remove part of a string using PHP

Question

i have this PHP Code:

$sql="SELECT * from project_gallery where sequence = '".$_POST["project_sequence"]."' ";
    $rs=mysql_query($sql,$conn);
    $project=mysql_fetch_array($rs);

    $images = explode(',',$project['images']);

    $images = "," . $images . ","; // add comma to beginning and end of list

    foreach ($images_to_delete as $image_to_delete)
    {
        str_replace("," . $image_to_delete . ",", ","); // e.g. replaces ",image1.jpg," with ","
    }

    $images = substr($images, 1, -1); // remove comma from beginning and end

    echo $images;

i want to be able to remove the selected (in the previous HTML Form) part of a string from a cell in my MySQL Table.

in my table my image filenames are stored like:

[image1.jpg],[image2.jpg],[image3.jpg],[image4.jpg] etc...

so if the checkbox for image2.jpg is checked and the form is submitted, i want to make the string look like:

`[image1.jpg],[image3.jpg],[image4.jpg]`

here is my HTML Form too:

<?php
$sql="SELECT * from project_gallery where sequence = '".$_GET["project"]."' ";
    $rs=mysql_query($sql,$conn);
    $project=mysql_fetch_array($rs);

    $images = explode(',',$project['images']);
    ?>
    <form action="edit.php?project=<?php echo $_GET["project"]; ?>" method="post" enctype="multipart/form-data">
    <table width="100%" border="0" cellspacing="5" cellpadding="5">
        <tr>
            <td><strong>Project Name</strong><br />
            <input type="text" name="project_name" value="<?php echo $project["name"]; ?>" style="width:100%;" /></td>
        </tr>
        <tr>
            <td><strong>Add New Images</strong><br /><input type="file" name="images[]" multiple="multiple" /></td>
        </tr>
        <?php
        foreach($images as $image)
        {
            $display_image = substr($image, 1, -1);
            ?>
            <tr>
                <td><img src="/img/project-gallery/<?php echo $display_image; ?>" width="160px" /><br />
                <input type="checkbox" name="images_to_delete[]" id="images_to_delete[]" value="<?php echo $display_image; ?>" /></td>
            </tr>
            <?php
        }
        ?>
        <tr>
            <td><input type="text" name="project_sequence" id="project_sequence" value="<?php echo $project["sequence"]; ?>" />
            <input type="submit" name="submit" id="submit" value="Save Project" /></td>
        </tr>
    </table>
    </form>

**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Oct 15 '13 at 20:00

kery · Answer 1 · 2013-10-15T20:17:03.323

0

You can use PHP string replace (or something similar) to create your new string

$newList = str_replace($selectedEntry, '', $imageList);

then you can run a mysql UPDATE command to update that record in the database.

$sql = "UPDATE table_name SET column_name = '$newList' WHERE id = $id";

That said, you should probably not be doing what you're doing. You don't want to have to manipulate records like that typically. I would recommend having another table with all the image data (imageID, imageName, etc) and then inserting and removing whole rows into that table. There are more efficient/complicated ways of doing things, but if you end up having to make a list via a string/text/varchar field in the database you're probably not doing something right.

edit: Get the previous checked entries:

$(function () {
  $('#target').click(function () {
    var checkValues = $('input[name=checkboxlist]:checked').map(function() {
        return $(this).parent().text();
    }).get();
    //do something with your checkValues array
   });
});

edited Oct 15 '13 at 20:17

answered Oct 15 '13 at 19:58

kery

381
2
12

i cant get the variables to work right - no data is being returned. the whole site has been coded like this and would take me ages to re code it all lol – charlie Oct 15 '13 at 20:01
Yeah as Andy said above, you really shouldn't be directly putting variables directly into queries like this, you should be parametrizing/serializing your queries so user-generated data is never directly inserted into your database. – kery Oct 15 '13 at 20:02
you should be able to make a new list using str_replace like above. Have you tried that? What does print $newList return? – kery Oct 15 '13 at 20:05
im not sure what to replace $selectedEntry and $imageList with in your example above – charlie Oct 15 '13 at 20:06
$imageList is your original string of images '[image1][image2][image3]' and $selectedEntry is the one you want removed '[image2]' – kery Oct 15 '13 at 20:07
so i have this on my form submit page: $sql="SELECT * from project_gallery where sequence = '".$_POST["project_sequence"]."' "; $rs=mysql_query($sql,$conn); $project=mysql_fetch_array($rs); $images = explode(',',$project['images']); $newList = str_replace($selectedEntry, '', $images); echo $newList; – charlie Oct 15 '13 at 20:08
but im not sure how to get the $selectedEntry? – charlie Oct 15 '13 at 20:08
also, if more than one checkbox is checked how would i make it do all the checked ones? – charlie Oct 15 '13 at 20:14
you can get the $selectedEntry from your previous HTML form you alluded to. – kery Oct 15 '13 at 20:16

Bill Karwin · Answer 2 · 2013-10-15T20:43:27.773

You're doing it way too hard. Using PHP's builtin functions, e.g. array_diff(), results in code that is much more concise and (usually) performs better:

Example: I'm assuming $project is a row fetched from a query result, and $images_to_delete is an array. The result is a single string, containing the new list of images you want to keep.

Also I show usage of PDO, which is safer and easier than the deprecated ext/mysql functions.

$sql="SELECT * from project_gallery where sequence = ?";
$stmt = $pdo->prepare($sql) 
  or trigger_error($pdo->error, E_USER_ERROR);
$stmt->execute(array($_POST["project_sequence"])) 
  or trigger_error($pdo->error, E_USER_ERROR);
while ($project = $stmt->fetch(PDO::FETCH_ASSOC) { }

$images = explode(",", $project["images"]);
$images = array_diff($images, $images_to_delete);
$images = implode(",", $images);
echo $images . "\n";

Then remove the rest of your code:

$images = "," . $images . ","; // add comma to beginning and end of list
foreach ($images_to_delete as $image_to_delete)
{
str_replace("," . $image_to_delete . ",", ","); // e.g. replaces ",image1.jpg," with ","
}
$images = substr($images, 1, -1); // remove comma from beginning and end
echo $images;

see my edit on your question - i am getting the error: Warning: Invalid argument supplied for foreach() in /home/jrrevell/public_html/add_project/edit.php on line 23 — charlie, Oct 15 '13 at 20:18
Please edit your own question if you need to show new code you tried. Don't edit people's answers. — Bill Karwin, Oct 15 '13 at 20:40

remove part of a string using PHP

2 Answers2