I'm trying to put thi开发者_开发问答s,
check_box=147&check_box=148&check_box=146 etc..
into
$delete_selected = $connection->real_escape_string($_POST['check_box'])
$sql = "DELETE FROM categories WHERE cat_id = '$delete_selected'";
but it only deletes the first check_box value. Is there a way to loop through all the values?
You need to change your post vars to have []
, i.e. checkbox[]=
. Once that's fixed, on to the backend...
Considering you neeed to escape every value, do something like this:
$clean_values = array();
foreach($_POST['check_box'] as $value){
$clean_values[] = $connection->real_escape_string($value);
}
$sql = 'DELETE FROM categories WHERE cat_id in ('.implode(',',$clean_values).')';
BONUS PHP5.3 ANSWER:
array_walk($_POST['check_box'],function(&item) use($connection){
$item = $connection->real_escape_string($item);
});
$sql = 'DELETE FROM categories WHERE cat_id in ('.implode(',',$_POST['check_box']).')';
try
$sql = "DELETE FROM categories WHERE cat_id in '($delete_selected)'";
I may have screwed up the php. the resulting query should liik like
DELETE FROM categories WHERE cat_id in ('cat1', 'cat2', ...)
Self-contained example to play with...
<html>
<head><title>...</title></head>
<body>
<form method="post" action="?">
<p>
<!-- php will parse post fields like check_box[]=xyz as an array, appending new elements to $_POST['check_box'] -->
<input type="checkbox" name="check_box[]" id="c1" value="140" /><label for="c1">140</label><br />
<input type="checkbox" name="check_box[]" id="c2" value="141" /><label for="c2">141</label><br />
<input type="checkbox" name="check_box[]" id="c3" value="142" /><label for="c3">142</label><br />
<input type="checkbox" name="check_box[]" id="c4" value="143" /><label for="c4">143</label><br />
<input type="checkbox" name="check_box[]" id="c5" value="144" /><label for="c5">144</label><br />
<input type="submit" />
</p>
</form>
<?php
if ( isset($_POST['check_box']) && is_array($_POST['check_box']) ) {
echo '<pre> _POST='; var_dump($_POST); echo '<pre>';
// approach #1: treat ids as numbers. Keep the value range of php's integers and MySQL numeric fields in mind
// make sure the elements really are integers
$params = array_map('intval', $_POST['check_box']);
// join the elements to one string like "1,2,3"
$params = join(', ', $params);
// use the IN operator in your WHERE-clause
$sql = "DELETE FROM xyz WHERE cat_id IN ($params)";
echo 'sql1 = ', $sql, "<br />";
// mysql_query($sql, $mysql) or die(mysql_error());
// approach #2: treat ids as strings.
// you need a database connection for mysql_real_escape_string()
$mysql = mysql_connect('localhost', 'localonly', 'localonly') or die(mysql_error());
mysql_select_db('test', $mysql) or die(mysql_error());
// each element has to be escaped and put into single quotes
$params = array_map(
function($e) use ($mysql) {
return "'".mysql_real_escape_string($e, $mysql)."'";
},
$_POST['check_box']
);
// again join them, "'1','2','x'"
$params = join(', ', $params);
// IN operator in WHERE-clause
$sql = "DELETE FROM xyz WHERE cat_id IN ($params)";
echo 'sql2 = ', $sql, "<br />";
// mysql_query($sql, $mysql) or die(mysql_error());
}
?>
</body>
</html>
精彩评论