Check the BOX?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

Should be... you have som syntax errors.

And you don't need the $query = "1=1 " anymore ...
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

@Jcart - the only question left is how to perform validation in your code ... I mean how would you do it :)

array_walk() ?
There are 10 types of people in this world, those who understand binary and those who don't
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

$Lost=me
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

$where = '';

does somthing go between ''
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

No - it is initialized as empty string.
There are 10 types of people in this world, those who understand binary and those who don't
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Code: Select all

$where = '';
if (!empty($_POST['cb']) && count($_POST['cb')) { 
   $where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = 'SELECT `data` FROM `table` '. $where;
$result=mysql_query($query) or die('Error, query failed');
I keep getting an error on line 23

Line 23 ----> if (!empty($_POST['cb']) && count($_POST['cb')) {


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Sorry... here is everything.

Code: Select all

@mysql_select_db($database) or die("<b>Unable to specified database</b>");

$cbs = $_POST['cb']; 


$where = '';
if (!empty($_POST['cb']) && count($_POST['cb')) {                     <--------------line 23
   $where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = 'SELECT `data` FROM `table` '. $where;
$result=mysql_query($query) or die('Error, query failed');


mysql_close($con);

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

Code: Select all

if (!empty($_POST['cb']) && count($_POST['cb']))
You've missed the closing square bracket ...
There are 10 types of people in this world, those who understand binary and those who don't
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Good catch...now my query is failing

Just a little more help and I think we'll have it.

Code: Select all

$cbs = $_POST['cb']; 


$where = '';
if (!empty($_POST['cb']) && count($_POST['cb']))  { 
   $where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = "SELECT email FROM testemail . $where";
$result=mysql_query($query) or die('Error, query failed');

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

debug, debug, debug ...

See, I am not a debugger - you will have to see what is worng with your query - first step is to echo it before executing ...
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Just a friendly reminder to use PHP tags.
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id IN (on, on, ON, on, on, on, on, on)' at line 1

Can I borrow someones manual?

Code: Select all

<?php       <----------line 1

$to ="email@address.com";

$subject =$_POST['subject']; 

$message = $_POST['body'];



$username = ' ';
$password = ' '; 
$database = ' ';


$con=mysql_connect('host',$username,$password);
@mysql_select_db($database) or die("<b>Unable to specified database</b>");

$cbs = $_POST['cb']; 

$where = '';
if (!empty($_POST['cb']) && count($_POST['cb']))  { 
   $where = 'WHERE id IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = "SELECT email FROM testemail . $where";
$result=mysql_query($query) or die(mysql_error());


mysql_close($con);

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Post by VladSun »

Well, I think you should have used 'value' property in the HTML form if you are going to use Jcart's code. However, it's untested ...
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

the only question left is how to perform validation in your code ... I mean how would you do it Smile

array_walk() ?
Yes, array_walk() would be ideal. However, in this case I don't think any validation would be required as we only need to escape potentially dangerous data.

Sorry about those errors, was kind of in a rush when I wrote that post. I didn't intend you to use the value attribute in the checkbox, instead you should be using the array keys.

Code: Select all

//no need for this anymore
//$cbs = $_POST['cb'];

$where = '';
if (!empty($_POST['cb']) && count($_POST['cb'])) {
   array_walk($_POST['cb'], 'mysql_real_escape_string');
   $where = 'WHERE `id` IN (\''. implode('\', \'', array_keys($_POST['cb'])).'\')';
}
Just a note, since I don't think you quite picked this up.. you want to change `id` to whichever column corresponds to your form checkbox key's

<input type=checkbox name="cb['tball']">

I didn't quite realize this at first as I assumed you would be using ID's in your checkbox key's, but you'll need the quotes I added in the example above when using strings.
phpretard
Forum Commoner
Posts: 26
Joined: Wed Aug 01, 2007 8:03 pm
Location: Orlando Florida

Post by phpretard »

With this <input type=checkbox name="cb['tball']">

I should have this 'WHERE `id` IN should read 'WHERE tball IN ?
Post Reply