[SOLVED] need some idea, for updating database

[jesushax]

hi all below is my code for updating my database

 

the field Sect1_2 is updated from multiple checkboxes

the multiple checkboxes insert values into the field Trades sperated by a comma

 

so say a user wanted to update the field Trades they would essentially have to tick all the boxes again, i dont want to do that

 

what i though i would do, was put the current value of the trades into a hidden field then check that none of the checboxes have been checked (this i dont know how to do) then if they havent been checked then post the hidden field back into the db, this sound like a good idea and can anyone help me do the checkboxes bit?

 

Thanks

 

$posts = $_POST;

for($i=1; $i<=21; $i++) 
{ 
unset($posts['T'.$i]);
}

$SQL = "UPDATE tblDirectory2 SET (";
foreach($posts as $key=>$value){
    $SQL .= "`$key`='$value', ";
}  
$const = "T" ;

for ($i=1;$i<=21;$i++){
   $var = trim($_POST[$const.$i]) ;
   if(!empty($var)) {
     $trades .= $_POST[$const.$i] . "," ;
   }
} 

$SQL .="`Sect1_2`='".mysql_real_escape_string($trades)."')";

echo "<p>".$SQL."</p>";

[Brian W]

First off, security issue... on the line where you hav e

$SQL .= "`".mysql_real_escape_string($key)."`='".mysql_real_escape_string($value)."', ";

someone could use Cross Site Scripting and give you hell if you don't escape their input.

 

Secondly, where is your "WHERE" statement? Are you making this update to everyone?

 

Thirdly, the if !empty($var) thing... doesn't that defeat the whole thing. If they check box #3 of 5, then it should look like this " , , 1, , , ", not "1" because you don't know which box they checked.

 

Fourth, as for your actual question, what you can do is query the field "Sect1_2" and get their comma separated list. Use explode(", ", $trades_string) to make an array of the value. Following the example above (#3 of 5)... the array would look like this

$trades_array = array('','','1','','')

your checkboxes would then get something like this

<input type="checkbox" name="T1" value="1" <?php if($trades_array[0] == 1){ echo "checked"; } ?> >
<input type="checkbox" name="T2" value="1" <?php if($trades_array[1] == 1){ echo "checked"; } ?> >
ect

[jesushax]

sorted out the security issue, so for all of my datbase input i should have it mysql_real_escape_string on everything and it in ``?

 

i hadnt added the where statement yet, done that now

 

but if i have ,,1,,,,1,1 etc

 

i have another script for putting those values into a list, where it searches for text between commas

 

$TradesField = $row["Sect1_2"];
$trades = array_map('trim',explode(',',rtrim($TradesField,',')));
$st = 0;
$len = 3;
$part = array_slice($trades,$st,$len);
while (!empty($part)) {
        echo '<ul><li>' . implode('</li><li>',$part) . "</li></ul>\n";
        $st += $len;
        $part = array_slice($trades,$st,$len);
}