Jump to content

Recommended Posts

before the user submits the form, the user is presented with

say 20 editable form fileds each with different titles.

the page the user is on, is supposed to allow the user to edit

any title in any one of the text fields. when a user edits

a text field and clicks submit. all the titles get changed instead of

just the one they clicked submit on. the query is reading all identities

for the user and making the same edit to all the titles. I need to have a variable

somewhere in the form that the query can read so it knows which field to make the edit to.

 

 

<form method="post" action="index.php">
  <input type="hidden" value="[b]posts3[/b]"> 

[b]example: this is 1 form field of 20 each having diffent titles:[/b]
[code]<input type="text" name="p1" value="<? if(isset($Blog1)){print $Title;} ?>" style="width:100%">

<input type="submit" value="Submit" class="button">
</form>

 

here is the Sql query:

[b]case "posts3"[/b]: { 

@mysql_query("UPDATE my_posts SET title='".$_POST['p1']."', date='$today_date', time='$today_time' WHERE `id` ='[b]IDENTITY[/b]'");

[/code]

Link to comment
https://forums.phpfreaks.com/topic/69279-need-to-make-query-understand-edit/
Share on other sites

why not have a hidden field in the form which holds the ID variable you need? Then add a condition to the WHERE command to only allow the edit where the table's ID field = the posted variable.

 

You might also want to look into sessions to avoid having to use hidden fields that can be hacked fairly easily.

 

All the best.

thanks for the reply, sounds like good info. Something i thought i needed to do but i am not good at math ???

I want to use the hidden fields idea because i am pretty certain i wont have hacking problems. in fact i think i will have to use these anyway because

the data is fetched via a sql select statement then populated with

value="<? if(isset($Blog1)){print $Blog1;} ?>"

the variables

connected to the db. a users output could 10 of these fields another users could be 100 fields. There is a row called 'id' that generates a unique id

for every field. can i use this variable row? if so can you give me an example?

8)

 

ok so is a badge but security wears them right? haha

anyway, i need to get this problem solved. how can you say hidden fields are

poor security when you dont even know how the script is put together?

hidden filelds inside a user session? how can a malacious user benefit from

a hidden field that only works on a few int(s) inside a session? or are you saying that the

hidden field itself could have a script run in it? that would be an SQL design problem, don't you think?

all i am trying to do is have x user be able to edit y data output from a row

based on z id get it?

Yes, well, if you've already authenticated the user, you can spit out UIDs, but they can still change them in the hidden inputs... so as long as this won't result in them editing someone else's record, that's fine... hence the security issue.

I ended up adding 20 more rows that produces 20 editable fields (not hidden)and used update. did the trick. although limiting, its not really. for the majority of users. i was looking for something like i++ because i wanted these fields

to be user orderable, but they are fully editable close enough. unless you can tell me how to create a seperate row that will hold a value from 1 to 20

then let the user order these by having a 2 digit field that the user could reverse the order displayed, based on putting 20 in the text field for box 1

19 for box 2 etc.. any ideas? if not thx for the help anyway

Exactly, i tried making it work before, and had no success, but now with the way the query is set up i might be able to display an extra input field. you think that would work?

 

anyway back to the math problem i think i may have gotten lucky when i named the rows. they happen to be in perfect numerical order. I need to output an rss feed with this data. but i am unsure how to run a counter loop inside the query. Please help. :)

 

 

$RunThisQuery = "SELECT post1, post1a, post2, post2a, post3, post3a, post4, post4a, post5, post5a, post6, post6a, post7, post7a, post8, post8a, post9, post9a, post10, post10a, post11, post11a, post12, post12a, post13, post13a, post14, post14a, post15, post15a FROM frm_blog WHERE userid=".$_REQUEST['id']." LIMIT 1";
$results = $connector->query($RunThisQuery);
while ($row = $connector->fetchArray($results)){

	$blog_comments = htmlentities($row['post1a']);
	$xml_item .= "<item>\n"; 
	$xml_item .= "<title>".$row['post1']."</title>\n"; 
	$xml_item .= "<description>$blog_comments</description>\n"; 
	//$xml_item .= "<comments>$feed_link</comments>\n"; 
	$xml_item .= "<pubDate>".$row['date']."</pubDate>\n"; 
	$xml_item .= "<link>$absurl";
	$xml_item .= "#".$row['id']."</link>\n"; 
	$xml_item .= "</item>\n"; 

 

 

i need it to count two fields from 1 to just 15.

titles are post1

comments are post 1a (with the letters after)

 

is it something like this?

".$row['post1.1[+1]'].

".$row['post1.1[+1][a]'].

 

can i put the correct expressions before this line?

$blog_comments = htmlentities($row['post1a']);

i am not sure why its there anyhow, but i am pretty sure

i wont be able to count using just $blog_comments

 

Thanks again

OK,Igave it a shot,will this work, if not whats wrong with it?

 

	$RunThisQuery = "SELECT post1, post1a, post2, post2a, post3, post3a, post4, post4a, post5, post5a, post6, post6a, post7, post7a, post8, post8a, post9, post9a, post10, post10a, post11, post11a, post12, post12a, post13, post13a, post14, post14a, post15, post15a FROM frm_blog WHERE userid=".$_REQUEST['id']." LIMIT 1";
$results = $connector->query($RunThisQuery);
$num=mysql_numrows($result);
             $i=0 + 1;
while ($row = $connector->fetchArray($results)){

while ($i < $num) {


	$blog_comments = htmlentities($row['post,$i,a']);
	$xml_item .= "<item>\n"; 
	$xml_item .= "<title>".$row['post,$i']."</title>\n"; 
	$xml_item .= "<description>$blog_comments</description>\n"; 

	$xml_item .= "</item>\n"; 
$i++;
}

} 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.