Help with some code please

[richarro1234]

Hey,

 

I'm having some issues with this piece of script...

 

<?php
$dbhost = "localhost";
$dbuser = "user";
$dbpass = "pass";
$dbname = "dbname";

//Connect to MySQL Server
mysql_connect($dbhost, $dbuser, $dbpass);

//Select Database
mysql_select_db($dbname) or die(mysql_error());
$query1 = mysql_query("SELECT * from users where username = '".$_COOKIE["twusername"]."'") or exit( mysql_error() );
$r = mysql_fetch_array($query1);

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ClientIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ClientIP = $_SERVER['REMOTE_ADDR'];
}
//$ClientHost = gethostbyaddr($ClientIP);
$ClientAgent = $_SERVER['HTTP_USER_AGENT'];
$MyTimeStamp = time();


// Retrieve data from Query String
$status = $_GET['status'];
$id = $r['id'];
$query10 = mysql_query("SELECT * from friends WHERE myid = $id");
while ($fre = mysql_fetch_array($query10)) {

$friend = $fre['friendsid']; 

if ($sex = 'Male'){
$sex = 'his';
}else{
if ($sex = 'Female')
$sex = 'her';
}
// Escape User Input to help prevent SQL Injection
$status = mysql_real_escape_string($status);


//build query
$query = "UPDATE users SET mystatus = '$status' WHERE username = '".$_COOKIE["twusername"]."'";

$a = array($friend); 
foreach ($a as $b) 
{ 
$query1 = "INSERT INTO `richspri_social`.`feed` (`id`, `userid`, `friendid`, `action`, `did`, `when`, `groupname`) VALUES ('', '$id', '$b', 'status', 'Updated $sex', '$MyTimeStamp', '$status')";
}
//Execute query
}
// Exit if calling directly the script file!
if ($status != "")
{
$qry_result = mysql_query($query) or die(mysql_error());
$qry_result = mysql_query($query1) or die(mysql_error());
echo "<b><font color='#FF0000'>Status Updated Successfully</font></b>";
}
else
{
echo '<b>Hacking Attempt!!</b><br><br>';
}
?>

 

Now, i have tried this so many different ways.

i added the foreach loops in after trying it another way, but it still doenst work.

 

It will echo $b fine and will show what's it meant to, but when it adds it to the database, it adds everything, but doesn't add "$b" (which is the list of friends ID's).

 

What its coded to do is get a list of ID's from a database, and for each of the ID's (say for example there's 4 ID's) then it will add it 4 times into the database with each of the ID's (1,5,11,32), but instead all it does is adds it once to the database and doesn't insert the ID, it just adds a blank space.

 

Can someone have a look at it and find out whys it not doing what its meant to.

 

thanks

Rich

[Goldeneye]

This little snippet of code you posted has a few security-holes and is not well written/formatted (just so you know). Aside from that, your INSERT-query is only making one insert because the array you assigned as $a only has one element.

 

Instead of this:

<?php
$friend = $fre['friendsid'];
?>

 

Try this:

<?php
$friend = array();
$friend[] = $fre['friendsid']; 
?>

 

Explanation: What's happening with the code you have now is that you're just assigning the variable $friend a new value each time. What you want to do is append a new element onto it. That's why you need to use $friend[] - to indicate that you're appending a new element into the array. Also, you're running a FOREACH-loop before you've even completed your WHILE-loop. It is for this reason that, even with the solution I just gave you, your $friend-array will only have one element. I suggest completing the WHILE-loop first, and then cycling through the $friend-array with a FOREACH-loop. The bottom line is that you should rewrite/re-organize the code you just posted with indenting (to make differentiating between curly-braces considerably easier). If you need help, just ask.

[richarro1234]

Hey goldeneye, thanks for the help.

 

i have changed what you told me to, and just to test it i: "echo $friend ;" but all it outputs is "ArrayArrayArrayArrayArrayArrayArray" (which is the amount of friendids there are for the selected user)

 

i have also moved the curly-brace so it finishs the WHILE-loop before it runs the foreach, but it still doesnt add to the database.

 

Also i would like help with the rewrite/re-organising of the above code please.

 

thanks

Rich