I've got a question.
I've got a page with checkboxes generated with the database. When we press the checkbox and submit it, it is working fine and it is updating in the database. But when I try to uncheck "1" checkbox it is checking out all checkboxes which are selected.
Query:
if(isset($_POST['submit'])){
foreach ($_POST['untrain'] as $room_id => $user_id) {
// This query needs protection from SQL Injection!
$user_id;
$untrainQuery = "UPDATE room_users SET trained = '1' WHERE user_id = $user_id AND room_id = $room_id";
$db->update($untrainQuery);
}
}
if(isset($_POST['submit'])){
foreach ($_POST['amk'] as $room_id => $user_id) {
// This query needs protection from SQL Injection!
$user_id;
$untrainedQuery = "UPDATE room_users SET trained = '0' WHERE user_id = $user_id AND room_id = $room_id";
$db->update($untrainedQuery);
}
}
Checkboxes:
<?php if($room->trained == 1) { ?> <input type='hidden' value="<?php echo $room->user_id; ?>" name="amk[<?php echo $room->room_id; ?>]"> <input type='checkbox' value="<?php echo $room->user_id; ?>" name="trained[<?php echo $room->room_id; ?>]" checked> <?php echo "Y"; } else{ ?> <input type='checkbox' value="<?php echo $room->user_id; ?>" name="untrain[<?php echo $room->room_id; ?>]"> <?php echo "N"; }?> </td>
<Td><?php if($room->active == 1) { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" checked> <?php echo "Active"; } else { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" <?php echo "Inactive"; } ?>
I used the "trick" with the input type hidden, but it is checking out all checked checkboxes..
Thanks in advance!
Related
this is radio button code
now what if radio button does not have a constant name how would i store the data in database because to store the data in database we will need a name of form attribute
$sql1="select * from questions where email='". $_SESSION['email'] ."'";
$row=mysqli_query($conn,$sql1);
while ($result = mysqli_fetch_array($row))
{
?>
<h2 id="question_<?php echo $result['qid'];?>"><?php echo $result['qid'].".".$result['question'];?></h2>
<input type="radio" value="<?php echo $result['answer1'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer1'];?>
<input type="radio" value="<?php echo $result['answer2'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer2'];?>
<input type="radio" value="<?php echo $result['answer3'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer3'];?>
<input type="radio" value="<?php echo $result['answer4'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer4'];?>
if we know the name of radio button we can access it using
<input type="radio" value="<?php echo $result['answer4'];?>" name="name"><?php echo $result['answer4'];?>
$name=$_POST['name'];
but in the above code name of radio button is not fixed.questions is the table which consists of qid and questions with multiple options that is answer1,answer2 etc
i want to store the option select by user into database.for which i need to know the name of radio button
how should i use post in this case
$name=$_POST['what should go in here'];
You can get the radio button value along with question ID as:
Basic Example:
<?php
$array = array(1,2); // your Question ID array
?>
Your Form:
<form method="post" action="">
<?php
foreach ($array as $key => $qid) {
?>
<input type="radio" value="1" name="radio[<?=$qid?>]">
Answer 1
<input type="radio" value="2" name="radio[<?=$qid?>]">
Answer 2
<input type="radio" value="3" name="radio[<?=$qid?>]">
Answer 3
<input type="radio" value="4" name="radio[<?=$qid?>]">
Answer 4
<?php
echo "<br/>";
}
?>
<input type="submit" name="submit">
</form>
In PHP:
<?php
if(isset($_POST['submit'])) {
$query = array();
foreach ($_POST['radio'] as $key => $value) {
$query[] = "('$value','$key')";
}
$sql = "INSERT INTO table (answer,questionID) VALUES ";
$sql .= implode(",", $query);
echo $sql;
}
?>
In this example query look like:
INSERT INTO table (answer,questionID) VALUES ('2','1'),('3','2')
Few Suggestions:
- Your code is open for SQL Injection, you must need to prevent your code with SQL Attack and this reference will help you to understand: How can I prevent SQL injection in PHP?
- Make sure your column name and table name not having any conflict, currently, you are using same name for both.
Update with Your Code:
<?php
while ($result = mysqli_fetch_array($row))
{
?>
<h2 id="question_<?php echo $result['qid'];?>"><?php echo $result['qid'].".".$result['question'];?></h2>
<input type="radio" value="<?php echo $result['answer1'];?>" name="radio[<?php echo $result['qid'];?>]">
<?php echo $result['answer1'];?>
<input type="radio" value="<?php echo $result['answer2'];?>" name="radio[<?php echo $result['qid'];?>]">
<?php echo $result['answer2'];?>
<input type="radio" value="<?php echo $result['answer3'];?>" name="radio[<?php echo $result['qid'];?>]">
<?php echo $result['answer3'];?>
<input type="radio" value="<?php echo $result['answer4'];?>" name="radio[<?php echo $result['qid'];?>]">
<?php echo $result['answer4'];?>
<?
}
?>
In PHP:
<?php
if(isset($_POST['submit'])) {
$query = array();
foreach ($_POST['radio'] as $key => $value) {
$query[] = "('$value','$key')";
}
$sql = "INSERT INTO table (answer,questionID) VALUES ";
$sql .= implode(",", $query);
echo $sql; // run this query in mysqli_query()
}
?>
Few More Instructions:
- Change the table name as per your table name
- Change the column name according to your column.
- Use INSERT query at once, no need to use it inside the loop.
Create an array at the end of while loop like this :
while ($result = mysqli_fetch_array($row))
{
?>
<h2 id="question_<?php echo $result['qid'];?>"><?php echo $result['qid'].".".$result['question'];?></h2>
<input type="radio" value="<?php echo $result['answer1'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer1'];?>
<input type="radio" value="<?php echo $result['answer2'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer2'];?>
<input type="radio" value="<?php echo $result['answer3'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer3'];?>
<input type="radio" value="<?php echo $result['answer4'];?>" name="<?php echo $result['qid'];?>"><?php echo $result['answer4'];?>
<? $names[] = $result['qid'];
}
if(isset($_POST['submit'])) {
for ($i=0; $i<count($names); $i++) {
if(isset($_POST[$names[$i]]) {
$rate = $_POST[$names[$i]];
$sql ="INSERT INTO answer (answer, qid) VALUES (".$rate.", ".$names[$i] .")";
mysqli_query($con, $sql);
}
}
}
?>
I've got a question about databases and checkboxes. I've got a table looking like:
Website is looking like:
At the bottom of the page I also have a button, so when I submit the checked checkboxes will be updated to 1 or 0 in the database. (True or false)
So when I click on the 3rd checkbox under trained, it will update the trained column in the database with a user/room id of '3583'. (ID is shown right of the screen)
Code:
<form class='verwerkInfo' method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>?license=6'>
<td>
<?php if($room->trained == 1) { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" checked> <?php echo "Y"; } else{ ?> <input type='checkbox' name="<?php echo $room->room_id; ?>"> <?php echo "N"; }?> </td>
<Td><?php if($room->active == 1) { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" checked> <?php echo "Active"; } else { ?> <input type='checkbox' name="<?php echo $room->room_id; ?>" <?php echo "Inactive"; } ?>
</td>
<Td><?php echo $room->configuration; ?></td>
<td><?php echo $room->room_id; ?></td>
<td><?php var_dump($room->user_id); }?></td>
</tr>
So I guess I have a problem in the names of the checkboxes.
The query is looking like:
$trainedQuery = "UPDATE room_users
SET trained = 1
WHERE user_id = $room->user_id";
The $room->user_id is referring to the user_id in the database.
Here's a way to give the checkboxes unique names and pass extra information with each element:
name="trained[<?php echo $room->room_id; ?>]" value="<?php echo $room->user_id; ?>"
Then in the PHP script that processes the form submission you can:
foreach ( $_POST['trained'] as $room_id => $user_id ) {
// This query needs protection from SQL Injection!
$trainedQuery = "UPDATE room_users SET trained = 1 WHERE user_id = $user_id";
}
It's not clear what the relationship is between room_id and user_id and why you're updating the room_user table with only user_id. What do you do with the room_id?
Is this what you actually need:
// This query needs protection from SQL Injection!
$trainedClear = "UPDATE room_users SET trained = 0 WHERE user_id = $user_id";
$db->exec($trainedClear); // first clear all
foreach ( $_POST['trained'] as $room_id => $user_id ) {
// This query needs protection from SQL Injection!
$trainedQuery = "UPDATE room_users SET trained = 1
WHERE user_id = $user_id AND room_id = $room_id";
$db->exec($trainedQuery); // then add selections
}
// assuming there's a database connection `$db-exec`.
// Replace with your actual connection and query method.
Refactored checkbox columns for clarity:
<?php
$room_id = $room->id;
$room_configuration = $room->configuration;
$room_user_id = $room->user_id;
if ( $room->trained == 1 ) {
$trained_checked = 'checked';
$trained_label = 'Y';
}
else {
$trained_checked = '';
$trained_label = 'N';
}
if ( $room->active == 1 ) {
$active_checked = 'checked';
$active_label = 'Active';
}
else {
$active_checked = '';
$active_label = 'Inactive';
}
echo <<<EOT
<td><input type="checkbox" name="trained[$room_id]" value="$room_user_id" $trained_checked> $trained_label</td>
<td><input type="checkbox" name="active[$room_id]" value="$room_user_id" $active_checked> $active_label</td>
<td>$room_configuration</td>
<td>$room_id</td>
<td>$room_user_id</td>
EOT;
?>
Just change the checkbox names attribute with adding yes,no and active
name="yes_<?php echo $room->room_id; ?>"
name="no_<?php echo $room->room_id; ?>"
name="act_<?php echo $room->room_id; ?>"
I've got a page with checkboxes generated with the database. When we press the checkbox and submit it, it is working fine and it is updating in the database. But when I try to uncheck "1" checkbox it is checking out all checkboxes which are selected.
Query:
if(isset($_POST['submit'])){
foreach ($_POST['untrain'] as $room_id => $user_id) {
// This query needs protection from SQL Injection!
$user_id;
$untrainQuery = "UPDATE room_users SET trained = '1' WHERE user_id = $user_id AND room_id = $room_id";
$db->update($untrainQuery);
}
}
if(isset($_POST['submit'])){
foreach ($_POST['amk'] as $room_id => $user_id) {
// This query needs protection from SQL Injection!
$user_id;
$untrainedQuery = "UPDATE room_users SET trained = '0' WHERE user_id = $user_id AND room_id = $room_id";
$db->update($untrainedQuery);
}
}
Checkboxes:
<?php
if($room->trained == 1)
{ ?>
<input type='hidden' value="<?php echo $room->user_id; ?>" name="amk[<?php echo $room->room_id; ?>]">
<input type='checkbox' value="<?php echo $room->user_id; ?>" name="trained[<?php echo $room->room_id; ?>]" checked>
<?php echo "Y"; }
else{ ?>
<input type='checkbox' value="<?php echo $room->user_id; ?>" name="untrain[<?php echo $room->room_id; ?>]">
<?php echo "N";
}?>
</td>
<Td><?php
if($room->active == 1) {
?> <input type='checkbox' name="<?php echo $room->room_id; ?>" checked>
<?php echo "Active"; }
else { ?>
<input type='checkbox' name="<?php echo $room->room_id; ?>"
<?php echo "Inactive"; } ?>
I used the trick with the "hidden" input before the checkbox, but the only problem is that it is not working. When I click on it, it resets all checkboxes to 0.
I think you are missing how the combo checkbox + hidden input does work.
So here you go freely inspired by this answer:
<input id="foo" name="foo" type="checkbox" value="1" />
<input name="foo" type="hidden" value="0" />
Looks like you do know, if you use the trick, that, if the checkbox is unchecked, it will not be present in the post. So to trick the form, we will always add an hidden field. And if the checkbox is checked, then the fact that it will be included in the post is going to override the value of the hidden input.
So for your specific problem :
<td>
<input type="checkbox" value="1" name="trained[<?php echo $room->room_id; ?>_<?php echo $room->user_id; ?>]" <?php echo ($room->trained == 1) ? ' checked' : '' ?> /> Trained
<input type="hidden" value="0" name="trained[<?php echo $room->room_id; ?>_<?php echo $room->user_id; ?>]"/>
</td>
Please note the use of the ternary operator on this part of the code <?php echo ($room->trained == 1) ? ' checked' : '' ?> which I may use a lot when writing html template.
Please also note the trick on the name trained[<?php echo $room->room_id; ?>_<?php echo $room->user_id; ?>] which is needed because we cannot set the user_id as value of the input.
Then for the processing part :
if ( isset ( $_POST['submit'] ) ) {
foreach ( $_POST['trained'] as $ids => $value ) {
// This query needs protection from SQL Injection!
// ^ good point, on which I would suggest you using PDO and prepared statement :)
list($room_id,$user_id) = explode('_',$ids);
// ^ now need to explode the name on the underscore to get both user_id and room_id cf the trick above
$untrainQuery = "UPDATE room_users SET trained = '$value' WHERE user_id = $user_id AND room_id = $room_id";
$db->update ( $untrainQuery );
}
}
Wash, rinse, repeat for every checkbox you need and you should be good to go.
I'm making a site where the owner has to be able to update their events, but my update code isnt working even though im 99% sure I havent made any errors.
First the form where you press update:
<?php
$sql = "SELECT * FROM events ORDER BY id ASC";
$res = $objCon->query($sql) or die('fejl i query:'.mysqli_error($objCon));
while($row=$res->fetch_array()) {
$id = $row['id'];
echo "<div class='eventpost'>";
echo "<div class='dato'>";
echo $row['id'];
echo "</div>";
echo "<p class='overskrift'>";
echo "<a href='update.php?id=$id'>RET </a>";
echo "<a href='code_delete.php?id=$id'>SLET</a>";
echo $row['overskrift'];
echo "</p>";
echo "</div>";
}
?>
then the update form:
<form action="code_update.php" method="POST">
<label>Dato:<br>
<input type="text" name="dag" value="<?php echo $data['dag']; ?>"></label>
<label>MÃ¥nede:<br>
<input type="text" name="month" value="<?php echo $data['month']; ?>"></label>
<label>Overskrift:<br>
<input type="text" name="overskrift" value="<?php echo $data['overskrift']; ?>"></label>
<label>Tekst:<br>
<input type="text" name="tekst" value="<?php echo $data['tekst']; ?>"></label>
<input type="hidden" name="id" value="<? echo $id; ?>">
<input type="submit" value="Opret">
</form>
and finally the update code
<?php
session_start();
if($_SESSION['auth'] == 2){
include('incl_db.php');
$id = $_POST['id'];
$overskrift = $_POST['overskrift'];
$dag = $_POST['dag'];
$month = $_POST['month'];
$tekst = $_POST['tekst'];
$sql = "UPDATE events SET overskrift='$overskrift', dag='$dag', month='$month', tekst='$tekst' WHERE id='$id'";
$res = $objCon->query($sql);
header('location:events.php');
}else{
header('location:index.php');
}
?>
Probably shorthand tags are disabled in your php version.So try changing this
<input type="hidden" name="id" value="<? echo $id; ?>">
to this
<input type="hidden" name="id" value="<?php echo $id; ?>">
You can check this answer for more.
I am trying to create a quiz with PHP/Mysql...
I have created a form with radio buttons for answers which displays data pulled from the database as values for the radio buttons. I tried to submit the form but the result page does not show anything.
My quiz code goes as follows:
<form method="post" action="insertscore.php" name="cssCheckbox" id = "cssCheckbox">
<?php $query = "SELECT * FROM questions WHERE (`topics` = '.NET' OR `topics` = 'PHP') ORDER BY Rand() LIMIT 5"; $result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$numrows = mysql_num_rows($result);
$count =1;
while ($row = mysql_fetch_array($result))
{
?>
<div class="group">
<input type="hidden" name="<?php echo $row['key_id']; ?>"><?php $row['key_id']; ?></input>
<span class="test_question"><strong><?php echo $count;?>) <?php echo $row['question']; ?>
</strong><br />
<?php if($row['answer1'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer1']; ?>" id="chkLimit_1" ></input>
<label for="chkLimit_1" ><?php echo $row['answer1']; echo "<br />"; } else {} ?></label>
<?php if($row['answer2'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer2']; ?>" id="chkLimit_2" ></input>
<label for="chkLimit_2" ><?php echo $row['answer2']; echo "<br />"; } else {} ?></label>
<?php if($row['answer3'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer3']; ?>" id="chkLimit_3" ></input>
<label for="chkLimit_3" ><?php echo $row['answer3']; echo "<br />"; } else {} ?></label>
<?php if($row['answer4'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer4']; ?>" id="chkLimit_4" ></input>
<label for="chkLimit_4" ><?php echo $row['answer4']; echo "<br />"; } else {} ?></label>
<?php if($row['answer5'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer5']; ?>" id="chkLimit_5" ></input>
<label for="chkLimit_5" ><?php echo $row['answer5']; echo "<br />"; } else {} ? ></label>
<?php if($row['answer6'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer6']; ?>" id="chkLimit_6" ></input>
<label for="chkLimit_6" ><?php echo $row['answer6']; echo "<br />"; } else {} ?></label>
<?php if($row['answer7'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer7']; ?>" id="chkLimit_7" ></input>
<label for="chkLimit_7" ><?php echo $row['answer7']; echo "<br />"; } else {} ?></label>
<?php if($row['answer8'] != NULL){ ?>
<input type = "radio" name="answers" value="<?php echo $row['answer8']; ?>" id="chkLimit_8" ></input>
<label for="chkLimit_8" ><?php echo $row['answer8']; echo "<br />"; } else {} ?></label>
<input type="hidden" name="<?php echo $row['right_answer']; ?>"><?php $row['right_answer']; ?></input>
</div>
<input name="Submit" type="submit" value="Submit Your Answers" class="submit">
</form>
Code on submitted Page looks like:
<?php
if(isset($_POST['Submit'])){
$key_id=$_POST['key_id']; echo $key_id;
$question=$_POST['question']; echo $question;
$answers=$_POST['answers']; echo $answers;
$correctanswer=$_POST['correctanswer']; echo $correctanswer;
}
foreach($_POST as $key => $val)
{
echo "$key --> $val<br />";
}
//var_dump($_POST);
?>
Please let me know if anything is not clear or if I am missing anything....
Thanks,
Shank
I would:
remove comments to //var_dump($_POST); and move this line at the top of the code on submitted Page.
if you still don't see anything, I think the code on submitted page is not in a file called insertscore.php or such file is not in same folder of your form page.