $_POST['delete']); // extend string from
 > > submitted ids
 > > $qry .= $id; // concatenate
 >
 > > $sql = mysql_query($qry); // run query
 >
 > > // do what you need with the sql resource
 > > ?>
 >
 > > On Dec 11, 12:13 am, "ameshkin" <amir.mesh...@gmail.com> wrote:
 >
 > >>What I want to do is very simple, but I'm pretty new at PHP and its a
 > >>little hard for me.
 >
 > >>I have one page, where there are a rows of checkboxes.  A button
 > >>selects all checkboxes, and then presses delete.
 >
 > >>When delete is pressed, I want to go to a next page and run a sql
 > >>command for every single box thats checked.  The checkboxes store a
 > >>value, and multiple boxes can be checked.
 >
 > >>On the second page, whch is the form actin, I simply want to iterate
 > >>through and pull which values are checked and run a sql command for
 > >>each value.
 >
 > >>I have no idea how to do this.  I assume you willl have to use a for
 > >>each statement, but am having trouble programming this.
 >
 > >>Someone please help!Two problems -
 >
 > First of all, even your corrected code can incorrectly delete the record
 > with id = 0. You need verify the intval actually matches the string.
 > Assuming the id is numeric, a better test would be
 >
 >    $vals = array();
 >    foreach ( $_POST['delete'] as $key => $val )
 >      if (strval(intval(val)) != val)
 >        $vals[] = val;
 >
 > Even though you might not have a key of 0 right now, things change.  And
 > this is just the type of bug which will cause dozens of hours of
 > troubleshooting at a later time.
 >
 > If id is not numeric, then this is not needed.
 >
 > Also, much easier:
 >
 > $qry = 'DELETE FROM table WHERE id IN (' .
 >    implode(',', $_POST['DELETE']) . ')' ;
 >
 > And if it's a non-numeric
 >
 >    $vals = array();
 >    foreach ( $_POST['delete'] as $key => $val )
 >      if (strval(intval(val)) != val)
 >        $vals[] = "'" . mysql_real_escape_string(val_ . "'";
 >
 > Of course, the op should also be doing other validation on the incoming
 > data as necessary.
 >
 > --
 > ==================
 > Remove the "x" from my email address
 > Jerry Stuckle
 > JDS Computer Training Corp.
 > jstuck...@attglobal.net
 > ==================
  Navigation: [Reply to this message] |