On Wed, Nov 19, 2008 at 5:55 AM, Alice Wei <[EMAIL PROTECTED]> wrote:
>  I am inquiring on this list to see if it is possible to create a script that 
> takes multiple update statements without my having to write one "SQL" 
> statement for each of the updates.

I'm not sure I understand your question.  It is certainly possible to
write one query that updates multiple rows at once.  In other cases,
you can use prepared statements and bound variables.  If all you need
to do is repeat a query of the same structure with different values, a
prepared statement would be faster and mean cleaner code than sending
repeated queries.

Without more specific info from you, I don't think I can give a better
answer than this.  I've never worked with Microsoft SQL Server, so I
doubt there's anything I can tell you about that in particular.

>  I have a scenario of which I create a table of some sort with some existing 
> information using Flex, and what I am told by my client is that no matter how 
> many records there are on the screen, the users should be able to update any 
> up to all the entries by simply pushing a button. I use Microsoft SQL, which 
> I think that it does allow multiple update query execution. The problem is 
> that I might have to come up with some method to accept all the "POST" 
> variables the user provides into the script.

Let's see.  If your POST includes the IDs of the rows you want to
change and the value you want to update, it could go something like
this.  Note that I haven't tested it, so it might contain an error.
I'm just trying to provide an illustration of the approach.



SKIPPED: connect to your database as appropriate.  Below I show using
the PDO extension to escape the incoming data using the quote()
method.  If you are using the mssql extension instead, there is no
escape function (!) so you'll have to decide how best to escape the
data.  That's reason enough for me to prefer PDO.

If you don't know what I'm talking about here, you should study SQL
injection until you're sure you fully understand.  Otherwise you will
produce very vulnerable code.


$sql = "UPDATE sometable SET somecolumn = '" .
$pdo->quote($_POST['field']) . "' WHERE id IN ("
  .  implode(',' $_POST['id']) . ")";


Send this query to your database as appropriate.  It will set
'somecolumn' to the value of $_POST['field'] where the ID is in the
list.  In this case the form should submit the $_POST['id'] value as
an array, which can be done by using setting the HTML name attribute
to id[] (e.g. name="id[]").



Does this help?

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to