When I do a var_dump($_POST['emails']); it has all the emails in it
string(65) "rkurth@xxxxxxxxxxxxxx ckurth@xxxxxxxxxxxxxx
tkurth@xxxxxxxxxxxxxx"
I will validate the emails after I get the loop to work
$memberid comes from a part of the script I did not show you $memberid
=$_POST["members_id"];
safe_query is a function that I call that does query stuff
function safe_query ($query = ""){
include ("dataconf.inc.php");
dbconnect($dbname,$rootusername,$rootpassword,$roothostname);
global $query_debug;
if (empty($query)) { return FALSE; }
if (!empty($query_debug)) { print "<pre>$query</pre>\n"; }
$result = mysql_query($query)
or die("Query Failed: "
."<li>errorno=".mysql_errno(). "<br>"
."<li>error=".mysql_error(). "<br><br>"
."<li>query=".$query
);
return $result;
}
On Sun, December 30, 2007 5:29 pm, Richard Kurth wrote:
I am trying to loop through a $_POST variable. It comes from a text
area and it will have data like many email address or just one listed
with a space or on a new line. I can't seam to get the data to extract
properly. I have tried this below
$array = explode(' ', $_POST['emails']);
//see what you have.
//maybe it's not hat you think
var_dump($_POST['emails']);
foreach ($array as $value) {
//you should probably validate the emails using:
http://php.net/imap_rfc822_parse_adrlist
$value_sql = mysql_real_escape_string($value);
$sql = "SELECT id FROM contacts where emailaddress = '$value' AND
members_id = '$memberid'";
Use '$value_sql' here.
And I dunno where $memberid came from, but maybe it should be escaped
as well.
$sql_result=safe_query($sql);
I'm not sure what "safe_query" is doing, and maybe you think it can
escape the data you embedded into the SQL, but I don't see how you can
do that... Sort of a Humpty-Dumpty problem...
while ($row=mysql_fetch_array($sql_result)){
$id = $row["id"];
$sql1="UPDATE contacts SET emailstatus ='Unsubscribed' WHERE id =
'$id'";
safe_query($sql1);
}}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
