0

I'm posting from the HTML code shown in this jsfiddle to the PHP page for which the code is below. The issue is that the array $_POST['selectedpost'] isn't being received. That's the array containing which checkboxes were ticked. In the js fiddle I added in an example row to the table containing the checkboxes as normally these are generated using PHP and SQL.

<?php
include "connect2.php";

if (isset($_POST['selectedpost'])) {
$postschecked = $_POST['selectedpost'];
$length = count($postschecked);
}
else{
returnpage();
}

if (isset($_POST['deleteposts'])) {
foreach($postschecked as $post_id){
    $sql = "DELETE FROM posts WHERE post_id='$post_id'";
    mysql_query($sql);
}
returnpage();
}

if (isset($_POST['passposts'])) {
foreach($postschecked as $post_id){
    $sql = "UPDATE posts SET moderation=1 WHERE post_id='$post_id'";
    mysql_query($sql);
}
returnpage();
}

if (isset($_POST['editpost'])) {
if ($lenght==1){
    foreach($postschecked as $post_id){
        header("location:editpost.php?post_id=$post_id");
    }
}
else{
    returnpage();
}
}

if (isset($_POST['returnpost'])) {
if (isset($_POST['reasonreturned'])) {

    foreach($postschecked as $post_id){

        $sql = "SELECT description FROM posts WHERE post_id='$post_id'";
        $query = mysql_query($sql);
        $array = array();
        while ($row = mysql_fetch_array($query, MYSQL_NUM)) {
        $array[] = $row; }
        $description = "".$array[0][0];

        $description = $description . "<br/><br/><span style='color:red;font-size:18px;'>" . $_POST['reasonreturned'] . "</span>";

        $sql = "UPDATE posts SET description='$description' WHERE post_id='$post_id'";
        $query = mysql_query($sql);
    }
}
foreach($postschecked as $post_id){
    $sql = "UPDATE posts SET moderation=3 WHERE post_id='$post_id'";
    $query = mysql_query($sql);
}
returnpage();
}

if ($length){
returnpage();
}

function returnpage(){
//header("location:moderate.php");
}
?>

http://jsfiddle.net/3A6az/2/

Also extra note, I am aware as to how un-efficient my code is in places and I'm also aware to the fact I should drop mysql and move to something like mysqli. Thank's for any help given

Shardj
  • 1,800
  • 2
  • 17
  • 43
  • 1
    Array, what array? You're using an input `` plus you don't need `` If anything you shouldn't be using `value='404'` unless that's what you want to pass as a "value". You probably meant to use use multiple checkboxes and using `name='selectedpost[]'` – Funk Forty Niner Jan 27 '14 at 20:52
  • The value 404 was an example I put in, thats all generated by itself normally. Good point about the /input, thanks, i forgot about that. Also when checkbox's are posted in a form I thought they passed an array? – Shardj Jan 27 '14 at 20:53
  • They would if your checkboxes were named `name='selectedpost[]'` with the `[]` as in `` – Funk Forty Niner Jan 27 '14 at 20:54
  • I would like to point out though, that switching to `mysqli_*` functions would be most beneficial. `mysql_*` functions are deprecated. Using prepared statements or PDO would be even better in order to protect yourself. Here is a guide on how to prevent SQL injection: http://stackoverflow.com/q/60174/ – Funk Forty Niner Jan 27 '14 at 21:10
  • And I found a typo which may give you trouble `if ($lenght==1){` you have the word `$length` in your code as well. Change it to `if ($length==1){` – Funk Forty Niner Jan 27 '14 at 21:16
  • Thanks @Fred-ii- , spotted that myself though :) – Shardj Jan 28 '14 at 16:19

2 Answers2

4

If you have more than 1 checkbox you need to use

name='selectedpost[]'

It will then be available to you with $_POST['selectedpost']; as an array.

Hope this helps!

dev7
  • 6,259
  • 6
  • 32
  • 65
2

You're using an unbracketed input <input type='checkbox' name='selectedpost' value='404'></input> plus you don't need </input> <(FYI)

If anything you shouldn't be using value='404' unless that's what you want to pass as a "value".

You probably meant to use multiple checkboxes and using name='selectedpost[]'

I.e.:

<input type='checkbox' name='selectedpost[]'>

Using square brackets [] are treated as an array.

Footnotes:

I would like to point out though, that switching to mysqli_* functions would be most beneficial. mysql_* functions are deprecated.

Using mysqli_* functions with prepared statements or PDO would be even better in order to protect yourself from SQL injection.

Here is a guide on how to prevent SQL injection: How can I prevent SQL injection in PHP?

N.B.: I also found a typo which may give you trouble if ($lenght==1){

You have the word $length in your code as well. Change it to if ($length==1){

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141