mysql update multiple rows from $_POST array

Question

Essentially Im trying to update multiple MySQL rows using an array I got from the $_POST variable called "units". Been stuck trying to figure out this. This is what I have so far:

Current Code that doesnt add to the 2nd person:

if(isset($_POST['unit'])){ $units .= implode(', ', $_POST['unit']); } else { redirect('addcall.php?err=7'); } 

$my_s = $my->prepare('INSERT INTO `calls`(`call_taker`, `call_time`, `call_type`, `call_priority`, `call_location`, `call_city`, `reporter_name`, `reporter_num`, `call_info`, `units`) VALUES (?,?,?,?,?,?,?,?,?,?)') or die($my->error);
$my_s->bind_param('sssisssiss', $name, $date, $c_type, $c_prio, $c_loc, $c_city, $r_name, $r_num, $c_info, $units) or die($my->error);
$my_s->execute() or die($my->error);
$my_s->close();
$my->close();
$my = new mysqli(HOST, USER, PASS, DB);
$my_s2 = $my->prepare('UPDATE `users` SET `busy` = 1 WHERE `badge` = ? AND `enabled` = 1 AND `confirmed` = 1 AND `duty` = 1') or die($my->error);
$my_s2->bind_param('s', $units) or die($my-error);
$my_s2->execute() or die($my-error);
$my_s2->close();
$my->close();
redirect('dashboard.php');

        <table> // table for checkboxes thats in main HTML area
        <tr> <td>Units Available:&nbsp&nbsp&nbsp</td>
        <?php
        $my = new mysqli(HOST, USER, PASS, DB);
        $my_s = $my->prepare('SELECT `name`, `badge` FROM `users` WHERE `duty` = 1 AND `busy` = 0');
        $my_s->execute();
        $my_s->store_result();
        if($my_s->num_rows == 0){
            echo "<td>None</td>";
        }
        $my_s->bind_result($u_name, $u_badge);
        while($row = $my_s->fetch()){
            echo '<td><input type="checkbox" name="unit[]" value="'.$u_badge.'">'.$u_name.' , #'.$u_badge.'&nbsp</td>'; 
        }
        $my_s->close(); $my->close();?>
        </tr>
        </table>

Answer 1

I think your html code is missing a "form" tag. Every type of "input" in html needs to be inside a "form" and "/form" tags that define the method which the form is sent (POST or GET) and what is the destination (what php file), defined by "action" parameter.

Answer 2

You could use a foreach loop to update each badge number in $_POST['unit'] . Or you can use it to construct a list of values to use in an IN test. Unfortunately, you can't bind a parameter to this, so it's necessary to escape them explicitly.

if (isset($_POST['unit'])) {
    $units = implode(', ', $_POST['unit']);
    $my_s = $my->prepare('INSERT INTO `calls`(`call_taker`, `call_time`, `call_type`, `call_priority`, `call_location`, `call_city`, `reporter_name`, `reporter_num`, `call_info`, `units`) VALUES (?,?,?,?,?,?,?,?,?,?)') or die($my->error);
    $my_s->bind_param('sssisssiss', $name, $date, $c_type, $c_prio, $c_loc, $c_city, $r_name, $r_num, $c_info, $units) or die($my->error);
    $my_s->execute() or die($my->error);

    $in_units = implode(', ', array_map(function($u) use ($my) { return "'" . $my->real_escape_string($u) . "'"; }, $_POST['unit']));
    $my_s2 = $my->prepare("UPDATE `users` SET `busy` = 1 WHERE `badge` IN ($in_units) AND `enabled` = 1 AND `confirmed` = 1 AND `duty` = 1") or die($my->error);
    $my_s2->execute() or die($my-error);
}