Page 1 of 1

updating mysql db with php

Posted: Sun Aug 29, 2004 8:15 pm
by taldos
I have an ranking system in place, which would allow a back end admin to rank users. My only problem comes in updating the mysql database. the password works fine. I am using a hidden field to store variables, which I use the explode() function to transform into an array.

I believe this is proper sintax but I have a feeling there is a problem in how i am "$_REQUEST" variables through the post method.

Next to each user name there is a pulldown menu whose name is "rank" combine with the id number of that user

the 'rank_array' is the hidden texfield from the previous page which stores user id.

Code: Select all

$my_array = explode(",", $_REQUEST['rank_array']);

foreach($my_array as $value)  // loop through $my_array & populate database accordingly
{
$temp_value = $_REQUEST['rank'.$value.""]; //req. rank given to this user
$sql = "UPDATE members SET rank = '".$temp_value."' where id='".$value."'"; 
$result = mysql_query($sql);
}
if I hard code it, and remove the fore loop, the database is updated perfectly find. However, in trying to make it more efficient I have run into this problem.

Any help is appreciated

Best,

Ed.

Posted: Sun Aug 29, 2004 8:26 pm
by tim
if the vars are coming thru with the post method, u can target them more specifically with the $_POST superglobal.

Also, to troubleshoot any mysql query/command, its wise to use mysql_error to tell you any problems (if any) the query is having.

$result = mysql_query($sql) or die (mysql_error());

you can also echo out the query to see if the set-up is correct.

Posted: Mon Aug 30, 2004 1:02 pm
by Getran
i usually use the update query the opposite way round:

$sql = "UPDATE members WHERE `id`='$value' SET `rank`='$temp_value'";

Try it like that, not sure if it'll really make much difference but..meh..

And try putting the $_REQUEST into a normal var:

$req = $_REQUEST['rank_array'];
$my_array = explode(",", $req);

Posted: Mon Aug 30, 2004 6:07 pm
by tim
for security and other reasons, you should avoid using request cause if u get mixed up, request will grab any variable passed any manner (get, post, etc)

so like i said, if your using POST to send your msg, use the $_POST superglobal.

Posted: Tue Aug 31, 2004 7:18 am
by timvw
And don't forget to mysql_escape_string() your values :)