looping through a $_POST variable

I am trying to loop through a $_POST variable. It comes from a text
area and it will have data like many email address or just one listed
with a space or on a new line. I can't seam to get the data to extract
properly. I have tried this below

$array = explode(' ', $_POST['emails']);
foreach ($array as $value) {
$sql = "SELECT id FROM contacts where emailaddress = '$value' AND
members_id = '$memberid'";
$sql_result=safe_query($sql);
while ($row=mysql_fetch_array($sql_result)){
$id = $row["id"];
$sql1="UPDATE contacts SET emailstatus ='Unsubscribed' WHERE id = '$id'";
safe_query($sql1);
}}

I am trying to get one email at a time and run it through the loop and
process it but if I have more than one email in the text area it gives
me nothing and does not run

//see what you have.
//maybe it's not hat you think var_dump($_POST['emails']);

//you should probably validate the emails using:

http://php.net/imap_rfc822_parse_adrlist
$value_sql = mysql_real_escape_string($value);

Use '$value_sql' here.

And I dunno where $memberid came from, but maybe it should be escaped as well.

I'm not sure what "safe_query" is doing, and maybe you think it can
escape the data you embedded into the SQL, but I don't see how you can
do that... Sort of a Humpty-Dumpty problem...

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

When I do a var_dump($_POST['emails']); it has all the emails in it
string(65) "rkurth@centurytel.net ckurth@centurytel.net
tkurth@centurytel.net"
I will validate the emails after I get the loop to work
$memberid comes from a part of the script I did not show you $memberid
=$_POST["members_id"];
safe_query is a function that I call that does query stuff

function safe_query ($query = ""){
include ("dataconf.inc.php");
dbconnect($dbname,$rootusername,$rootpassword,$roo thostname);
global $query_debug;

if (empty($query)) { return FALSE; }

if (!empty($query_debug)) { print "<pre>$query</pre>\n"; }

$result = mysql_query($query)
or die("Query Failed: "
."<li>errorno=".mysql_errno(). "<br>"
."<li>error=".mysql_error(). "<br><br>"
."<li>query=".$query
);
return $result;
}

You might want to check the loop alone and check each value of $value:

$array = explode(' ', $_POST['emails']);
foreach($array as $value) {
print "'$value'<br>";
}

if it works that way, at least you narrow down the possibilities of
weirdness.

Okay.

Now var_dump($array) and see what it has.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

looks like that is my problem it is not separating the emails
string(67) "rkurth@centurytel.net ckurth@centurytel.net
tkurth@centurytel.net"
array(1) { [0]=> string(67) "rkurth@centurytel.net ckurth@centurytel.net
tkurth@centurytel.net" }

$array = explode(' ', $_POST['emails']);
what should I use for spaces or next line to separate them

You should use whatever is actually BETWEEN the emails, which could be
anything...

See the thread about Tedd's bazaar (sic) problem and use the technique
there to see what you are actually getting.

You may even need to resort to a split instead of explode if newlines,
spaces, and carriage-returns are all possible inputs from the end
users...

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

Hi.

Then this simple regex should do you; just use it instead of explode:

$AddressList = preg_split('/\s+/', $_POST['emails']);

An better idea might be to do that INSIDE the loop (the following assumes
your $memberid is a number, adjust to suit if this is not the case):

foreach ($AddressList as $emailaddress) {
// Escape the data before letting it near the db
$SAFE_emailaddress = mysql_real_escape_string($emailaddress);
$SAFE_memberid = intval($_POST["members_id"]);
// Build the query
$sql = "SELECT id
FROM contact
WHERE emailaddress = '$SAFE_emailaddress'
AND members_id = '$SAFE_memberid'";
// etc. etc. }

That is a *terrible* name for that function, as it does nothing at all to
make the query safe. You might consider renaming it to run_query or
something. Remember, other people may have to make sense of your code one
day.

Hope this helps,

Mark

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode test 33Switch to Hybrid Mode Switch to Threaded Mode

2 4th November 09:54 richardkurth External User Posts: 1	looping through a $_POST variable I am trying to get one email at a time and run it through the loop and process it but if I have more than one email in the text area it gives me nothing and does not run

5 4th November 09:56 daneane External User Posts: 1	looping through a $_POST variable You might want to check the loop alone and check each value of $value: $array = explode(' ', $_POST['emails']); foreach($array as $value) { print "'$value'<br>"; } if it works that way, at least you narrow down the possibilities of weirdness.

6 4th November 09:57 ceo External User Posts: 1	looping through a $_POST variable Okay. Now var_dump($array) and see what it has. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So?

7 4th November 09:58 richardkurth External User Posts: 1	looping through a $_POST variable looks like that is my problem it is not separating the emails string(67) "rkurth@centurytel.net ckurth@centurytel.net tkurth@centurytel.net" array(1) { [0]=> string(67) "rkurth@centurytel.net ckurth@centurytel.net tkurth@centurytel.net" } $array = explode(' ', $_POST['emails']); what should I use for spaces or next line to separate them