checked = checked in php

Discussion in 'Web Design and Development' started by nomade, Aug 23, 2010.

  1. nomade macrumors member

    nomade

    Joined:
    Dec 2, 2006
    #1
    I have an administration form that check if a checkbox value exist in a array and if it's the case present the checkbox already checked. This work fine:
    PHP:
    //--------------------------- checkbox des couleurs
    $sql_couleur=mysql_query("SELECT * FROM couleur ORDER BY id_couleur ASC");
    $detail_couleur explode(","$ligne['couleur']);
    $i=1;
    while(
    $ligne_couleur=mysql_fetch_array($sql_couleur)){
    $value_couleur=$ligne_couleur['id_couleur'];
     if (
    in_array ($value_couleur$detail_couleur)) {
    echo 
    "<img valign=top src=../media/couleur/".$ligne_couleur['photo']."><input type=checkbox name=couleur[] value=\"".$ligne_couleur['id_couleur'].",\" checked=checked>"


    else{ echo 
    "<img valign=top src=../media/couleur/".$ligne_couleur['photo']."><input type=checkbox name=couleur[] value=\"".$ligne_couleur['id_couleur'].",\"><br>"; }
    if(
    $i == 10){ echo "<br>"; }
    $i++;
    }

    The problem is that when the user unckecked an item the the deposit script doesn't recognise it:

    PHP:
    if (isset($modifier)){
    $nbr=count($id);
    $i=0;
    $x=1;

    while(
    $x <= $nbr){
    foreach(
    $_POST['taille'] as $taille) {
    $liste_taille[$i] .= "$taille \n"; }
    foreach(
    $_POST['couleur'] as $couleur) {
    $liste_couleur[$i] .= "$couleur \n"; }
    $sql "UPDATE vetement SET titre=\"".$_POST['titre'][$i]."\",titre_en=\"".$_POST['titre_en'][$i]."\",couleur=\"".$liste_couleur[$i]."\",taille=\"".$liste_taille[$i]."\",prix=\"".$_POST['prix'][$i]."\", collection=\"".$_POST['collection'][$i]."\", ordre=\"".$_POST['ordre'][$i]."\",actif=\"".$_POST['actif'][$i]."\" WHERE id_vetement=\"".$id[$i]."\"";
    $resultat mysql_query($sql) or die("D?sol? la mise ? jour ne fonctionne pas");
    $i++;
    $x++;
    }
    }
    It seem that the update increment the field instead of replacing it.
    :confused:
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    It's hard to follow the code when it isn't formatted properly with indentation and scrolls that far right. The code is also very susceptible to SQL-injection. You should never put a variable from $_POST / $_GET (or anything user-supplied) directly into a SQL statement, it's just asking for trouble. Look into PHP's PDO class for creating prepared statements for better security as well as input sanitizing/validation.

    I recommend capturing the SQL statement and seeing if it is formatted the way you think and try running it against the DB directly to see if it has the correct results.
     

Share This Page