clay1

This is what I use for one <select name="market"> <option value="none" selected>Please select a market</option> <?php //for each row we get from mysql, echo a form input while ($row = mysql_fetch_array($result)) { echo "<option value=\"".$row['market']."\">{$row['market']}</option>\n"; } ?> </select> $result is just a select all on the markets table

Or is this a problem more with my spreadsheet program? I'm using openoffice.org Is the php doing everything correctly but when I open the spreadsheet it's reading the html?

I am writing a script to export a table to excel for a client They have a column 'more_info' that they have brilliantly included html and javascript in. This is breaking the file when it's exported. Works fine until it hits the html and then the <br> screws up the rest of the file. I tried strip_tags but got the same result while($row_DetailRS1 = mysql_fetch_array($DetailRS1)){ for($i=0; $i< count($row_DetailRS1); $i++){ echo strip_tags($row_DetailRS1[$i]); if($i == count($row_DetailRS1)){ echo "\r"; } else {echo "\t";} } I suspect strip_tags won't work on an array? Ideas to fix this besides telling the client to get rid of the offending characters..?

Oh right. Nevermind!

RE: don't forget to adjust the SELECT query for the users to include the lastexported value Do I need to dump the last exported value into a variable or can I use values from different tables directly in the one query?

Thanks, this is helping a lot. by padding do you mean something like lastexport +-5 minutes?

Actually, obviously I would need to change the select statements and add something like regdate > lastexport My dilemma is with regdate being a date field is there the potential for orphaned records not being exported? So someone signs up an hour after the script is last run for example. Their regdate will be the same date is the last export-- will they not be exported the next time it is run?

Thanks for the reply. It does mean 'export every time the script is run'. There are 30 markets but only 8 of them are being used right now so to say. Right now I have this and it is dumping to an excel file the way I want: $result = mysql_query("SELECT * FROM markets WHERE export=1 ORDER BY market", $recipes) or die(mysql_error()); $num = mysql_num_rows($result); if($num == 0){ exit; } while ($row1 = mysql_fetch_assoc($result)) { $result2 = mysql_query("SELECT * FROM free_for_all_payment WHERE market='{$row1['market']}' and age>= '{$row1['minage']}' and income>='{$row1['minincome']}' ORDER BY market", $recipes) or die(mysql_error()); while ($row = mysql_fetch_array($result2)) { DO EXCEL STUFF } } Do I just need to add mysql_query("UPDATE markets SET lasteexport = now()"); before the double braces at the end?

Anyone? Should this be moved to the mysql forum?

Would I be better off doing this based on ID#? Anyone? This seems like it should be a fairly common task, yet I can't find any answers for it whatsoever.

Or actually, should I just add a column to the profiles 'exported' and update it when the export script is run? That would work for new ones but there are already thousands and thousands in the table

Also: Since my profiles only have a date, should I just use a date column for the other table and live with only being able to export once a day?

Trying to figure out the best way to set this up. People register my site. Their profile has the date they registered. I've got another table called 'markets' which has some information that is specific to various cities that the people who register are in. One of the columns in markets is a toggle to determine whether that market should be exported ie: Austin - export: 1 Boston -export: 0 My goal is to grab all of the new profiles for all markets where export = 1 I added a datetime field to the markets table. I'm confused how to proceed however though I was originally thinking grab the datetime from markets and select the stuff that is newer than that, then remembered I am dealing with more than 1 market. Then I thought 'well just have a table that stores the last export date and select the newer stuff than that' but I wasn't sure if that would work either. Advice? Added: This is using mysql

Yeah I removed the pg_escape_string after I checked my data I've been testing pg_insert and pg_update and both have been working so far. Still need to build in my verification and some other security stuff but basically taking running the two on $_POST works(key names need to match column names)

I ended up using pg_insert Which word has it is injection safe. Guess time will tell

Yeah there are only 1 value for each because I got rid of all the nested arrays from the checkboxes that were causing problems with this thing

Thanks! I knew it would be something along those lines, but arrays and foreach make my brain spin

Say I have my $_POST array Let's say I have 3 items- Name, Email, Comment I need to take name and email and make a new array with them let's call it User[] And then I need an array with just the comment. So I should end up with 2 separate arrays. Suggestions?

Well, I decided to quite tearing my hair out and just changed all the check boxes to a couple of text fields.

I guess the alternative question is what do I do with the checkboxes to get them into my database in a usable format?

[quote author=MatthewJ As far as the query failing if the field is not selected. How about you use a simple isset() on that form field, and if it is not, then insert a default value or leave it out of the query all together? The problem isn't when something is missing it's when it's included. if ($_POST) { array_pop($_POST); //removes $_POST['submit'] from array $_POST = array_map('pg_escape_string', $_POST); include('./includes/config.php'); $res = pg_insert($conn, 'leads', $_POST); if ($res) { echo "POST data is successfully logged\n"; } else { echo "User must have sent wrong inputs\n"; } } I seem to have fixed the 'scaler values' error as the inserts are working with the checkboxes I need to serialize the data though as I am getting 'array' in my database? So I guess the question now if how do I serialize the array contained inside the $_post array? Something like? foreach (array_keys($_POST) as $key) { $$value = $_POST[$key]; if (is_array($$value)){ $$value = serialize($_POST['$$value']); } }

Businessman: It's the forming of the query I am having trouble with. I've read I can use pg_escape_string(the pg equivalent.) $_POST = array_map('pg_escape_string', $_POST); Then what would I do? I read 'use pg_prepare' to make the statement.. but I have no idea what I need to do for that for an insert. pg_insert kind of worked but I have problems when any of the checkboxes are selected and get 'pg_insert expects scaler values' Sorry if I am not making much sense. My brain is all over the place. As for posting some code.. I've pretty much scrapped everything I had which was really nothing more than just playing around with the post data and trying to validate it(my issues with that are documented in other similarly exasperated posts)

I've got a form with about 30 elements. A mix of text fields, drop downs, check boxes, radio buttons. How do I get my data from the $_post array to my database in a way that is safe and secure? This problem has been frustrating me for a week now, I've been unable to find answers that make any sense to me for something that seems like it should be a common process. I am using postgresql From what I have found it seems like I want to use 'prepared statements' to prevent sql injection, but other than the php manual for pg_prepare or pg_query_params I can't find anything about how to actually do this in the real world. Except for about 5 elements all the questions on the form are optional. I am fairly stupid about this topic so a great deal of hand holding would be appreciated because as I get more frustrated the more useless I am becoming at solving my problem.

Still struggling with this problem

[code=php:0]$sql = "INSERT INTO tab (col1) VALUES (E'" . pg_escape_string($data) . "')"; Thanks. So would I repeat this line for each column? I've got about 30 columns. Or could I do a loop on something like: [code=php:0]$sql = "INSERT INTO tab ($key) VALUES (E'" . pg_escape_string($data) . "')";