A question from Askville:
The code below only seems to delete one record, and does not work when trying to do an array delete.. What the heck is wrong with the code?
// ===QueryString===
// delete.php?q=169|170|171|
$arr = explode('|', $q);
for ($i = 0; $i < count($arr); $i++) {
$query .= "DELETE FROM aCar WHERE aID = '".$arr[i]."'";
$result =mysql_query($query);
}
Let’s start by reading the documentation:
Description
resource mysql_query ( string $query [, resource $link_identifier ] )
mysql_query() sends an unique query (multiple queries are not supported) to the currently active database on the server that’s associated with the specified link_identifier .
Note the “multiple queries are not supported” bit.
In addition, even if mysql_query() did support multiple queries, sending multiple queries when a single one would do just fine is a bad idea because of the per-query overhead. So you should consider something along these lines:
$arr = explode('|', $_GET['q']);
foreach ($arr as $key=>$value) {
if (!is_numeric($value)) {
unset($arr[$key]);
}
}
$query = "DELETE FROM aCar WHERE aID IN ('" .
implode("', '", $arr) . "')";
$result = mysql_query($query);
Note the use of $_GET[‘q’] instead of $q (read up on register_globals) and the foreach() loop checking members of $arr for being numeric. The latter is necessary to prevent deletion of all records by a malicious user running delete.php?q=%.