I have these checkboxes that I am trying to (ultimately concat two together and) insert into a database. I've tried several ways and have searched through many pages, but my page keeps breaking when I try to insert. I'm not actually getting an error in my apache log, but a message is triggered that makes me believe it's some kind of sql error (the else statement at the end, which is a check if the query affected any rows). The error isn't thrown until I add the foreach and additional awards to the query .
Here is the form section
<label><input type="checkbox" name="check_list[]" Value = "Castle Connolly Top U.S. Doctor" />Castle Connolly Top U.S. Doctor</label>
<!-- <input type="text" name="check_year" value="<php echo decode_text($check_year);?>"/> -->
<label><input type="checkbox" name="check_list[]" Value = "Vitals Patients Choice"/>Vitals Patient's Choice</label>
<!--<input type="text" name="check_year" value="<php echo decode_text($check_year);?>"/> -->
<label><input type="checkbox" name="check_list[]" Value = "Vitals Compassionate Doctor"/>Vital's Compassionate Doctor Recognition</label>
<!--<input type="text" name="check_year" value="<php echo decode_text($check_year);?>"/> -->
<label><input type="checkbox" name="check_list[]" Value = "Super Doctor"/>Super Doctor</label>
<!--<input type="text" name="check_year" value <php echo decode_text($check_year);?>"/> -->
inserting
$additional_awards = '';
$check_list = $_POST['check_list'];
foreach($check_list as $check)
{
$additional_awards .= $check.", ";
}
// insert new user
$sql = 'INSERT INTO docflight_doctors (
email,
user_name,
user_password,
additional_awards,
preferred_language,
date_created,
registered_from_ip,
last_logged_ip,
is_active,
is_removed,
comments,
registration_code )
VALUES(
\''.encode_text($email).'\',
\''.encode_text($user_name).'\',
\''.$user_password.'\',
\''.$additional_awards.'\',
\''.Application::Get('lang').'\',
\''.date('Y-m-d H:i:s').'\',
\''.$user_ip.'\',
\'\',
'.$is_active.',
0,
\'\',
\''.$registration_code.'\')';
if(database_void_query($sql) > 0){
/// do other stuff
else{
///echo mysql_error();
$msg = draw_important_message(_CREATING_ACCOUNT_ERROR, false);
FIXED, \''.$user_password.'\', should have been '.$user_password.', for some reason ....
Related
Ok I have a set of checkboxes with corresponding text inputs next to them. POST apparently sets a variable as an associative array, I want to be able to concat the values for the checkbox with the corresponding year by using a for loop and putting like indexes together. I'm currently getting an "unexpected [" error in the if statement. I looked into doing exactly this and found a few examples that went about this in the same way with success, what am I doing wrong?
Here is the form section
<form>
<label><input type="checkbox" name="check_list[]" Value = "Castle Connolly Top U.S. Doctor" id ="ccn"/>Castle Connolly Top U.S. Doctor</label>
<input type="text" name="check_year" value="<?php echo decode_text($check_year);?>"/>
<label><input type="checkbox" name="check_list[]" Value = "Vitals Patients Choice"/>Vitals Patient's Choice</label>
<input type="text" name="check_year" value="<?php echo decode_text($check_year);?>"/>
<label><input type="checkbox" name="check_list[]" Value = "Vitals Compassionate Doctor"/>Vital's Compassionate Doctor Recognition</label>
<input type="text" name="check_year" value="<?php echo decode_text($check_year);?>"/>
<label><input type="checkbox" name="check_list[]" Value = "Super Doctor"/>Super Doctor</label>
<input type="text" name="check_year" value="<?php echo decode_text($check_year);?>"/>
</form>
Then in my handler I have this code to get the values into separate arrays and concat them to another variable that I insert
$check_list = isset($_POST['check_list']) ? prepare_input($_POST['check_list']) : '';
$check_year = isset($_POST['check_year']) ? prepare_input($_POST['check_year']) : '';
$check_year_array = array_values($check_year);
$check_list_array = array_values($check_list);
$notable_awards .= ', ';
for($n=0; $n<5;$n++){
if(!empty($check_list_array[$n])){
$notable_awards .= $check_list_array[$n].','.$check_year_array[$n];
}
}
$sql = mysql_query("UPDATE" .TABLE_DOCTORS. " SET
notable_awards = '".$notable_awards."' ,
notable_publications = '".$notable_publications."'
last_logged_ip = '".$user_ip."'
WHERE id =".$doctor_id);
on page 1 i have a form, then on page 2 which is the processor file, i want to select records based on the checked checkboxes that were checked on page 1.
<form action="output.php" method="post">
<input type="checkbox" id="" class="" name="check_list[]" value="something" />
<input type="checkbox" id="" class="" name="check_list[]" value="something else" />
<input type="checkbox" id="" class="" name="check_list[]" value="yet another thing" />
<input type="checkbox" id="" class="" name="check_list[]" value="one more thing" />
<input type="checkbox" id="" class="" name="check_list[]" value="some name" />
<input type="checkbox" id="" class="" name="check_list[]" value="some other name" />
<input type="submit" value="Submit" name="submit">
</form>
the following foreach can display all the values of everything that was checked, but i don't know how to take it further into my sql select statement to select all the records that have a column field by that name.
foreach($_POST['check_list'] as $check) {
echo $check . '<br>';
}
lets say in a table called stuff there are these fields
id, first_title, second_title
so i want to do the following, but obviously this isn't the way to write it. this is the part i need help with.
SELECT * FROM stuff WHERE first_title = $check or second_title = $check
lets us further say that these records exist in the table...
id first_title second_title
-----------------------------------------
1 something something else
2 yet another thing one more thing
3 some name some other name
then lets say these checkboxes were checked:
<input type="checkbox" id="" class="" name="check_list[]" value="something" />
<input type="checkbox" id="" class="" name="check_list[]" value="one more thing" />
so what i want to happen is for my select statement to select record 1 and record 2 and not record 3, because "something" is in the first_title column of the first record, and "one more thing" is in the second_title of the second record, and nothing was checked that is in third record.
i hope i gave as much detail as is needed. let me know if you need further explanation.
Use the SQL IN operator to test if a column is in a list of values. Here's how to write it with MySQLI:
$in_str = implode(', ', array_map(function($title) use ($con) {
return "'" . $con->real_escape_string($title) . "'";
}, $_POST['check_list']));
$sql = "SELECT * FROM stuff WHERE first_title IN ($in_str) OR second_title IN ($in_str)";
$result = $con->query($sql);
try this dynamic where condition in your code
<?php
$arr_where = array();
foreach($_POST['check_list'] as $check) {
$arr_where[] = " first_name='$check' OR last_name='$check' ";
}
$where_text = implode("OR", $arr_where);
$sql = "SELECT * FROM stuff WHERE ".$where_text;
?>
This is my first 'built from the ground up' PHP/MySQL project. I've built a very simple HTML form with the same row repeated multiple times:
<h2 style="margin-top:0">Current Projects</h2>
Project: <input name="project1" type="text" size="40" value="1" />
Status: <input name="status1" type="text" size="40" value="1" />
Estimated Completion: <input name="estCompletion1" type="text" size="12" value="1" /><br />
Project: <input name="project2" type="text" size="40" value="2" />
Status: <input name="status2" type="text" size="40" value="2" />
Estimated Completion: <input name="estCompletion2" type="text" size="12" value="2" /><br />
Project: <input name="project3" type="text" size="40" value="3" />
Status: <input name="status3" type="text" size="40" value="3" />
Estimated Completion: <input name="estCompletion3" type="text" size="12" value="3" /><br />
I'm trying to write all of these to the same database table at the same time, but on different rows.
$sql = "INSERT INTO current_project (date, est_completion, project_name, status)
VALUES (NOW(), '$estCompletion1', '$project1', '$status1'),
(NOW(), '$estCompletion2', '$project2', '$status2'),
(NOW(), '$estCompletion3', '$project3', '$status3')";
The problem with doing it like this is that it inserts the data from the variable, even if it's null. So if the user only enters data in the first row of fields (project1, status1, etc.) the other 2 insert an empty row.
Is there a way, maybe using 'if isset()', so that I don't have any blank fields in my database?
Build SQL dynamically.
Something like this:
$inserts = Array();
for($i=1; $i<=3; $i++) {
if (!$_POST["project".$i] && !$_POST["status".$i] && !$_POST["estCompletion".$i]) continue;
$inserts[] = "(NOW(), '".$_POST["estCompletion".$i]."', '".$_POST["project".$i]."', '".$_POST["status".$i]."')";
}
if (Count($inserts)>0) {
$sql = "INSERT INTO current_project (date, est_completion, project_name, status)
VALUES (" . implode("), (", $inserts) . ")";
}
At this point $sql should have full SQL query only with those rows where all three fields were submitted.
If you want to check the value of posted variable is null, always use empty() method.
For more information: Visit php.net
for($i=1; $i<=3; $i++) {
$estCompletion= $_POST["estCompletion".$i];
$project= $_POST["project".$i];
$status= $_POST["status".$i];
if (!empty($estCompletion) && !empty($project) && !empty($status))
{
$sql = "INSERT INTO current_project (date, est_completion, project_name, status) VALUES (NOW(), '".$estCompletion."', '".$project."', '".$status."')";
}
unset($estCompletion, $project, $status);
}
I have two sets of div with different checkbox options :
<div id="mobile_device" style="display:none;">
<font size="3"><b>Select the accessories :</b></font>
</br></br>
<input type="checkbox" name="mobile[]" value="charger"/> Charger <input type="checkbox" name="mobile[]" value="case"/> Case
<input type="checkbox" name="mobile[]" value="headset"/> Headset <input type="checkbox" name="mobile[]" value="box"/> Box
<input type="checkbox" name="mobile[]" value="usb"/> USB Cable <input type="checkbox" name="mobile[]" value="sim"/> SIM<br/>
</div>
div id="desktop_device" style="display:none;">
<font size="3"><b>Select the accessories :</b></font>
</br></br>
<input type="checkbox" name="desktop[]" value="adaptor"/> Adaptor <input type="checkbox" name="desktop[]" value="privacy"/> Privacy Screen
<input type="checkbox" name="desktop[]" value="mouse"/> Mouse <input type="checkbox" name="desktop[]" value="keyboard"/> Keyboard
<input type="checkbox" name="desktop[]" value="connector"/> Desktop Connector <br/><br/>
</div>
Now I was trying to submit the set of checkbox values in two columns in my db.
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$type = $_POST['type'];
$name = $_POST['name'];
$serial = $_POST['serial'];
$imei = $_POST['imei'];
$mobile = implode(",", $_POST['mobile']);
$desktop = implode(",", $_POST['desktop']);
$chargerno = $_POST['chargerno'];
$connectorno = $_POST['connectorno'];
$monitor = $_POST['monitor'];
$monitorno = $_POST['monitorno'];
// save the data to the database
$sql3= "INSERT INTO devices (type, name, serial, imei, mobile, desktop, chargerno, connectorno, monitor, monitorno) VALUES ('$type', '$name', '$serial', '$imei', '$mobile', $desktop, $chargerno, $connectorno, $monitor, $monitorno)";
mysqli_query($mysqli,$sql3) or die(mysqli_error($mysqli));
}
But i was getting error like Unknown column 'adaptor' in 'field list'.
How can i submit the selected checkbox values from both the div into two different columns.
$desktop must be passed as a String, hence:
$sql3= "INSERT INTO devices (type, name, serial, imei, mobile, desktop, chargerno, connectorno, monitor, monitorno) VALUES ('$type', '$name', '$serial', '$imei', '$mobile', '$desktop', $chargerno, $connectorno, $monitor, $monitorno)";
I am trying to insert the value of this multiple checklist into the db column. This code not working. Can anyone spot the problem?
My database consists of a table called "colors" and one column called "color".
<?php
// connect to database
require "mysql_connect.php";
?>
<?php
// get value from the form
$color = $_POST['color'];
foreach($_POST['color'] as $colors){
$insert = mysql_query("INSERT INTO colors (color) VALUES ('$color')");
}
?>
<form action="add_color.php" method="post" enctype="multipart/form-data" name="colorform" id="colorform">
<input type="checkbox" name="color[]" value="black" /> Black
<input type="checkbox" name="color[]" value="red" /> Red
<input type="checkbox" name="color[]" value="blue" /> Blue
<input type="checkbox" name="color[]" value="white" /> White
<input name="submit" type="submit" value="Add color" />
</form>
Thanks
This is a nice way to add your colors
<?php
require "mysql_connect.php";
// connect to database
$colors=array();
// get value from the form
if (isset($_POST['color'])) $colors = $_POST['color'];
foreach($colors as $color)
{
mysql_query ("INSERT INTO colors ('color') VALUES ('$color')");
}
?>
<form action="add_color.php" method="post" enctype="multipart/form-data" name="colorform" id="colorform">
<input type="checkbox" name="color[]" value="black" /> Black
<input type="checkbox" name="color[]" value="red" /> Red
<input type="checkbox" name="color[]" value="blue" /> Blue
<input type="checkbox" name="color[]" value="white" /> White
<td><input name="submit" type="submit" value="Add color" />
</form>
if (isset($_POST['color']))
This condition is important because it will prevent an indexing error in case the array is empty
$colors=array();
Also, do declare your variables to prevent getting undeclared varibles, previously, in your code, this will happen if the user does not specify any color
Remember PHP is server-side and thus getting errors on PHP create loopholes for attacks. Try to read about PHP Best Practices, Its very impotant
Hopes it helps :-)
I would also suggest that you sanitize your from inputs before inserting into your database. You don't mention what type your color column is, could be a mismatch there as well.
When you say INSERT INTO $colors -- is that what you mean? Your table name is variable? You should probably have a proper table name in place of $colors.
In addition, you have used $color which I don't see defined, you probably meant to use $colors so it should be more like this:
INSERT INTO tblColors (color) VALUES ('$colors')
To check your return value to see what error you're getting:
$query = "INSERT INTO tblColors (color) VALUES ('$colors')";
$insert = mysql_query($query) or die("A MySQL error has occurred.<br />Your Query: " . $query . "<br /> Error: (" . mysql_errno() . ") " . mysql_error());
$insert = mysql_query("INSERT INTO $colors (color) VALUES ($color)");
Change it to:
$insert = mysql_query("INSERT INTO colors_table_name (color) VALUES ($color)");
Also, please check the return value of insert, maybe you are getting errors?
First obvious problem was that the table name was being replaced with the color because of the variable, is this the desired effect?
<?php
// connect to database
require "mysql_connect.php";
?>
<?php
// get value from the form
$colors = $_POST['color'];
foreach($colors as $color){
$insert = mysql_query("INSERT INTO colors (color) VALUES ($color)");
}
<form action="add_color.php" method="post" enctype="multipart/form-data" name="colorform" id="colorform">
<input type="checkbox" name="color[]" value="black" /> Black
<input type="checkbox" name="color[]" value="red" /> Red
<input type="checkbox" name="color[]" value="blue" /> Blue
<input type="checkbox" name="color[]" value="white" /> White
<td><input name="submit" type="submit" value="Add color" />
</form>
You've got your variables backwards, SQL syntax errors, SQL injection vulnerabilities, and a total lack of error handling
$color = $_POST['color']; <---stuff the POST data array into $color
foreach($_POST['color'] as $colors){ <--- loop over the POST data directly
$insert = mysql_query("INSERT INTO colors (color) VALUES ($color)");
^^^^^^---insert the array
^^^^^^---no quotes
You use $colors (with an S) to store the individual colors, but then insert $color, which is an array.
Never assume that a query has suceeded. If you'd have the bare minimum or die(...) error handling, you've have seen why your queries were failing:
foreach($_POST['color'] as $color) {
$safe_color = mysql_real_escape_string($color);
$result = mysql_query("INSERT INTO colors (color) VALUES ('$safe_color');") or die(mysql_error());
}