madcrazy1 Posted September 14, 2007 Share Posted September 14, 2007 before the user submits the form, the user is presented with say 20 editable form fileds each with different titles. the page the user is on, is supposed to allow the user to edit any title in any one of the text fields. when a user edits a text field and clicks submit. all the titles get changed instead of just the one they clicked submit on. the query is reading all identities for the user and making the same edit to all the titles. I need to have a variable somewhere in the form that the query can read so it knows which field to make the edit to. <form method="post" action="index.php"> <input type="hidden" value="[b]posts3[/b]"> [b]example: this is 1 form field of 20 each having diffent titles:[/b] [code]<input type="text" name="p1" value="<? if(isset($Blog1)){print $Title;} ?>" style="width:100%"> <input type="submit" value="Submit" class="button"> </form> here is the Sql query: [b]case "posts3"[/b]: { @mysql_query("UPDATE my_posts SET title='".$_POST['p1']."', date='$today_date', time='$today_time' WHERE `id` ='[b]IDENTITY[/b]'"); [/code] Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/ Share on other sites More sharing options...
gerkintrigg Posted September 14, 2007 Share Posted September 14, 2007 why not have a hidden field in the form which holds the ID variable you need? Then add a condition to the WHERE command to only allow the edit where the table's ID field = the posted variable. You might also want to look into sessions to avoid having to use hidden fields that can be hacked fairly easily. All the best. Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-348358 Share on other sites More sharing options...
madcrazy1 Posted September 15, 2007 Author Share Posted September 15, 2007 thanks for the reply, sounds like good info. Something i thought i needed to do but i am not good at math ??? I want to use the hidden fields idea because i am pretty certain i wont have hacking problems. in fact i think i will have to use these anyway because the data is fetched via a sql select statement then populated with value="<? if(isset($Blog1)){print $Blog1;} ?>" the variables connected to the db. a users output could 10 of these fields another users could be 100 fields. There is a row called 'id' that generates a unique id for every field. can i use this variable row? if so can you give me an example? Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-348823 Share on other sites More sharing options...
fenway Posted September 15, 2007 Share Posted September 15, 2007 Hidden fields are totally useless for security. Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-349030 Share on other sites More sharing options...
madcrazy1 Posted September 16, 2007 Author Share Posted September 16, 2007 ok so is a badge but security wears them right? haha anyway, i need to get this problem solved. how can you say hidden fields are poor security when you dont even know how the script is put together? hidden filelds inside a user session? how can a malacious user benefit from a hidden field that only works on a few int(s) inside a session? or are you saying that the hidden field itself could have a script run in it? that would be an SQL design problem, don't you think? all i am trying to do is have x user be able to edit y data output from a row based on z id get it? Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-349453 Share on other sites More sharing options...
fenway Posted September 18, 2007 Share Posted September 18, 2007 Yes, well, if you've already authenticated the user, you can spit out UIDs, but they can still change them in the hidden inputs... so as long as this won't result in them editing someone else's record, that's fine... hence the security issue. Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-350513 Share on other sites More sharing options...
madcrazy1 Posted September 19, 2007 Author Share Posted September 19, 2007 I ended up adding 20 more rows that produces 20 editable fields (not hidden)and used update. did the trick. although limiting, its not really. for the majority of users. i was looking for something like i++ because i wanted these fields to be user orderable, but they are fully editable close enough. unless you can tell me how to create a seperate row that will hold a value from 1 to 20 then let the user order these by having a 2 digit field that the user could reverse the order displayed, based on putting 20 in the text field for box 1 19 for box 2 etc.. any ideas? if not thx for the help anyway Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-350947 Share on other sites More sharing options...
fenway Posted September 19, 2007 Share Posted September 19, 2007 You mean like a sortorder? Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-351356 Share on other sites More sharing options...
madcrazy1 Posted September 21, 2007 Author Share Posted September 21, 2007 Exactly, i tried making it work before, and had no success, but now with the way the query is set up i might be able to display an extra input field. you think that would work? anyway back to the math problem i think i may have gotten lucky when i named the rows. they happen to be in perfect numerical order. I need to output an rss feed with this data. but i am unsure how to run a counter loop inside the query. Please help. $RunThisQuery = "SELECT post1, post1a, post2, post2a, post3, post3a, post4, post4a, post5, post5a, post6, post6a, post7, post7a, post8, post8a, post9, post9a, post10, post10a, post11, post11a, post12, post12a, post13, post13a, post14, post14a, post15, post15a FROM frm_blog WHERE userid=".$_REQUEST['id']." LIMIT 1"; $results = $connector->query($RunThisQuery); while ($row = $connector->fetchArray($results)){ $blog_comments = htmlentities($row['post1a']); $xml_item .= "<item>\n"; $xml_item .= "<title>".$row['post1']."</title>\n"; $xml_item .= "<description>$blog_comments</description>\n"; //$xml_item .= "<comments>$feed_link</comments>\n"; $xml_item .= "<pubDate>".$row['date']."</pubDate>\n"; $xml_item .= "<link>$absurl"; $xml_item .= "#".$row['id']."</link>\n"; $xml_item .= "</item>\n"; i need it to count two fields from 1 to just 15. titles are post1 comments are post 1a (with the letters after) is it something like this? ".$row['post1.1[+1]']. ".$row['post1.1[+1][a]']. can i put the correct expressions before this line? $blog_comments = htmlentities($row['post1a']); i am not sure why its there anyhow, but i am pretty sure i wont be able to count using just $blog_comments Thanks again Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-352166 Share on other sites More sharing options...
madcrazy1 Posted September 21, 2007 Author Share Posted September 21, 2007 OK,Igave it a shot,will this work, if not whats wrong with it? $RunThisQuery = "SELECT post1, post1a, post2, post2a, post3, post3a, post4, post4a, post5, post5a, post6, post6a, post7, post7a, post8, post8a, post9, post9a, post10, post10a, post11, post11a, post12, post12a, post13, post13a, post14, post14a, post15, post15a FROM frm_blog WHERE userid=".$_REQUEST['id']." LIMIT 1"; $results = $connector->query($RunThisQuery); $num=mysql_numrows($result); $i=0 + 1; while ($row = $connector->fetchArray($results)){ while ($i < $num) { $blog_comments = htmlentities($row['post,$i,a']); $xml_item .= "<item>\n"; $xml_item .= "<title>".$row['post,$i']."</title>\n"; $xml_item .= "<description>$blog_comments</description>\n"; $xml_item .= "</item>\n"; $i++; } } Quote Link to comment https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/#findComment-352255 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.