Posted by Rik on 07/17/06 01:08

Frank van Meurs wrote:
> Rik wrote:
>> fjm67 wrote:
> [SNIP...]
>> if(isset($_POST['submit'])){
>> foreach($_POST['text'] as $id => $text){
>> mysql_query("UPDATE tbl_name SET `text` = '{$text}' WHERE
>> `id` = $id");
>> }
>> }
> [SNIP...]
>
> I'm probably missing out on somthing here, but why would one want to
> do this? Surely you don't want to update rows depending on user input,
> especially when the possible input was based on the data you provided
> yourself in the first place?

Euhm, firstly, how do you propose changing a value in a database that needs
to be changed by a user and a webinterface? I'd say by providing them with a
form with a possible input and update the field after a post....

Second, let's quote myself:
"Simpified code, without error checking and hence a major security risk
<snip>
If you have purchased some books I assums they will tell you what to do
about safety..."

I could keep posting fully operational forms with vigurous user- and
datavalidation, but that's normally not the answer to the question. And
allthough I'm posting a lot these days, I DO have something better to do
then providing fully operational code for free :-) (No really, I have a
live, please believe me..).

Grtz,
--
Rik Wasmus

[Back to original message]