Re: [PHP] looping through a $_POST variable

Sun, 30 Dec 2007 16:57:37 -0800 

You might want to check the loop alone and check each value of $value:

$array = explode(' ', $_POST['emails']);
foreach($array as $value) {
        print "'$value'<br>";
}
if it works that way, at least you narrow down the possibilities of weirdness. 

On Dec 30, 2007, at 5:34 PM, Richard Kurth wrote:


When I do a var_dump($_POST['emails']); it has all the emails in it
string(65) "[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] " 
I will validate the emails after I get the loop to work
$memberid comes from a part of the script I did not show you $memberid =$_POST["members_id"]; 
safe_query  is a function that I call that does query stuff

function safe_query ($query = ""){
   include ("dataconf.inc.php");
   dbconnect($dbname,$rootusername,$rootpassword,$roothostname);
  global    $query_debug;

  if (empty($query)) { return FALSE; }

  if (!empty($query_debug)) { print "<pre>$query</pre>\n"; }

  $result = mysql_query($query)
      or die("Query Failed: "
          ."<li>errorno=".mysql_errno(). "<br>"
          ."<li>error=".mysql_error(). "<br><br>"
          ."<li>query=".$query
      );
  return $result;
}


On Sun, December 30, 2007 5:29 pm, Richard Kurth wrote:
I am trying to loop through a $_POST variable. It comes from a text area and it will have data like many email address or just one listed with a space or on a new line. I can't seam to get the data to extract 
properly. I have tried this below

$array = explode(' ', $_POST['emails']);



//see what you have.
//maybe it's not hat you think
var_dump($_POST['emails']);




foreach ($array as $value) {



//you should probably validate the emails using:

http://php.net/imap_rfc822_parse_adrlist

$value_sql = mysql_real_escape_string($value);



$sql = "SELECT id FROM contacts where emailaddress = '$value' AND
members_id = '$memberid'";



Use '$value_sql' here.

And I dunno where $memberid came from, but maybe it should be escaped
as well.



$sql_result=safe_query($sql);



I'm not sure what "safe_query" is doing, and maybe you think it can
escape the data you embedded into the SQL, but I don't see how you can 
do that...  Sort of a Humpty-Dumpty problem...



while ($row=mysql_fetch_array($sql_result)){
$id = $row["id"];
$sql1="UPDATE contacts SET emailstatus ='Unsubscribed' WHERE id =
'$id'";
safe_query($sql1);
}}







--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to