psypha Posted February 18, 2008 Share Posted February 18, 2008 Greetings, I've been working on a site that contains a moderately complex form. The form is two parts; using some PHP the second half of the form is displayed into the browser after the user has clicked the next button and has successfully passed some validation procedures. On the second part of the form there is a collection of checkboxes that I am trying to submit to a single field within a database table. The 12 checkboxes have different values reflecting months of the year. See below <table width="98%" border="0" cellspacing="0" cellpadding="0"> <tr> <td>Any mortgage/rent arrears in last 12 months </td> <td>Jan</td> <td><input name="arrears[]" id="jan" type="checkbox" class="chkbox" value="jan" /></td><!-- name is an array called arrears --> <td>Feb</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="feb" id="feb" /></td> <td>Mar</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="mar" id="mar" /></td> <td>Apr</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="apr" id="apr" /></td> </tr> <tr> <td></td> <td>May</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="may" id="may" /></td> <td>Jun</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="jun" id="jun" /></td> <td>Jul</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="jul" id="jul" /></td> <td>Aug</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="aug" id="aug" /></td> </tr> <tr> <td></td> <td>Sep</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="sep" id="sep" /></td> <td>Oct</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="oct" id="oct" /></td> <td>Nov</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="nov" id="nov" /></td> <td>Dec</td> <td><input name="arrears[]" type="checkbox" class="chkbox" value="dec" id="dec" /></td> </tr> </table> <!--(truncated version)--> I have an includes file (call it file A) that POSTs field data and performs a series of functions. The inlcudes file also uses a require_once(call it File B) function to another file containing code to create a session and some functions to remove HTML field submissions. ---------------------some code from file A (shortened version) -------------------------- <?php $err = 0; $errmsg = ' '; if($_POST['form'] == 1) { $clean_details = makesafe_multi($_POST); extract($clean_details); if($err == 0) { $loan_sql = "INSERT INTO mortgages_loan_details(`appid`, `price`, `loan`, `term`, `current`, `lender`, `capital`, `status`, `loan_type`, `construction`, `mtg_type`, `property`, `local`, `rate_type`) VALUES ('$appid', '$purchPrice', '$loanAmount', '$termLength', '$cMortBal', '$lender', '$capRaiseAmt', '$status', '$loanType', '$construction', '$mortType', '$propType', '$local', '$rateType')"; $insert_loan = mysql_query($loan_sql); } } } elseif($_POST['form'] == 2) { $clean_details = makesafe_multi($_POST); extract($clean_details); $additional_sql = "INSERT INTO mortgages_additional_info (`appid`, `arrears`, `dss`, `dss_clear`, `ccj`, `bankruptcy`, `repossession`) VALUES ('$appid', '$arrears', '$dss', '$dssClear', '$ccj', '$iva', '$repo')"; $insert_additional = mysql_query($additional_sql); } ------------- some functions from file B ----------------(shortened version) mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('unable to connect to database'); mysql_select_db(DB_NAME) or die('unable to select database'); function makesafe_one($input) { if(get_magic_quotes_gpc()) { if(ini_get('magic_quotes_sybase')) { $string = str_replace("''", "'", $input); } else { $string = stripslashes($input); } } else { $string = $input; } $string = mysql_real_escape_string($string); return $string; } function makesafe_multi($input) { $clean = array(); if(get_magic_quotes_gpc()) { if(ini_get('magic_quotes_sybase')) { foreach($input as $key => $val) { $newval = str_replace("''", "'", $val); $clean[$key] = $newval; } } else { foreach($input as $key => $val) { $newval = stripslashes($val); $clean[$key] = $newval; } } } else { $clean = $input; // **************THIS IS WHERE THE ERROR OCCURS************ }// IMPORTANT !!! foreach($clean as $key => $val) { $cleanval = mysql_real_escape_string($val); $clean[$key] = $cleanval; //***************************************************** } return $clean; } function contains_stop_word($input) { $return_value = false; $words = explode(' ', $input); foreach($words as $word) { if(in_array($word, $stop_words)) { $return_value = true; break; } } return $return_value; } ?> By giving the name of the checkboxes in the HTML e.g. name="arrears[]" I am attempting to insert the array into the table field. There are two options I think... I need a condition which can process the checkbox array, perhaps imploding the array into a 'comma' delimited string, assign it to a variable and then post it to the database field. The data is needed for a straight in and out role and no kind of additional queries will ever be required. In essence then - detect checkbox array >>> convert array into string >>> assign string to variable >>> variable string posted to table field >>> database field can then be referenced and concatenated content displayed in admin output form. I apologise for this being a large submission; I was merely attempting to include as much relevant information as possible. If anyone can help with this, it would really aleviate my continued frustration. Many thanks (edited by kenrbnsn to add tags) Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted February 18, 2008 Share Posted February 18, 2008 Despite all the description, im not entirely what the problem is. As far as a i can see, you know what you are going to do. You say 'detect checkbox array' - there's not really anything you need to do there, apart from check if it has been set; which will have been if any elements have been clicked. You can then use the implode() function (as you said): $str = ''; if(isset($_POST['arrears'])){ $str = implode(',',$_POST['arrears']); } //store $str in the database You should only be storing this comma delimited list in your database if you are absolutely 100% certain than you will only ever need the data as a whole, in the same format it is stored in. If there is even the smallest possibility that you might require to know who missed their payments in january, then you will save yourself a lot of headaches by using another database table. Quote Link to comment Share on other sites More sharing options...
psypha Posted February 18, 2008 Author Share Posted February 18, 2008 Thankyou for your reply GingerRobot, The //important!!! comment is the section of code which causes a problem with the posted checkbox array. As the posted form is an array of field submissions, inside this there is now of course another array : arrears[] So at present when the arrears[] is processed by:- foreach($clean as $key => $val) { $cleanval = mysql_real_escape_string($val); $clean[$key] = $cleanval; } It returns the error that the routine was expecting a string; of course I am looking to conditionally bypass this foreach and process the arrears[] data via another section of code. --partial pseudo code-- If (formdata contains an array){ extract the array values, insert commas between each value in the array and assign string to new variable } else { foreach($clean as $key => $val) { $cleanval = mysql_real_escape_string($val); $clean[$key] = $cleanval; } } So on the premise of your supplied solution would the following be compatible? if(isset($_POST['arrears'])){ $str = implode(',',$_POST['arrears']); } else { foreach($clean as $key => $val) { $cleanval = mysql_real_escape_string($val); $clean[$key] = $cleanval; } } Many thanks Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted February 18, 2008 Share Posted February 18, 2008 The implode() function returns a string. You only need do your escaping on that: <?php $str = ''; if(isset($_POST['arrears'])){ $str = implode(',',$_POST['arrears']); } $str = mysql_real_escape_string($str); ?> In future, use tags around your code please. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.