6 Replies - 820 Views - Last Post: 11 July 2010 - 08:55 PM Rate Topic: -----

#1 RGarcia  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 15
  • Joined: 01-April 09

Showing values from checkboxes selected in a table

Posted 10 July 2010 - 11:44 AM

Hello everyone:

I am working with my last unit assignment, I have already found the way to include the checkboxes into each row of my table. I found the way to display the records selected in the table to be modified. However it works only if they are selected from the beginning including the first record in order without leaving any records in between.
For example if I chose from the second one and above I received this error:

Notice: Undefined offset: 0 in C:\wamp\www\ShowSelected.php on line 48

Does anyone know why? What would be the best way to do this?

I don't want to give up myself with this one so here is what I have until now:

This is the php that presents the data with the checkboxes:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<title>Modifications</title>
</head>
<body>

<?php
include("admin.php");
?>
<h2 align="center">Making Selection</h2>

<?php
//Varible declared to establish a connection
$connection = mysql_connect("localhost", "user1", "ryciorycio"); 
//Veryfing if connection is established
if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  exit;
	
  }
else

//Connecting to database and table
mysql_select_db("garcia", $connection);

//Declaring a variable to hold the requested values
$result = mysql_query("SELECT *
FROM `contacts`
ORDER BY LastName ASC
LIMIT 0 , 30");
$i = 0;
echo "<form action='ShowSelected.php' method='post' enctype='application/x-www-form-urlencoded'>";

//Presenting the values in a table 
echo "<table align='center' border='1' width='40%'>";
echo "<tr><th>Modify</th><th>Name</th><th>Phone Number</th></tr>";

while($row = mysql_fetch_array($result))
  {
	$FixNumber = implode('-',str_split(substr($row['PhoneNumber'] , 0,-4),3)).'-'.substr($row['PhoneNumber'],-4);
	echo "<tr><td><input type='checkbox' name='selected[$i]' value='{$row['PhoneNumber']}'/><br /></td><td>{$row['LastName']}, {$row['FirstName']}</td><td>({$row['AreaCode']}) $FixNumber</td></tr>";
++$i;
  }
  
echo "</table><br />";

//Closing connection
echo "<p><input type='submit' value='Modify' tabindex='3'/>
</form></p>";
mysql_close($connection);

?>




<hr/>
<p>To modify any contact select it from the list and click <strong>"Modify"</strong> button.</p><hr width="35%"/>
</body>
</html>



and this is the php to show the selected values:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<title>Untitled Document</title>
</head>

<body>
<?php
include("admin.php");
?>
<h2 align="center">Making Changes</h2>

<?php
//Varible declared to establish a connection
$connection = mysql_connect("localhost", "user1", "ryciorycio"); 
//Veryfing if connection is established
if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  exit;
	
  }
else

//Connecting to database and table
mysql_select_db("garcia", $connection);

//Declaring a variable to hold the requested values


if (isset($_POST['selected']))
	{
	$size = count($_POST['selected']);
	$i = 0;


echo "<table align='center' border='1' width='40%'>";
	// Defining columns
	echo "<tr><th>First Name</th><th>Last Name</th><th>Street</th><th>City</th><th>State</th><th>Zip Code</th><th>Area Code</th><th>Phone Number</th></tr>";
while ($i < $size) 
{
// Variable to hold the Phone Number value of each selected record.
$Modify = $_POST['selected'][$i];
++$i;


// Declaring a variable to hold the requested values
$result = mysql_query("SELECT *
FROM `contacts` 
WHERE PhoneNumber = '$Modify'
ORDER BY LastName ASC
LIMIT 0 , 30");


	
		// While database keeps returning values
		while($row = mysql_fetch_array($result))
		{
		// Each row will present all the fields in the table. 
		echo "<tr><td><input type='text' name='first_name[]' size='12' value='{$row['FirstName']}'/></td><td><input type='text' name='last_name[]' size='12' value='{$row['LastName']}'/></td><td><input type='text' name='street[]' size='34' value='{$row['Street']}'/></td><td><input type='text' name='city[]' size='15' value='{$row['City']}'/></td><td><input type='text' name='state[]' size='15' value='{$row['State']}'/></td><td><input type='text' name='zip_code[]' size='8' value='{$row['ZipCode']}'/></td><td><input type='text' name='area_code[]' size='4' value='{$row['AreaCode']}'/></td><td><input type='text' name='phone_number[]' size='15' value='{$row['PhoneNumber']}'/></td></tr>";

	 	}
	}
}
else
	{
		echo"<hr /><div>There were no contact chosen, please choose at least one and try again!</div>";
	}
echo "</table><br />";
	
mysql_close($connection);
?>
</body>
</html>



I am getting bald with this because this is almost the eigth time I start this php using multiple ways. So any recommendation will be appreciated, thanks.

This post has been edited by RGarcia: 10 July 2010 - 11:48 AM


Is This A Good Question/Topic? 0
  • +

Replies To: Showing values from checkboxes selected in a table

#2 RGarcia  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 15
  • Joined: 01-April 09

Re: Showing values from checkboxes selected in a table

Posted 10 July 2010 - 01:32 PM

View PostRGarcia, on 10 July 2010 - 10:44 AM, said:

Hello everyone:

I am working with my last unit assignment, I have already found the way to include the checkboxes into each row of my table. I found the way to display the records selected in the table to be modified. However it works only if they are selected from the beginning including the first record in order without leaving any records in between.
For example if I chose from the second one and above I received this error:

Notice: Undefined offset: 0 in C:\wamp\www\ShowSelected.php on line 48

Does anyone know why? What would be the best way to do this?

I don't want to give up myself with this one so here is what I have until now:

This is the php that presents the data with the checkboxes:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<title>Modifications</title>
</head>
<body>

<?php
include("admin.php");
?>
<h2 align="center">Making Selection</h2>

<?php
//Varible declared to establish a connection
$connection = mysql_connect("localhost", "user1", "ryciorycio"); 
//Veryfing if connection is established
if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  exit;
	
  }
else

//Connecting to database and table
mysql_select_db("garcia", $connection);

//Declaring a variable to hold the requested values
$result = mysql_query("SELECT *
FROM `contacts`
ORDER BY LastName ASC
LIMIT 0 , 30");
$i = 0;
echo "<form action='ShowSelected.php' method='post' enctype='application/x-www-form-urlencoded'>";

//Presenting the values in a table 
echo "<table align='center' border='1' width='40%'>";
echo "<tr><th>Modify</th><th>Name</th><th>Phone Number</th></tr>";

while($row = mysql_fetch_array($result))
  {
	$FixNumber = implode('-',str_split(substr($row['PhoneNumber'] , 0,-4),3)).'-'.substr($row['PhoneNumber'],-4);
	echo "<tr><td><input type='checkbox' name='selected[$i]' value='{$row['PhoneNumber']}'/><br /></td><td>{$row['LastName']}, {$row['FirstName']}</td><td>({$row['AreaCode']}) $FixNumber</td></tr>";
++$i;
  }
  
echo "</table><br />";

//Closing connection
echo "<p><input type='submit' value='Modify' tabindex='3'/>
</form></p>";
mysql_close($connection);

?>




<hr/>
<p>To modify any contact select it from the list and click <strong>"Modify"</strong> button.</p><hr width="35%"/>
</body>
</html>



and this is the php to show the selected values:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<title>Untitled Document</title>
</head>

<body>
<?php
include("admin.php");
?>
<h2 align="center">Making Changes</h2>

<?php
//Varible declared to establish a connection
$connection = mysql_connect("localhost", "user1", "ryciorycio"); 
//Veryfing if connection is established
if (!$connection)
  {
  die('Could not connect: ' . mysql_error());
  exit;
	
  }
else

//Connecting to database and table
mysql_select_db("garcia", $connection);

//Declaring a variable to hold the requested values


if (isset($_POST['selected']))
	{
	$size = count($_POST['selected']);
	$i = 0;


echo "<table align='center' border='1' width='40%'>";
	// Defining columns
	echo "<tr><th>First Name</th><th>Last Name</th><th>Street</th><th>City</th><th>State</th><th>Zip Code</th><th>Area Code</th><th>Phone Number</th></tr>";
while ($i < $size) 
{
// Variable to hold the Phone Number value of each selected record.
$Modify = $_POST['selected'][$i];
++$i;


// Declaring a variable to hold the requested values
$result = mysql_query("SELECT *
FROM `contacts` 
WHERE PhoneNumber = '$Modify'
ORDER BY LastName ASC
LIMIT 0 , 30");


	
		// While database keeps returning values
		while($row = mysql_fetch_array($result))
		{
		// Each row will present all the fields in the table. 
		echo "<tr><td><input type='text' name='first_name[]' size='12' value='{$row['FirstName']}'/></td><td><input type='text' name='last_name[]' size='12' value='{$row['LastName']}'/></td><td><input type='text' name='street[]' size='34' value='{$row['Street']}'/></td><td><input type='text' name='city[]' size='15' value='{$row['City']}'/></td><td><input type='text' name='state[]' size='15' value='{$row['State']}'/></td><td><input type='text' name='zip_code[]' size='8' value='{$row['ZipCode']}'/></td><td><input type='text' name='area_code[]' size='4' value='{$row['AreaCode']}'/></td><td><input type='text' name='phone_number[]' size='15' value='{$row['PhoneNumber']}'/></td></tr>";

	 	}
	}
}
else
	{
		echo"<hr /><div>There were no contact chosen, please choose at least one and try again!</div>";
	}
echo "</table><br />";
	
mysql_close($connection);
?>
</body>
</html>



I am getting bald with this because this is almost the eigth time I start this php using multiple ways. So any recommendation will be appreciated, thanks.


I fixed it, it was the name for the checkbox in the first php form. Before was like this:

><input type='checkbox' name='selected[$i]' value='{$row['PhoneNumber']}'/><


and after:

><input type='checkbox' name='selected[]' value='{$row['PhoneNumber']}'/><


However thanks.
Was This Post Helpful? 1
  • +
  • -

#3 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Showing values from checkboxes selected in a table

Posted 10 July 2010 - 03:35 PM

Ah, feel free to disregard my response to your other thread, then, since you've managed to solve it.
Was This Post Helpful? 0
  • +
  • -

#4 RGarcia  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 15
  • Joined: 01-April 09

Re: Showing values from checkboxes selected in a table

Posted 11 July 2010 - 08:14 AM

View PostValek, on 10 July 2010 - 02:35 PM, said:

Ah, feel free to disregard my response to your other thread, then, since you've managed to solve it.


Don't worry Valek all your responses were useful. This complexity is what makes me love programming.

At the end I did create a new column (Id) to be able to change the phone if the user wants it. Before I just Input all the existing field to the contacts table using the phone numbers as the primary key. But if the user needs to update the phone number then it was not possible because that field was the one who identify each field to be updated. Then I go the AddContact.php that before was like this:

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Add Contact Confirmation</title>
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />

</head>
<body>
<?php
include("admin.php");
?>
<h2 align="center">Add a Contact</h2>
<p><form action="AddContact.php" method="get" enctype="application/x-www-form-urlencoded">

<p><strong>First Name</strong>: <input type="text" name="first_name" size="34" tabindex="1" /></p>
<p><strong>Last Name</strong>: <input type="text" name="last_name" size="34" tabindex="2" /></p>
<p><strong>Street Address</strong>: <input type="text" name="street" size="30" tabindex="3" /></p>
<p><strong>City</strong>: <input type="text" name="city" size="28" tabindex="4" /></p>
<p><strong>State</strong>: 
<select name="state" tabindex="5">
<option>Select State</option>
<option>Alabama</option> 
<option>Alaska</option> 
<option>American Samoa</option>
<option>Arizona</option> 
<option>Arkansas</option> 
<option>California</option> 
<option>Colorado</option> 
<option>Connecticut</option> 
<option>Delaware</option> 
<option>District of Columbia</option>
<option>Federated States of Micronesia</option>
<option>Florida</option> 
<option>Georgia</option> 
<option>Guam</option>
<option>Hawaii</option> 
<option>Idaho</option>
<option>Illinois</option> 
<option>Indiana</option> 
<option>Iowa</option> 
<option>Kansas</option> 
<option>Kentucky</option> 
<option>Louisiana</option> 
<option>Maine</option> 
<option>Maryland</option> 
<option>Massachusetts</option> 
<option>Michigan</option> 
<option>Minnesota</option> 
<option>Mississippi</option> 
<option>Missouri</option>
<option>Montana</option> 
<option>Nebraska</option> 
<option>Nevada</option> 
<option>New Hampshire</option> 
<option>New Jersey</option> 
<option>New Mexico</option> 
<option>New York</option> 
<option>North Carolina</option> 
<option>North Dakota</option> 
<option>North Marianas</option>
<option>Ohio</option> 
<option>Oklahoma</option> 
<option>Oregon</option> 
<option>Pennsylvania</option>
<option>Puerto Rico</option>
<option>Rhode Island</option> 
<option>South Carolina</option> 
<option>South Dakota</option> 
<option>Tennessee</option> 
<option>Texas</option> 
<option>Utah</option>
<option>Vermont</option> 
<option>Virginia </option>
<option>Virgin Islands</option>
<option>Washington</option> 
<option>West Virginia</option> 
<option>Wisconsin </option>
<option>Wyoming</option>
</select>

<p><strong>Zip Code</strong>: <input type="text" name="zip_code" size="28" tabindex="6"/></p>
<p><strong>Area Code</strong>: <input type="text" name="area_code" size="28" tabindex="7" /></p>
<p><strong>Telephone Number</strong>: <input type="text" name="contact_number" size="28" tabindex="8" /></p>

<p><input type="submit" value="Add Contact" tabindex="9" /><input type="reset" tabindex="10" /></p>
</form><hr/></p>


<?php

if (!isset($_GET['first_name']) ||
	!isset($_GET['last_name']) ||
	!isset($_GET['street']) ||
	!isset($_GET['city']) ||
	!isset($_GET['zip_code']) ||
	!isset($_GET['area_code']) ||
	!isset($_GET['contact_number']))
	echo "<p>Please use the provided spaces to add a new contact.</p>";
else
{	
	//Verifying that values are not empty
	if(empty($_GET['first_name']) ||
		empty($_GET['last_name']) ||
		empty($_GET['street']) ||
		empty($_GET['city']) ||
		empty($_GET['zip_code']) ||
		empty($_GET['area_code']) ||
		empty($_GET['contact_number']))

		//If values are empty then the message bellow will be shown
		echo "<div>You must enter a value in each field!</div>";

	//If values are not empty then everything bellow happens
	else
	{

		//Declaring variables to hold values from the input spaces
		$First = $_GET["first_name"];
		$Last = $_GET["last_name"];
		$Street = $_GET["street"];
		$City = $_GET["city"];
		$State = $_GET["state"];
		$Zip = $_GET["zip_code"];
		$Area = $_GET["area_code"];
		$Number = $_GET["contact_number"];	
		//Declaring the variable that will hold the database values
		$con = mysql_connect("localhost","user1","ryciorycio");

		//If the connection is not successful show the message bellow.
			if (!$con)
  		
  				die('Could not connect: ' . mysql_error());
  	
			//If the connection is successful then select the database mentioned and use the values on the $con
			mysql_select_db("garcia", $con);
				//Telling which column will be used to input information and which values will be input in each column.
			mysql_query("INSERT INTO contacts (FirstName, LastName, Street, City, State, ZipCode, AreaCode, PhoneNumber)
VALUES ('$First', '$Last', '$Street', '$City', '$State', '$Zip', '$Area', '$Number')");
		
			//Closing connection
			mysql_close($con);
			//Output that will be shown if the contact is successfully saved
			echo "<h2><p>Contact Saved</p></h2>";
			echo "<p>$First $Last</p>";
			echo "<p>$Street</p>";
			echo "<p>$City</p>";
			echo "<p>$State, $Zip</p>";
			echo "<p><strong>Tel. </strong>($Area) $Number</p>";
	
	
	}
}
?>

<hr width="25%"/>
</body>
</html>




Observe the new variable and how it is assigned. Now it looks like this:

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Add Contact Confirmation</title>
<link rel="stylesheet" href="php_styles.css" type="text/css" />
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />

</head>
<body>
<?php
include("admin.php");
?>
<h2 align="center">Add a Contact</h2>
<p><form action="AddContact.php" method="get" enctype="application/x-www-form-urlencoded">

<p><strong>First Name</strong>: <input type="text" name="first_name" size="34" tabindex="1" /></p>
<p><strong>Last Name</strong>: <input type="text" name="last_name" size="34" tabindex="2" /></p>
<p><strong>Street Address</strong>: <input type="text" name="street" size="30" tabindex="3" /></p>
<p><strong>City</strong>: <input type="text" name="city" size="28" tabindex="4" /></p>
<p><strong>State</strong>: 
<select name="state" tabindex="5">
<option>Select State</option>
<option>Alabama</option> 
<option>Alaska</option> 
<option>American Samoa</option>
<option>Arizona</option> 
<option>Arkansas</option> 
<option>California</option> 
<option>Colorado</option> 
<option>Connecticut</option> 
<option>Delaware</option> 
<option>District of Columbia</option>
<option>Federated States of Micronesia</option>
<option>Florida</option> 
<option>Georgia</option> 
<option>Guam</option>
<option>Hawaii</option> 
<option>Idaho</option>
<option>Illinois</option> 
<option>Indiana</option> 
<option>Iowa</option> 
<option>Kansas</option> 
<option>Kentucky</option> 
<option>Louisiana</option> 
<option>Maine</option> 
<option>Maryland</option> 
<option>Massachusetts</option> 
<option>Michigan</option> 
<option>Minnesota</option> 
<option>Mississippi</option> 
<option>Missouri</option>
<option>Montana</option> 
<option>Nebraska</option> 
<option>Nevada</option> 
<option>New Hampshire</option> 
<option>New Jersey</option> 
<option>New Mexico</option> 
<option>New York</option> 
<option>North Carolina</option> 
<option>North Dakota</option> 
<option>North Marianas</option>
<option>Ohio</option> 
<option>Oklahoma</option> 
<option>Oregon</option> 
<option>Pennsylvania</option>
<option>Puerto Rico</option>
<option>Rhode Island</option> 
<option>South Carolina</option> 
<option>South Dakota</option> 
<option>Tennessee</option> 
<option>Texas</option> 
<option>Utah</option>
<option>Vermont</option> 
<option>Virginia </option>
<option>Virgin Islands</option>
<option>Washington</option> 
<option>West Virginia</option> 
<option>Wisconsin </option>
<option>Wyoming</option>
</select>

<p><strong>Zip Code</strong>: <input type="text" name="zip_code" size="28" tabindex="6"/></p>
<p><strong>Area Code</strong>: <input type="text" name="area_code" size="28" tabindex="7" /></p>
<p><strong>Telephone Number</strong>: <input type="text" name="contact_number" size="28" tabindex="8" /></p>

<p><input type="submit" value="Add Contact" tabindex="9" /><input type="reset" tabindex="10" /></p>
</form><hr/></p>


<?php

if (!isset($_GET['first_name']) ||
	!isset($_GET['last_name']) ||
	!isset($_GET['street']) ||
	!isset($_GET['city']) ||
	!isset($_GET['zip_code']) ||
	!isset($_GET['area_code']) ||
	!isset($_GET['contact_number']))
	echo "<p>Please use the provided spaces to add a new contact.</p>";
else
{	
	//Verifying that values are not empty
	if(empty($_GET['first_name']) ||
		empty($_GET['last_name']) ||
		empty($_GET['street']) ||
		empty($_GET['city']) ||
		empty($_GET['zip_code']) ||
		empty($_GET['area_code']) ||
		empty($_GET['contact_number']))

		//If values are empty then the message bellow will be shown
		echo "<div>You must enter a value in each field!</div>";

	//If values are not empty then everything bellow happens
	else
	{

		//Declaring variables to hold values from the input spaces
		$First = $_GET["first_name"];
		$Last = $_GET["last_name"];
		$Street = $_GET["street"];
		$City = $_GET["city"];
		$State = $_GET["state"];
		$Zip = $_GET["zip_code"];
		$Area = $_GET["area_code"];
		$Number = $_GET["contact_number"];	
		//Declaring the variable that will hold the database values
		$con = mysql_connect("localhost","user1","ryciorycio");

		//If the connection is not successful show the message bellow.
			if (!$con)
  		
  				die('Could not connect: ' . mysql_error());
  	
			//If the connection is successful then select the database mentioned and use the values on the $con
			mysql_select_db("garcia", $con);
//Look here are the changes...	
//Declaring a variable to hold the query. assigned a new Id for the new contact
	$result = mysql_query("SELECT Id
FROM `contacts`");
	
	echo"<p>$result</p>";
	//While $result returns values;
	while($row = mysql_fetch_array($result))
	{
		$count = array($row['Id']);
		$LastId = array_reverse($count);
		$NewId = $LastId[0] + 1;
	}
			//Telling which column will be used to input information and which values will be input in each column. Valek if you note here is included the new column.
			mysql_query("INSERT INTO contacts (Id, FirstName, LastName, Street, City, State, ZipCode, AreaCode, PhoneNumber)
//And here is the new variable included.
VALUES ('$NewId', '$First', '$Last', '$Street', '$City', '$State', '$Zip', '$Area', '$Number')");
		
			//Closing connection
			mysql_close($con);
			//Output that will be shown if the contact is successfully saved
			echo "<h2><p>Contact Saved</p></h2>";
			echo "<p>$First $Last</p>";
			echo "<p>$Street</p>";
			echo "<p>$City</p>";
			echo "<p>$State, $Zip</p>";
			echo "<p><strong>Tel. </strong>($Area) $Number</p>";	
	}
}
?>
<hr width="25%"/>
</body>
</html>




Thanks for all your submited responses.
Was This Post Helpful? 0
  • +
  • -

#5 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Showing values from checkboxes selected in a table

Posted 11 July 2010 - 02:59 PM

I only see one issue with what you've got above. You're wide open for SQL Injection.

Instead of setting each variable directly from $_GET, make your database connection first and then set it as mysql_real_escape_string($_GET['FirstName']);, etc. The reason I say to do it after the database connection is because you will get an error if you call mysql_real_escape_string() without one.

As a side note, if you make the ID auto incrementing (and the table's primary key) it'll assign itself ;)

This post has been edited by Valek: 11 July 2010 - 03:15 PM

Was This Post Helpful? 1
  • +
  • -

#6 RGarcia  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 15
  • Joined: 01-April 09

Re: Showing values from checkboxes selected in a table

Posted 11 July 2010 - 07:52 PM

View PostValek, on 11 July 2010 - 01:59 PM, said:

I only see one issue with what you've got above. You're wide open for SQL Injection.

Instead of setting each variable directly from $_GET, make your database connection first and then set it as mysql_real_escape_string($_GET['FirstName']);, etc. The reason I say to do it after the database connection is because you will get an error if you call mysql_real_escape_string() without one.

As a side note, if you make the ID auto incrementing (and the table's primary key) it'll assign itself ;)


So the new code should look like this?
<!DOCTYPE html PUBLIC  

"-//W3C//DTD XHTML 1.0 Strict//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">  

<html xmlns="http://www.w3.org/1999/xhtml">  

<head>  

<title>Add Contact Confirmation</title>  

<link rel="stylesheet" href="php_styles.css" type="text/css" />  

<meta http-equiv="Content-Type" 

content="text/html; charset=iso-8859-1" />  

   

</head>  

<body>  

<?php  

include("admin.php");  

?>  

<h2 align="center">Add a Contact</h2>  

<p><form action="AddContact.php" method="get" enctype="application/x-www-form-urlencoded">  

   

<p><strong>First Name</strong>: <input type="text" name="first_name" size="34" tabindex="1" /></p>  

<p><strong>Last Name</strong>: <input type="text" name="last_name" size="34" tabindex="2" /></p>  

<p><strong>Street Address</strong>: <input type="text" name="street" size="30" tabindex="3" /></p>  

<p><strong>City</strong>: <input type="text" name="city" size="28" tabindex="4" /></p>  

<p><strong>State</strong>:   

<select name="state" tabindex="5">  

<option>Select State</option>  

<option>Alabama</option>   

<option>Alaska</option>   

<option>American Samoa</option>  

<option>Arizona</option>   

<option>Arkansas</option>   

<option>California</option>   

<option>Colorado</option>   

<option>Connecticut</option>   

<option>Delaware</option>   

<option>District of Columbia</option>  

<option>Federated States of Micronesia</option>  

<option>Florida</option>   

<option>Georgia</option>   

<option>Guam</option>  

<option>Hawaii</option>   

<option>Idaho</option>  

<option>Illinois</option>   

<option>Indiana</option>   

<option>Iowa</option>   

<option>Kansas</option>   

<option>Kentucky</option>   

<option>Louisiana</option>   

<option>Maine</option>   

<option>Maryland</option>   

<option>Massachusetts</option>   

<option>Michigan</option>   

<option>Minnesota</option>   
<option>Mississippi</option>   

<option>Missouri</option>  

<option>Montana</option>   

<option>Nebraska</option>   

<option>Nevada</option>   

<option>New Hampshire</option>   

<option>New Jersey</option>   

<option>New Mexico</option>   

<option>New York</option>   

<option>North Carolina</option>   

<option>North Dakota</option>   

<option>North Marianas</option>  

<option>Ohio</option>   
<option>Oklahoma</option>   

<option>Oregon</option>   

<option>Pennsylvania</option>  

<option>Puerto Rico</option>  

<option>Rhode Island</option>   
<ption>South Carolina</option>   

<option>South Dakota</option>   

<option>Tennessee</option>   

<option>Texas</option>   

<option>Utah</option>  

<option>Vermont</option>   

<option>Virginia </option>  

<option>Virgin Islands</option>  

<option>Washington</option>   

<option>West Virginia</option>   

<option>Wisconsin </option>  

<option>Wyoming</option>  

</select>  

   

<p><strong>Zip Code</strong>: <input type="text" name="zip_code" size="28" tabindex="6"/></p>  

<p><strong>Area Code</strong>: <input type="text" name="area_code" size="28" tabindex="7" /></p>  

<p><strong>Telephone Number</strong>: <input type="text" name="contact_number" size="28" tabindex="8" /></p>  

   

<p><input type="submit" value="Add Contact" tabindex="9" /><input type="reset" tabindex="10" /></p>  

</form><hr/></p>  

   

   

<?php  

   
if (!isset($_GET['first_name']) ||  

    !isset($_GET['last_name']) ||  

    !isset($_GET['street']) ||  

    !isset($_GET['city']) ||  

    !isset($_GET['zip_code']) ||  

    !isset($_GET['area_code']) ||  

    !isset($_GET['contact_number']))  

    echo "<p>Please use the provided spaces to add a new contact.</p>";  

else 

{     

    //Verifying that values are not empty  

    if(empty($_GET['first_name']) ||  

        empty($_GET['last_name']) ||  

        empty($_GET['street']) ||  

        empty($_GET['city']) ||  

        empty($_GET['zip_code']) ||  

        empty($_GET['area_code']) ||  

        empty($_GET['contact_number']))  

   

        //If values are empty then the message bellow will be shown  

        echo "<div>You must enter a value in each field!</div>";  

   

    //If values are not empty then everything bellow happens  

    else 

    {  

   //Declaring the variable that will hold the database values  

        $con = mysql_connect("localhost","user1","ryciorycio");  

   

        //If the connection is not successful show the message bellow.  

            if (!$con)  

           

                die('Could not connect: ' . mysql_error());  

       

            //If the connection is successful then select the database mentioned and use the values on the $con  

            mysql_select_db("garcia", $con);  


        //Declaring variables to hold values from the input spaces  

        $First = mysql_real_escape_string($_GET["first_name"]);  

        $Last = mysql_real_escape_string($_GET["last_name"]);  

        $Street = mysql_real_escape_string($_GET["street"]);  

        $City = mysql_real_escape_string($_GET["city"]);  

        $State = mysql_real_escape_string($_GET["state"]);  

        $Zip = mysql_real_escape_string($_GET["zip_code"]);  

        $Area = mysql_real_escape_string($_GET["area_code"]);  

        $Number = mysql_real_escape_string($_GET["contact_number"]);    
   

//Declaring a variable to hold the query. assigned a new Id for the new contact  

    $result = mysql_query("SELECT Id  

FROM `contacts`");  

       

    echo"<p>$result</p>";  

    //While $result returns values;  

    while($row = mysql_fetch_array($result))  

    {  

        $count = array($row['Id']);  

        $LastId = array_reverse($count);  

        $NewId = $LastId[0] + 1;  

     }  

            //Telling which column will be used to input information and which values will be input in each column. 
            mysql_query("INSERT INTO contacts (Id, FirstName, LastName, Street, City, State, ZipCode, AreaCode, PhoneNumber)  

VALUES ('$NewId', '$First', '$Last', '$Street', '$City', '$State', '$Zip', '$Area', '$Number')");  

           

            //Closing connection  

            mysql_close($con);  

            //Output that will be shown if the contact is successfully saved  

            echo "<h2><p>Contact Saved</p></h2>";  

            echo "<p>$First $Last</p>";  

            echo "<p>$Street</p>";  

            echo "<p>$City</p>";  

            echo "<p>$State, $Zip</p>";  

            echo "<p><strong>Tel. </strong>($Area) $Number</p>";      

    }  

}  

?>  

<hr width="25%"/>  

</body>  
</html> 




I think I get it the rigth way. What do you think?
Was This Post Helpful? 0
  • +
  • -

#7 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Showing values from checkboxes selected in a table

Posted 11 July 2010 - 08:55 PM

You did it correctly, yes. You should set up some debugging in case the query fails, too. I know you have it written out where it shouldn't fail, but you can never be 100% sure. Something like this:

$result = mysql_query($query);
if(!$result)
{
     error_log($query);
     error_log(mysql_error());
     echo "There was an error with a database query.  It has been logged.";
     die;
}



The code above would write two entries into your standard error output (usually an error log file) and give a more secure, user-friendly error message.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1