Yohanne Posted March 11, 2016 Share Posted March 11, 2016 Hi Codes, i have two checkbox and one input-text with a multiple rows and i try to update but not work correctly. my main problem are the two checkbox it is optional and not necessary to add check to update record. here my code $selectedid = $this->input->post('selectedid'); $check_one = $this->input->post('check_one'); $check_two => $this->input->post('check_two'); $comm => $this->input->post('comment'); for($i = 0; $i < count($selectedid); $i++) { $query = $this->db->query("UPDATE sr_list SET `sr_star` = '$check_one[$i]', `pr_star` = '$check_two[$i]', `comm_star` = '$comm[$i]' WHERE srid = '$selectedid[$i]'"); } Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/ Share on other sites More sharing options...
ginerjm Posted March 11, 2016 Share Posted March 11, 2016 Do you get an error message? You do realize that a checkbox doesn't return a value unless it is checked? You really need to validate your input vars and NOT use them directly in your query statement to avoid injection. Also might help to see your html. Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531919 Share on other sites More sharing options...
Yohanne Posted March 11, 2016 Author Share Posted March 11, 2016 Hi ginerjm. yes i get an error with Undefined offset: 1 but when i check all checkbox i did not get any error and it work perfect. but in this scenario not everytime that i need to check all check-boxes. and maybe latter i put a validation with my checkbox and textbox when i get the correct logic. Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531924 Share on other sites More sharing options...
ginerjm Posted March 11, 2016 Share Posted March 11, 2016 Huh? What line is the error on? Read up on how checkboxes are handled - you don't get a $_POST element for a checkbox if it is not checked, so you will get a warning/notice because of that. Do you have error checking turned on? Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531926 Share on other sites More sharing options...
Yohanne Posted March 12, 2016 Author Share Posted March 12, 2016 This is my HTML <input type="text" name="selectedid[]" value = "<?php echo $row['genid'];?>"/> <input type="checkbox" name="check_one[]" value = "1"/> PR <input type="checkbox" name="check_two[]" value = "2"/> <input type="text" class="form-control input-sm" name = "comment[]" value = "Receive"> So now how do i avoid the error if the situation like image above. ? Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531932 Share on other sites More sharing options...
ginerjm Posted March 12, 2016 Share Posted March 12, 2016 Again - which line is the error message pointing at? Also - if you only expect a value of 1 or 2 from the checkboxes, why aren't you using a radio button instead? Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531933 Share on other sites More sharing options...
Yohanne Posted March 12, 2016 Author Share Posted March 12, 2016 This line $query = $this->db->query("UPDATE sr_list SET `sr_star` = '$check_one[$i]', `pr_star` = '$check_two[$i]', `comm_star` = '$comm[$i]' WHERE srid = '$selectedid[$i]'"); i dont use radio button since this is different field name. Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531935 Share on other sites More sharing options...
Jacques1 Posted March 12, 2016 Share Posted March 12, 2016 Since unchecked boxes are completely omitted from the request, you can't use implicit indexes with “[]”. PHP has no chance of figuring out which of the remaining parameters belongs to which group. Use explicit indexes: <input type="checkbox" name="check_one[<?= html_escape($id_of_target); ?>]" value = "1"/> In fact, I strongly recommend you avoid implicit indexes altogether, because it's rather fragile and can lead to nasty surprises (as you just saw). Then replace your vulnerability-ridden query with a proper prepared statement (as already pointed out by ginerjm) and use isset($check_one[$i]) ? 1 : 0 to get the right SQL value. Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531936 Share on other sites More sharing options...
Yohanne Posted March 12, 2016 Author Share Posted March 12, 2016 Hi Jacques1 can you elaborate more. or just add other example.. pleasssss Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531938 Share on other sites More sharing options...
Jacques1 Posted March 12, 2016 Share Posted March 12, 2016 What exactly do you not understand? Start with the form: <input type="checkbox" name="sr_list[<?= html_escape($row['genid']) ?>][sr]"> <input type="checkbox" name="sr_list[<?= html_escape($row['genid']) ?>][pr]"> <input type="text" class="form-control input-sm" name = "sr_list[<?= html_escape($row['genid']) ?>][comment]" value="Receive"> This gives you an associative array under $_POST['sr_list'] where the keys are the genid numbers and the values are the corresponding form parameters: // assuming 42 and 50 are genid numbers [ '42' => [ 'sr' => 'on', // the exact value of the checkbox is irrelevant; if the parameter exists, the box has been checked, otherwise not 'pr' => 'on', 'comment' => 'Receive', ], '50' => [ 'sr' => 'on', // no "pr" parameter means: not checked 'comment' => 'Hallo' ] ] There's not much more I can do. I know nothing about the platform/framework you're using, and the cryptic names aren't helpful either. Link to comment https://forums.phpfreaks.com/topic/300978-update-array-and-escape-empty-field/#findComment-1531942 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.