I have a PDO update query gets the $_POST (or any other key-value array) and writes up the UPDATE query in respect to the inputs given.
I have an exclude array that I can specify keys to not include in the SQL query, such as the submit key and value of the form (action_update_survey, in this case.).
I create the SQL query by iterating through the array via foreach to firstly create the query and insert the parameter placeholders and secondly to bind the parameters to the parameter placeholder within the query.
Here is my code:
function save_survey($post){
global $pdo;
$exclude_names = array('action_update_survey');
$wp_userid = get_current_user_id();
$update_survey_query = "UPDATE kwc_surveysessions SET ";
foreach($post as $key=>$value){
if(!in_array($key, $exclude_names)) $update_survey_query .= $key." = :".$key.", ";
}
$update_survey_query = rtrim($update_survey_query, ", ")." WHERE wp_userid=:wp_userid";
$update_survey = $pdo->prepare($update_survey_query);
print_r($update_survey_query);
foreach($post as $key=>$value){
if(!in_array($key, $exclude_names)){
$update_survey->bindParam($key, $value);
}
}
$update_survey->bindParam("wp_userid", $wp_userid);
$update_survey->execute();
}
After executing my function following a post, all text columns in my database are set to the value 'Save', which is the value of the submit input, of name *action_update_survey*, which is strange, because it should be excluded from both foreach loops, which assign the keys and values.
Printing the PDO query before executing shows that there's been no setting of the excluded input anywhere in my query:
UPDATE kwc_surveysessions SET s1q1 = :s1q1, s1q2 = :s1q2, s1q7 = :s1q7, s1q8 = :s1q8, s1q9 = :s1q9, s1q10 = :s1q10, s1q11 = :s1q11, s2q6 = :s2q6, s3q7 = :s3q7 WHERE wp_userid=:wp_userid
Any idea what would be causing the submit input to push its value into all my fields?