Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 37
  1. #16
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by doubledee View Post
    Where the problem exists is that while I can populate some array with all 50 PM's when my script first runs (e.g. $testArray), when the user submits the Form, any values in my array get erased.
    Thats because the script has stopped running and it's variables are lost (thats the way PHP works I'm afraid - not the same as a windows program). When you submit the form the script runs as a fresh instance with its own memory and variables. Thats the way PHP works and why most people use sessions between scripts being executed to store temporary memory.

    Quote Originally Posted by doubledee View Post
    So I figured that if I could pass the entire array back via the $_POST array, then I could continue to use $testArray, and use all 50 values in it to run my UPDATE and thus mark all 50 PM's as "Unread", if you follow me?!
    Yes I've followed that all along and yes there is nothing wrong with doing it that way if thats the way you're happy with it. We've shown you several suitable ways for you to achieve that, it's just a case of you picking what you think is best for you.

    Quote Originally Posted by AndrewGSW View Post
    I assume you are referring to JS stringify() and parse()?
    No I was talking about the php functions. I don't do front end design or javascript


    Quote Originally Posted by AndrewGSW View Post
    Serializing in PHP is intended to serialize objects..?
    Actually I wasn't aware that you could serialize objects. As far as I was aware it only applied to variables such as arrays, strings, numbers etc so thats news to me!
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  2. #17
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Actually I wasn't aware that you could serialize objects. As far as I was aware it only applied to variables such as arrays, strings, numbers etc so thats news to me!
    I just edited my recent post - I think implode() and explode() are preferable for such a simple 1-D array. Andy.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  3. #18
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by AndrewGSW View Post
    Added: to pass a simple array of ids (integers) as a string I would prefer implode() and explode() which have less overhead than serialize().
    Actually I'm going to support this over my serialize suggestion as it would be easier and simpler to implode an array into a string for the form and then explode it into an array for processing.

    The only slight risk is that someone could modify it before transmission whereas with a serialized array string it's not as easy to understand from the laymans POV.

    Also Deb, remember in your SQL to use "where user = '<users id>'" along with your where / id clause otherwise a malicious user could supply their own message IDs and wipe out another users inbox.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  4. Users who have thanked tangoforce for this post:

    doubledee (12-16-2012)

  5. #19
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,071
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by AndrewGSW View Post
    Code:
    AFAIK, serizlize (sic) and unserialize don't work on objects.
    I assume you are referring to JS stringify() and parse()? Serializing in PHP is intended to serialize objects..? Added: to pass a simple array of ids (integers) as a string I would prefer implode() and explode() which have less overhead than serialize().

    If passing OOP objects between pages you are likely to store them as serialized session data, as indicated by tangoforce's recent post.
    @Andrew: Library is closing. Hope to be back in maybe 20 minutes from somewhere else.

    In the mean time, can you please explain more about using Implode/Explode versus Serialize/Unserialize and how I'd go about that?

    All of this is quite overwhelming for a newbie like me?!

    I can say, though, that "Yes", all I am trying to pass back to my same script is a listing of all MessageID's in the InBox, so my script can UPDATE all Messages in the Inbox (versus individual Messages that may have been "cherry-picked".)

    I'm not sure what is the best way to do that, but as you can see, I figured I'd just pass an array in the $_POST?!

    (Here is where maybe you more seasoned developers can show me the *best* way to do this using my Procedural Coding.)

    Back in a few...


    @Debbie HIDDEN only means hidden from view on the page - it is completely visible/accessible when posted to PHP.
    Oh, okay. It just leaves me feeling like it is too exposed or something?!

    (Security is important to me!!)


    Debbie

  6. #20
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by doubledee View Post
    In the mean time, can you please explain more about using Implode/Explode versus Serialize/Unserialize and how I'd go about that?
    Serialize basically converts a variable into a textual description of it.

    Look at this:
    PHP Code:
    $Array[] = 'This '// Note I've left space on end
    $Array[] = 'is ';
    $Array[] = 'a ';
    $Array[] = 'test ';

    $Output serialize($Array);

    print 
    $Output
    $Output would be: a:4:{i:0;s:5:"This ";i:1;s:3:"is ";i:2;s:2:"a ";i:3;s:5:"test ";}
    a: array with 4 parts
    i:0 integer / index is zero
    s:5 String with 5 characters
    etc

    See it in action on codepad: http://codepad.org/n0Wgrras

    Explode / implode:
    PHP Code:
    $Array[] = 'This'//No spaces as we can use implode for that
    $Array[] = 'is';
    $Array[] = 'a';
    $Array[] = 'test';

    $Output implode(' '$Array);

    print 
    $Output// This is a test 
    See it on codepad: http://codepad.org/eVuw8dDN

    Explode does the opposite - breaking up a string by the specified character:
    PHP Code:
    $Input 'This is a test';

    $Array explode(' '$Input);

    var_dump($Array); 
    Outputs:
    array(4) {
    [0]=>
    string(4) "This"
    [1]=>
    string(2) "is"
    [2]=>
    string(1) "a"
    [3]=>
    string(4) "test"
    }

    See it on Codepad: http://codepad.org/a2noxZWS

    Personally I recommend going with Andys explode/implode as it's simpler. Using the serialisation would make it a bit more complex but it would be slightly (though still possible) for anyone to change those values.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  7. #21
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,071
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    Serialize basically converts a variable into a textual description of it.

    Look at this:
    PHP Code:
    $Array[] = 'This '// Note I've left space on end
    $Array[] = 'is ';
    $Array[] = 'a ';
    $Array[] = 'test ';

    $Output serialize($Array);

    print 
    $Output
    $Output would be: a:4:{i:0;s:5:"This ";i:1;s:3:"is ";i:2;s:2:"a ";i:3;s:5:"test ";}
    a: array with 4 parts
    i:0 integer / index is zero
    s:5 String with 5 characters
    etc

    See it in action on codepad: http://codepad.org/n0Wgrras

    Explode / implode:
    PHP Code:
    $Array[] = 'This'//No spaces as we can use implode for that
    $Array[] = 'is';
    $Array[] = 'a';
    $Array[] = 'test';

    $Output implode(' '$Array);

    print 
    $Output// This is a test 
    See it on codepad: http://codepad.org/eVuw8dDN

    Explode does the opposite - breaking up a string by the specified character:
    PHP Code:
    $Input 'This is a test';

    $Array explode(' '$Input);

    var_dump($Array); 
    Outputs:
    array(4) {
    [0]=>
    string(4) "This"
    [1]=>
    string(2) "is"
    [2]=>
    string(1) "a"
    [3]=>
    string(4) "test"
    }

    See it on Codepad: http://codepad.org/a2noxZWS
    Wow! Thanks for all of the examples!!


    Personally I recommend going with Andys explode/implode as it's simpler. Using the serialisation would make it a bit more complex but it would be slightly (though still possible) for anyone to change those values.
    But technically that is true of anything passed through a Form, right?

    Since I am just passing back a listing of all PM ID's to the same script so it knows which Messages need to be updated, and since the "pmID" is an Integer, then as long as I sanitize things by casting to an Integer, and using Prepared Statements - which is actually the only way I know how to do database stuff - then I assume that I will be okay from a security standpoint?!

    BTW, you guys please don't leave me just yet.

    I need to re-read everyone's suggestions, and also go to the PHP Manual and read up on all of this, and then try and piece it all together into a working script?!

    I'll likely have some more questions here in a a little bit!!

    But thanks for all of the help so far!!


    Debbie

  8. #22
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by doubledee View Post
    But technically that is true of anything passed through a Form, right?
    Yes it is. Thats why you need to do your checks at your end.

    Quote Originally Posted by doubledee View Post
    Since I am just passing back a listing of all PM ID's to the same script so it knows which Messages need to be updated, and since the "pmID" is an Integer, then as long as I sanitize things by casting to an Integer, and using Prepared Statements - which is actually the only way I know how to do database stuff - then I assume that I will be okay from a security standpoint?!
    Yes. Just remember in your SQL where clause don't just do where pmid='<the PMs ID>' also do a members user id too so that they can only delete their own messages - eg:

    delete from messages where pmID='$pmID' and userID='$userID'

    That would mean that the user can only delete their own messages / mark as read etc. It'll be slightly different using prepared statements but that should give you an idea of what I'm saying.

    Also, not sure if you do this but you're best off constructing one long SQL statement EG:

    delete from messages where (pmID='52' or pmID='51' or pmID='50') and userId='$userID'

    That will let you do the entire thing in one SQL query rather than 30 or 40 seperate queries. To make it (very basic - you'll need to do your own checks)..
    PHP Code:
    foreach ($_POST['testArray'] as $Key => $Value)
       {
       
    $Array[] = "pmID='$Value'";
       }

    $IDs implode(' or '$Array); // "pmID='52' or pmID='51' or pmID='50'"

    $SQL "delete from messages where ($IDs) and userId='$userID'" 
    Again you'll need to change that for prepared statements but it should point you in the right direction.
    Last edited by tangoforce; 12-15-2012 at 10:50 PM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  9. #23
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,071
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Sorry, I had something come up and need to run out.


    Quote Originally Posted by tangoforce View Post
    Yes. Just remember in your SQL where clause don't just do where pmid='<the PMs ID>' also do a members user id too so that they can only delete their own messages - eg:

    delete from messages where pmID='$pmID' and userID='$userID'
    Yeah, I currently do that.



    Also, not sure if you do this but you're best off constructing one long SQL statement EG:

    delete from messages where (pmID='52' or pmID='51' or pmID='50') and userId='$userID'

    That will let you do the entire thing in one SQL query rather than 30 or 40 seperate queries. To make it (very basic - you'll need to do your own checks)...

    PHP Code:
    foreach ($_POST['testArray'] as $Key => $Value)
       {
       
    $Array[] = "pmID='$Value'";
       }

    $IDs implode(' or '$Array); // "pmID='52' or pmID='51' or pmID='50'"

    $SQL "delete from messages where ($IDs) and userId='$userID'" 
    Again you'll need to change that for prepared statements but it should point you in the right direction.
    Well, on that one I want to keep what I have because I am unit testing, and unless there is a *major* issue, no more code changes are allowed!!

    Here is what I currently have...
    PHP Code:
        // ************************
        // Mark Delete as Purge.    *
        // ************************
        
    foreach($_POST['msgArray'] as $msgID => $msgValue){


            
    // **************************
            // Determine Message Type.    *
            // **************************

            // Build query.
            
    $q15 "SELECT member_id,...

                    WHERE pm.id =?
                    LIMIT 1"
    ;


            
    // Check # of Records Returned.
            
    if (mysqli_stmt_num_rows($stmt15)==1){
                
    // Message Found.


                // Incoming Message.
                
    $q16 "UPDATE private_msg

                    WHERE member_id=?
                    AND message_id=?
                    LIMIT 1"


    So since I got side-tracked, and won't have a chance to soak in all of your great advice right now, I'm not entirely clear what to do with the Implode/Explode.

    However, I do know this...

    Just like above, I need a way to look through the listing of all Messages in the $_POST results set, and run an UPDATE query on each one. (I'm not sure if your suggestions will let me do that??)

    I like your suggestion of "do it in all one query", but if I keep improving my code, I won't be done with this latest release until 2015!!!!!!!!!

    Let's hope that we talked about enough of my coding issues that I can piece together a solution later tonight or tomorrow?!

    Thanks,


    Debbie

  10. #24
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    I know you're concerned at the speed of development but I urge you to reconsider doing your updates in one SQL statement. Why?.. Personal experience.

    When I first got into PHP / Mysql years ago I wrote the biggest and best code for my site.. but I couldn't figure out why certain pages were so frustratingly slow compared to others. I put it down to my computer (which was running the wamp setup) not being up to the job. Only when I turned on mysqls query log did I realise why it was so slow. Some pages had 200 queries running and it was grinding down the mysql server. I certainly learned a lot about sql optimization that week! That was for one user - me. Imagine that multiplied by a few thousand users and it will crash even the most powerful servers.

    As for the suggestions, yes all of the suggestions put forward will allow you to do what you want. You'll need to make them fit in with your code so to speak.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  11. #25
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,071
    Thanks
    26
    Thanked 0 Times in 0 Posts
    After sleeping on things, it seems that we are all going about things the difficult way to my original problem. (Yet to be completely confirmed.)

    How so?

    Well, my end goal is that when the user clicks on the Top Check-box, and chooses an action and "Go", that *all* Messages get updated.

    We have all been looking at how to pass an entire Array holding all of the Messages back to my script so it knows what to update.

    But this morning, I came to this conclusion...

    Why not just identify when the user checks the Top Check-box and submits the Form? If that condition is "TRUE" - which is very easy to identify - THEN I can run a SELECT query on my "Inbox", and use that results-set on my UPDATE query.

    In other words, instead of running a SELECT query that identifies all of the Messages that need to be updated, and then trying to figure out how to pass that entire list back to the same script, why not take the easier path of just returning a simple Yes/No flag back to the script, [b]and then run the SELECT query?![b]
    Just my thoughts...



    Debbie

  12. #26
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,071
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    I know you're concerned at the speed of development but I urge you to reconsider doing your updates in one SQL statement. Why?.. Personal experience.

    When I first got into PHP / Mysql years ago I wrote the biggest and best code for my site.. but I couldn't figure out why certain pages were so frustratingly slow compared to others. I put it down to my computer (which was running the wamp setup) not being up to the job. Only when I turned on mysqls query log did I realise why it was so slow. Some pages had 200 queries running and it was grinding down the mysql server. I certainly learned a lot about sql optimization that week! That was for one user - me. Imagine that multiplied by a few thousand users and it will crash even the most powerful servers.
    Okay, Tango, based on my last post - and the need to "break" my code AGAIN to make it run better, I might as well at least take a peak into what you are suggesting?!

    If I revert back to my original code which built my Inbox based on the results-set from my SELECT query - and not use an Array - then I have this code in my HTML section...
    PHP Code:
        // Loop through Messages.
        
    while (mysqli_stmt_fetch($stmt6)){
            echo 
    "<tr" . (is_null($readOn) ? " class='pmRead'" "") . ">
                    <td class='colSelect'>
                        <input id='" 
                            
    str2htmlentities($pmID)
                            . 
    "' name=msgArray["
                            
    str2htmlentities($pmID)
                            . 
    "] type='checkbox' value='TRUE' />
                    </td>
                    <td class='colFlag'>"
                        
    . (($flag==TRUE) ? '<img src="/images/Flag.png" width="15" alt="" />' '•') .
                    
    "</td>
                    <td>"    
    str2htmlentities($fromUsername) . "</td>
                    <td><a class='msgLink' href='/account/view-pm/incoming/"
                        
    str2htmlentities($pmID)
                        . 
    "'>" 
                        
    str2htmlentities($subject)
                        . 
    "</a></td>
                    <td>" 
                        
    str2htmlentities($sentOn)
                        . 
    "</td>\n
                </tr>\n"
    ;
        } 

    If I select 2 Messages in my Inbox, choose "Mark as Unread" and then press "Go", I get these results in my msgArray[] array...
    Code:
    msgArray[6] = TRUE
    msgArray[5] = TRUE

    In the past, I would update Messages using this code...
    PHP Code:
        foreach($_POST['msgArray'] as $msgID => $msgValue){
            
    // Build query.
            
    $q1 "UPDATE private_msg_recipient
                    SET read_on=NULL,
                        updated_on=NOW()
                    WHERE member_id_to=?
                    AND message_id=?
                    LIMIT 1"
    ;

            
    // Prepare statement.
            
    $stmt1 mysqli_prepare($dbc$q1);

            
    // Bind variables to query.
            
    mysqli_stmt_bind_param($stmt1'ii'$sessMemberID$msgID);

            
    // Execute query.
            
    mysqli_stmt_execute($stmt1);

            
    // Verify Update.
            
    if (mysqli_stmt_affected_rows($stmt1)==1){
                
    // Update Succeeded.
                
    $redirectView 'incoming';

            }else{
                
    // Update Failed.

            


    Sorry if you guys already told me how to do this, but how would I take all of the values in my msgArray - which comes from my Form - and convert it into a format so I could do just ONE UPDATE query, versus enumerating through each Array value, and running a separate UPDATE query?


    Also, I am curious what everyone thinks about the change I mentioned in my last PM?

    (In retrospect, it seems silly to run a query to populate my Inbox initially, them copy all of that data into an Array, then convert it to a format that can be passed in my $_POST array, and then convert it again, and then use it in my UPDATE query?! It would be much to just pass a "Checked"/"Not-Checked" value when the FOrm gets submitted...)

    Thanks,


    Debbie

  13. #27
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,071
    Thanks
    26
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    Actually I'm going to support this over my serialize suggestion as it would be easier and simpler to implode an array into a string for the form and then explode it into an array for processing.

    The only slight risk is that someone could modify it before transmission whereas with a serialized array string it's not as easy to understand from the laymans POV.
    So maybe the idea I came up with this morning is even better yet? (If I just pass whether the User checked the "selectAll" cehck-box, that is *much* more secure as far as protecting against hackers, right?


    Also Deb, remember in your SQL to use "where user = '<users id>'" along with your where / id clause otherwise a malicious user could supply their own message IDs and wipe out another users inbox.
    I am doing that already, and I agree.


    Debbie

  14. #28
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    If your page displays ALL messages at once, rather than being paginated, then you could, as you suggest, just pass a yes/no value and execute a query against all the users messages in the database. But if they only check a selection of the messages then you still need to pass this information - that is, which messages were checked - to the other page, using the methods previously discussed.

    If the messages are paginated then, assuming they check ALL, you would need the actioning page to be aware of which page they are currently on. That is, to be able to identify which page/group of messages need to be actioned. Or, again, pass the (full) list of current message-ids to the page.

    But I'm not fully aware of your set up so the above information may not prove entirely relevant to your site.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  15. #29
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Warning: Before implementing this code into yours, please make a backup of the file as this code is untested.

    Well this is how I would build your query:
    PHP Code:
    $Types 'i'// 'i' for $sessMemberID
    $Count 0;

    foreach(
    $_POST['msgArray'] as $msgID => $msgValue){
       
    $Count += 1;
       
    $Types .= 'i'// 'i' for each item in where clause
       
    $IDs[] = "message_id=?";
    }

    $MessageIDs implode(' or '$IDs);

    // Build query.
    $q1 "UPDATE private_msg_recipient SET read_on=NULL, updated_on=NOW() WHERE member_id_to=? AND ($MessageIDs) LIMIT $Count";
    //UPDATE private_msg_recipient SET read_on=NULL, updated_on=NOW() WHERE member_id_to=? AND (message_id=? or message_id=? or message_id=?) LIMIT 3 
    Now please bear in mind I still don't use mysqli or prepared statements (Fou-Lu keeps dropping subtle hints my way but I've managed to get away with normal mysql for years ) so I'm unsure how you bind the parameters here using a dynamic query like this.

    I did however find this on php.net which may help: http://php.net/manual/en/mysqli-stmt.bind-param.php

    When dealing with a dynamic number of field values while preparing a statement I find this class useful.
    PHP Code:
    <?php
    class BindParam{
        private 
    $values = array(), $types '';
       
        public function 
    add$type, &$value ){
            
    $this->values[] = $value;
            
    $this->types .= $type;
        }
       
        public function 
    get(){
            return 
    array_merge(array($this->types), $this->values);
        }
    }
    ?>
    Usage is pretty simple. Create an instance and use the add method to populate. When you're ready to execute simply use the get method.
    PHP Code:
    <?php
    $bindParam 
    = new BindParam();
    $qArray = array();

    $use_part_1 1;
    $use_part_2 1;
    $use_part_3 1;

    $query 'SELECT * FROM users WHERE ';
    if(
    $use_part_1){
        
    $qArray[] = 'hair_color = ?';
        
    $bindParam->add('s''red');
    }
    if(
    $use_part_2){
        
    $qArray[] = 'age = ?';
        
    $bindParam->add('i'25);
    }
    if(
    $use_part_3){
        
    $qArray[] = 'balance = ?';
        
    $bindParam->add('d'50.00);
    }

    $query .= implode(' OR '$qArray);

    //call_user_func_array( array($stm, 'bind_param'), $bindParam->get());

    echo $query '<br/>';
    var_dump($bindParam->get());
    ?>
    This gets you the result that looks something like this:

    SELECT * FROM users WHERE hair_color = ? OR age = ? OR balance = ?
    array(4) { [0]=> string(3) "sid" [1]=> string(3) "red" [2]=> int(25) [3]=> float(50) }
    Red text no longer applies but left in for the sake of continuity.

    Now in theory, you could do this in your code but I gave it a try and had nothing but pass by reference errors thanks to php changing the parameters in call_user_func_array() - before php 5.3.0 it would pass it's parameters as references but now it passes as values instead which is a pain for mysqli_stmt_bind_param() which wants everything passed as references ruling out the above code. You could however use mysqli_query() though. I've spent over 2 hours chasing my tail on the reference thing so I've not had chance to test that but it should work in a similar way to mysql_query().

    Edit: In theory to get around the pass by reference thing, you could probably run mysqli_stmt_bind_param() as a string with it's parameters through eval(). It's a very dirty hack but I did it once in some code somewhere in spectacular style.. worked perfectly. I just can't remember how, where or when

    Fou-Lu, if you're out there I think this reference thing is up your street for solving.
    Last edited by tangoforce; 12-17-2012 at 03:00 AM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  16. #30
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Ok, ignore the incoherent mumblings about passing by reference... I've found a hack

    This should be about right (it's late you might need to make minor adjustments but I've run tons of experiments and stuff before putting this together):
    PHP Code:
    class BindParam{
        private 
    $values = array(), $types '';
       
        public function 
    add($type$value ){
            
    $this->values[] = $value;
            
    $this->types .= $type;
        }
       
        public function 
    get(){
            
    $Result array_merge(array($this->types), $this->values);
            
            
    //Hack for dealing with pass by reference crap
            
    foreach($Result as $Key => &$Value)
                {
                
    $Refs[$Key] = &$Value
                }
                
            return 
    $Refs;
        }
    }

    $bindParam = new BindParam();

    //First parameter is member_id from session
    $bindParam->add('i'$sessMemberID);

    foreach(
    $_POST['msgArray'] as $msgID => $msgValue){
       
    $Count += 1;
       
    $bindParam->add('i'$msgID);
       
    $IDs[] = "message_id=?";
    }

    $MessageIDs implode(' or '$IDs);

    // Build query.
    $q1 "UPDATE private_msg_recipient SET read_on=NULL, updated_on=NOW() WHERE member_id_to=? AND ($MessageIDs) LIMIT $Count";
    //UPDATE private_msg_recipient SET read_on=NULL, updated_on=NOW() WHERE member_id_to=? AND (message_id=? or message_id=? or message_id=?) LIMIT 3  

    // Prepare statement.
    $stmt1 mysqli_prepare($dbc$q1);

    // Bind variables to query.
    call_user_func_array(array($stmt1'bind_param'), $bindParam->get()); 

    // Execute query.
    mysqli_stmt_execute($stmt1);

    // Verify Update.
    if (mysqli_stmt_affected_rows($stmt1)==1){
       
    // Update Succeeded.
       
    $redirectView 'incoming';

    }else{
       
    // Update Failed.


    Good night, god bless and Merry Christmas
    Last edited by tangoforce; 12-17-2012 at 03:03 AM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


 
Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •