0

Okay, I understand there is a huge list of question asked for a similar topic but none of them helped me. So I have compiled the problem in my own words below.

Suppose I have a huge checkbox list of countries as below: 

<tr>
                <th class="left-align">Target Country</th>
                <td class="left-align">
                  <div class="widget-content" style="overflow:auto; height:100px; background:#FFFFFF;border: 1px solid #ddd;border-radius: 3px;">
                    <input type="checkbox" name="country[]" value="Afghanistan" class="checkall2" checked />
                    Afghanistan<br />
                    <input type="checkbox" name="country[]" value="Aland Islands" class="checkall2" checked />
                    Aland Islands<br />
                    <input type="checkbox" name="country[]" value="Albania" class="checkall2" checked />
                    Albania<br />
                    <input type="checkbox" name="country[]" value="Algeria" class="checkall2" checked />
                    Algeria<br />
                    <input type="checkbox" name="country[]" value="American Samoa" class="checkall2" checked />
                    American Samoa<br />
                    <input type="checkbox" name="country[]" value="Andorra" class="checkall2" checked />
                    Andorra<br />
                    <input type="checkbox" name="country[]" value="Angola" class="checkall2" checked />
                    Angola<br />
                    <input type="checkbox" name="country[]" value="Anguilla" class="checkall2" checked />
                    Anguilla<br />
                    <input type="checkbox" name="country[]" value="Antarctica" class="checkall2" checked />
                    Antarctica<br />
                    <input type="checkbox" name="country[]" value="Antigua and Barbuda" class="checkall2" checked />
                    Antigua and Barbuda<br />
                    <input type="checkbox" name="country[]" value="Argentina" class="checkall2" checked />
                    Argentina<br />
                    <input type="checkbox" name="country[]" value="Armenia" class="checkall2" checked />
                    Armenia<br />
                    <input type="checkbox" name="country[]" value="Aruba" class="checkall2" checked />
                    Aruba<br />
                    <input type="checkbox" name="country[]" value="Asia-Pacific" class="checkall2" checked />
                    Asia-Pacific<br />
                    <input type="checkbox" name="country[]" value="Australia" class="checkall2" checked />
                    Australia<br />
                    <input type="checkbox" name="country[]" value="Austria" class="checkall2" checked />
                    Austria<br />
                    <input type="checkbox" name="country[]" value="Azerbaijan" class="checkall2" checked />
                    Azerbaijan<br />
                    <input type="checkbox" name="country[]" value="Bahamas" class="checkall2" checked />
                    Bahamas<br />
                    <input type="checkbox" name="country[]" value="Bahrain" class="checkall2" checked />
                    Bahrain<br />
                    <input type="checkbox" name="country[]" value="Bangladesh" class="checkall2" checked />
                    Bangladesh<br />
                    <input type="checkbox" name="country[]" value="Barbados" class="checkall2" checked />
                    Barbados<br />
                    <input type="checkbox" name="country[]" value="Belarus" class="checkall2" checked />
                    Belarus<br />
                    <input type="checkbox" name="country[]" value="Belgium" class="checkall2" checked />
                    Belgium<br />
                    <input type="checkbox" name="country[]" value="Belize" class="checkall2" checked />
                    Belize<br />
                    <input type="checkbox" name="country[]" value="Benin" class="checkall2" checked />
                    Benin<br />
                    <input type="checkbox" name="country[]" value="Bermuda" class="checkall2" checked />
                    Bermuda<br />
                    <input type="checkbox" name="country[]" value="Bhutan" class="checkall2" checked />
                    Bhutan<br />
                    <input type="checkbox" name="country[]" value="Bolivia" class="checkall2" checked />
                    Bolivia<br />
                    <input type="checkbox" name="country[]" value="Bonaire, Sint Eustatius and Saba" class="checkall2" checked />
                    Bonaire, Sint Eustatius and Saba<br />
                    <input type="checkbox" name="country[]" value="Bosnia and Herzegovina" class="checkall2" checked />
                    Bosnia and Herzegovina<br />
                    <input type="checkbox" name="country[]" value="Botswana" class="checkall2" checked />
                    Botswana<br />
                    <input type="checkbox" name="country[]" value="Bouvet Island" class="checkall2" checked />
                    Bouvet Island<br />
                    <input type="checkbox" name="country[]" value="Brazil" class="checkall2" checked />
                    Brazil<br />
                    <input type="checkbox" name="country[]" value="British Indian Ocean Territory" class="checkall2" checked />
                    British Indian Ocean Territory<br />
                    <input type="checkbox" name="country[]" value="Brunei Darussalam" class="checkall2" checked />
                    Brunei Darussalam<br />
                    <input type="checkbox" name="country[]" value="Bulgaria" class="checkall2" checked />
                    Bulgaria<br />
                    <input type="checkbox" name="country[]" value="Burkina Faso" class="checkall2" checked />
                    Burkina Faso<br />
                    <input type="checkbox" name="country[]" value="Burma (Myanmar)" class="checkall2" checked />
                    Burma (Myanmar)<br />
                    <input type="checkbox" name="country[]" value="Burundi" class="checkall2" checked />
                    Burundi<br />
                    <input type="checkbox" name="country[]" value="Cambodia" class="checkall2" checked />
                    Cambodia<br />
                    <input type="checkbox" name="country[]" value="Cameroon" class="checkall2" checked />
                    Cameroon<br />
                    <input type="checkbox" name="country[]" value="Canada" class="checkall2" checked />
                    Canada<br />
                    <input type="checkbox" name="country[]" value="Cape Verde" class="checkall2" checked />
                    Cape Verde<br />
                    <input type="checkbox" name="country[]" value="Cayman Islands" class="checkall2" checked />
                    Cayman Islands<br />
                    <input type="checkbox" name="country[]" value="Central African Republic" class="checkall2" checked />
                    Central African Republic<br />
                    <input type="checkbox" name="country[]" value="Chad" class="checkall2" checked />
                    Chad<br />
                    <input type="checkbox" name="country[]" value="Chile" class="checkall2" checked />
                    Chile<br />
                    <input type="checkbox" name="country[]" value="China" class="checkall2" checked />
                    China<br />
                    <input type="checkbox" name="country[]" value="Christmas Island" class="checkall2" checked />
                    Christmas Island<br />
                    <input type="checkbox" name="country[]" value="Cocos (Keeling) Islands" class="checkall2" checked />
                    Cocos (Keeling) Islands<br />
                    <input type="checkbox" name="country[]" value="Colombia" class="checkall2" checked />
                    Colombia<br />
                    <input type="checkbox" name="country[]" value="Comoros" class="checkall2" checked />
                    Comoros<br />
                    <input type="checkbox" name="country[]" value="Congo" class="checkall2" checked />
                    Congo<br />
                    <input type="checkbox" name="country[]" value="Cook Islands" class="checkall2" checked />
                    Cook Islands<br />
                    <input type="checkbox" name="country[]" value="Costa Rica" class="checkall2" checked />
                    Costa Rica<br />
                    <input type="checkbox" name="country[]" value="Côte d'Ivoire" class="checkall2" checked />
                    Côte d'Ivoire<br />
                    <input type="checkbox" name="country[]" value="Croatia (Hrvatska)" class="checkall2" checked />
                    Croatia (Hrvatska)<br />
                    <input type="checkbox" name="country[]" value="Cuba" class="checkall2" checked />
                    Cuba<br />
                    <input type="checkbox" name="country[]" value="Curaçao" class="checkall2" checked />
                    Curaçao<br />
                    <input type="checkbox" name="country[]" value="Cyprus" class="checkall2" checked />
                    Cyprus<br />
                    <input type="checkbox" name="country[]" value="Czech Republic" class="checkall2" checked />
                    Czech Republic<br />
                    <input type="checkbox" name="country[]" value="Democratic Republic of Congo" class="checkall2" checked />
                    Democratic Republic of Congo<br />
                    <input type="checkbox" name="country[]" value="Denmark" class="checkall2" checked />
                    Denmark<br />
                    <input type="checkbox" name="country[]" value="Djibouti" class="checkall2" checked />
                    Djibouti<br />
                    <input type="checkbox" name="country[]" value="Dominica" class="checkall2" checked />
                    Dominica<br />
                    <input type="checkbox" name="country[]" value="Dominican Republic" class="checkall2" checked />
                    Dominican Republic<br />
                    <input type="checkbox" name="country[]" value="East Timor" class="checkall2" checked />
                    East Timor<br />
                    <input type="checkbox" name="country[]" value="Ecuador" class="checkall2" checked />
                    Ecuador<br />
                    <input type="checkbox" name="country[]" value="Egypt" class="checkall2" checked />
                    Egypt<br />
                    <input type="checkbox" name="country[]" value="El Salvador" class="checkall2" checked />
                    El Salvador<br />
                    <input type="checkbox" name="country[]" value="Equatorial Guinea" class="checkall2" checked />
                    Equatorial Guinea<br />
                    <input type="checkbox" name="country[]" value="Eritrea" class="checkall2" checked />
                    Eritrea<br />
                    <input type="checkbox" name="country[]" value="Estonia" class="checkall2" checked />
                    Estonia<br />
                    <input type="checkbox" name="country[]" value="Ethiopia" class="checkall2" checked />
                    Ethiopia<br />
                    <input type="checkbox" name="country[]" value="Europe" class="checkall2" checked />
                    Europe<br />
                    <input type="checkbox" name="country[]" value="Falkland Islands (Malvinas)" class="checkall2" checked />
                    Falkland Islands (Malvinas)<br />
                    <input type="checkbox" name="country[]" value="Faroe Islands" class="checkall2" checked />
                    Faroe Islands<br />
                    <input type="checkbox" name="country[]" value="Fiji" class="checkall2" checked />
                    Fiji<br />
                    <input type="checkbox" name="country[]" value="Finland" class="checkall2" checked />
                    Finland<br />
                    <input type="checkbox" name="country[]" value="France" class="checkall2" checked />
                    France<br />
                    <input type="checkbox" name="country[]" value="French Guiana" class="checkall2" checked />
                    French Guiana<br />
                    <input type="checkbox" name="country[]" value="French Polynesia" class="checkall2" checked />
                    French Polynesia<br />
                    <input type="checkbox" name="country[]" value="French Southern Territories" class="checkall2" checked />
                    French Southern Territories<br />
                    <input type="checkbox" name="country[]" value="Gabon" class="checkall2" checked />
                    Gabon<br />
                    <input type="checkbox" name="country[]" value="Gambia" class="checkall2" checked />
                    Gambia<br />
                    <input type="checkbox" name="country[]" value="Georgia" class="checkall2" checked />
                    Georgia<br />
                    <input type="checkbox" name="country[]" value="Germany" class="checkall2" checked />
                    Germany<br />
                    <input type="checkbox" name="country[]" value="Ghana" class="checkall2" checked />
                    Ghana<br />
                    <input type="checkbox" name="country[]" value="Gibraltar" class="checkall2" checked />
                    Gibraltar<br />
                    <input type="checkbox" name="country[]" value="Greece" class="checkall2" checked />
                    Greece<br />
                    <input type="checkbox" name="country[]" value="Greenland" class="checkall2" checked />
                    Greenland<br />
                    <input type="checkbox" name="country[]" value="Grenada" class="checkall2" checked />
                    Grenada<br />
                    <input type="checkbox" name="country[]" value="Guadeloupe" class="checkall2" checked />
                    Guadeloupe<br />
                    <input type="checkbox" name="country[]" value="Guam" class="checkall2" checked />
                    Guam<br />
                    <input type="checkbox" name="country[]" value="Guatemala" class="checkall2" checked />
                    Guatemala<br />
                    <input type="checkbox" name="country[]" value="Guernsey" class="checkall2" checked />
                    Guernsey<br />
                    <input type="checkbox" name="country[]" value="Guinea" class="checkall2" checked />
                    Guinea<br />
                    <input type="checkbox" name="country[]" value="Guinea-Bissau" class="checkall2" checked />
                    Guinea-Bissau<br />
                    <input type="checkbox" name="country[]" value="Guyana" class="checkall2" checked />
                    Guyana<br />
                    <input type="checkbox" name="country[]" value="Haiti" class="checkall2" checked />
                    Haiti<br />
                    <input type="checkbox" name="country[]" value="Heard and McDonald Islands" class="checkall2" checked />
                    Heard and McDonald Islands<br />
                    <input type="checkbox" name="country[]" value="Honduras" class="checkall2" checked />
                    Honduras<br />
                    <input type="checkbox" name="country[]" value="Hong Kong" class="checkall2" checked />
                    Hong Kong<br />
                    <input type="checkbox" name="country[]" value="Hungary" class="checkall2" checked />
                    Hungary<br />
                    <input type="checkbox" name="country[]" value="Iceland" class="checkall2" checked />
                    Iceland<br />
                    <input type="checkbox" name="country[]" value="India" class="checkall2" checked />
                    India<br />
                    <input type="checkbox" name="country[]" value="Indonesia" class="checkall2" checked />
                    Indonesia<br />
                    <input type="checkbox" name="country[]" value="Iran" class="checkall2" checked />
                    Iran<br />
                    <input type="checkbox" name="country[]" value="Iraq" class="checkall2" checked />
                    Iraq<br />
                    <input type="checkbox" name="country[]" value="Ireland" class="checkall2" checked />
                    Ireland<br />
                    <input type="checkbox" name="country[]" value="Isle of Man" class="checkall2" checked />
                    Isle of Man<br />
                    <input type="checkbox" name="country[]" value="Israel" class="checkall2" checked />
                    Israel<br />
                    <input type="checkbox" name="country[]" value="Italy" class="checkall2" checked />
                    Italy<br />
                    <input type="checkbox" name="country[]" value="Ivory Coast" class="checkall2" checked />
                    Ivory Coast<br />
                    <input type="checkbox" name="country[]" value="Jamaica" class="checkall2" checked />
                    Jamaica<br />
                    <input type="checkbox" name="country[]" value="Japan" class="checkall2" checked />
                    Japan<br />
                    <input type="checkbox" name="country[]" value="Jersey" class="checkall2" checked />
                    Jersey<br />
                    <input type="checkbox" name="country[]" value="Jordan" class="checkall2" checked />
                    Jordan<br />
                    <input type="checkbox" name="country[]" value="Kazakhstan" class="checkall2" checked />
                    Kazakhstan<br />
                    <input type="checkbox" name="country[]" value="Kenya" class="checkall2" checked />
                    Kenya<br />
                    <input type="checkbox" name="country[]" value="Kiribati" class="checkall2" checked />
                    Kiribati<br />
                    <input type="checkbox" name="country[]" value="Korea (North)" class="checkall2" checked />
                    Korea (North)<br />
                    <input type="checkbox" name="country[]" value="Korea (South)" class="checkall2" checked />
                    Korea (South)<br />
                    <input type="checkbox" name="country[]" value="Kuwait" class="checkall2" checked />
                    Kuwait<br />
                    <input type="checkbox" name="country[]" value="Kyrgyzstan" class="checkall2" checked />
                    Kyrgyzstan<br />
                    <input type="checkbox" name="country[]" value="Laos" class="checkall2" checked />
                    Laos<br />
                    <input type="checkbox" name="country[]" value="Latvia" class="checkall2" checked />
                    Latvia<br />
                    <input type="checkbox" name="country[]" value="Lebanon" class="checkall2" checked />
                    Lebanon<br />
                    <input type="checkbox" name="country[]" value="Lesotho" class="checkall2" checked />
                    Lesotho<br />
                    <input type="checkbox" name="country[]" value="Liberia" class="checkall2" checked />
                    Liberia<br />
                    <input type="checkbox" name="country[]" value="Libya" class="checkall2" checked />
                    Libya<br />
                    <input type="checkbox" name="country[]" value="Liechtenstein" class="checkall2" checked />
                    Liechtenstein<br />
                    <input type="checkbox" name="country[]" value="Lithuania" class="checkall2" checked />
                    Lithuania<br />
                    <input type="checkbox" name="country[]" value="Luxembourg" class="checkall2" checked />
                    Luxembourg<br />
                    <input type="checkbox" name="country[]" value="Macau" class="checkall2" checked />
                    Macau<br />
                    <input type="checkbox" name="country[]" value="Sudan" class="checkall2" checked />
                    Sudan<br />
                    <input type="checkbox" name="country[]" value="Suriname" class="checkall2" checked />
                    Suriname<br />
                    <input type="checkbox" name="country[]" value="Svalbard and Jan Mayen Islands" class="checkall2" checked />
                    Svalbard and Jan Mayen Islands<br />
                    <input type="checkbox" name="country[]" value="Swaziland" class="checkall2" checked />
                    Swaziland<br />
                    <input type="checkbox" name="country[]" value="Sweden" class="checkall2" checked />
                    Sweden<br />
                    <input type="checkbox" name="country[]" value="Switzerland" class="checkall2" checked />
                    Switzerland<br />
                    <input type="checkbox" name="country[]" value="Syria" class="checkall2" checked />
                    Syria<br />
                    <input type="checkbox" name="country[]" value="Taiwan" class="checkall2" checked />
                    Taiwan<br />
                    <input type="checkbox" name="country[]" value="Tajikistan" class="checkall2" checked />
                    Tajikistan<br />
                    <input type="checkbox" name="country[]" value="Tanzania" class="checkall2" checked />
                    Tanzania<br />
                    <input type="checkbox" name="country[]" value="Thailand" class="checkall2" checked />
                    Thailand<br />
                    <input type="checkbox" name="country[]" value="Timor-Leste" class="checkall2" checked />
                    Timor-Leste<br />
                    <input type="checkbox" name="country[]" value="Togo" class="checkall2" checked />
                    Togo<br />
                    <input type="checkbox" name="country[]" value="Tokelau" class="checkall2" checked />
                    Tokelau<br />
                    <input type="checkbox" name="country[]" value="Tonga" class="checkall2" checked />
                    Tonga<br />
                    <input type="checkbox" name="country[]" value="Trinidad and Tobago" class="checkall2" checked />
                    Trinidad and Tobago<br />
                    <input type="checkbox" name="country[]" value="Tunisia" class="checkall2" checked />
                    Tunisia<br />
                    <input type="checkbox" name="country[]" value="Turkey" class="checkall2" checked />
                    Turkey<br />
                    <input type="checkbox" name="country[]" value="Turkmenistan" class="checkall2" checked />
                    Turkmenistan<br />
                    <input type="checkbox" name="country[]" value="Turks and Caicos Islands" class="checkall2" checked />
                    Turks and Caicos Islands<br />
                    <input type="checkbox" name="country[]" value="Tuvalu" class="checkall2" checked />
                    Tuvalu<br />
                    <input type="checkbox" name="country[]" value="Uganda" class="checkall2" checked />
                    Uganda<br />
                    <input type="checkbox" name="country[]" value="Ukraine" class="checkall2" checked />
                    Ukraine<br />
                    <input type="checkbox" name="country[]" value="United Arab Emirates" class="checkall2" checked />
                    United Arab Emirates<br />
                    <input type="checkbox" name="country[]" value="United Kingdom" class="checkall2" checked />
                    United Kingdom<br />
                    <input type="checkbox" name="country[]" value="United States" class="checkall2" checked />
                    United States<br />
                    <input type="checkbox" name="country[]" value="United States Minor Outlying Islands" class="checkall2" checked />
                    United States Minor Outlying Islands<br />
                    <input type="checkbox" name="country[]" value="Uruguay" class="checkall2" checked />
                    Uruguay<br />
                    <input type="checkbox" name="country[]" value="Uzbekistan" class="checkall2" checked />
                    Uzbekistan<br />
                    <input type="checkbox" name="country[]" value="Vanuatu" class="checkall2" checked />
                    Vanuatu<br />
                    <input type="checkbox" name="country[]" value="Vatican City State (Holy See)" class="checkall2" checked />
                    Vatican City State (Holy See)<br />
                    <input type="checkbox" name="country[]" value="Venezuela" class="checkall2" checked />
                    Venezuela<br />
                    <input type="checkbox" name="country[]" value="Viet Nam" class="checkall2" checked />
                    Viet Nam<br />
                    <input type="checkbox" name="country[]" value="Virgin Islands (British)" class="checkall2" checked />
                    Virgin Islands (British)<br />
                    <input type="checkbox" name="country[]" value="Virgin Islands (U.S.)" class="checkall2" checked />
                    Virgin Islands (U.S.)<br />
                    <input type="checkbox" name="country[]" value="Wallis and Futuna Islands" class="checkall2" checked />
                    Wallis and Futuna Islands<br />
                    <input type="checkbox" name="country[]" value="Western Sahara" class="checkall2" checked />
                    Western Sahara<br />
                    <input type="checkbox" name="country[]" value="Yemen" class="checkall2" checked />
                    Yemen<br />
                    <input type="checkbox" name="country[]" value="Yugoslavia" class="checkall2" checked />
                    Yugoslavia<br />
                    <input type="checkbox" name="country[]" value="Zambia" class="checkall2" checked />
                    Zambia<br />
                    <input type="checkbox" name="country[]" value="Zimbabwe" class="checkall2" checked />
                    Zimbabwe<br />
                  </div></td>
                </td>
              </tr>

I have imploded them in a variable as comma separated values and then I tried inserting them into the database say as below:

<?php 
$country = (!empty($_POST['country']))?$_POST['country']:null;

if(isset($_POST['submit'])){
    $cnt = implode(",", $country);

    $upd = "UPDATE adverts SET ad_country = '$cnt' WHERE ad_id = '".$id."'";
    $upq = $pdo->prepare($upd);
    $upq->execute();

    if($upq){
        echo "Success";
    }else{
        echo "Failed";
    }
}
?>

But its giving error as: Warning: PDOStatement::execute(): in E:\xampp\htdocs\sites\newsite\admin\ad-edit.php on line 92

When I echo $cnt I get values like this which is obvious

Afghanistan,Aland Islands,Albania,Algeria,American Samoa,Andorra,Angola,Anguilla,Antarctica,Antigua and Barbuda,Argentina,Armenia,Aruba,Asia-Pacific,Australia,Austria,Azerbaijan,Bahamas,Bahrain,Bangladesh,Barbados,Belarus,Belgium,Belize,Benin,Bermuda,Bhutan,Bolivia,Bonaire, Sint Eustatius and Saba,Bosnia and Herzegovina,Botswana,Bouvet Island,Brazil,British Indian Ocean Territory,Brunei Darussalam,Bulgaria,Burkina Faso,Burma (Myanmar),Burundi,Cambodia,Cameroon,Canada,Cape Verde,Cayman Islands,Central African Republic,Chad,Chile,China,Christmas Island,Cocos (Keeling) Islands,Colombia,Comoros,Congo,Cook Islands,Costa Rica,Côte d'Ivoire,Croatia (Hrvatska),Cuba,Curaçao,Cyprus,Czech Republic,Democratic Republic of Congo,Denmark,Djibouti,Dominica,Dominican Republic,East Timor,Ecuador,Egypt,El Salvador,Equatorial Guinea,Eritrea,Estonia,Ethiopia,Europe,Falkland Islands (Malvinas),Faroe Islands,Fiji,Finland,France,French Guiana,French Polynesia,French Southern Territories,Gabon,Gambia,Georgia,Germany,Ghana,Gibraltar,Greece,Greenland,Grenada,Guadeloupe,Guam,Guatemala,Guernsey,Guinea,Guinea-Bissau,Guyana,Haiti,Heard and McDonald Islands,Honduras,Hong Kong,Hungary,Iceland,India

Please help me tackle the error.. Thanks in advance.

  • what does $id look like? – e4c5 Sep 23 '16 at 06:59
  • Why `$cnt` is obvious? what is the expected value? as i see you make all of them checked – Karim Harazin Sep 23 '16 at 07:01
  • what does the complete query look like? does it work when you use that query in sql command in phpadmin or something like that? – RST Sep 23 '16 at 07:01
  • `$id = (!empty($_REQUEST['id']))?$_REQUEST['id']:null;` @e4c5 –  Sep 23 '16 at 07:08
  • At first glance the dup target might not look very much like a duplicate, but the issue here is improper use of prepared statements and that Q/A explains that. You need to bind parameters instead of appending it as part of the string. – e4c5 Sep 23 '16 at 07:12
  • Secondly, I would like to point out that storing comma separated values in a column is a really really really bad idea. Specially when the data is as long as this. You need to normalize your database – e4c5 Sep 23 '16 at 07:13
  • really marketing that answer of yours eh :p – Drew Sep 23 '16 at 07:13
  • 1
    @drew your answer :-) – e4c5 Sep 23 '16 at 07:14
  • You [SQL-injected](https://en.wikipedia.org/wiki/SQL_injection) your own website! I live in [`Côte d'; DROP TABLE adverts; --`](http://bobby-tables.com/). My country is not in the list. – axiac Sep 23 '16 at 07:15
  • Well e4c5 it shows more like the exception handling and error reporting, so I am willing – Drew Sep 23 '16 at 07:19
  • @e4c5 can you tell me how to normalize the database instead of inserting such huge piles of values in each record? –  Sep 23 '16 at 07:21
  • That's too lengthy a subject for a comment. You will need to read a book or a tutorial – e4c5 Sep 23 '16 at 07:25
  • @e4c5 any tutorial you recommend? –  Sep 23 '16 at 07:27

1 Answers1

2

Although you use prepared statement, you use it in the absolutely wrong way because you insert the parameters into the sql command before the prepare without any escaping. Additionally, you do not enclose your string parameters by '.

This means

1) Your code is vulnerable to sql injection attacks.

2) If your list of countries contains a country that has an ' in it (like Côte d'Ivoire), then your sql will be syntactically incorrect.

Solution: use the prepared statement in its proper way by binding parameters.

...
$upd = "UPDATE adverts SET ad_country = :countries WHERE ad_id = :id";
$upq = $pdo->prepare($upd);
$upq->bindParam(':countries', $country);
$upq->bindParam(':id', $id);
$upq->execute();
...
Shadow
  • 33,525
  • 10
  • 51
  • 64
  • Well this explains it :-) – e4c5 Sep 23 '16 at 07:14
  • well binding the values to the parameters will prevent the sql injection in all ways, right? –  Sep 23 '16 at 07:23
  • Yes, it will because the body of the sql statement and the actual parameter values are sent separately to the MySQL server. The tradeoff is that prepared statements have an impact on performance if they are executed only once and then are removed. However, since your original code also used prepared statements, you will not suffer any performance penalties because of the new code. – Shadow Sep 23 '16 at 08:12