Jump to content

Update array and escape empty field


Yohanne

Recommended Posts

Hi Codes,

 

i have two checkbox and one input-text with a multiple rows and i try to update but not work correctly.  my main problem are the two checkbox it is optional and not necessary to add check to update record.

 

here my code

$selectedid = $this->input->post('selectedid');
$check_one = $this->input->post('check_one');
$check_two => $this->input->post('check_two');
$comm => $this->input->post('comment');
														
for($i = 0; $i < count($selectedid); $i++)		
  {
      $query = $this->db->query("UPDATE sr_list SET  `sr_star` = '$check_one[$i]', `pr_star` = '$check_two[$i]', `comm_star` = '$comm[$i]' WHERE srid = '$selectedid[$i]'");	
  }

image.png

Edited by Yohanne
Link to comment
Share on other sites

Do you get an error message? You do realize that a checkbox doesn't return a value unless it is checked? You really need to validate your input vars and NOT use them directly in your query statement to avoid injection. Also might help to see your html.

Link to comment
Share on other sites

Hi ginerjm.

 

yes i get an error with Undefined offset: 1 but when i check all checkbox i did not get any error and it work perfect. but in this scenario not everytime that i need to check all check-boxes. and maybe latter i put a validation with my checkbox and textbox when i get the correct logic. 

Link to comment
Share on other sites

This is my HTML

<input type="text" name="selectedid[]" value = "<?php echo $row['genid'];?>"/>
<input type="checkbox" name="check_one[]" value = "1"/>  PR
<input type="checkbox" name="check_two[]" value = "2"/>
<input type="text" class="form-control input-sm" name = "comment[]" value = "Receive">

So now how do i avoid the error if the situation like image above. ?

Link to comment
Share on other sites

This line

 $query = $this->db->query("UPDATE sr_list SET  `sr_star` = '$check_one[$i]', `pr_star` = '$check_two[$i]', `comm_star` = '$comm[$i]' WHERE srid = '$selectedid[$i]'");	

i dont use radio button since this is different field name.

 

image.png

Link to comment
Share on other sites

Since unchecked boxes are completely omitted from the request, you can't use implicit indexes with “[]”. PHP has no chance of figuring out which of the remaining parameters belongs to which group.

 

Use explicit indexes:

<input type="checkbox" name="check_one[<?= html_escape($id_of_target); ?>]" value = "1"/>

In fact, I strongly recommend you avoid implicit indexes altogether, because it's rather fragile and can lead to nasty surprises (as you just saw).

 

Then replace your vulnerability-ridden query with a proper prepared statement (as already pointed out by ginerjm) and use isset($check_one[$i]) ? 1 : 0 to get the right SQL value.

Link to comment
Share on other sites

What exactly do you not understand?

 

Start with the form:

<input type="checkbox" name="sr_list[<?= html_escape($row['genid']) ?>][sr]">
<input type="checkbox" name="sr_list[<?= html_escape($row['genid']) ?>][pr]">
<input type="text" class="form-control input-sm" name = "sr_list[<?= html_escape($row['genid']) ?>][comment]" value="Receive">

This gives you an associative array under $_POST['sr_list'] where the keys are the genid numbers and the values are the corresponding form parameters:

// assuming 42 and 50 are genid numbers
[
    '42' => [
        'sr' => 'on',   // the exact value of the checkbox is irrelevant; if the parameter exists, the box has been checked, otherwise not
        'pr' => 'on',
        'comment' => 'Receive',
    ],
    '50' => [
        'sr' => 'on',
        // no "pr" parameter means: not checked
        'comment' => 'Hallo'
    ]
]

There's not much more I can do. I know nothing about the platform/framework you're using, and the cryptic names aren't helpful either.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.