escaping array

[rpjd]

I have a table with two columns A and B.  I'm submitting a form where the user selects different checkboxes.  Column A contains the values of all the checkboxes.  I want to, after the form is submitted, using the array of values of randomly checked checkboxes, search the table for the corresponding values in column B.  Then display the values of selected checkboxes and their cosesponding values from column B. 

First I did an implode() on the array of submitted checkbox values,

$list = "'".implode("','", $_POST['Ref'])."'";

then did a mysql_real_escape_string on that.

for($i=0;$i<$count;$i++)
     {
		 $list = mysql_real_escape_string($list[$i]);
		 } 

I got a

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO)

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established

for each row of $list.

What am I doing wrong? 

[ZacTopher]

The error message tells you exactly what's wrong. You are not connected to any database

[rpjd]

I have this code

$Ref = $_POST['Ref'];
$list = "'".implode("','", $_POST['Ref'])."'";
$Con = mysql_connect($host, $user, $pass) or die("cannot connect to server" . mysql_error());
$db = mysql_select_db('database',$Con) or die("cannot connect to database" . mysql_error()); 
$list = mysql_real_escape_string($list);
$query = "select Ref, Text from table where Ref in($list)";
$result = mysql_query($query,$Con);
while($Text = mysql_fetch_assoc($result))

I'm getting this error :

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given

$_POST['Ref'] contains values of checked checkboxes.  Can't understand why its $result contains boolean values? 

 

[ZacTopher]

your query fails.. output $list and $query.. what's the result?

[rpjd]

I've changed it slightly

$Ref = $_POST['Ref'];
$Con = mysql_connect($host, $user, $pass) or die("cannot connect to server" . mysql_error());
$db = mysql_select_db('database',$Con) or die("cannot connect to database" . mysql_error()); 
for($i=0;$i<count($Ref);$i++)
{
$list = mysql_real_escape_string($Ref[$i]);
}
$emplodedList = "'".implode("','", $list)."'";

I'm getting this error

Warning: implode() [function.implode]: Invalid arguments passed

 

[ZacTopher]

$list is not an array

 

$list[] = mysql_real_escape_string($Ref[$i]);

[rpjd]

Ok I'm passing an array [1, 2, 3-1] into a query initially, which needs to be escaped and imploded into a string.  Should I pass the elements of the array through a for loop to escape each one, then implode the array into a string.  Is this correct, or should I go about it another way? 

[Pikachu2000]

What are the values that are expected to be in the array? Are they numeric or string type?

[rpjd]

I'm passing 1, 2, 3-1 to the query, the output are text strings (sentences/paragraphs).

[Pikachu2000]

OK, those are strings then, correct? You don't expect '3-1' to evaluate to 2, right?

 

// ---> connect to db first <---
$array = array_map('mysql_real_escape_string', $array);
$string = implode("', '", $array);
$query = "SELECT Ref, Text FROM table WHERE Ref IN( '$string' )";

[rpjd]

I absolute hope not!  In trouble otherwise. Applied yor suggestion

$Ref = $_POST['Ref'];
$Con = mysql_connect($host, $user, $pass) or die("cannot connect to server" . mysql_error());
$db = mysql_select_db('database',$Con) or die("cannot connect to database" . mysql_error()); 
$conRef = array_map('mysql_real_escape_string', $Ref);
$string = implode("', '", $Ref);
$query = "SELECT Text FROM table WHERE Ref IN( '$string' )";
$result = mysql_query($query,$Con);

If I'm expecting the result to be an array of text strings, do I need to do the same escape and implode on the result as well in order to access them?

[Pikachu2000]

No, you would just need to use a while() loop if you're expecting the query to return more than one record.

[rpjd]

Having executed the query

this for loop

while($Text = mysql_fetch_assoc($result))
{
for ($i=0;$i<count($Text);$i++)
{
echo $Text[$i];
}
}

is giving this error

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given

for the while() statememt.

Can't see how its seeing a boolean value.

[Pikachu2000]

That indicates the query is failing, and returning a boolean false. It would be a good time to add some logic to show the error and the query string.

 

if( !$result = mysql_query($query,$Con) ) {
     echo "<br>Query: $query<br>Failed with error: " . mysql_error() . '<br>';
}

 

There's really no need for the for() loop in the result, especially since you're only selecting one field from each record. Also, using fetch_assoc won't work with a numeric index, as it returns only an associative array.

 

while($Text = mysql_fetch_assoc($result)) {
     echo $Text['Text'] . '<br>';
}

[rpjd]

It works!

if(array_key_exists('Ref',$_POST) && ! empty($_POST['Ref']))
   {
 include('E:/MySQLCon.php');
 $Ref = $_POST['Ref'];
 $Con = mysql_connect($host, $user, $pass) or die("cannot connect to server" . mysql_error());
 $db = mysql_select_db('database',$Con) or die("cannot connect to database" . mysql_error()); 
 $Ref = array_map('mysql_real_escape_string', $Ref);
 $string = implode("', '", $Ref);
 $query = "SELECT Ref, Text FROM const WHERE Ref IN( '$string' )";
 $result = mysql_query($query, $Con);
 while($Text = mysql_fetch_assoc($result))
     {
		 echo "Ref " . $Text['Ref'] . "Text " . $Text['Text'] . "<br>";
		 }
 }

Thank you!