CODEWITHSUNDEEP
phppdo
MGE
MGE

Reputation: 853

Updating via PDO and automatic function

I'm preparing my own function due to hurry the updates automatically.

I have that code:

$allowededitablefields = array('mail');
$userid = $_GET['uid'];
$query = 'UPDATE users SET ';
foreach ($_POST as $key => $value) {
    if(!in_array($key,$allowededitablefields)) {
    unset($_POST[$key]);
    }
else {
        $query .= $key.' = :'.$key.',';
   }
}
$query = substr($query, 0, -1);
$query .= ' WHERE id='.$userid;
$statement = $this->_db->prepare($query);
foreach ($_POST as $key => $value) {
    $statement->bindParam(':'.$key,$value);
}
$statement->execute();

If in $allowededitablefields array, I have only a value, it works properly, but if I push some values to the array, for example $allowededitablefields = array('mail','country',...); the fields in the table take the same values.

Upvotes: 0

Views: 46

Answers (1)

Gerald Schneider
Gerald Schneider

Reputation: 17797

$value holds the value of the last iteration when the foreach loop ends.

change the bindParam to this.

$statement->bindParam(':'.$key,$_POST[$key]);

This should work, but your approach is fundamentally flawed. It undermines the whole purpose of prepared statements.

Upvotes: 1

Related Questions