Edit data from MySQL via PHP with check box

Question

I would like to update the database with checkbox. I have created table from database. -if "elfogadva" is checked then the value=1. -else if "elfogadva" is unchecked then (value=0) i have checkbox for the row.

<form method="post" action="rendeles.php" id="rendelesek">
                <?php 
                $result=mysql_query("SELECT * FROM megrendeles");
                echo "<table border=1>
                <tr><th>Szám</th>
                    <th width=30>Név</th>
                    <th width=30>Cím</th>
                    <th width=30>Mobil</th>
                    <th width=30>E-mail</th>
                    <th width=70>Rendezvény típusa</th>
                    <th width=50>Létszám</th>
                    <th width=150>Helyszín</th>
                    <th width=50>Átadás</th>
                    <th width=50>Bontás</th>
                    <th width=40>Sátor méret</th>                                       
                    <th width=50>Padlózat</th>
                    <th width=50>Színpad</th>
                    <th width=70>Berendezés</th>
                    <th width=33>Asztal db</th>
                    <th width=33>Ülés</th>
                    <th width=33>Ülés db</th>
                    <th width=33>Füves</th>
                    <th width=41>Burkolt</th>                   
                    <th width=30>Egyéb</th>
                    <th width=30>Elfogadva</th>
                    <th width=33>Értékelés</th>
                </tr>";


                while($row = mysql_fetch_assoc($result)){
                    echo "<input type='hidden' name='id' value=".$row['id'].">
                    <tr>
                        <td>" .$row['id']."</td>
                        <td>" . $row['nev'] . "</td>
                        <td>" . $row['cim'] . "</td>
                        <td>" . $row['mobil'] . "</td>
                        <td>" . $row['email'] . "</td>
                        <td>" . $row['rendezveny'] . "</td>
                        <td>" . $row['letszam'] . "</td>
                        <td>" . $row['helyszin'] . "</td>
                        <td>" . $row['atadas'] . "</td>
                        <td>" . $row['bontas'] . "</td>
                        <td>" . $row['satormeret'] . "</td>                                             
                        <td>" . $row['padlozat'] . "</td>
                        <td>" . $row['szinpad'] . "</td>
                        <td>" . $row['berendezes'] . "</td>
                        <td>" . $row['asztal'] . "</td>
                        <td>" . $row['berendezes_u'] . "</td>
                        <td>" . $row['ules'] . "</td>
                        <td>" . $row['fuves'] . "</td>
                        <td>" . $row['burkolt'] . "</td>                        
                        <td>" . $row['egyeb'] . "</td>";                        
                        if($row['elfogadva']==1){ //1es ha elfogadva, ha nincs akkor checkbox
                            echo"<td width=60>" . $row['elfogadva'] . "</td> ";
                        }else{
                            echo"<td width=60>
                                    <input type='checkbox' name='elfogadva' value='1'>
                                </td>";
                        }
                        echo"<td>" . $row['ertekeles'] . "</td>

                    </tr>";
                }
                echo "</table><br>
                <p align='right'><input type='submit' name='submit' class='btn' value='Submit'></p>";
                ?>              
            </form>

here is the "rendeles.php":

<?php
$sql = mysql_connect("localhost", "root", "");
mysql_select_db("szakdolgozat") or die( "Unable to select database");

$submit=$_POST['submit'];
$elfogadva=$_POST['elfogadva'];
$id=$_POST['id'];
//if(isset($_POST['elfogadva'])){ $elfogadva = $_POST['elfogadva']; }
echo $elfogadva;
echo"<br>";
echo $id;

if(!isset($_SESSION)){
    session_start();
}

$query_rendeles=mysql_query("UPDATE megrendeles SET elfogadva='$elfogadva' WHERE id='$id'");
require_once("lekerdezes_megrendeles.php");
?>

the problem: always post the last "id".

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Feb 20 '13 at 14:33

score 0 · Answer 1 · answered Feb 20 '13 at 16:54

You're building totally invalid/incorrect html:

                echo "<input type='hidden' name='id' value=".$row['id'].">

                                <input type='checkbox' name='elfogadva' value='1'>

Assuming you get 10 rows of data from your query, you'll generate 10 copies of the form fields with the SAME names, just different $row['id'] values. WHen you submit that, any duplicate names are collapsed into a single field and generally the LAST instance of that name is used.

The code should just be:

<input type="checkbox" name="elfogadva" value="$row[id]" />

and then

$id = $_POST['elfogadva'];

in your PHP code.

Edit data from MySQL via PHP with check box

1 Answers1