Page 2 of 3

Posted: Tue Aug 07, 2007 8:29 pm
by VladSun
Should be... you have som syntax errors.

And you don't need the $query = "1=1 " anymore ...

Posted: Tue Aug 07, 2007 8:30 pm
by VladSun
@Jcart - the only question left is how to perform validation in your code ... I mean how would you do it :)

array_walk() ?

Posted: Tue Aug 07, 2007 8:32 pm
by phpretard
$Lost=me

Posted: Tue Aug 07, 2007 8:40 pm
by phpretard
$where = '';

does somthing go between ''

Posted: Tue Aug 07, 2007 8:46 pm
by VladSun
No - it is initialized as empty string.

Posted: Tue Aug 07, 2007 8:49 pm
by phpretard
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Code: Select all

$where = '';
if (!empty($_POST['cb']) && count($_POST['cb')) { 
   $where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = 'SELECT `data` FROM `table` '. $where;
$result=mysql_query($query) or die('Error, query failed');
I keep getting an error on line 23

Line 23 ----> if (!empty($_POST['cb']) && count($_POST['cb')) {


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Aug 07, 2007 8:50 pm
by phpretard
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Sorry... here is everything.

Code: Select all

@mysql_select_db($database) or die("<b>Unable to specified database</b>");

$cbs = $_POST['cb']; 


$where = '';
if (!empty($_POST['cb']) && count($_POST['cb')) {                     <--------------line 23
   $where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = 'SELECT `data` FROM `table` '. $where;
$result=mysql_query($query) or die('Error, query failed');


mysql_close($con);

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Aug 07, 2007 8:53 pm
by VladSun

Code: Select all

if (!empty($_POST['cb']) && count($_POST['cb']))
You've missed the closing square bracket ...

Posted: Tue Aug 07, 2007 9:03 pm
by phpretard
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Good catch...now my query is failing

Just a little more help and I think we'll have it.

Code: Select all

$cbs = $_POST['cb']; 


$where = '';
if (!empty($_POST['cb']) && count($_POST['cb']))  { 
   $where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = "SELECT email FROM testemail . $where";
$result=mysql_query($query) or die('Error, query failed');

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Aug 07, 2007 9:05 pm
by VladSun
debug, debug, debug ...

See, I am not a debugger - you will have to see what is worng with your query - first step is to echo it before executing ...

Posted: Tue Aug 07, 2007 9:12 pm
by Benjamin
Just a friendly reminder to use PHP tags.

Posted: Tue Aug 07, 2007 9:18 pm
by phpretard
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id IN (on, on, ON, on, on, on, on, on)' at line 1

Can I borrow someones manual?

Code: Select all

<?php       <----------line 1

$to ="email@address.com";

$subject =$_POST['subject']; 

$message = $_POST['body'];



$username = ' ';
$password = ' '; 
$database = ' ';


$con=mysql_connect('host',$username,$password);
@mysql_select_db($database) or die("<b>Unable to specified database</b>");

$cbs = $_POST['cb']; 

$where = '';
if (!empty($_POST['cb']) && count($_POST['cb']))  { 
   $where = 'WHERE id IN ('. implode(', ', $_POST['cb']).')'; 
} 

$query = "SELECT email FROM testemail . $where";
$result=mysql_query($query) or die(mysql_error());


mysql_close($con);

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Aug 07, 2007 9:29 pm
by VladSun
Well, I think you should have used 'value' property in the HTML form if you are going to use Jcart's code. However, it's untested ...

Posted: Tue Aug 07, 2007 9:42 pm
by John Cartwright
the only question left is how to perform validation in your code ... I mean how would you do it Smile

array_walk() ?
Yes, array_walk() would be ideal. However, in this case I don't think any validation would be required as we only need to escape potentially dangerous data.

Sorry about those errors, was kind of in a rush when I wrote that post. I didn't intend you to use the value attribute in the checkbox, instead you should be using the array keys.

Code: Select all

//no need for this anymore
//$cbs = $_POST['cb'];

$where = '';
if (!empty($_POST['cb']) && count($_POST['cb'])) {
   array_walk($_POST['cb'], 'mysql_real_escape_string');
   $where = 'WHERE `id` IN (\''. implode('\', \'', array_keys($_POST['cb'])).'\')';
}
Just a note, since I don't think you quite picked this up.. you want to change `id` to whichever column corresponds to your form checkbox key's

<input type=checkbox name="cb['tball']">

I didn't quite realize this at first as I assumed you would be using ID's in your checkbox key's, but you'll need the quotes I added in the example above when using strings.

Posted: Tue Aug 07, 2007 10:04 pm
by phpretard
With this <input type=checkbox name="cb['tball']">

I should have this 'WHERE `id` IN should read 'WHERE tball IN ?