[PHP-WIN] Re: submitting records from multiple DB tables

Tue, 31 Jul 2001 12:35:30 -0700 


"Andrew.Martin" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a list of records displayed in a table generated from a DB
> (records are from numerous DB tables). The table consits of check
> box(name = DB name and index), title(url link with ID) date
> and status

Could you give a sample - the HTML code for one table row,
with descriptive dummy values?


> When the check box is selected I need to retrieve the DB
> table name and a specific ID.  The selected records are
> then to be updated in the DB, but my problems arise
> when trying to get the correct DB table name and ID.

I see two ways of doing this; you can either return a parseable
string from each checkbox, or you can return several associative
arrays.

Method #1:
=========

in form file:
<input type='checkbox'
    name='checkbox[]'
    value='$tablename;$id'
>

in recipient:
<?php
    foreach ($checkbox as $val) {
        $res = explode(";", $val, 2);
        // table name = $res[0]
        // id = $res[1]
    }
?>

Method #2
========

in form file:
<input type='checkbox'
    name='tbl[$num]'
    value='$tablename'
>
<input type='hidden'
    name='id[$num]'
    value='$id'
>

in recipient:
<?php
    foreach($tbl as $key => $val) {
        // table name = $val
        // id = $id[$key]
    }
?>

NOTE: both of these are quite insecure, letting any meddler
specify whichever table id and row they want to play with, or
maybe even execute arbitrary code of their own, depending
on exactly how this is implemented; I strongly suggest using
an associative array to filter the table names and forcing the
id to an integer value.

If you really want to be safe, you could generate a random
key for each row of each table, pass it through a hidden field,
and check it against the value again before changing the row.
That way, whackers can only change rows that they have
seen the 'password' for, which they would have the right to
change anyway.



-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to