You probably need http://php.net/stripslashes somewhere.
Also, this is not a very secure way to do this...
Somebody could easily alter the HTML source of your hidden var_list_1 and
alter whatever columns they wanted.
It would be better to pass each value separately.
And, finally, you could put all of this in one file with a couple of if()
statements, instead of spread out over three files, and probably make life
much easier on yourself.
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
----- Original Message -----
From: P.Agenbag <[EMAIL PROTECTED]>
Newsgroups: php.general
To: <[EMAIL PROTECTED]>
Sent: Monday, August 27, 2001 2:51 PM
Subject: Generating Variables
> Hi
> I am trying to auto generate some sql strings.
> The resulting string should look like this:
> update $table_name set var1='$var1', var2='$var2' ............. where
> id=$id
>
> I used a foreach loop to get the keys from a table and in each foreach
> loop I tried the following.
> foreach($myrow as $key=>$val) {
> $var_list .= " $key = '\$$key', ";
> }
>
>
> The first php page is the "table generator"; VIEW_ALL.PHP
> <?php
> $username_1 = "user";
> $password_1 = "password";
> $db_name = "test";
> $table_name = "users_db";
> $link = mysql_connect("localhost",$username_1,$password_1);
> mysql_select_db($db_name,$link);
> $sql = "select * from $table_name";
> $result = mysql_query($sql);
> $result_2 = mysql_query($sql);
> echo "<table border=\"1\">";
> $myrow = mysql_fetch_assoc($result);
> echo"<tr bgcolor=\"#CCCCCC\">";
> foreach($myrow as $key=>$val) {
> echo "<td><b>$key</b></td>";
> }
> echo"</tr>";
> $count = 2;
> while($myrow_2 = mysql_fetch_assoc($result_2)) {
> $id = $myrow_2["id"];
> if ($count == 2) {
> $bgcol = "#FFFFFF";
> $count = $count - 1;
> }
> else {
> $bgcol = "#EFEFEF";
> $count = $count + 1;
> }
> echo"<tr bgcolor=\"$bgcol\">";
> foreach($myrow_2 as $key=>$val) {
> echo"<td>$val</td>";
> }
> echo"<td><a
>
href=\"edit.php?id_1=$id&table_name=$table_name&db_name=$db_name&username_1=
$username_1&password_1=$password_1\">Edit</a></td>";
>
> echo"</tr>";
> }
> echo"</table>";
> ?>
>
> Goes through to EDIT.PHP
> <?php
> $link = mysql_connect("localhost",$username_1,$password_1);
> mysql_select_db($db_name,$link);
> $sql = "select * from $table_name where id=$id_1";
> $result = mysql_query($sql);
> $myrow = mysql_fetch_assoc($result);
> $count_fields = 0;
> echo"<form name=\"form_1\" method=\"post\"
>
action=\"update.php?username_1=$username_1&password_1=$password_1&db_name=$d
b_name&table_name=$table_name\">";
>
> echo"<table border\"1\">";
> foreach($myrow as $key=>$val) {
> echo"<tr bgcolor=\"#CCCCCC\"><td>$key</td><td><textarea
> name=\"$key\">$val</textarea></td></tr>";
> $var_list_1 .= "$key = '\$$key',";
> $count_fields = $count_fields + 1;
> }
> echo"</table>";
> $count = strlen($var_list);
> $new_count = $count - 1;
> $var_list_1[$new_count] = "";
> echo"<input type=\"hidden\" name=\"var_list\" value=\"$var_list_1\">";
> echo"<input type=\"submit\" value=\"submit\" name=\"submit\">";
> echo"</form>";
> ?>
>
> And this goes to UPDATE.PHP
>
> <?php
> $link = mysql_connect("localhost",$username_1,$password_1);
> mysql_select_db($db_name,$link);
> $sql_1 = "update $table_name set $var_list where id=$id";
> $result = mysql_query($sql_1);
> echo "Your data has been updated!<br>";
> echo "$sql_1 <br>";
> echo "result: $result<br>";
> ?>
>
> This is where the problems comes in, the SQL is not brought over
> correctly, rather is written "as-is" with the single quotes \-ed out,
> can someone plz help me?
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
