3

MySQL

`field1` tinyint(1) NOT NULL default '1',
`field2` tinyint(1) NOT NULL default '1',
`field3` tinyint(1) NOT NULL default '1',
`field4` tinyint(1) NOT NULL default '1',
`field5` tinyint(1) NOT NULL default '1',

HTML

<form method="post">
<input type="hidden" name="blah" value="blah">

<input type="checkbox" name="field1" value="1">
<input type="checkbox" name="field2" value="1">
<input type="checkbox" name="field3" value="1">
<input type="checkbox" name="field4" value="1">
<input type="checkbox" name="field5" value="1">

<button type="submit">Submit</button>

</form>

PHP

mysql_query("UPDATE `table` SET `field1` = '$_POST[field1]', .......");

So, what I want to do is:

a) If the checkbox is checked, I want to update the appropriate field with 1

b) If the checkbox is unchecked, I want to update the field with 0

And now, please tell me I don't have to do it like this and that there is a nicer way of doing it:

$field1 = isset($_POST['field1']) ? 1 : 0;
$field2 = isset($_POST['field2']) ? 1 : 0;
$field3 = isset($_POST['field3']) ? 1 : 0;
$field4 = isset($_POST['field4']) ? 1 : 0;
$field5 = isset($_POST['field5']) ? 1 : 0;

mysql_query("UPDATE `table` SET `field1` = '$field1', `field2` = '$field2' ....");
Improve this question
1
  • 2
    Your way is the recommended one, because it avoids SQL-injection by not putting $_POST (or $_GET or any other user input value for that matter) directly into SQL query. Commented Jun 5, 2011 at 15:38

7 Answers 7

Reset to default
3

You can use field[]

<input type="checkbox" name="field[0]" value="1">
<input type="checkbox" name="field[1]" value="1">

So you can do a simple loop:

for($i=0;$i<5;$i++)
   $field[$i] = isset($_POST['field'][$i]) ? 1 : 0;

And then build your SQL

If you want to skip the isset Part you could use a radio type, so You have always or the 1 value or 0 value setted.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Maybe it's fit for the intended use case here, but in general I find this solution faulty. This only provides the total number of checked inputs, but doesn't tell which ones those were. In order to have expected results, you should also add indices to the input names, like name="field[1]". In the current example if I select 1st and 3rd checkboxes, in PHP you would only see Array([0] => 1, [1] => 1) because field[] notation means append to the array, and unchecked inputs are not appended just like they are not sent for non-array case.
2

You have an SQL-injection hole:

enter image description herecoding horror

mysql_query("UPDATE `table` SET `field1` = '$_POST[field1]', .......");

Change it into:

$field1 = mysql_real_escape_string('$_POST[field1]');
....
mysql_query("UPDATE `table` SET `field1` = '$field1', .......");
/*                                         ^       ^ these quotes are vital */

Don't forget to put single quotes around the $vars in your query.

Improve this answer

Comments

1

You can have a hidden input before each of the checkboxes, like

<input type="hidden" name="field1" value="0">
<input type="checkbox" name="field1" value="1">
<input type="hidden" name="field2" value="0">
<input type="checkbox" name="field2" value="1">

This way, when checkbox is not selected, the previous value (provided by the hidden input) will be sent, so you would receive 0 for unchecked checkboxes.

However, you still have to filter/validate/sanitize your input data in PHP before you insert it into SQL query (as a least harmful example, imagine I changed a checkbox using Firebug to value="2" and then submitted the form)

Improve this answer

1 Comment

Dear downvoter(s), I'm open to the criticism, so please share your thoughts if/when you decide to downvote. Because now I learn nothing from this, only that someone was in a bad mood ;)
0

Unfortunately there is no other way.

You have to check the value and assign the 1 or 0 to the var which is used in the query to pass the response of checkbox.

This is so because if the checkbox is unselected PHP $_POST var does not contain that checkbox as variable

Improve this answer

Comments

0

If a checkbox is not checked, it isn't sent with the form, so you don't have it in $_POST array.

You could use a hidden input and a little javascript, but it's less code if you do the PHP part.

Improve this answer

Comments

0

I think what you want is to avoid having to write so many lines of code for checking the values of the checkboxes.
Maybe you can try this (I haven't tried it, though): 

$field = 'field';

for(int i=1; i<=5, ++i){
    $($field.1) = isset($_POST['field'.i]) ? 1 : 0;

}
Improve this answer

Comments

0

I think that's why the SET type exist.

<input type="checkbox" name="field[0]" value="3">
<input type="checkbox" name="field[1]" value="1">
<input type="checkbox" name="field[2]" value="2">

And then just implode:

$insert = implode(",",$_POST['field']); // 1,2,3
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.