0

I am doing a query as follows

select id, prefix, fname, lname, suffix, city, state, zip, bio, votes from stateChair_nominees where id=$candidate_id

My candidate id is equal to the post method.

$candidate_id = $_POST;

I keep getting this error..

select id, prefix, fname, lname, suffix, city, state, zip, bio, votes from stateChair_nominees where id=Array" Invalid query1Unknown column 'Array' in 'where clause

I am getting the invalid query1 error because it goes to that on a die

$result_candidate = mysql_query($sql_candidate, $link) or die("Invalid query1". mysql_error());

Why is my id saying equal to array?

where id=Array"

I want my sql statement to be equal to each id upon the vote. How do I get my query to do this?

Thanks :)

Improve this question
1
  • If you wonder why it writes array try this: $a=array(); echo "\$a = $a";
    – Cem Kalyoncu
    Commented Aug 11, 2011 at 16:52

2 Answers 2

Reset to default
3

$_POST is an array of all values passed via POST. If you're submitting a form containing an input element with name 'id', like this,

`<input name="id" value="Your_ID_Here" />`

you would use $_POST['id'].

Also, your query is vulnerable to SQL injection. Escape with that value with mysql_real_escape_string() or use prepared statements (mysqli or PDO).

Improve this answer
2
  • So if I wanted to do keys say 1, 2, and 3 how would the $_POST look? $_POST[1] How would I put the other id's in there?
    – wowzuzz
    Commented Aug 11, 2011 at 16:51
  • 1
    $_POST is an associative array. It has strings as keys. The array keys will be the name properties you gave to the form elements.
    – Hammerite
    Commented Aug 11, 2011 at 16:56
0

$_POST is an array containing the entire form as received in the request. It might help you to view 

print_r($_POST);

You will want to reference the actual form variable name, for example:

$candidate_id = $_POST['id'];

If you are expecting an array of id's, your sql will need to use the IN clause and implode the id array.

$candidate_ids = $_POST['id'];

/* escape $candidate_ids here, you can use array_walk for this */

$sql = 'select ... where candidate_id in (' . implode(',', $candidate_ids) . ')';

Make sure you are properly escaping your dynamic sql as well.

Improve this answer
2
  • What if the name element on the form is equal to a variable? For instance..my checkbox is equal to a variable that is equal to a certain row in my database. basically $candidate is equal to either 1,2 or 3 or 4..so on. So if I don't have a name to reference on my $candidate_id = $_POST[1]; Then how do I pull all those id's into my logic?
    – wowzuzz
    Commented Aug 11, 2011 at 17:09
  • print "<td width=\"4\" valign=\"top\"><input type=\"checkbox\" name=$candidate id=\"candidate\" value=$id></td>"; Thats the button on my other form.
    – wowzuzz
    Commented Aug 11, 2011 at 17:13

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.