tags:

views:

64

answers:

4
Q: 

Getting list of items in mysqli query

Hello, I currently have a list of things to update in the given mysqli query:

$insert = mysqli_query($db,"UPDATE `tbl_perms` SET
 `1` ='" . mysqli_real_escape_string($db,$_POST['permsA_1']) . "',    
 `2` ='" . mysqli_real_escape_string($db,$_POST['permsA_2']) . "',    
 `3` ='" . mysqli_real_escape_string($db,$_POST['permsA_3']) . "',    
 `4` ='" . mysqli_real_escape_string($db,$_POST['permsA_4']) . "',    
 `5` ='" . mysqli_real_escape_string($db,$_POST['permsA_5']) . "', 
 `6` ='" . mysqli_real_escape_string($db,$_POST['permsA_6']) . "',
 `7` ='" . mysqli_real_escape_string($db,$_POST['permsA_7']) . "',
 `8` ='" . mysqli_real_escape_string($db,$_POST['permsA_8']) . "',
 `9` ='" . mysqli_real_escape_string($db,$_POST['permsA_9']) . "',
`10` ='" . mysqli_real_escape_string($db,$_POST['permsA_10']) . "'
 WHERE `userid` = '$id' ")or die(mysqli_error($db));

How would I rewrite this so that I don't have to manually code the sql in so that when "permissions" are added, this automatically generates the sql needed to do the sql query?

Thanks.

A: 

Just a draft:

$sql = "UPDATE `tbl_perms` SET ";
for ($i = 1; $i < 100; i++) {
  if (isset($_POST['permsA_' . $i])) {
    if ($i > 1) $sql .= ",";
    $sql .= "`$i` ='" . mysqli_real_escape_string($db,$_POST['permsA_1']) . "'";
  }
}
$sql .= " WHERE `userid` = '$id'";

Please note that the 100 is just an arbitrary number

jeroen  2009-11-09 20:40:51
That's wrong. You cannot use the + operator like this in PHP.
Franz  2009-11-09 20:45:19
he probably meant .= instead of +=
dnagirl  2009-11-09 20:48:32
Sorry, was writing javascript at that time...
jeroen  2009-11-10 02:34:28
+4  A:  
foreach ($_POST as $key=>$value) {
  if (preg_match('/^permsA/',$key)) {
    list($tmp,$num)=explode('_',$key);
    $perms[]="`$num` = " . (int)$value; //or some other method of sanitizing the $value
  }
}

$sql="UPDATE tbl_perms SET " . implode(','$perms) . "WHERE userid = '$id'" ;
dnagirl  2009-11-09 20:41:56
Just a minor deal: `strpos($key, 'permsA')===0` would be a smidge faster than the preg_match. :) Also... don't forget to validate/sanitize `$num` (that's an injection hole at the moment)
brianreavis  2009-11-09 20:46:45
I like your `foreach` loop as it's more abstract, but why do you compare with `preg_match`? Won't comparing against a substring be faster?
JoostK  2009-11-09 20:47:33
@brianreavis: good points both.
dnagirl  2009-11-09 20:49:16
@JoostK: preg_match is slower, yes. but I remember its syntax better and I didn't want to stop to look up the other. :$
dnagirl  2009-11-09 20:53:19
A: 

Here you go:

$updaters = array();

for ($i = 1; $i <= 10; $i++)
{
    if (isset($_POST['permsA_'.$i]))
        $updaters[] = '`'.$i.'` = \''.mysqli_real_escape_string($db, $_POST['permsA_'.$i]).'\'';
}

$insert = mysqli_query($db,'UPDATE `tbl_perms` SET '.implode(',', $updaters).
    'WHERE `userid` = '.$id)or die(mysqli_error($db));
Franz  2009-11-09 20:43:24
+3  A: 

What the others said, except if possible I'd do it a bit differently - rather than having to use a $i to control the loop, I'd rename the form so that the fields were called something like:

<input type="checkbox" value="1" name="permsA[1]">
<input type="checkbox" value="1" name="permsA[2]">

etc etc.

You'd then get a post array you could reference like this like this:

$_POST['permsA'][1];
$_POST['permsA'][2];

Advantage of this is that you can do:

$bits = array();
foreach ($_POST['permsA'] as $key=>$value) {
  $bits[] = $key . " = '" . mysqli_real_escape_string($db, $value) . "'";
}

$sql = "UPDATE permissions SET " . implode(', ', $bits) . " WHERE userid = '$id' ") 
 or die(mysqli_error($db));

And the advantage of doing that is that you won't one day get a random bug when you add more permissions to the system and go past the max you are using for $1 :)

Appreciate you may not be able to change the form though, or may not ever add more permissions, in which case this solution is no better.

benlumley  2009-11-09 20:52:53

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases