--- kihmera_morgain <[EMAIL PROTECTED]> wrote:
> This group has become my lifesaver LOL but i've run across another
> problem, so i'm back to ask more questions.
>
> i'm working on a PM system for my site, most of it isnt a problem, but
> im afraid one part is just ZOOM~ going right over my head. I'm
> populating the Inbox by pulling up data from the database with a while
> loop.. simple enough... okay but i want to put a checkbox at the end
> of each row so that the user can choose to "select a message" to be
> deleted or added to their savebox... im afraid this is the part that
> is whizzing past me.. how do i associate the message info in a
> particular row with the checkbox at the end of the row, and the
> MessageID itself so that when a user clicks the checkbox and hits
> "delete" or "save", it actually picks the right message to delete or
> save..? i feel it should be blatantly obvious but i have a head cold
> and my brain just isn't functioning this afternoon it seems because I
> cant figure it out. I have a "MessageID" identifier for each message
> in place in the database, but im just not sure how to go about setting
> it up so that "if the user clicks checkbox "D", then the message with
> the ID "4" is deleted." since my table rows are being generated by
> the while loop itself.
>
> I fear my brain has totally melted today. Thank you for any help T_T
Since it is a series of checkboxes, users will likely select more than one at a
time. You may want to use a name property which uses the MessageID. One
possible solution is:
print "<input type='checkbox' name='id[$MessageID]'> Label<br />\n";
The Delete button will be a submit button and the $_POST variable will contain
an array $_POST['id'] with element names that correspond with the MessageID.
When you get around to actually deleting them from the database (or simply
marking the rows as inactive to provide an undo option) then you can perform an
action such as:
$q = sprintf("DELETE FROM table_name WHERE MessageID in (%s)", join(",",
$_POST['id']));
or
$q = sprintf("UPDATE table_name SET status=0 WHERE MessageID in (%s)",
join(",", $_POST['id']));
I would also suggest some additional validation to ensure that a user can only
delete their own messages and not something arbitrary. An additional WHERE
clause to check the userid of the owner of the message should be added to
either of these.
You should also check for SQL injection issues and check the array elements to
be sure that each one is an integer.
$msgIDs = $_POST['id'];
foreach ($msgIDs as $key=>$val)
{
$msgIDs[$key] = floor($val);
}
This has the added benefit of truncating any non-numeric portions of the value
and would be a good first step towards avoiding SQL injection issues.
James
