Re: [PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread Paul Burney

on 3/30/02 6:33 PM, wesley grubbs:. at [EMAIL PROTECTED] appended the
following bits to my mbox:

> foreach($_POST["del"] as $val) {
> 
> $sql = "DELETE FROM $tablename WHERE id = $val";

Be very careful with this.  If a user spoofs the form and adds the value for
del like this:



Would make the SQL statement:

DELETE FROM table WHERE id=2 OR 1=1

Which would, of course, delete all records in the table.

To remedy that, you could quote the value in the SQL statement and pass the
addslashed $val, like this:

$sql = "DELETE FROM $tablename WHERE id='" . addslashes($val) . "'";

That is a lot harder to get around (though perhaps still possible).

Also...

on 3/30/02 8:31 PM, Hugh Bothwell at [EMAIL PROTECTED] appended the
following bits to my mbox:

> // NOTE: this assumes that 0 is never a valid id; I just
> // stuck it in to make the comma-delimiting come out right
> $query = "DELETE FROM tablename WHERE id IN ( 0";
> 
> foreach($_POST["del"] as $val)
>   $query .= ', '.$val;
> 
> $query .= ' )';

You could use implode for things like this, i.e.,

$sql = "DELETE FROM $tablename WHERE id IN ('" .
implode("','", addslashes($_POST['del'])) . "')";

That would produce something like:

DELETE FROM table WHERE id IN ('3','4','123');

Hope that helps.

Sincerely,

Paul Burney





-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread Hugh Bothwell

You can go one better than this, even...
use PHP to construct a single SQL query
using the IN( ) comparator, ie:




"Olinux" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> to make it a little better, make one connection to the
> db before you loop and then close the connection
>
> [connect]
> foreach loop
> [close connect]



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread olinux

to make it a little better, make one connection to the
db before you loop and then close the connection

[connect]
foreach loop
[close connect]

olinux

--- "wesley grubbs:." <[EMAIL PROTECTED]> wrote:
> thanks guys for the aid.
> 
> in the end, i went with creating a check box that
> looks like this:
> 
> 
> 
> and the dirty work of deleting it looks like this::
> 
> foreach($_POST["del"] as $val) {
> 
>  $sql = "DELETE FROM $tablename WHERE id = $val";
> 
> ...connect to database.. run $sql.. close db.. yadda
> yadda..
> 
> }
> 
> i can do this on the same page... it's short and
> pretty easy to follow. ...
> oh .. and it works :)
> 
> wes
> 
> 
> > One way you could do this.  Is have the form point
> to itself i.e.
> $PHP_SELF,
> > then set a variable in the form if it is set when
> the page loads the run
> the
> > form processing script.  As for the delete
> function one way to do it would
> > be since you are holding the checkboxes in an
> array.  Do a while or a for
> > loop doing the delete statement for each id.  Like
> the following code.
> >
> > for($i = 0; $i < count(chkBoxArray); $i++){
> >   $sql = "DELETE FROM tblName WHERE tblID = 
> '$row[$i]'";
> >   if(!sql_query($sql)){
> > echo "ERROR: ".mysql_query();
> >}
> > }
> >
> > Or something of that sort.  Hope it helps.
> >
> > -Mike
> > [EMAIL PROTECTED]
> > http://www.soreye.com
> 
> 
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


__
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread wesley grubbs:.

thanks guys for the aid.

in the end, i went with creating a check box that looks like this:



and the dirty work of deleting it looks like this::

foreach($_POST["del"] as $val) {

 $sql = "DELETE FROM $tablename WHERE id = $val";

...connect to database.. run $sql.. close db.. yadda yadda..

}

i can do this on the same page... it's short and pretty easy to follow. ...
oh .. and it works :)

wes


> One way you could do this.  Is have the form point to itself i.e.
$PHP_SELF,
> then set a variable in the form if it is set when the page loads the run
the
> form processing script.  As for the delete function one way to do it would
> be since you are holding the checkboxes in an array.  Do a while or a for
> loop doing the delete statement for each id.  Like the following code.
>
> for($i = 0; $i < count(chkBoxArray); $i++){
>   $sql = "DELETE FROM tblName WHERE tblID =  '$row[$i]'";
>   if(!sql_query($sql)){
> echo "ERROR: ".mysql_query();
>}
> }
>
> Or something of that sort.  Hope it helps.
>
> -Mike
> [EMAIL PROTECTED]
> http://www.soreye.com



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread John Hughes

I believe what you want to do is create an array with the id and delete as
separate values.

Here's an example using an array of studentdata containing variables
send_mail, this_studentname, this_paid.

The rows of students are output like this:


 
 
 


In this case all of the checkboxes are "checked."

When the form is submitted, those students who have the checkbox checked
have the variable send_mail set to Yes.

When I want to process the array it looks like this:

foreach($studentdata as $student_id => $data)
 {
  $dues_paid = $data[this_paid];
  $studentname = $data[this_studentname];
  $send_mail = $data[send_mail];
   if ($send_mail == "Yes")
  {

 # Your sql statement and processing goes here

   }# end if
}# end for each

Hope this helps.

John Hughes


- Original Message -
From: "wesley grubbs:." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 30, 2002 4:58 AM
Subject: [PHP-DB] using multiple checkboxes to delete from db


> i've been playing half the day with trying to get php to delete rows when
a
> checkbox is checked.
>
> i have a page that pulls all the data from db in a table. one row contains
> checkboxes. i want it so that whereever a checkbox is checked and then
> submit, all the selected rows will be deleted.
>
> 
>  //get results from db
> while($row = mysql_fetch_array ($result)) {
> ?>
> 
> 
> 
>  }
> ?>
> 
>
> what's the proper function i should write for this?
> also, can i put the function on the same page without useing SWITCH?
> i'm trying to minimize the number of files i have.
>
> thanks in advance for any help.
> wes
> www.devedeset.com
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread Mike de Libero

One way you could do this.  Is have the form point to itself i.e. $PHP_SELF,
then set a variable in the form if it is set when the page loads the run the
form processing script.  As for the delete function one way to do it would
be since you are holding the checkboxes in an array.  Do a while or a for
loop doing the delete statement for each id.  Like the following code.

for($i = 0; $i < count(chkBoxArray); $i++){
  $sql = "DELETE FROM tblName WHERE tblID =  '$row[$i]'";
  if(!sql_query($sql)){
echo "ERROR: ".mysql_query();
   }
}

Or something of that sort.  Hope it helps.

-Mike
[EMAIL PROTECTED]
http://www.soreye.com


- Original Message -
From: "wesley grubbs:." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 30, 2002 4:58 AM
Subject: [PHP-DB] using multiple checkboxes to delete from db


> i've been playing half the day with trying to get php to delete rows when
a
> checkbox is checked.
>
> i have a page that pulls all the data from db in a table. one row contains
> checkboxes. i want it so that whereever a checkbox is checked and then
> submit, all the selected rows will be deleted.
>
> 
>  //get results from db
> while($row = mysql_fetch_array ($result)) {
> ?>
> 
> 
> 
>  }
> ?>
> 
>
> what's the proper function i should write for this?
> also, can i put the function on the same page without useing SWITCH?
> i'm trying to minimize the number of files i have.
>
> thanks in advance for any help.
> wes
> www.devedeset.com
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP-DB] using multiple checkboxes to delete from db

2002-03-30 Thread wesley grubbs:.

i've been playing half the day with trying to get php to delete rows when a
checkbox is checked.

i have a page that pulls all the data from db in a table. one row contains
checkboxes. i want it so that whereever a checkbox is checked and then
submit, all the selected rows will be deleted.









what's the proper function i should write for this?
also, can i put the function on the same page without useing SWITCH?
i'm trying to minimize the number of files i have.

thanks in advance for any help.
wes
www.devedeset.com


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php