foreach?

**lukeurtnowski** · Jun 29, 2009, 13:15

I'm a little confused as to how foreach works...
I have a form where I select Images to delete via radio buttons (each image has an ID in the Photo database. So I want the foreach to loop through each radio button and delete any selected...
Heres the PHP

PHP Code:


foreach ($_POST['ID'] as $ID) {
$sql ="DELETE FROM Photo WHERE ID = '$ID'";

echo $sql;
mysql_query($sql) or die(mysql_error());
}

Whats wrong with my logic?
Thanks...

**AnthonySterling** · Jun 29, 2009, 13:20

Can you post a mock-up of your HTML form?

**lukeurtnowski** · Jun 29, 2009, 14:26

Ya, here are 2 screenshots..
The first is the form (in an email)
Notice how im trying to make it possible to delete each image..
The 2nd is the source of the two images to show you each radio button has an ID (for the Photo table)

**QMonkey** · Jun 29, 2009, 19:07

What does echo $sql; give you each time? Is that code doing anything at all?

Keep in mind the HTML radios (sounds like they should be checkboxes) need to have something like
name="ID[]"
for it to give you an array to loop through.

**lukeurtnowski** · Jun 29, 2009, 19:36

heres the code

PHP Code:


<?php
if (isset($_POST['delete_photos']))
{
foreach ($_POST['ID'] as $ID) {
$sql ="DELETE FROM Photo WHERE ID = '$ID'";

echo $sql;
mysql_query($sql) or die(mysql_error());
}
echo "<h1>Updated, photo deleted.</h1>";
} else {
echo "<h1>Not deleted.<h1>";
} 

?>

And heres the result (screenshot)

**funkdaddy** · Jun 30, 2009, 08:38

We'd really need to see the code of your HTML form. It should look something like this:

PHP Code:


<?php
if (isset($_POST['action'])) {
    foreach ($_POST['ID'] as $ID) {
        $sql ="DELETE FROM Photo WHERE ID = '$ID'";
        echo "<pre>$sql</pre>";
        //do your MySQL stuff here
    }
}

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
         <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Form Test</title>
    </head>
    <body>
        <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
            <table cellspacing="0">
                <caption>Items</caption>
                <thead>
                    <tr>
                        <th>Name</th>
                        <th>Delete?</th>
                    </tr>
                </thead>
                <tbody>
<?php
//populate the form
for ($i=0; $i<10; $i++) { 
    echo <<<EOM
                    <tr>
                        <td>Item $i</td>
                        <td><input type="checkbox" name="ID[]" value="$i" /></td>
                    </tr>
EOM;
}
?>
                </tbody>
            </table>
            <p><input type="submit" name="action" value="Show Values"/></p>
        </form>
    </body>
</html>

Though keep in mind your mysql statement is very insecure and susceptible to an injection attack.

**lukeurtnowski** · Jun 30, 2009, 22:48

thx, how do I secure it?

**Jake Arkinstall** · Jul 1, 2009, 11:23

PHP Code:


foreach ($_POST['ID'] as $ID) {
$sql ="DELETE FROM Photo WHERE ID = '$ID'";

echo $sql;
mysql_query($sql) or die(mysql_error());
}

is inefficient because it queries once for EACH item. A single query could accomplish this.

As your input should be an integer (I'm assuming, being an ID), cast it to an integer to stop attacks.

The following is more efficient and is much more secure:

PHP Code:


$IDs = array();
foreach ($_POST['ID'] as $ID) {
    $IDs[] = (int)$ID;
}
if(count($IDs) > 0){
    $sql = 'DELETE FROM Photo WHERE ID IN (' . implode(', ', $IDs) . ')';
    mysql_query($sql) or die(mysql_error());
}

**lukeurtnowski** · Jul 16, 2009, 17:49

I selected an image (with an ID of 3) and tried to delete iy, but I got an error (screenshot)
Heres my html of that php page

PHP Code:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org\tR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>HoustonASP: Delete providers photos</title>
<?php include("db_conn_open.php"); ?>
</head>
<BODY>
<?php
print('<pre>');
print_r($_POST);
print('</pre>');


if (isset($_POST['delete_photos']))
{
$IDs = array();
foreach ($_POST['ID'] as $ID) {
    $IDs[] = (int)$ID;
    }
    if(count($IDs) > 0){
    $sql = 'DELETE FROM Photo WHERE ID IN (' . implode(', ', $IDs) . ')';
    mysql_query($sql) or die(mysql_error());
    }
echo "<h1>Updated, photo deleted.</h1>";
} else {
echo "<h1>Not deleted.<h1>";
} 
?>
<form>
<input type=button value="Close" onClick="javascript:window.close();">
</form>
</body>
</html>

**AnthonySterling** · Jul 16, 2009, 23:40

Your SQL is malformed.

PHP Code:


$sql = sprintf(
    "DELETE FROM photo WHERE id IN ('%s')",
    implode(', ', $IDs)
);

**lukeurtnowski** · Jul 17, 2009, 15:46

Heres the updated php page

HTML Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org\tR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>HoustonASP: Delete providers photos</title>
<?php include("db_conn_open.php"); ?>
</head>
<BODY>
<?php
print('<pre>');
print_r($_POST);
print('</pre>');


if (isset($_POST['delete_photos']))
{
$IDs = array();
foreach ($_POST['ID'] as $ID) {
    $IDs[] = (int)$ID;
    }
    if(count($IDs) > 0){
$sql = sprintf(
    "DELETE FROM photo WHERE id IN ('%s')", implode(', ', $IDs) ); 
    mysql_query($sql) or die(mysql_error());
    }
echo "<h1>Updated, photo deleted.</h1>";
} else {
echo "<h1>Not deleted.<h1>";
} 
?>
<form>
<input type=button value="Close" onClick="javascript:window.close();">
</form>
</body>
</html>

**AnthonySterling** · Jul 17, 2009, 15:52

...and does it work?

If not, what happens, or doesn't?

Ta.

**lukeurtnowski** · Jul 17, 2009, 16:12

no, I get a warning though (screenshot)
Thanks...
Do you know what it means??

Warning: Invalid argument supplied for foreach() in /home/houst33/public_html/php/update_table_photo.php on line 17

**AnthonySterling** · Jul 17, 2009, 16:14

Sure, can you post the form which submits the data?

**cranial-bore** · Jul 17, 2009, 16:17

It's better to post error messages and debugging info (i.e what you go from print_r($_POST)) rather than screenshots. Screenshots have to be approved and aren't visible immediately.
It seems $_POST['ID'] is not an array. Did you use <input type="checkbox" name="ID[]"> in your markup?

**lukeurtnowski** · Jul 17, 2009, 16:21

ok, when I did

PHP Code:


print('<pre>');
print_r($_POST);
print('</pre>');

I got,
Array
(
[ID] => 4
[delete_photos] =>
[submit] => Delete Photos
)

**AnthonySterling** · Jul 17, 2009, 16:29

Ah, as cranial-bore correctly stated, $_POST['ID'] is not an array and therefore cannot be iterated over with foreach.

Can you post the form that submits the data to this script? Are you expecting more than one ID?