Posted by fjm67 on 07/18/06 11:16

Thanks Rik.

I am very new to PHP. I am trying to understand it so what you and
Frank van Meurs wrote is above my head. By the way, this script is for
interoffice use only. It will not be on the net at all. Should I still
build error checking into it still?

To enlighten Frank van Meurs, I need a form that will allow tupples to
be changed in the database. What if the person's address changes? What
if they change a telephone number? Do you see a better way to do this?
I don't. I'm new to PHP but not to databases.

Thanks again Rik.

Frank

Rik wrote:
> Frank van Meurs wrote:
> > Rik wrote:
> >> fjm67 wrote:
> > [SNIP...]
> >> if(isset($_POST['submit'])){
> >> foreach($_POST['text'] as $id => $text){
> >> mysql_query("UPDATE tbl_name SET `text` = '{$text}' WHERE
> >> `id` = $id");
> >> }
> >> }
> > [SNIP...]
> >
> > I'm probably missing out on somthing here, but why would one want to
> > do this? Surely you don't want to update rows depending on user input,
> > especially when the possible input was based on the data you provided
> > yourself in the first place?
>
> Euhm, firstly, how do you propose changing a value in a database that needs
> to be changed by a user and a webinterface? I'd say by providing them with a
> form with a possible input and update the field after a post....
>
> Second, let's quote myself:
> "Simpified code, without error checking and hence a major security risk
> <snip>
> If you have purchased some books I assums they will tell you what to do
> about safety..."
>
> I could keep posting fully operational forms with vigurous user- and
> datavalidation, but that's normally not the answer to the question. And
> allthough I'm posting a lot these days, I DO have something better to do
> then providing fully operational code for free :-) (No really, I have a
> live, please believe me..).
>
> Grtz,
> --
> Rik Wasmus

[Back to original message]