0

I should be able to figure this out, but I keep going in circles. I have a form with checkboxes. When the checkboxes are selected they tagged to be deleted.

I process those selected checkboxes with a foreach:

foreach (array_keys($_POST['checkboxselect']) as $k) {
    $str .= $k.',';
}

This is my lame attempt to put the list of videos together. The sql delete I'm using is:

DELETE FROM `videos` WHERE `video_name` IN ($str)

So I'm missing lots of things here. The $str needs to have:

  1. Only one checkbox is returned so return string with quotes (i.e. "myvideo.mp4")
  2. Multiple checkboxes are selected so build a string with quotes and commas (i.e. "myvideo.mp4","myvideo2.mp4","myvideo3.mp4")

Thanks for the help.

Improve this question
0

2 Answers 2

Reset to default
2

Try using PHP's implode:

// Init links
$mysqliLink = mysqli_connect('host', 'user', 'password') or die('Could not connect: ' . mysqli_error());

$mysqlLink = mysql_connect('host', 'user', 'password') or die('Could not connect: ' . mysql_error());

//-----
// Prep values for query
//-----

// Only pick one of the following depending upon the mysql library you are using

// If using mysql, passing the 2nd argument is not necessary, but for 
// clarity, adding it
$deleteNames = array_map('mysql_real_escape_string', array_keys($_POST['checkboxselect']), array_fill(0, count($_POST['checkboxselect']), $mysqlLink));

// If using mysqli
// This will ensure that $mysqliLink will be passed in as first arg for 
// every iteration satisfying the function signature
$deleteNames = array_map('mysqli_real_escape_string', array_fill(0, count($_POST['checkboxselect']), $mysqliLink), array_keys($_POST['checkboxselect']));
//-----


// Because you are passing strings, we need to ensure each is wrapped in quotes
$deleteNames = "'" . implode("','", $deleteNames) . "'";

// Construct query using implode
$sql = sprintf('DELETE FROM `videos` WHERE `video_name` IN (%s)', $deleteNames);

-- Update --

Using Joomla APIs:

$db = &JFactory::getDBO();

// Localize and sanitize each individual value
foreach (array_keys($_POST['checkboxselect']) as $element) {
    $deleteNames[] = $db->quote($element);
}

// Because you are passing strings, we need to ensure each is wrapped in quotes
// No longer true because $db->quote taking care of quoting out each name for us
$deleteNames = implode(',', $deleteNames);

// Construct query using implode
$sql = sprintf('DELETE FROM `videos` WHERE `video_name` IN (%s)', $deleteNames);
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

Thanks +1 for security in mind. But this didn't work. But interested to know why...
I'm interested as well. What specifically didn't work? If you var_dump($sql) it should give you what you wanted.
Typo regarding $myArray and $deleteIds.
@MikePurcell Purcell The strings are all empty (I noticed the problem with the variables before and fixed that). If I var_dump each line it seems the implode line is where it goes wrong. Although the first var_dump on array_map will return: ["video_0.mp4"]=> bool(false). Not sure why it says bool(false).
Ahhh I think I know why, I forgot to add array_keys around the $_POST['checkboxselect']. Updated post.
|
2

Use implode() like this:

$str = '"' . implode('","', array_keys($_POST['checkboxselect'])) . '"';

implode() will take an array and join each value in the array with the "glue" string. In this case the "glue" is "," and the array is composed of the keys in $_POST['checkboxselect']. Finally, the resulting string is wrapped in ".

This will result in your desired example string "myvideo.mp4","myvideo2.mp4","myvideo3.mp4".

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.