php - multiple select with different values (security easier method) - php

I don't think this is a duplicate, I only found fairly similar questions.
I have 4 checkboxes and I want to make sure they are different, but I think my "if" is a mess. Let's imagine I have 20 select boxes, then I'd have an endless "if" (option1!=option2...option20, it'd be a really long "if").
How can I simplify this? A while loop or something?
Here is what I have:
PHP check it, then save it:
if(($option1!=$option2 and $option1!=$option3 and $option1!=$option4)
and ($option2!=$option1 and $option2!=$option3 and $option2!=$option4)
and ($option3!=$option1 and $option3!=$option2 and $option3!=$option4)
and ($option4!=$option1 and $option4!=$option2 and $option4!=$option3)) {
//insert it to database if everything is okay...
HTML:
<select name="option1">
<option value="">Choose one</option>
<option value="1">Option A</option>
<option value="2">Option B</option>
<option value="3">Option C</option>
<option value="4">Option D</option>
...
</select>
<select name="option2">
<option value="">Choose one</option>
<option value="1">Option A</option>
<option value="2">Option B</option>
<option value="3">Option C</option>
<option value="4">Option D</option>
...
</select>
<select name="option3">
<option value="">Choose one</option>
<option value="1">Option A</option>
<option value="2">Option B</option>
<option value="3">Option C</option>
<option value="4">Option D</option>
...
</select>
<select name="option4">
<option value="">Choose one</option>
<option value="1">Option A</option>
<option value="2">Option B</option>
<option value="3">Option C</option>
<option value="4">Option D</option>
...
</select>


If you have 20 select dropdown lists with all of them have name attributes in chronological order, like name='option1', name='option2', ... , name='option20', then you should use a for loop like this:
$numSelects = 20;
$selectValues = array();
$differentValues = true;
for($i = 1; $i <= $numSelects; ++$i){
if(in_array($_POST['option'.$i], $selectValues)){
$differentValues = false;
break;
}
$selectValues[] = $_POST['option'.$i];
}
if($differentValues){
// all the selected values are different
}else{
// selected values are not different
}
$numSelects is the number of select dropdown lists in your code, so you need to change this value as per your code. And what this for loop here does is, in each iteration of for loop it checks whether the user's selected value exists in $selectValues array or not, and if the value already exists in the array then it will disable $differentValues flag and break out from the loop. Moreover, in each iteration it appends user's selected value to $selectValues array. After coming out of the loop, you can check whether all submitted values are different or not, based on the status of $differentValues flag.


You could do it like this using array_unique(), you could build on it to know which key is missing to show an error in the right place. It also allows you to define which post keys your expecting to check/count.
<?php
$_POST = [
'name' => 'Steve McQueen',
'csrf' => 'y53zmSV0LhhjcjEg',
'option1' => '1',
'option2' => '3',
'option3' => '2',
'option4' => '1'
];
$expected = [
"option1",
"option2",
"option3",
"option4"
];
$result = [];
foreach ($expected as $key) {
$result[$key] = isset($_POST[$key]) ? $_POST[$key] : null;
}
$check = array_unique($result);
if (count($check) !== count($expected)) {
echo 'Please only select unique choices from the options';
} else {
echo 'All good!';
}

Related

Simple Select Value will not Populate via Jscript if the word is "House"

I have a small Project website that I am learning to code with and in this website there is a Select Dropdown Menu of Music Genres
Here is a Video to help you visualise whats happening.
youtu.be/t4cJ7TCHiN8 (of the Problem)
And another video of how I can Paste "House" into the URL and get different MYSQL results
youtu.be/zf0S9WadQXo
I select a genre post the form and the reload shows me the results.
The value of the selected Option is then automatically selected by Jscript
So the Search area and its Values remain the same as before.
I have Mainly used DocumentGetElementById or jQuery to Select the value, and I am echoing PHP variables into the DocumentGetElementById function.
There is no problems with 99.9% of the values and selectable genres, they all are automatically selected without any problems.
Just 1 Problem, The value "House" Will not select.
No matter how I try it just will not select. I have of course tried other methods, including jQuery and no matter how I alter my code or method of execution.
Nothing seems to make the value "House" populate.
Here is the code. And images to help visualise the problem.
Thank you for any help you may provide.
CODE.
<select id='genregrab' name='genre' class='menusmall'>
<optgroup label='Genre'>
<option value="">All Genres</option>
<option value="EDM">EDM</option>
<option value="DnB">DnB</option>
<option value="Drum">Drum And Bass</option>
<option value="Breakbeat">Breakbeat</option>
<option value="Downtempo">Downtempo</option>
<option value="Dance">Dance</option>
<option value="Pop">Pop</option>
<option value="Disco">Disco</option>
<option value="Nu-Disco">Nu-Disco</option>
<option value="House">House</option>
<option value="Hard">Hard House</option>
<option value="Tech">Tech House</option>
<option value="Techno">Techno</option>
<option value="Deep">Deep House</option>
<option value="Future">Future House</option>
<option value="Tribal">Tribal House</option>
<option value="Tropical">Tropical House</option>
<option value="Progressive">Progressive</option>
<option value="Bass">Future Bass</option>
<option value="Bounce">Future Bounce</option>
<option value="Industrial">Industrial</option>
<option value="Electronic">Electronic</option>
<option value="Psychedelic">Psychedelic</option>
<option value="Trance">Trance</option>
<option value="Psy">Psy Trance</option>
<option value="Minimal">Minimal</option>
<option value="Ambient">Ambient</option>
<option value="Chillout">Chillout</option>
<option value="Synthwave">SynthWave</option>
<option value="Retro">Retro</option>
<option value="Hip">Hip-Hop</option>
<option value="Trip">Trip-Hop</option>
<option value="Glitch">Glitch-Hop</option>
<option value="Rap">Rap</option>
<option value="Afrobeat">AfroBeat</option>
<option value="Grime">Grime</option>
<option value="Trap">Trap</option>
<option value="Trapstep">TrapStep</option>
<option value="Dubstep">DubStep</option>
<option value="Drumstep">DrumStep</option>
<option value="Reggea">Reggea</option>
<option value="RnB">RnB</option>
<option value="Rock">Rock</option>
<option value="Metal">Metal</option>
<option value="Soul">Soul</option>
<option value="Country">Country</option>
<option value="Folk">Folk</option>
<option value="Jazz">Jazz</option>
<option value="Blues">Blues</option>
<option value="Funk">Funk</option>
<option value="World">World</option>
<option value="Gospel">Gospel</option>
<option value="Latin">Latin</option>
<option value="Ethnic">Ethnic</option>
<option value="Bollywood">BollyWood</option>
<option value="Moombahton">Moombahton</option>
<option value="Orchestral">Orchestral</option>
<option value="Classic">Classical</option>
<option value="Cinematic">Cinematic</option>
</optgroup>
</select>
Item Selected & POSTs Picked up By JScript to re-select the option
$(function(){
var genre = document.getElementById('genregrab');
var genredata = "<?php echo $genre ?>";
genre.value=genredata;
});
(Of course i initially tried the following)
document.getElementById("genregrab").value="<?php echo $genre ?>";
However unlike the others , the word "House" will not be selected.
I think its to do with the word or something, as every other word will work fine.
Same process just selecting another genre, and it works fine
As you can see , the Trance genre was selected
Just the word "House" has the problem.
And the Result after the Jscript
However , Select any other word and it works
As you can see in the image below
Any Ideas , Anybody?
I forgot to add the below code , from the GET and the MYSQL Results.
Its possible the sanitizing is effecting the variables.
The GET
if (isset($_GET['genre'])) {
$genre=$_GET['genre'];
$genre = filter_var($genre, FILTER_SANITIZE_STRING);
$genre = strip_tags($genre);
$genre = str_replace(['"',"'"], "", $genre);
} else {$genre="";}
And the MYSQL variable - Which also gets posted to the URL for GET
$genre=$row['genre'];
$genre = str_replace(['"',"'"], "", $genre);
if ($genre == "null" | $genre==" "){$genre="";}
$genresend = explode(',',trim($genre))[0];

Pushing Data to a MySQL Database from a Form

I am trying to send data from an HTML form to a MySQL database in phpmyadmin. I have a database named bhs2018 and a table called game 1. Here are the contents of that table.
Here is my form:
<form name="game" action="insert.php" method="post">
<p> <select id="player" name = 'player'>
<option value="b">B</option>
<option value="n">N</option>
<option value="a">A</option>
<option value="c">C</option>
<option value="m">M</option>
<option value="j">J</option>
<option value="ja">Ja</option>
</select>
<select id="what" name = 'what'>
<option value="shoton">Shot on Cage</option>
<option value="shotoff">Shot off Cage</option>
<option value="goal">Goal</option>
<option value="countergoal">Goal on Counter</option>
<option value="countershot">Shot on Counter</option>
<option value="assist">Assist</option>
<option value="block">Block</option>
<option value="steal">Steal</option>
<option value="turnover">Turnover</option>
<option value="drawn">Ejection Drawn</option>
<option value="ejected">Ejected</option>
</select>
<select id="where" name = 'where'>
<option value="set">Set</option>
<option value="navy">Navy</option>
<option value="leftwing">1/2 side past 5</option>
<option value="rightwing">4/5 side past 5</option>
<option value="point">Point/3</option>
<option value="lefttwo">1/2 side 2 meter</option>
<option value="righttwo">4/5 side 2 meter</option>
<option value="1">6 on 5 1</option>
<option value="2">6 on 5 2</option>
<option value="3">6 on 5 3</option>
<option value="4">6 on 5 4</option>
<option value="5">6 on 5 5</option>
<option value="6">6 on 5 6</option>
</select>
<select id="quarter" name = 'quarter'>
<option value="q1">Quarter 1</option>
<option value="q2">Quarter 2</option>
<option value="q3">Quarter 3</option>
<option value="q4">Quarter 4</option>
</select>
<select id="time" name = 'time'>
<option value="0:30">0:30</option>
<option value="1:00">1:00</option>
<option value="1:30">1:30</option>
<option value="2:00">2:00</option>
<option value="2:30">2:30</option>
<option value="3:00">3:00</option>
<option value="3:30">3:30</option>
<option value="4:00">4:00</option>
<option value="4:30">4:30</option>
<option value="5:00">5:00</option>
<option value="5:30">5:30</option>
<option value="6:00">6:00</option>
<option value="6:30">6:30</option>
<option value="7:00">7:00</option>
</select>
Notes: <input type="text" id = 'notes' name = 'notes'>
<button type="submit" onclick="save()"> Save </button> </p>
</form>
Whenever I click my "Save" button, the insert.php script loads. Instead of echoing something, it just shows the code. Here is insert.php.
<?php
$con = mysqli_connect('127.0.0.1','root','password'(my actual password is here);
if(!$con){
echo 'Not Connected to Server';
}
if (!mysqli_select_db($con,'bhs2018')){
echo 'Not Selected';
}
$Player = $_POST['player'];
$Quarter = $_POST['quarter'];
$Time = $_POST['time'];
$Where = $_POST['where'];
$Notes = $_POST['notes'];
$What = $_POST['what'];
$sql = "INSERT INTO game1 (player,quarter,time1,where1,notes,what) VALUES ('$Player', '$Quarter', '$Time', '$Where','$Notes','$What')";
if(!mysqli_query($con,$sql)){
echo'Not Inserted';
}
else{
echo 'Inserted';
}
header('refresh:2; url=index.html');
?>
What is looking wrong with my code? Why does it not run the php script? Thank you so much!

Check your database. Your PRIMARY KEY player should be an integer like int(30) or bigint(200) but not varchar. Create a new column for PRIMARY KEY something like player_id and shift player to next column. Also when primary key is an integer, there is no manual insertion option for inputting it's value in your form. So make your PRIMARY KEY is set to AUTO_INCREMENT in case you don't want to insert it's value manually.

How to use index of loop in Post method PHP

I need your help! I am trying to save a variable in sql table using Php but I have problem. There are two questions in php, the first concern the continent and the second is depended from the continent. I want to use a loop to check which of the continents has been selected in the first question and then save the value of the second question. I hide the option of unchecked continent using some javascript code (I don't have problem).
The HTML code:
<form method="post" action="">
<fieldset><legend>Continents</legend>
<select id="q1" name="q1">
<option value="1">Africa</option>
<option value="2">Asia</option>
<option value="3">Australia</option>
<option value="4">America</option>
<option value="5">Europe</option>
</select>
<select id="q2" name="Africa">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="Asia">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="Australia">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="America">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="Europe">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
</fieldset>
The Php code
$q1 = $_POST['q1'];
$continents = array("Africa","Asia", "Australia","America","Europe");
for ($i = 1; $i <= 5; $i++) {
if($q1 == $i) {
$q2 = $_POST[$continents[$i-1]]
}
}

Your array should be from 1 to 5 instead of 0 to 4 as you have values 1 to 5 in q1.
Alternatively, I suggest that change your HTML structure to get the continent value in a single line without using loop. You need to change the values of continent like,
<select id="q1" name="q1">
<option value="Africa">Africa</option>
<option value="Asia">Asia</option>
<option value="Australia">Australia</option>
<option value="America">America</option>
<option value="Europe">Europe</option>
</select>
And to get the value of selected continent use $_POST[$_POST['q1']]. For egs, $_POST['q1']=Asia, then $_POST['Asia'] will return the Asia's choice,
$q2= $_POST[$_POST['q1']];

change
$continents =
array(1 => "Africa",
2 => "Asia",
3 => "Australia",
4 => "America",
5 => "Europe");
or
if(($q1-1) == $i) {
$q2 = $_POST[$continents[$i]]
}

First, you may change your select continent HTML:
<select id="q1" name="q1">
<option value="Africa">Africa</option>
<option value="Asia">Asia</option>
<option value="Australia">Australia</option>
<option value="America">America</option>
<option value="Europe">Europe</option>
</select>
Then you could loop over your continents and get the answer:
$q1 = $_POST['q1'];
$continents = array("Africa","Asia", "Australia","America","Europe");
foreach($continents as $continent) {
if ($_POST['q1'] == $continent) {
$q2 = $_POST[$continent];
}
}
Now you have your answer to the second question in $q2.

How about this?
// Always try to seperate logic from your view
// Intialize data
$continents = array("Africa", "Asia", "Australia", "America", "Europe");
// Check for $_POST
if(isset($_POST["q1"])) {
foreach($continents as $id => $continent) {
if($_POST["q1"] == $id) {
// Do something special here
}
}
}
// Render HTML
<form method="post" action="">
<fieldset>
<legend>Continents</legend>
<select id="q1" name="q1">
<!-- Notice that I echo only variables not all of the html -->
<?php foreach($continents as $id => $continent) { ?>
<option value="<?php echo $id; ?>"><?php echo $continent; ?></option>
<?php } ?>
</select>
<select id="q2" name="Africa">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="Asia">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="Australia">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="America">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
<select id="q2" name="Europe">
<option value="1">Choice 1</option>
<option value="2">Choice 2</option>
</select>
</fieldset>
Beautiful thing about my solution is that now you can create whatever array you want and your code will always work.
You can for example SELECT data from database and store them in $continents variable.
$query = "SELECT id, name FROM continents";
$result = mysql_query($query);
$continents = array();
while($row = mysql_fetch_assoc($result)) {
$continents[$row["id"]] = $row["name"];
}
Cool right? :)

I found the solution finally!!!
Replace
$q2 = $_POST[$continents[$i-1]]
with
$q2 = $_POST["{$continents[$i-1]}"];
That solution I wanted!!

POST to database an array variable with foreach

CASE 1
i have following code like this ,
<SELECT name="country[]">
<OPTION >India</OPTION>
<OPTION >Germany</OPTION>
<OPTION >France</OPTION>
<OPTION >United States</OPTION>
<OPTION >Switzerland</OPTION>
$country = $_POST['country'];
foreach($country as $a => $b) {
$simpan = mysql_query("insert into tablename(countryyyy) values('$country[$a]')");
}
why only data from first array who entered into database ?
the rest not entered into database ?
CASE 2
<INPUT type="text" name="txt[]">
<SELECT name="country[]">
<OPTION >India</OPTION>
<OPTION >Germany</OPTION>
<OPTION >France</OPTION>
<OPTION >United States</OPTION>
<OPTION >Switzerland</OPTION>
</SELECT>
$txtbox = $_POST['txt'];
$country = $_POST['country'];
foreach($country as $a => $b) {
$satuin = $txtbox[$a].$country[$a]."<br/>";
$simpan = mysql_query("insert into namatabel(negara) values('$satuin')");
}
if i have 2 array variable like above , how to concat all into one and post to database with as separator
data example who want to post to one of column :
india
india
germany
india
thanks in advance

Not sure what you want to do, but if you're using select box for multiple values then you need multiple="multiple" in select box something like this
<SELECT name="country[]" multiple="multiple">
<OPTION value="in">India</OPTION>
<OPTION value="de">Germany</OPTION>
<OPTION value="fr">France</OPTION>
<OPTION value="us">United States</OPTION>
<OPTION value="ch">Switzerland</OPTION>
</SELECT>

How to set IDs for select elements of Quickform_date?

Is there some way to add ID attribute to every select element generated by Quickform_date so it would look for example like this?
<select id="date-d" name="date[d]">
<option value="1">01</option>
<option value="2">02</option>
...
<option value="31">31</option>
</select><select id="date-M" name="date[M]">
<option value="1">Jan</option>
...
<option value="12" selected="selected">Dec</option>
</select><select id="date-Y" name="date[Y]">
<option value="2001">2001</option>
...
<option value="2011">2011</option>
</select>
I need those IDs for changing selected options by JavaScript. Any alternative ideas how to achieve that?

HTML_QuickForm_group::getElements() method turn out to be the key, in case anyone's interested :-)
$elements['date'] = $form->addElement('date', 'date','Datum:',
array('language' => 'cs',
'minYear' => 2005,
'maxYear' => date('Y') + 2));
foreach ($elements['date']->getElements() as $key => $element) {
$element->updateAttributes(array('id'=>'dateSelect'.$key));
}

Categories