|
PHP - Any Way To Remove $_cookie Data From $_request
I like to use $_REQUEST to get something from either $_POST or $_GET. Annoying though, it also includes values from cookie, like the PHP session id, FCK editor cookies and the google tracking code. Is there anyway to remove cookie values from request, besides looping through cookie and unsetting the values I don't want?
Similar TutorialsIs it bad practice to use $_COOKIE for your log in system and to protect your pages or would it be better to use $_SESSION? I have always used cookie but I am not sure if that is good practice I am trying to make a login using cookies, I had been using sessions but i need to use cookies for it now. I have a page called login.php, and i use ajax to login. It seems to be setting the cookie and printing the value of it out when i login, however that's about it. When i'm reading the cookie on other pages it doesn't appear to recognize a cookie. However, If i set the cookie on just a regular index page it has no problem with setting it and reading it. it works fine when i do that. This is how i set the cookie on the login page (also the exact code i used to test setting it on the index page): $expire=time()+60*60*24*30; setcookie("id", $dbid, $expire); $session = $_COOKIE['id']; then to read it on other pages i just use: $session = $_COOKIE['id']; Hi y'all. It's been forever and a day since I've dealt with cookies, and I can't get through the cobwebs in my brain about them. I know that cookies have to be set before any output goes to the browser, but if I'm not mistaken, it's the same with sessions and sessions work in this situation. Unfortunately, the client needs cookies for integration with an existing piece of software.
Basically, what's happening is this: You load a page, click the 'login' button, which uses JQuery to change the display on the login screen from 'none' to 'block'. Use the newly-visible login form to enter username and password, which are passed via ajax to my login function. If the login is successful, I set the cookie variable and redirect the user to the protected page. However, despite the ajax reporting a successful login and redirecting the browser as expected, the check on the protected page is kicking the user back to the beginning because the cookie was never actually set.
FunctionsClass.php:
/**
* Logs in the requesting user with the agent and email values supplied via AJAX.
* @return string JSON-encoded array
*/
public function agentLogin(){
$ret['success'] = $this->_site->login($_POST['username'],$_POST['password']);
$ret['location'] = '/protected-page';
print(json_encode($ret));
die();
}
Site.php (that's $_site in FunctionsClass):
/**
* Logs in the agent.
* Checks to see if the user is already logged in, if not, attempts to do so.
* @param string $un username
* @param string $pw password
* @return boolean
*/
public function logIn($un, $pw){
if($this->isLoggedIn()){
return true;
}
return $this->logAgentIn($un,$pw);
}
/**
* Check to see if the cookie set so we know if the user has logged in.
* @return boolean
*/
public function isLoggedIn(){
// return !empty($_SESSION['mycheckvariable']);
return !empty($_COOKIE['mycheckvariable']);
}
/**
* Log the user in.
* @param string $un username
* @param string $pw password
* @return boolean
*/
private function logAgentIn($un,$pw){
// $_SESSION['mycheckvariable']['email'] = 'me@notmyemail.com';
setcookie('mycheckvariable','me@notmyrealemail.com',time()+60*60*8,'/');
return true;
}
It's not as though I'm even actually checking a database - just trying to stub this out for client presentation. And, if I uncomment the two lines using sessions and comment out the cookies, it all works perfectly. I'm not at all sure what I'm missing and would very much appreciate some other eyes on this - any takers?
I'm using WordPress, if that matters at all...
Thanks in advance!
Hello everyone! I've been on a problem a few hours now and I've managed to finally find the solution however I feel it's very inefficient and am looking for a way to do this in a better way. I have a textarea where each line is inserted into MySQL database table "lines" and I have the columns "line_number" and "row". The textarea initial value on page load is simply a list of all lines ordered by line_number in ASC order. If I modify/add/remove entries from the textarea it will remove data changed and add new data accordingly. But I am making a lot of queries to do this and I'm not sure if there is a more efficient way than querying each line in the database to find the new value/modified value. Here's my php script, hopefully this makes sense:
if (isset($_POST['lines'])) {
//get lines posted from textarea
$lines_posted = $_POST['lines'];
//trim all white spaces and remove empty lines as they are not valid for mysql insert
$lines = trim($lines_posted);
$lines = explode("\n", str_replace("\r", "", trim($lines_posted)));
$lines = array_map('trim', $lines_posted);
$lines = array_filter($lines_posted);
$line_count = count($lines);
//output how many valid lines were posted
echo "Posted Lines: $line_count<br>";
//loop through all lines posted, query all rows in database and insert if lines row value does not exist
for ($i = 0; $i < $line_count; $i++) {
if (isset($lines[$i])) {
$find_line_in_db = $db->query("SELECT row FROM lines WHERE row=?", $lines[$i]);
if ($find_line_in_db->numRows() == 0) {
$db->query("INSERT INTO lines (line_number, row) VALUES (?,?)", $i, $lines[$i]);
echo 'Added the line: ', htmlspecialchars($lines[$i]), '<br>';
}
}
}
//query all rows in the database and check if posted lines array value is in the [row] column, delete rows changed/not found accordingly
$rows = "";
$fetch_all_lines = $db->query("SELECT row FROM lines");
while ($all_lines = $fetch_all_lines->fetchRow()) {
if (!in_array($all_lines['row'], $lines)) {
$rows = $all_lines['row'];
$db->query("DELETE FROM lines WHERE row=?", $all_lines['row']);
echo 'Deleted the line: ', htmlspecialchars($lines[$i]), '<br>';
}
}
}
So to visualize what I'm doing imagine two arrays:
$lines = ["line1", "line2", "line3changed"] //textarea lines posted $db_lines = ["line1", "line2", "line3"] //$db_lines = the current rows in lines db table // line_number | row // 0 | line1 // 1 | line2 // 2 | line3 //outputs //Added the line: line3changed //Deleted the line: line3
So basically what I'm asking is, am I doing this the right way? I would have over 10,000 lines that would be altered every hour in this table and am unsure if I'm doing it the correct way I have a query that gets staff on a particular day then performs a while loop selecting each member that works on that day and the times they work between. I have a for loop in that while loop that lists apointment times for each staff member every 15mins between the times they work, this works fine. I then have in the for loop a while loop that checks for existing appontments in the appointment table and changes the appointment slot for times that are booked to booked. I have found though that the second while loops causes doubling of results when an appointment is found, so I need to work out how to restructure this code so that i dont get the doubling effect of result. you can see the result of the script here http://justrelax.net.au/datetest.php and the code that causes the problem is // convert to US format $input="$month/$day/$year"; // readable date $readDATE="$day/$month/$year"; // convert for mysql date $sqlDATE="$year-$month-$day"; // get day of the week $weekday=date(l, strtotime($input)); echo $weekday."<br/>"; // get working staff from staff table $staffSQL=mysql_query("SELECT * FROM staff WHERE ".$weekday." != 'off' AND onLEAVE='no' AND ACTIVE='yes' ORDER BY staffID ASC"); // return results putenv("TZ=Australia/Adelaide"); while ($staff=mysql_fetch_array($staffSQL)) { $name=$staff['staffNAME']; $avail=$staff[$weekday]; $staffID=$staff['staffID']; list($first, $last)=explode(" ", $name); list($in, $out)=explode("-", $avail); $firstTIME="$sqlDATE $in:00"; $lastTIME="$sqlDATE $out:00"; echo "$first is available between $avail on $weekday<br/>"; $in2=strtotime($firstTIME); $out2=strtotime($lastTIME); $stop=$out2-900; echo $in2." - time start - $firstTIME<br/>"; echo $out2." - time finish - $lastTIME<br/>"; for ($inc=$in2;$inc<=$stop;$inc+=900) { $existSQL=mysql_query("SELECT * FROM appointment WHERE date='$sqlDATE' AND staffID='$staffID'"); if (mysql_num_rows($existSQL)>=1) { while ($appointV=mysql_fetch_array($existSQL)) { $resSTART=$appointV['dateTIME']; $length=$appointV['totalTIME']; $resEND=$resSTART+($length*60); if ($inc>=$resSTART && $inc<=$resEND) { echo "Appointment time is ".date("g.i a", $inc)." <font color='red'><< $first BOOKED</font><br/>"; } else if ($inc<$resSTART || $inc>$resEND) { echo "Appointment time is ".date("g.i a", $inc)." <font color='green'><< $first AVAILABLE</font><br/>"; } } } if (mysql_num_rows($existSQL)==0) { echo "Appointment time is ".date("g.i a", $inc)." <font color='green'><< $first AVAILABLE</font><br/>"; } } } could really use some help on this I have been trying different things for a few days now. Hello, I am puzzled as to how to get this code actually working, I am using some example code, I want the code to remove the data of the logged in users, at the moment it will remove all users registered in the mysql db.
<?php
# Access session.
session_start() ;
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }
# Connect to the database.
require ('connect_db.php');
// Attempt delete query execution
$sql = "DELETE FROM users WHERE user_id=user_id";
if(mysqli_query($dbc, $sql, $q)){
echo "Records were deleted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($dbc);
}
# Close database connection.
mysqli_close( $dbc ) ;
?>
$_session id knows that the user is logged into the control page, but for the code to remove the particular user logged in from the db, what exactly does this need? Thank you. Hi: Can anyone tell me why the following is not working: Code: [Select] a_Photo_Delete.php <?php $photo_id = $_REQUEST['photo_id']; mysql_query("DELETE FROM gallery_photos WHERE photo_id = $photo_id"); header("Location: a_Photo_Edit.php"); ?> <!DOCTYPE HTML> <html> <head> <meta charset="ISO-8859-1" /> <title></title> </head> <body> </body> </html> ------------------------------ a_Photo_Edit.php <p> <?php if ($_REQUEST['URL'] == 'a_Photo_Delete.php') { echo "<span class=\"textError\">Photo successfully deleted!</span>"; } ?> </p> The photo gets deleted OK, and the HEADER goes to the "a_Photo_Edit.php" page properly, but the "Photo successfully deleted!" message does not show up .. Confused why .. ?? Hi How to get value of all $_Request variable so that we can validate for cross scripting. see below http://srijanlinux.com/consentRequestNew.php?requestId=24753 print count($_GET); // return ---------- 1 print_r($_GET); // return ----------- Array ( [requestId] => 24753 ) Now I want to validate value of requestId. I know I can validate by getting using $_GET['requestId']. But there are changes that I don't know variable name then How validate unknown variable which might be put by hacker. Thanks akash Hi I am trying to send a company name to a form for users to report errors. Code: [Select] echo "<a href=\"http://www.example.com/suppliers.php?companyName=$compName\">$compName</a>"; In the form, I have the usual code which I use to fill in the value of a field... $companyName = $_REQUEST['companyName']; This works fine - except if there is an ampersand in the name. A & B Products...., becomes just A I have tried htmlentitles to convert to & but the problem still exists. Any thoughts on how I could correct this? Thanks Any ideas on how to make this code usable without using the $_REQUEST superglobal? Here is my code: <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title></title> </head> <body> <?php if($_GET['submit'] == "Change Background Color") { $bgcolor = strval($_POST['thecolor']); } else { $bgcolor = "red"; } ?> <body bgcolor="<?= $bgcolor; ?>"> <form name="color" method="get" action="<?= $_SERVER['PHP_SELF']; ?>"> Enter a color: <input type="text" name="thecolor" value=""> <input type ="submit" value="Change Background Color"> </form> i've been programming in PHP for years, and have done a substantial amount of work on applications of this nature. this problem has me stumped, not because i can't fix it (i did), but because i have no idea what the problem is. there are hundreds of lines of code involved here, so i'll break it down into a post-friendly format. take this for example, and forgive any typos. it's late, and i've been beating my head against this for over two hours... =\ this is from my form: Code: [Select] /* ... numerous form fields being passed as $_REQUEST arrays */ <input type="hidden" name="option_id[]" value="<?php print $query_result->option_id; ?>" /> /* a couple hundred more lines */ here's the DB update handler: Code: [Select] if (!empty($_REQUEST['option_name'])) { foreach ($_REQUEST['option_name'] as $k => $v) { if ($v != '') { $option_id = $_REQUEST['option_id'][$k]; $option_name = $_REQUEST['option_name'][$k]; $option_price = $_REQUEST['option_price'][$k]; $option_desc = htmlentities($_REQUEST['option_desc'][$k], ENT_QUOTES); if (!$option_id = '') { $sql_options = "UPDATE table SET" . " option_name = '" . $option_name . "', option_price = '" . $option_price . "', option_desc = '" . $option_desc . "' WHERE option_id = '" . $option_id "'"; if (!$query_function($sql_options)) { $error = true; } } else { $sql_options = "INSERT INTO table (option_name, option_price, option_desc)" . " VALUES ('" . $option_name . "', '" . $option_price . "', '" . $option_desc . "')"; if (!$query_function($sql_options)) { $error = true; } } } } } the above code doesn't post to the database because the $option_id variable returns a null value. however, if i replace the $option_id variable where i build the query string with $_REQUEST['option_id'], it works just fine. Code: [Select] /* in relevant part */ $sql_options = "UPDATE table SET" . " option_name = '" . $option_name . "', option_price = '" . $option_price . "', option_desc = '" . $option_desc . "' WHERE option_id = '" . $_REQUEST['option_id'] . "'"; needless to say i was infuriated by having spent a couple of hours to come to this conclusion. i only used the variables in the first place because i need to expand the function that this lives inside and i don't want to have to type $_REQUESTs over and over. the only thing i can think is that it might be a type issue. the data is coming out of the mysql table from an INT field and being placed into the value for the hidden field straight from the row collection. would forcing a variant data type by not strongly typing my variable have caused this problem? i haven't tested the theory because i'm still too ticked off to open my code editor. i'm bouncing this off the community and posting my experience in the hope that it might help someone who comes after. So I have an existing picklist that i am trying to tweak - I am making it into a multiselect and trying to return multiple values
I have been able to accomplish the first part by adding select 'multiple' but when i submit it only returns results for the last value selected.
Here is the code for the form (Left out the picklists that do not need to be multiple select)
<td align="center" valign="top"> <? // base64_encode(base64_encode( 'test1'))?> <br /> <br /> <form id='report_form' action="driverreport_sd.php" method="post" name="report_form"> <!--<div class="criteria_div">--> <table align="center" class="table_border" cellpadding="5" cellspacing="0" width="80%"> <tr> <td align="right" class="first_td"> Status: </td> <td align="left"> <select multiple name='Status' id='Status'> <? $statuslist=$ObjReport->ObjStatus->get_Status_List(); while($status=mysql_fetch_object($statuslist)) { if($status->Status=="Please Select") { ?> <option value="<?=$status->Status?>" <?=($status->Status==$_REQUEST['Status']?"selected=selected":"")?>> <?=$status->Status?></option> <? } else { ?> <option value="<?=$status->Status?>" <?=($status->Status==$_REQUEST['Status']?"selected=selected":"")?>> <?=$status->Status?></option> <? } } ?> </select> </td> </tr> <td align="center" colspan="2"> <input type="hidden" id='sort_by' name='sort_by' value="<?=$_REQUEST['sort_by']?>" /> <input type="hidden" name='search_val' id='search_val' value="<?=$_REQUEST['search_val']?>" /> <input type="hidden" name='search_by' id='search_by' value="<?=$_REQUEST['search_by']?>" /> <input type="hidden" name="report_submited" value='report_submited' /> <button type="submit" id="report_submited" name="" value='submit'>Submit</button> </td> and here is the return request <? if($_REQUEST['report_submited']) { $ReportData=$ObjReport->generate_report($_REQUEST['Status'],$_REQUEST['School'],$_REQUEST['Campaign'],$_REQUEST['State'],$_REQUEST['Stdtype'],$_REQUEST['Primbad'],$_REQUEST['Rep'],$_REQUEST['From_Date'],$_REQUEST['To_Date'],$_REQUEST['sort_by'],$_REQUEST['search_by'],$_REQUEST['search_val']); $currentTotalRow=mysql_num_rows($ReportData); if($currentTotalRow>0) { ?> Any suggestions would be appreciated Thanks! First problem fixed. My second problem is if the result is 0X.XX,0 or 0X.XX,1 I would like to remove the first 0 The X.XX are numbers, but the 0 is not always there. Can anyone help please Thanks NEWBIE ALERT: New to Programming Newer to PHP Bad at formulating coherent questions.....so here it goes.... Could someone explain Code: [Select] $fieldname = $_REQUEST['fieldname'] I understand "$_REQUEST An associative array that by default contains the contents of $_GET, $_POST and $_COOKIE" I also understand you call the member of an array like so: Code: [Select] <?php $arr = array("foo" => "bar", 12 => true); echo $arr["foo"]; // bar echo $arr[12]; // 1 ?> So I would expect that if someone wants to use something from the $_REQUEST Array they would use: Code: [Select] $fieldname = $_REQUEST['$_GET']So I do not understand why "$fieldname" is inside the brackets.I suspect they might be setting this up to use $fieldname instead of $_REQUEST maybe...but why, that would be redundant? so I suspect I suspect wrong.... Am new here - looks like a great foru! I would sincerely appreciate any help anyone can give me. I have been trying to solve my problem for hours and I am not having any luck, so I thought I would post and see if anyone can help. I am very stuck and am not making much progress on this project, and I am certain the answer is very simple. I am constructing a form to collect data for a specialized purpose. The form and program actually work for its intended function, but I am trying to enhance the user experience by preventing customers from having to reenter all of their data should there be a problem with any of the data submitted. I have been able to do that with the contact form portion, but what I am having trouble with is the portion which has as many as 400 possible entries. So, in a nutshell, if the customers contact data is incomplete or in error, the form will ask them to return to the page and correct things. The previous data entered has been saved in the session and the input value will equal the previous entry. i.e. <tr> <td align="right" class="infoBox"><?php echo ENTRY_EMAIL_ADDRESS; ?></td> <td align=left><?php echo "<input type=text name='cemail' value=\"$cemail\" size=35 maxlength=35>" ?></td> </tr> Works perfectly, all well and good there. On the other 400 more or less entries, I am having a difficult time tweaking the string concatenation to work to achieve similar results. There are 4 columns each with $points entries asking for a dimension in either feet or inches. The <input name=> is one of ptaf,ptai,ptbf,ptbi, appended programatically with the corresponding row number or data point. i.e. "ptaf1", "ptai1", etc... This is produced by the example below and works perfectly also. <?php { $points=100; $i=1; while ($i <= $points) {echo ' <tr><td align="center" width="6"><b> ' .$i . '</b></td> <td align="right" NOWRAP>A' .$i . ' (ft) <input type="text" name="ptaf'.$i.'" size=4 maxlength=3> </td> <td align="right" NOWRAP>A' .$i . ' (in) <input type="text" name="ptai'.$i.'" size=4 maxlength=4> </td> <td align="right" NOWRAP>B' .$i . ' (ft) <input type="text" name="ptbf'.$i.'" size=4 maxlength=3> </td> <td align="right" NOWRAP>B' .$i . ' (in) <input type="text" name="ptbi'.$i.'" size=4 maxlength=4> </td> '; $i++; } } ?> I am trying to add <input value=$ptai.$i> for each field but as I mentioned I am not having any luck. It seems as if I have tried every combination imagineable, but still no luck. My head is spinning! The closest I seem to have gotten was with this: <td align="right" NOWRAP>A' .$i . ' (ft) <input type="text" size=6 maxlength=3 name="ptaf'.$i.'" value="' . "$ptaf" . $i . '" ></td> But line 17 for example returns this: <input type="text" value="17" name="ptaf17" maxlength="3" size="6"> To recap, I am trying to have the value set to whatever the customer may have entered previously. Again, I would most appreciate any help anyone can give me. If you need clarification on anything please let me know. Thanks AJ Hello to all, I have problem figuring out how to properly display data fetched from MySQL database in a HTML table. In the below example I am using two while loops, where the second one is nested inside first one, that check two different expressions fetching data from tables found in a MySQL database. The second expression compares the two tables IDs and after their match it displays the email of the account holder in each column in the HTML table. The main problem is that the 'email' row is displayed properly while its while expression is not nested and alone(meaning the other data is omitted or commented out), but either nested or neighbored to the first while loop, it is displayed horizontally and the other data ('validity', 'valid_from', 'valid_to') is not displayed.'
Can someone help me on this, I guess the problem lies in the while loop? <thead> <tr> <th data-column-id="id" data-type="numeric">ID</th> <th data-column-id="email">Subscriber's Email</th> <th data-column-id="validity">Validity</th> <th data-column-id="valid_from">Valid From</th> <th data-column-id="valid_to">Valid To</th> </tr> </thead> Here is part of the PHP code:
<?php
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
echo '
<tr>
<td>'.$row["id"].'</td>
';
while ($row1 = $stmt1->fetch(PDO::FETCH_ASSOC)) {
echo '
<td>'.$row1["email"].'</td>
';
}
if($row["validity"] == 1) {
echo '<td>'.$row["validity"].' month</td>';
}else{
echo '<td>'.$row["validity"].' months</td>';
}
echo ' <td>'.$row["valid_from"].'</td>
<td>'.$row["valid_to"].'</td>
</tr>';
}
?>
Thank you. I have two tables. Table Name:Users Fields: User_name user_email user_level pwd 2.Reference Fields: refid username origin destination user_name in the users table and the username field in reference fields are common fields. There is user order form.whenever an user places an order, refid field in reference table will be updated.So the user will be provided with an refid Steps: 1.User needs to log in with a valid user id and pwd 2.Once logged in, there will be search, where the user will input the refid which has been provided to him during the time of order placement. 3.Now User is able to view all the details for any refid 3.Up to this we have completed. Query: Now we need to retrieve the details based on the user logged in. For eg: user 'USER A' has been provided with the referenceid '1234' during the time of order placement user 'USER B' has been provided with the referenceid '2468' during the time of order placement When the userA login and enter the refid as '2468' he should not get any details.He should get details only for the reference ids which is assigned to him. <?php session_start(); if (!$_SESSION["user_name"]) { // User not logged in, redirect to login page Header("Location: login.php"); } $con = mysql_connect('localhost','root',''); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("login", $con); $user_name = $_POST['user_name']; $refid = $_POST['refid']; $query = "SELECT * from reference,users WHERE reference.username=users.user_name AND reference.refid='$refid' AND "; $result = mysql_query($query) or trigger_error('MySQL encountered a problem<br />Error: ' . mysql_error() . '<br />Query: ' . $query); while($row = mysql_fetch_array($result)) { echo $row['refid']; echo $row['origin']; echo $row['dest']; echo $row['date']; echo $row['exdate']; echo $row['username']; } echo "<p><a href=\"logout.php\">Click here to logout!</a></p>"; ?> <html> <form method="post" action="final.php"> Ref Id:<input type="text" name="refid"> <input type="submit" value="submit" name="submit"> </html> Here's the code that deals with the client side:
<?php
session_start();
if(!isset($_SESSION['Logged_in'])){
header("Location: /page.php?page=login");
}
?>
<!DOCTYPE Html>
<html>
<head>
<!--Connections made and head included-->
<?php require_once("../INC/head.php"); ?>
<?php require_once("../Scripts/DB/connect.php"); ?>
<!--Asynchronously Return User Names-->
<script>
$(document).ready(function(){
function search(){
var textboxvalue = $('input[name=search]').val();
$.ajax(
{
type: "GET",
url: 'search.php',
data: {Search: textboxvalue},
success: function(result)
{
$("#results").html(result);
}
});
};
</script>
</head>
<body>
<div id="header-wrapper">
<?php include_once("../INC/nav2.php"); ?>
</div>
<div id="content">
<h1 style="color: red; text-align: center;">Member Directory</h1>
<form onsubmit="search()">
<label for="search">Search for User:</label>
<input type="text" size="70px" id="search" name="search">
</form>
<a href="index.php?do=">Show All Users</a>|<a href="index.php?do=ONLINE">Show All Online Users</a>
<div id="results">
<!--Results will be returned HERE!-->
</div>
search.php
<?php //testing if data is sent ok echo "<h1>Hello</h1><br>" . $_GET['search']; ?>This is the link I get after sending foo. http://www.family-li...php?&search=foo Is that mean it was sent, but I'm not processing it correctly? I'm new to the whole AJAX thing. This could be PHP or MySql so putting it in PHP forum for now... I have code below (last code listed) which processes a dynamically created Form which could have anywhere from 0 to 6 fields. So I clean all fields whether they were posted or not and then I update the mySQL table. The problem with this code below is that if, say, $cextra was not posted (i.e. it wasnt on the dynamically created form), then this code would enter a blank into the table for $cextra (i.e. if there was already a value in the table for $cextra, it gets overwritten, which is bad). What is the best way to handle this? I'm thinking i have to break my SQL query into a bunch of if/else statements like this... Code: [Select] $sql = "UPDATE cluesanswers SET "; if (isset($_POST['ctext'])){ echo "ctext='$ctext',"; } else { //do nothing } and so on 5 more times.... That seems horribly hackish/inefficient. Is there a better way? Code: [Select] if (isset($_POST['hidden']) && $_POST['hidden'] == "edit") { $cimage=trim(mysql_prep($_POST['cimage'])); $ctext=trim(mysql_prep($_POST['ctext'])); $cextra=trim(mysql_prep($_POST['cextra'])); $atext=trim(mysql_prep($_POST['atext'])); $aextra=trim(mysql_prep($_POST['aextra'])); $aimage=trim(mysql_prep($_POST['aimage'])); //update the answer edits $sql = "UPDATE cluesanswers SET ctext='$ctext', cextra='$cextra', cimage='$cimage', atext='$atext', aextra='$aextra', aimage='$aimage'"; $result = mysql_query($sql, $connection); if (!$result) { die("Database query failed: " . mysql_error()); } else { } Hi, after banging my head against the wall for a while thinking this would be a simple task, I'm discovering that this is more complicated than I thought. Basically what I have is a link table linking together source_id and subject_id. For each subject there are multiple sources associated with each. I had created a basic listing of sources by subject... no problem. I now need a way of having a form to create an ordered list in a user-specified way. In other words, I can currently order by id or alphabetically (subject name lives on a different table), but I need the option of choosing the order in which they display. I added another row to this table called order_by. No problem again, and I can manage all of this in the database, however I want to create a basic form where I can view sources by subject and then enter a number that I can use for sorting. I started off looping through each of the entries and the database (with a where), and creating a foreach like so (with the subject_id being grabbed via GET from the URL on a previous script) Code: [Select] while($row = mysqli_fetch_array($rs)) { //update row order if (isset($_POST['submit'])) { //get variables, and assign order $subject_id = $_GET['subject_id']; $order_by = $_POST['order_by']; $source_id = $row['source_id']; //echo 'Order by entered as ' . $order_by . '<br />'; foreach ($_POST['order_by'] as $order_by) { $qorder = "UPDATE source_subject set order_by = '$order_by' WHERE source_id = '$source_id' AND subject_id = '$subject_id'"; mysqli_query($dbc, $qorder) or die ('could not insert order'); // echo $subject_id . ', ' . $order_by . ', ' . $source_id; // echo '<br />'; } } else { $subject_id = $_GET['subject_id']; $order_by = $row['order_by']; $source_id = $row['source_id']; } And have the line in the form like so: Code: [Select] echo '<input type="text" id="order_by" name="order_by[]" size="1" value="'. $order_by .'"/> (yes I know I didn't escape the input field... it's all stored in an htaccess protected directory; I will clean it up later once I get it to work) This, of course, results in every source_id getting the same "order_by" no matter what I put into each field. I'm thinking that I need to do some sort of foreach where I go through foreach source_id and have it update the "order_by" field for each one, but I must admit I'm not sure how to go about this (the flaws of being self-taught I suppose; I don't have anyone to go to on this). I'm hoping someone here can help? Thanks a ton in advance |
|||||||