Thanks, I just sorted the problem using the 'name' parameter of the
serialize object too. So the line becomes:
Sortable.serialize(list.id, {name:'list');
and
$_POST['list']
Seems to have done the trick.
WRT SQL injection attack, yes, I would normally wrap the inputs in a
function that strips out any illegal characters - it would be
distracting in my posted example though. Is that the sort of thing you
had in mind?
Cheers.
On Apr 16, 5:59 pm, Michael Peters <[EMAIL PROTECTED]> wrote:
> rubhadubh wrote:
> > Hi, apologies if I'm missing something obvious...
>
> > I am dynamically generating lists in php each of which needs to be
> > sortable and saves the new order back to MySQL via an Ajax call.
>
> > All the parts are in place, apart from I cannot work out how to avoid
> > using a hard-coded element id in the PHP code to loop through the
> > array - it needs to be dynamically passed in.
>
> > So... code builds a series of <ul> with unique id and then:
>
> > <script type="text/javascript">
> > var list = frmEditShopList.getElementsByTagName('ul');
> > for(i=0;i<list.length;i++){
> > Sortable.create(list[i].id,
> > {dropOnEmpty:true,constraint:false,onUpdate:updateOrder});
> > }
> > </script>
>
> > handles the variable number of Sortable.create calls. I then make the
> > Ajax call to a PHP page:
>
> > function updateOrder(list){
> > var url = '/common/script/update-order.php';
> > var params = Sortable.serialize(list.id);
> > var ajax = new Ajax.Request(url,{method:'post',parameters:params});
> > }
>
> Just pass the id of your list as one of the params:
>
> function updateOrder(list){
> var url = '/common/script/update-order.php';
> var params = Sortable.serialize(list.id);
> params = params + '&list_id=' + list.id;
> var ajax = new Ajax.Request(url,{method:'post',parameters:params});
>
> }
> > and this is the bit I'm stuck with. I have done this before with a
> > single list:
>
> > $order = 1;
> > foreach ($_POST['list'] as $itemid) {
> > $sql = "UPDATE shop_items SET item_order = $order WHERE pkShopItemID
> > = $itemid";
> > $result = do_query($sql);
> > $order++;
> > }
>
> And then grab the list like so
> foreach ($_POST[$POST['list_id']] as $itemid) {
> ...
> }
>
> Btw, I hope you're real PHP code doesn't look like that wrt to the SQL
> generation. That's a classic SQL injection attack waiting to happen.
>
> --
> Michael Peters
> Developer
> Plus Three, LP- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Spinoffs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
