updating mysql db with php

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
taldos
Forum Commoner
Posts: 39
Joined: Mon Aug 23, 2004 8:47 am
Location: Philadelphia

updating mysql db with php

Post by taldos »

I have an ranking system in place, which would allow a back end admin to rank users. My only problem comes in updating the mysql database. the password works fine. I am using a hidden field to store variables, which I use the explode() function to transform into an array.

I believe this is proper sintax but I have a feeling there is a problem in how i am "$_REQUEST" variables through the post method.

Next to each user name there is a pulldown menu whose name is "rank" combine with the id number of that user

the 'rank_array' is the hidden texfield from the previous page which stores user id.

Code: Select all

$my_array = explode(",", $_REQUEST['rank_array']);

foreach($my_array as $value)  // loop through $my_array & populate database accordingly
{
$temp_value = $_REQUEST['rank'.$value.""]; //req. rank given to this user
$sql = "UPDATE members SET rank = '".$temp_value."' where id='".$value."'"; 
$result = mysql_query($sql);
}
if I hard code it, and remove the fore loop, the database is updated perfectly find. However, in trying to make it more efficient I have run into this problem.

Any help is appreciated

Best,

Ed.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

if the vars are coming thru with the post method, u can target them more specifically with the $_POST superglobal.

Also, to troubleshoot any mysql query/command, its wise to use mysql_error to tell you any problems (if any) the query is having.

$result = mysql_query($sql) or die (mysql_error());

you can also echo out the query to see if the set-up is correct.
Getran
Forum Commoner
Posts: 59
Joined: Wed Aug 11, 2004 7:58 am
Location: UK
Contact:

Post by Getran »

i usually use the update query the opposite way round:

$sql = "UPDATE members WHERE `id`='$value' SET `rank`='$temp_value'";

Try it like that, not sure if it'll really make much difference but..meh..

And try putting the $_REQUEST into a normal var:

$req = $_REQUEST['rank_array'];
$my_array = explode(",", $req);
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

for security and other reasons, you should avoid using request cause if u get mixed up, request will grab any variable passed any manner (get, post, etc)

so like i said, if your using POST to send your msg, use the $_POST superglobal.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

And don't forget to mysql_escape_string() your values :)
Post Reply