Jump to content

Update array and escape empty field

Yohanne

By Yohanne
in PHP Coding Help

 Share

Recommended Posts

Yohanne Regular Member

Yohanne

Posted
Posted (edited)

Hi Codes,

 

i have two checkbox and one input-text with a multiple rows and i try to update but not work correctly.  my main problem are the two checkbox it is optional and not necessary to add check to update record.

 

here my code

$selectedid = $this->input->post('selectedid');
$check_one = $this->input->post('check_one');
$check_two => $this->input->post('check_two');
$comm => $this->input->post('comment');
														
for($i = 0; $i < count($selectedid); $i++)		
  {
      $query = $this->db->query("UPDATE sr_list SET  `sr_star` = '$check_one[$i]', `pr_star` = '$check_two[$i]', `comm_star` = '$comm[$i]' WHERE srid = '$selectedid[$i]'");	
  }

image.png

Edited by Yohanne
Link to comment
https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/
Share on other sites
ginerjm Prolific Member

ginerjm

Posted
Posted

Do you get an error message? You do realize that a checkbox doesn't return a value unless it is checked? You really need to validate your input vars and NOT use them directly in your query statement to avoid injection. Also might help to see your html.

Yohanne Regular Member

Yohanne

Posted
  • Author
Posted

Hi ginerjm.

 

yes i get an error with Undefined offset: 1 but when i check all checkbox i did not get any error and it work perfect. but in this scenario not everytime that i need to check all check-boxes. and maybe latter i put a validation with my checkbox and textbox when i get the correct logic. 

ginerjm Prolific Member

ginerjm

Posted
Posted

Huh?

 

What line is the error on? Read up on how checkboxes are handled - you don't get a $_POST element for a checkbox if it is not checked, so you will get a warning/notice because of that. Do you have error checking turned on?

Yohanne Regular Member

Yohanne

Posted
  • Author
Posted

This is my HTML

<input type="text" name="selectedid[]" value = "<?php echo $row['genid'];?>"/>
<input type="checkbox" name="check_one[]" value = "1"/>  PR
<input type="checkbox" name="check_two[]" value = "2"/>
<input type="text" class="form-control input-sm" name = "comment[]" value = "Receive">

So now how do i avoid the error if the situation like image above. ?

Yohanne Regular Member

Yohanne

Posted
  • Author
Posted

This line

 $query = $this->db->query("UPDATE sr_list SET  `sr_star` = '$check_one[$i]', `pr_star` = '$check_two[$i]', `comm_star` = '$comm[$i]' WHERE srid = '$selectedid[$i]'");

i dont use radio button since this is different field name.

 

image.png

Jacques1 Prolific Member

Jacques1

Posted
Posted

Since unchecked boxes are completely omitted from the request, you can't use implicit indexes with “[]”. PHP has no chance of figuring out which of the remaining parameters belongs to which group.

 

Use explicit indexes:

<input type="checkbox" name="check_one[<?= html_escape($id_of_target); ?>]" value = "1"/>

In fact, I strongly recommend you avoid implicit indexes altogether, because it's rather fragile and can lead to nasty surprises (as you just saw).

 

Then replace your vulnerability-ridden query with a proper prepared statement (as already pointed out by ginerjm) and use isset($check_one[$i]) ? 1 : 0 to get the right SQL value.

Jacques1 Prolific Member

Jacques1

Posted
Posted

What exactly do you not understand?

 

Start with the form:

<input type="checkbox" name="sr_list[<?= html_escape($row['genid']) ?>][sr]">
<input type="checkbox" name="sr_list[<?= html_escape($row['genid']) ?>][pr]">
<input type="text" class="form-control input-sm" name = "sr_list[<?= html_escape($row['genid']) ?>][comment]" value="Receive">

This gives you an associative array under $_POST['sr_list'] where the keys are the genid numbers and the values are the corresponding form parameters:

// assuming 42 and 50 are genid numbers
[
    '42' => [
        'sr' => 'on',   // the exact value of the checkbox is irrelevant; if the parameter exists, the box has been checked, otherwise not
        'pr' => 'on',
        'comment' => 'Receive',
    ],
    '50' => [
        'sr' => 'on',
        // no "pr" parameter means: not checked
        'comment' => 'Hallo'
    ]
]

There's not much more I can do. I know nothing about the platform/framework you're using, and the cryptic names aren't helpful either.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.