On Sun, December 30, 2007 5:29 pm, Richard Kurth wrote:
> I am trying to loop through a $_POST variable. It comes from a text
> area and it will have data like many email address or just one listed
> with a space or on a new line. I can't seam to get the data to extract
> properly. I have tried this below
>
> $array = explode(' ', $_POST['emails']);
//see what you have.
//maybe it's not hat you think
var_dump($_POST['emails']);
> foreach ($array as $value) {
//you should probably validate the emails using:
http://php.net/imap_rfc822_parse_adrlist
$value_sql = mysql_real_escape_string($value);
> $sql = "SELECT id FROM contacts where emailaddress = '$value' AND
> members_id = '$memberid'";
Use '$value_sql' here.
And I dunno where $memberid came from, but maybe it should be escaped
as well.
> $sql_result=safe_query($sql);
I'm not sure what "safe_query" is doing, and maybe you think it can
escape the data you embedded into the SQL, but I don't see how you can
do that... Sort of a Humpty-Dumpty problem...
> while ($row=mysql_fetch_array($sql_result)){
> $id = $row["id"];
> $sql1="UPDATE contacts SET emailstatus ='Unsubscribed' WHERE id =
> '$id'";
> safe_query($sql1);
> }}
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
