Checkbox and Database Help
please i want to help them beginners
I have a form with checkboxes. Each of them matters when the checkboxes are marked with a value it added to the amount ... I want to keep the checkboxes that are checked in the database.
<script type="text/javascript">
function checkTotal() {
document.listForm.total.value = '';
var sum = 0;
for (i=0;i<document.listForm.choice.length;i++) {
if (document.listForm.choice[i].checked) {
sum = sum + parseFloat(document.listForm.choice[i].value);
}
}
document.listForm.total.value = sum;
}
</script>
<form name="listForm" method="post" action="insert_options.php" >
<TABLE cellPadding=3 width=600 border=0>
<TBODY>
<TR>
<TH align=left width="87%" bgColor=#b0b3b4><SPAN
class=whiteText>Item</SPAN></TH>
<TH align=right width="13%" bgColor=#b0b3b4><SPAN
class=whiteText>Select</SPAN></TH></TR>
<TR>
<TD bgcolor="#9da8af"colSpan=2><SPAN class=normalText><B>General</B></SPAN></TD></TR>
<TR>
<TD bgcolor="#c4c8ca"><SPAN class=normalText >TEAK SIDE DECKS (2889)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="2889" type="checkbox" onchange="checkTotal()" /></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>LEAD DEEP KEEL (1825)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="1825" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>FULLY BATTENED MAINSAIL (558)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="558" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>HIGH TECH SAILS FOR CONVENTIONAL RIG (1979)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="1979" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>IN MAST REEFING WITH HIGH TECH SAILS (2539)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="2539" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>SPlNNAKER GEAR (POLE LINES DECK FITTINGS) (820)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="820" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>SPINNAKER POLE VERTICAL STOWAGE SYSTEM (214)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="214" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>GAS ROD KICKER (208)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="208" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>SIDE RAIL OPENINGS (BOTH SIDES) (392)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="392" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>SPRING CLEATS MIDSHIPS -ALUMIMIUM (148)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="148" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>ELECTRIC ANCHOR WINDLASS (1189)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="1189" type="checkbox" onchange="checkTotal()"> </TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>ANCHOR CHAIN GALVANISED (50m) (202)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="202" type="checkbox" onchange="checkTotal()"> </TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>ANCHOR CHAIN GALVANISED (50m) (1141)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="1141" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgcolor="#9da8af"colSpan=2><SPAN class=normalText><B>NAVIGATION & ELECTRONICS</B></SPAN></TD></TR>
<TR>
<TD bgcolor="#c4c8ca"><SPAN class=normalText >WIND VANE (STAINLESS STEEL)(41)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="41" type="checkbox" onchange="checkTotal()" /></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>RAYMARINE ST6O LOG & DEPTH (SEPARATE UNITS)(226)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="226" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgcolor="#9da8af"colSpan=2><SPAN class=normalText><B>ENGINES & ELECTRICS</B></SPAN></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>SHORE SUPPLY (220V) WITH 3 OUTLETS (EXCLUDJNG SHORE CABLE) (327)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="327" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>3rd BATTERY(14OA/H)(196)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="196" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>24 AMP BATTERY CHARGER (475)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="475" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>2 BLADED FOLDING PROPELLER (UPGRADE)(299)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="299" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgcolor="#9da8af"colSpan=2><SPAN class=normalText><B>BELOW DECKS/DOMESTIC</B></SPAN></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>WARM WATER (FROM ENGINE & 220V)(749)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="749" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>SHOWER IN AFT HEADS WITH PUMPOUT(446)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="446" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>DECK SUCTION DISPOSAL FOR HOLDINGTANK(166)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="166" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>REFRIGERATED COOLBOX (12V)(666)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="666" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>LFS SAFETY PACKAGE (COCKPIT HARNESS POINTS STAINLESS STEEL JACKSTAYS)(208)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="208" type="checkbox" onchange="checkTotal()"></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>UPHOLSTERY UPGRADE IN SALOON (SUEDETYPE)(701)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="701" type="checkbox" onchange="checkTotal()"></TD></TR>
<TR>
<TD bgcolor="#9da8af"colSpan=2><SPAN class=normalText><B>NAVIGATION ELECTRONICS & ELECTRICS</B></SPAN></TD></TR>
<TD bgColor=#c4c8ca><SPAN class=normalText>VHF RADIO AERIAL CABLED TO NAVIGATION AREA(178)</SPAN></TD>
<TD align=right bgColor=#c4c8ca><input name="choice" value="178" type="checkbox" onchange="checkTotal()"></TD></TR>
</table>
and the php code is
<?php
$opt=serialize($_POST['choice']); //takes the data from a post operation...
$query="INSERT INTO options VALUES('$opt')";
?>
First, all of your fields <input type="checkbox">
have the same attribute name
. This results in multiple values ββwith the same name being sent (if multiple checkboxes are checked), of which PHP only uses the last one for its collection $_POST
.
To solve this problem, give them the name " choice[]
" instead of " choice
". This signals PHP that multiple values ββexist and they will be available as an array. In other words, you can do the following:
$choices = $_POST['choice'];
foreach ( $choices as $key => $value )
echo "$key => $value";
And this will output something like
0 => 32
1 => 12
2 => 48
In other words - you get an array with the values ββof the checked boxes. Then you can do whatever you like with them. For example, implode()
to get a comma separated list.
One thing you should warn about. It's called "SQL Injection" and is a common mistake made by inexperienced programmers. The idea is that an attacker can easily send other values ββin there, not just the ones you specified in your HTML. It doesn't take a lot of skill to create an HTTP request. There can be NOTHING to the user , so you should ALWAYS check ALL INPUT you receive from the user. Don't trust valid JavaScript actions you are doing. As long as he is on the user's side, he cannot be trusted. Someday.
And if you're wondering how bad that could be, consider what happens if suddenly one of the values ββin your array is no longer there 43
, but instead is " ". '); DROP DATABASE; --
Since you are blindly doing a query like
INSERT INTO options VALUES('$opt');
Then it turns into
INSERT INTO options VALUES(''); DROP DATABASE; --);
And goodbye to your database. Thus, ALWAYS make sure that user input is what you expect from it and that there is no way for something like this. Yes, and yes - addslashes()
not a good method, because there is still a way. Parameterized queries are the best way, but if you can't use this then at least use mysql_real_escape_string()
for MySQL or whatever your DBMS offers.
source to share