Posted: Tue Aug 07, 2007 8:29 pm
Should be... you have som syntax errors.
And you don't need the $query = "1=1 " anymore ...
And you don't need the $query = "1=1 " anymore ...
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Code: Select all
$where = '';
if (!empty($_POST['cb']) && count($_POST['cb')) {
$where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')';
}
$query = 'SELECT `data` FROM `table` '. $where;
$result=mysql_query($query) or die('Error, query failed');Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Sorry... here is everything.Code: Select all
@mysql_select_db($database) or die("<b>Unable to specified database</b>");
$cbs = $_POST['cb'];
$where = '';
if (!empty($_POST['cb']) && count($_POST['cb')) { <--------------line 23
$where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')';
}
$query = 'SELECT `data` FROM `table` '. $where;
$result=mysql_query($query) or die('Error, query failed');
mysql_close($con);Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Code: Select all
if (!empty($_POST['cb']) && count($_POST['cb']))Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Good catch...now my query is failing
Just a little more help and I think we'll have it.Code: Select all
$cbs = $_POST['cb'];
$where = '';
if (!empty($_POST['cb']) && count($_POST['cb'])) {
$where = 'WHERE `id` IN ('. implode(', ', $_POST['cb']).')';
}
$query = "SELECT email FROM testemail . $where";
$result=mysql_query($query) or die('Error, query failed');Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id IN (on, on, ON, on, on, on, on, on)' at line 1
Can I borrow someones manual?Code: Select all
<?php <----------line 1
$to ="email@address.com";
$subject =$_POST['subject'];
$message = $_POST['body'];
$username = ' ';
$password = ' ';
$database = ' ';
$con=mysql_connect('host',$username,$password);
@mysql_select_db($database) or die("<b>Unable to specified database</b>");
$cbs = $_POST['cb'];
$where = '';
if (!empty($_POST['cb']) && count($_POST['cb'])) {
$where = 'WHERE id IN ('. implode(', ', $_POST['cb']).')';
}
$query = "SELECT email FROM testemail . $where";
$result=mysql_query($query) or die(mysql_error());
mysql_close($con);Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]Yes, array_walk() would be ideal. However, in this case I don't think any validation would be required as we only need to escape potentially dangerous data.the only question left is how to perform validation in your code ... I mean how would you do it Smile
array_walk() ?
Code: Select all
//no need for this anymore
//$cbs = $_POST['cb'];
$where = '';
if (!empty($_POST['cb']) && count($_POST['cb'])) {
array_walk($_POST['cb'], 'mysql_real_escape_string');
$where = 'WHERE `id` IN (\''. implode('\', \'', array_keys($_POST['cb'])).'\')';
}