0

I am saving data to a mysql database and these are going to be different options, rather then having them in their own column i am trying to to keep them in the same.

So like surface in mysql would look like : grass,pavement,tarmac - i can get the data to show, but i cannot for some reason get it to save, after either adding a new option or deleting an option.

EDIT - This is now working, i reposted it on here incase others needs help! Thanks

Add:

    $surface = mysql_real_escape_string($_POST['surface']);
    $array = explode(',',$setQuery['Surface']);
    $new_array = implode(',',$array).','.$surface;
    $saveSettings = mysql_query("UPDATE `settings` SET Surface = '$new_array' WHERE id = '1'");

Delete:

    $surface = mysql_real_escape_string($_GET['s']);
    $array = explode(',',$setQuery['Surface']);
    unset($array[$surface]);
    $new_array = implode(',',$array);
    $saveSettings = mysql_query("UPDATE `settings` SET Surface = '$new_array' WHERE id = '1'");

Thanks for any help regards

Improve this question
9
  • 6
    Stop all the for loop nonsense to join array elements into a string and use implode() $new_array = implode(",", $array); Commented Feb 22, 2012 at 20:36
  • If you had proper error handling: mysql_query(...) or die(mysql_error()), you'd be told why your queries are failing. Commented Feb 22, 2012 at 20:37
  • Are you getting an error from mysql_query()? Check mysql_error(). Also, your add takes from $_POST while your delete takes from $_GET. In neither case have you called mysql_real_escape_string() to escape the input value before querying... Commented Feb 22, 2012 at 20:39
  • why don't you use a try-catch and var_dump($saveSettings) for more info? Commented Feb 22, 2012 at 20:41
  • Not sure whether this is causing problems. But using keywords like count and array as variable names isn't a good idea. Commented Feb 22, 2012 at 20:45

1 Answer 1

Reset to default
1

Having used a for loop to build your array into a comma-separated string sent you down the wrong path.

The correct course of action here is to use the PHP built-in implode() to construct the string from your array:

$new_array = implode(",", $array);

I notice also that your add method reads input from $_POST['s'] while the delete method reads from $_GET['s']. Check the consistency between these, if it is an issue.

In either case, however, you must call mysql_real_escape_string() to properly escape it against SQL injection. That is best done just before inserting it into the SQL string, after you have added or deleted from the array and called implode().

// All changes add/del made to array already...
$new_array = implode(",", $array);
$new_array = mysql_real_escape_string($new_array);

$saveSettings = mysql_query("UPDATE `settings` SET Surface = '$new_array' WHERE id = '1'");
// Use error handling methods:
if (!$saveSettings) {
  // Something went wrong
  echo mysql_error();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.