I have a form that is displaying data that is pulled from a database. There are several columns that are being pulled for the form. The basic structure of the form looks like this:
<form>
<input type="checkbox" name="check" value="$value" checked="$valueCheck" /> $label - $editedBy # $editedDate
<input type="checkbox" name="check" value="$value" checked="$valueCheck" /> $label - $editedBy # $editedDate
<input type="checkbox" name="check" value="$value" checked="$valueCheck" /> $label - $editedBy # $editedDate
<input type="checkbox" name="check" value="$value" checked="$valueCheck" /> $label - $editedBy # $editedDate
<input type="checkbox" name="check" value="$value" checked="$valueCheck" /> $label - $editedBy # $editedDate
<input type="submit" name="update" value="Update Checklist" />
</form>
The variables are all populated dynamically when the pages loads from data in the database. Here is my question...each input and corresponding data is being pulled from a single row in a "checklist" table. So, in the example above you would be looking at data from 5 rows in the database. When i check off a box and click submit i want it to submit that checked box to the database as a value of true or false depending on whether or not the box is checked or unchecked. I know how to do all that if i was only submitting one row; however, i am not sure how to do this with the multiple rows. I'm assuming i'll have to use some type of loop with my UPDATE query.
What would be the best way to accomplish this? Thanks for any help! Let me know if you have any questions at all. Sorry if doesn't explain my situation well enough.
Check out this page, particularly the bits following "UPDATE ===".
Haven't tried it but apparently, you can use a CASE statement in an update query.
Should work for your case.
Sounds like a bad idea maintenance-wise though (imho)
Related
I have a contact form with a couple of checkboxes.
Whenever i submit the form I would like the selected value's to be printed separated by comma's.
<form method="POST">
<input type="checkbox" id="product1" name="product1" value="12">
<input type="checkbox" id="product2" name="product1" value="13">
<input type="checkbox" id="product3" name="product1" value="14">
<button type="submit">Subscribe</button>
</form>
I'm using this form. Lets say product 1 and 2 are selected. Then it should print 12,13 <
What is the best way to do this? Is it even possible?
Thanks in advance.
USE CASE:
So I thought it was useful to post why I need this.
Later when I'm able to get the values I will do something like this:
header("Location: http://test.com/$myvalues");
So this link can be test.com/12,13 after the user submits the form.
Not working:
So im using this code
<?php
if(isset($_POST['product'])){
$values = implode(',',$_POST['product']);
// header("Location: https://test.com/?add-to-cart=$values");
}
?>
Whenever i click on the submit button, it takes me to a page that doesnt exist. So i get a 404 page. Even with the header location commented off.
The header location doesnt seem to work at all.
<form method="POST" action="upload.php" >
<input type="checkbox" id="product1" name="product[]" value="12">
<input type="checkbox" id="product2" name="product[]" value="13">
<input type="checkbox" id="product3" name="product[]" value="14">
<button type="submit" name="products" >Subscribe</button>
</form>
in upload.php
$a=$_POST['product'];
$prodt=implode(',',$a);
$prodt has the value
To consolidate Alive to Die's answer and the comments about XSS by hanshenrik;
Use the array-like syntax in the input name attribute:
<form method="POST">
<input type="checkbox" id="product1" name="product[]" value="12">
<input type="checkbox" id="product2" name="product[]" value="13">
<input type="checkbox" id="product3" name="product[]" value="14">
<button type="submit">Subscribe</button>
</form>
If you check the first two checkboxes and submit, you should receive:
$POST['product'] == ["12", "13"];
Of course any input needs to be validated and escaped before outputting in the response. For the specific use-case you mention, you would end up with something like this:
$products = [];
if (isset($POST['product'])) {
foreach ($POST['product'] as $product) {
if (!is_numeric($product)) {
die("invalid product value.");
}
$products[] = intval($product);
}
}
if (empty($products)) {
die("no products selected.");
}
header("Location: https://test.com/" . implode(",", $products);
Clarification on input validation:
If you skip the input validation, one could submit the following data:
product[]="admin.php" and get redirected to https://test.com/admin.php. Of course that wasn't what you wanted this script to do, so by that principle alone you should consider restricting the possible behavior of your code. But it could get worse:
If you choose to echo implode(",", $POST['product']) somewhere in your website, someone might submit:
product[]="<script>alert(\"vuln\");</script>" which will add JavaScript to your website. An alert isn't dangerous, but this script could be anything. From submitting your session cookies to running a cryptominer in your browser. In principle, if you can alert(), you can do anything.
If you construct your original form from a database, someone might insert malicious inputs as values into the database. So these attacks are not necessarily limited to a single user playing around with their element inspector.
These are a lot of 'ifs' and for a simple local website or PHP script, you don't need to concern yourself with most of these issues. However, if you choose to make any of your code available to the internet, you should never trust user input.
Since you've given every checkbox the same name attribute, you can't. Give them separate names and you can easily handle this client and/or server side.
As the title states, I'm trying to send html form checkbox data (that is supposed to query a MySQL database) to a PHP script where the output should be a table of the queries' results. I have one document for the html and another for the php/sql. The query works fine in MySQL but when I try executing it through html/php, I get column names for the results table but no queried results. This is THE problem.
The database groups users into groups and groups into departments. The query finds user vacancies (where user_id=1) within departments. I imagine it's the php that's screwing me up. Here's what I have so far--
The html form:
<form name="dept_checkbox" method="post" action="dept.php">
<fieldset>
<legend>In which department would like to find open positions?</legend><br />
<input type="checkbox" name="dept_name" id="dept_name" value="First Department" />First Department<br />
<input type="checkbox" name="dept_name" id="dept_name" value="Second Department" />Second Department<br />
<input type="checkbox" name="dept_name" id="dept_name" value="Third Department" />Third Department<br />
<input type="checkbox" name="dept_name" id="dept_name" value="Fourth Department" />Fourth Department<br />
<input type="checkbox" name="dept_name" id="dept_name" value="Fifth Department" />Fifth Department<br />
<input type="checkbox" name="dept_name" id="dept_name" value="All Departments"/>All Departments<br /><br />
<input type="submit" value="Submit" />
</fieldset>
The above displays fine in the browser. The following is my failed attempt to run the sql query through php. At this point, i'm just trying to get it to work for one department ("First Department") and, once I get that to work, I figure I can go from there. Here's the sql/php minus the database login info at the beginning of the script:
if(isset($POST[dept_name])){
$sql="select user_role,group_name
from groups,users,groups_users_link,departments
where groups.group_id=groups_users_link.groups_id
and users.user_id=groups_users_link.user_id
and groups.department_id=departments.department_id
and league_name like \"First Department\"
and groups_users_link.user_id=1";
$result=mysql_query($sql);
}
Let me reiterate that the above query is working in MySQL. The following is the rest of the php script which is supposed to display the results in table form:
echo("<table border=\"10px\">");
echo("<tr><th>Role</th><th>Group</th></tr>");
while($myrow=mysql_fetch_array($result))
{
echo("<tr><td>".$myrow[user_role]."</td>");
echo("<td>".$myrow[group_name]."</td>");
}
echo("</table>");
?>
<h4>Back to form</h4>
I'm wanting this to display all the vacant user roles for such-and-such groups within the department "First Department." Instead it displays the column names but the query results are missing. Any help would be greatly appreciated.
In your HTML for the checkboxes, use array notation for the checkbox names:
name="dept_name[]"
Then when you are processing the posted form, you have an error where $POST should be $_POST.
Finally, switch to mysqli or pdo if possible. The mysqli functions can be used in a very similar fashion to mysql, it's very easy to switch if you aren't in a large legacy codebase.
How do we dynamically display the sum of all the values of check boxes that have been checked in php.
Its basically like a checkout in a shopping cart.Each item that is to be checked, has a value and the final amount(in the same page at the bottom) should be the sum of rates of all the items that have been checked(without refreshing).
I may need to use AJAX. Can anyone give a simple sample code please
For the checkboxes, you need to make them into an array, say for instance:
<input type="checkbox" name="items[]" id="items[]" value="25" /><br />
<input type="checkbox" name="items[]" id="items[]" value="40" /><br />
<input type="checkbox" name="items[]" id="items[]" value="12" /><br />
... <!-- as many as you want -->
<input type="checkbox" name="items[]" id="items[]" value="20" /><br />
On the PHP side you could then handle it like so...(NOTE: It will come into PHP as an array)
$items = $_POST["items"];
//it's an array -- feel free to do a var_dump($items) to see its content
//to sum you could even do an $total_amount = array_sum($items);
//but i would advise cleaning up the values first
And yes, you can achieve the same if you submit the form using AJAX (e.g. via jQuery)
Happy coding :)
Is it possible to submit forms with input checkboxes, each containing the same name, to a PHP script?
Is it possible to loop through the names to get all the values?
I am building a message system, and users can add/remove recipients dynamically. When they do, a hidden checkbox is generated in the form containing the value, yet I'm not sure what to do with the name. On the php end, on top of the recipients a subject and a message are submitted, and the script needs to loop through each name and perform various SQL tasks. I know there are much better ways of doing this, and feel free to suggest, but I'd really like to know if it can get done this way. Comment if you need to see code, but I warn you, it's really confusing.
<input type="checkbox" name="samename[]">
// on the post/get:
foreach( $_POST['samename'] as $eachId ){
// do whatever you want. build the where in a query, ' set = '.$eachId
}
Yes you can, use the same name with [] after it, it will cause all of the values to be stored in an array on PHP.
<input type=checkbox value=1 name=check[]>
<input type=checkbox value=2 name=check[]>
<input type=checkbox value=3 name=check[]>
<input type=checkbox value=4 name=check[]>
<input type=checkbox value=5 name=check[]>
Yes you can, array of post, look at this example:
<?php
print_r($_POST);
?>
<form action="form.php" method="POST">
<input type="checkbox" name="vehicle[]" value="Bike" /> I have a bike<br />
<input type="checkbox" name="vehicle[]" value="Car" /> I have a car
<input type="submit" value="Submit" />
</form>
Notice how vehicle has the square brackets?
I having around 20 check boxes in my form as
<input type="checkbox" name="c1" value="1" />
<input type="checkbox" name="c2" value="2" />
<input type="checkbox" name="c3" value="3" />
<input type="checkbox" name="c4" value="4" />
i would like to these values to a database. I just thought rather than creating 20 fields in my database grab all the values at store in the db as 1,2,3,4 and then when querying to explode the values and display it accordingly using php.
can someone please tell me how am i supposed to concatenate the values 1,2,3,4 from the check fields when submitted so i can pass to the database.
i would appreciate if anyone can suggest a different effective way to achieve this using php.
You can change the name of the checkboxes to be the same, something like
<input type="checkbox" name="cb[]" value="1" />
<input type="checkbox" name="cb[]" value="2" />
Then access them via $_GET or $_POST via
if (isset($_POST['cb'])) {
$my_values = implode(",", $_POST['cb']);
}
If you want them sorted, then you will want to do something like this:
if (isset($_POST['cb'])) {
$my_values = $_POST['cb'];
sort($my_values);
$my_db_value = implode(',', $my_values);
}
For the record, I agree with #Shef in the case that the database can handle the extra load. Depending on when this information will be needed in a highly scalable solution, however, this is a perfectly acceptable way to handle this.
To answer your initial question, first off you need to name your checkboxes all the same name, so:
<input type="checkbox" name="box[]" value="1" />
....
<input type="checkbox" name="box[]" value="20" />
PHP script:
$boxes = $_POST['box'];
$values = implode(",", $boxes); // $values now has "1,2,3,4...", insert into table
A better way would be to have a separate table (see #Shef 's comment).