Multi checkbox array issue

[Phpfr3ak]

Hey basically i'm working on a multi checkbox way to delete messages stored in "crew_messages", i'm getting the error message "Unknown column 'Array' in 'where clause'" from the following code and i'm unsure as to why

 

if (isset($_POST["submit2"]) == "DELETE SELECTED") {
for($i=0;$i<count($_POST["chkColor"]);$i++)  
{  
if(trim($_POST["chkColor"][$i]) != "")  
{  
$rawr = $_POST['chkColor']; 
$sql = "DELETE FROM crew_messages WHERE id = $rawr"; 
mysql_query($sql) or die(mysql_error());
}  
}  }  

 

 

the check box itself

 

<input type="checkbox" name="chkColor[]" value="27">

 

any clues? cheers

[scootstah]

You make a for loop but you aren't accessing each index, you just refer to the entire array again.

 

Try something like this:

$checks = $_POST['chkColor'];

$where = '';
foreach($checks as $check)
{
$where .= 'id = "' . $check . '" OR ';
}

$where = rtrim($where, ' OR ');

if (!empty($where)) {
mysql_query("DELETE FROM crew_messages WHERE " . $where);
}

[Psycho]

There's no need to run individual queries to delete each record and including many OR's is inefficient as well.. A better option is to use an IN clause. Plus you need some logic to prevent SQL injection.

 

if (isset($_POST["submit2"]) && $_POST["submit2"] == "DELETE SELECTED")
{
    //Force POST values to be INTs
    $deleteIDs_ary = array_map('intval', $_POST['chkColor']);
    //Remove any 'false' value
    $deleteIDs_ary = array_filter($delete_ids);

    //Check that there was at least one valid value
    if(count($deleteIDs_ary))
    {
        //Create comma separated string of the IDs
        $deleteIDs_str = implode(',', $deleteIDs_ary);
        //Create and run one query to perform all the deletes
        $query = "DELETE FROM crew_messages WHERE id IN ()";
        if(mysql_query($query))
        {
            echo "Records deleted successfully";
        }
        else
        {
            echo "There was a problem running the query.<br>" . mysql_error();
        }
    }
    else
    {
        echo "Invalid ID data passed.";
    }
} 

[Phpfr3ak]

Hi, it worked what you coded up, thanks i now have a much better understanding of it, only issue is with it being messages a user can then delete someone elses messages, im getting an error saying that its not there message to delete and i dont see why, any clues?

 

 

if (isset($_POST["submit"]) == "DELETE SELECTED") {
$checks = $_POST['chkMsg'];
$where = '';
foreach($checks as $check)
{
$where .= 'id = "' . $check . '" OR ';
}
$where = rtrim($where, ' OR ');
$sql = "SELECT * FROM messages WHERE id = $where";
$que = mysql_query($sql) or die(mysql_error());
$result = mysql_fetch_array($que);
$name = $_SESSION['name'];
$delname = strtolower($result['to_name']);
$pname = strtolower($name);
if($delname != $pname){
echo "This is not your message.";
exit;
}else{
}
if (!empty($where)) {
mysql_query("DELETE FROM messages WHERE " . $where);
} 
}

[Psycho]

Again, no need to create a bunch of OR conditions (which I assume you are doing because it looks like you are using the code scootstah posted. Also, stop using '*' in your SELECTs if you don't need all the fields. It just wastes server resources.

 

Anyway, there is a slight problem with what you want to do here. What if some of the messages belong to the user and some do not? Do, you want to allow the ones that do to be deleted or do you want to prevent the delete operation entirely? Both have a fairly simple soluttion - but would be implemented differently.

[Phpfr3ak]

Ahh sorry, yea, wasnt aware that * used alot more resources, will take that on board for future reference for sure, and yea i want it to not allow messages to be deleted that don't belong to that user, its a player message system.

[Psycho]

... and yea i want it to not allow messages to be deleted that don't belong to that user, ...

 

OK, then you don't need to do a query beforehand. Simple add a WHERE cause to the DELETE query so only his records will be deleted. Then you can provide a message if some of them were not deleted because he was not the owner of the messages.

 

if (isset($_POST["submit2"]) && $_POST["submit2"] == "DELETE SELECTED")
{
    //Force POST values to be INTs
    $deleteIDs_ary = array_map('intval', $_POST['chkColor']);
    //Remove any 'false' value
    $deleteIDs_ary = array_filter($delete_ids);

    //Check that there was at least one valid value
    if(count($deleteIDs_ary))
    {
        //Create comma separated string of the IDs
        $deleteIDs_str = implode(',', $deleteIDs_ary);
        $name = mysql_real_escape_string($_SESSION['name']);
        //Create and run one query to perform all the deletes (of the user)
        $query = "DELETE FROM crew_messages
                  WHERE id IN ($deleteIDs_str) AND to_name = '$name'";
        if(mysql_query($query))
        {
            $selectedCount = count($deleteIDs_ary);
            $deletedCount  = mysql_affected_rows();
            echo "{$deletedCount} of {$selectedCount} record(s) were successfully deleted.";
            if($deletedCount != $selectedCount)
            {
                echo " You do not have rights to the others.";
            }
        }
        else
        {
            echo "There was a problem running the query.<br>" . mysql_error();
        }
    }
    else
    {
        echo "Invalid ID data passed.";
    }
} 

 

[Phpfr3ak]

That looks good but getting an odd error message from it being;

 

Notice: Undefined variable: delete_ids in C:\Program Files\EasyPHP-5.3.3\www\public_html\inbox.php on line 13

 

Warning: array_filter() expects parameter 1 to be array, null given in C:\Program Files\EasyPHP-5.3.3\www\public_html\inbox.php on line 13

Invalid ID data passed.

 

line 13 is;

 

    //Remove any 'false' value

    $deleteIDs_ary = array_filter($delete_ids);

 

sorry i'm really new to the whole loop, checkbox thing

[scootstah]

I think it should be

$deleteIDs_ary = array_filter($deleteIDs_ary);

[Phpfr3ak]

Cheers, it worked! very much appreciate the help guys