Explode Function not working

Question

I want to add the username that select an item to my db . for example if three users selected that item i want it to be like user1,user2,user3 .. im getting the different users to go into db but i cant get the comma to separate .. im using explode but still not working properly

<?php

session_start();
$date = date("Y-m-d H:i:s");

include("php/connect.php");

if (isset($_SESSION['username'])){

           $query1 = mysql_query("SELECT * FROM user WHERE username='$username'");

    $username = $_SESSION['username'];

    $submit = $_POST["submit"];
    $tests = $_POST["test"];

    // If the user submitted the form.
    // Do the updating on the database.
    if (!empty($submit))
    {
        if (count($tests) > 0)
        {
            foreach ($tests as $test_id => $test_value)
            {
                switch ($test_value)
                {

                    case 1:
                        mysql_query("UPDATE test SET win = win + 1 WHERE id = '$test_id'");
                        mysql_query("UPDATE test SET date = '$date'  WHERE id = '$test_id'");
                        $username = explode(",", $username);
                        $cnt = count($username);
                        $slice = array_slice($username, 0,10);
                        mysql_query("UPDATE test SET users = CONCAT(users, '$username')  WHERE id = '$test_id'");
                    break;

                    case 'X':
                        mysql_query("UPDATE test SET draw = draw + 1 WHERE id = '$test_id'");
                        mysql_query("UPDATE test SET date = '$date'  WHERE id = '$test_id'");
                    break;

                    case 2:
                        mysql_query("UPDATE test SET lose = lose + 1 WHERE id = '$test_id'");
                        mysql_query("UPDATE test SET date = '$date'  WHERE id = '$test_id'");
                    break;

                    default:
                        // DO NO THING.
                }
            }
        }

    }



    // Whenever this wiil be fetched it will be updated.
    $query = "SELECT * FROM test ORDER BY `id` ASC LIMIT 3";
    $result = mysql_query($query);

    echo "<h2>Seria A</h2><hr/>
    <br/>Welcome, ".$username."! <a href='php/logout.php'><b>LogOut</b></a><br/>";

    while($row = mysql_fetch_array($result)){

        $id = $row['id'];
        $home = $row['home'];
        $away = $row['away'];
        $win = $row['win'];
        $draw = $row['draw'];
        $lose = $row['lose'];


        echo "<br/>",$id,") " ,$home, " - ", $away;

        echo "

        <form action='seria.php' method='post'>

        <select name='test[$id]'>        
            <option value=\"\">Parashiko</option>
            <option value='1'>1</option>
            <option value='X'>X</option>
            <option value='2'>2</option>
       </select>

       <input type='submit' name='submit' value='Submit'/>

        <br/>

        </form><br/>";        

        echo "Totali ", $sum = $win+$lose+$draw, "<br/><hr/>"; 

    } 

    }else{

        $error = "<div id='hello'>Duhet te besh Log In qe te vendosesh parashikime ndeshjesh<br/><a href='php/login.php'>Kycu Ketu</a></div>";

    }

 ?>

score 2 · Accepted Answer · edited May 23 '17 at 12:21

2

EDIT

Ok, this should work for you....Iv also cleaned up some of your multiple executing queries...

This retrieves the test row, gets the usernames, attaches the current username to the list, and re-inserts....

case 1:
   $sql = mysql_query("SELECT * FROM test WHERE id = '$test_id'");
   $users = mysql_fetch_row($sql);
   $usernames = $users['users'].",".$username;
   mysql_query("UPDATE test SET users = '$usernames', win = win + 1, date = '$date' WHERE id = '$test_id'"); 
   break;

case 'X':
mysql_query("UPDATE test SET date = '$date', draw = draw + 1 WHERE id = '$test_id'");
break;

case 2:
mysql_query("UPDATE test SET date = '$date', lose = lose + 1 WHERE id = '$test_id'");
break;

default:

Just insert this into your switch statement

Also...for security purposes you will wanna escape the user entered data...

$submit = mysql_real_escape_string($_POST["submit"]);
$tests = mysql_real_escape_string($_POST["test"]);

Or better yet, switch to using mysqli_* or PDO, as mysql is deprecated and will soon be removed from PHP altogether.

edited May 23 '17 at 12:21

Community

1
1

answered Jun 17 '13 at 04:31

Kylie

11,421
11
47
78

Also it doesn't look like youre doing anything with $query1, what is its purpose? – Kylie Jun 17 '13 at 04:47
I figured you were checking against database for user....if thats the case...then that needs to change as well – Kylie Jun 17 '13 at 04:47
___sql injection___ ___sql injection___ – NullPoiиteя Jun 17 '13 at 04:53
@NullPointer Im not here to completely revamp his system to mysqli or PDO....Im just helping him on a problem, the $username comes from SESSION anyways, and Im assuming he sanitized the user data when it was entered into the database in the first place.... – Kylie Jun 17 '13 at 05:01
even why not mysql_real_escape_String ? i am not telling that about api :) – NullPoiиteя Jun 17 '13 at 05:02

Andre · Answer 2 · 2013-06-17T04:47:27.547

0

I am not sure what username is when you get it.

If $username is an ARRAY before you do this line: $username = explode(",", $username); then you should do $username = implode(",",$username);

so if it is somthing like this:

INPUT: $username = array('fred','frank','jill');

$username = implode(",",$username);

OUTPUT: fred,frank,jill

edited Jun 17 '13 at 04:47

answered Jun 17 '13 at 04:28

Andre

2,449
25
24

1

what would be the point imploding to explode?? – Jun 17 '13 at 04:29
___sql injection___ ___sql injection___ – NullPoiиteя Jun 17 '13 at 04:54

Explode Function not working

2 Answers2