2

i have this code:

<?php
$result = mysqli_query($con,"SELECT * FROM table");

while($row = mysqli_fetch_array($result)){
echo "<input type=\"checkbox\" id=\"$row[use_id]\"  name=\"things[]\"  value='$row[col_id]' >$row[col]<br>";
echo "<input placeholder=\"description\" type=\"text\" name=\"ans1\" class='$row[col_id]' id=\"answer1\" style='display:none;'>";
echo "<align='left'><input placeholder=\"source\" type=\"text\" name=\"ans2\" class='$row[use_id]' id=\"answer2\"   style='display:none;'>";

}
?>

using this script:

<script>
$(document).ready(function(){


 $("input[type=checkbox]").change(function(){
    var divId = $(this).attr("id");

     if ($(this).is(":checked")){
        $("." + divId).show();
     }
     else{
         $("." + divId).hide();
     }
});
});
</script>

and i want to take the data from the 2 textboxes using ths code:

$checkBox = $_POST['things'];


for($i=0; $i<sizeof($checkBox); $i++){


    $qs = "INSERT INTO sccm_reherb.table2 values('$_POST[id]','".$checkBox[$i]."','$_POST[ans1]','$_POST[ans2]')";
    echo $qs;
    mysqli_query($con,$qs) or die(mysqli_error($con));
}

but '$_POST[ans1]' and '$_POST[ans2]' are always empty..can anyone help me? thanks in advance!

user2409454
  • 23
  • 2
  • 1
    Instead of using display: none (these will not be sent) use visibility: hidden on those fields. – Jay Blanchard May 22 '13 at 12:36
  • Is this inside a form? Where is the code / html that even causes a postback? – Mike C. May 22 '13 at 12:42
  • 3
    @JayBlanchard — That isn't true: http://dorward.me.uk/tmp/test.php – Quentin May 22 '13 at 12:47
  • 1
    You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you should [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself against. – Quentin May 22 '13 at 12:48
  • Thanks @Quentin - I am using old info. – Jay Blanchard May 22 '13 at 12:50
  • Are you typing anything into the inputs after making them visible? Does the data appear in the POST data you can see in your browser's developer tools' Net tab? – Quentin May 22 '13 at 12:50
  • They are empty, because you are **always** sending the last one (and maybe the last one is unchecked one), not all of them. You must send them as an array. You can read more information about it at my answer. –  May 22 '13 at 13:11

1 Answers1

0

You must send ans1 and ans2 as an array to server. Not as a string.

Change your while loop to this:

while($row = mysqli_fetch_array($result)) {
    echo "<input type='checkbox' id='$row[use_id]'  name='things[$row[col_id]]'  value='$row[col_id]' >$row[col]<br>";
    echo "<input placeholder='description' type='text' name='ans1[$row[col_id]]' class='$row[col_id]' id='answer1' style='display:none;'>";
    echo "<align='left'><input placeholder='source' type='text' name='ans2[$row[col_id]]' class='$row[use_id]' id='answer2'   style='display:none;'>";
}
  • Note 1: I use single quote (') in HTML attributes for better reading.
  • Note 2: Pay attention to name='ans2[$row[col_id]]' (it's now an array)
  • Note 3: I manually set the index of array by $row[col_id]

Now if you send this form to server, you will get such result:

Array
(
    [things] => Array
        (
            [1] => 1
            [4] => 4
        )

    [ans1] => Array
        (
            [1] => Description 1
            [2] => forbidden data by user
            [3] => forbidden data by user
            [4] => Description 4
            [5] => forbidden data by user
        )

    [ans2] => Array
        (
            [1] => Source 1
            [2] => forbidden data by user
            [3] => forbidden data by user
            [4] => Source 4
            [5] => forbidden data by user
        )

)

In the above array, all textbox has value as I wrote there forbidden data by user. This is not important, because the valid data (user has checked the checkbox) is those in things array, so in the server, you must loop by that array.

$checkbox = $_POST['things'];

if ($checkbox) {
    foreach ($checkbox as $id => $value) {
        $ans1 = $_POST['ans1'][$id];
        $ans2 = $_POST['ans2'][$id];

        // to other stuff
    }
}