1

I have a form with checkboxes of student names that is displayed on a class detail page. If you submit the form, it allows you to assign students to the class.

If you revisit the page, it remembers which students have been assigned to the class, and automatically checks their corresponding boxes. The form allows you to check additional students and submit the form, and they will added to the class.

What I'm having trouble with is actually removing students from the class. Specifically, how can I track which students have been "unchecked" on the class detail page, and pass them on to the form action page, where I can then loop an SQL DELETE statement over them?

Here is the code that I have been toying with:

$class_id = $_GET['class_id'];
$tid = $_POST['teachers'];
$student_count = $_GET['student_count'];

mysqli_query($db,"UPDATE class SET teacher_id = $tid WHERE id=$class_id");

if (isset($_POST['students'])) {
    $students = $_POST['students'];
    foreach ($students as $student_id) {
        if (count($students) < $student_count) {
            foreach (/*student that was unchecked from the class.php form*/) {
                //delete statement
            }
            break;
        } else {
            mysqli_query($db, "UPDATE student_class SET student_id = $student_id WHERE class_id = $class_id");
            mysqli_query($db,"INSERT INTO student_class (student_id, class_id) VALUES ($student_id, $class_id)");
        }
    }
}
Tyler Peterson
  • 15
  • 4
  • If its set its checked, if its not then its...? Also why you not using prepared query's? One moody query could alter your entire database to assign to a single teacher, not good... – Lawrence Cherone Jul 08 '14 at 17:44
  • Loz, you have to realize that I am a noob. – Tyler Peterson Jul 08 '14 at 17:49
  • Have a read of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Lawrence Cherone Jul 08 '14 at 17:51
  • Thank you for the link. I'll read up on that eventually. Right now I'd like to figure out the answer to my current question, if only for learning purposes. – Tyler Peterson Jul 08 '14 at 17:57

1 Answers1

1

A Checkbox does not produce an entry in the $_POST or $_GET Array, when you uncheck it.

but you can simply remove every entry from the database, that is not checked any more. (cause then it has to be unchecked if your form contains a complete enumeration!)

$checkedStudents = array()

//Exemplary: depends on the format of $students. If just an id-array, this can be skipped.
foreach ($students as $student_id) {
   $checkedStudents[] = $student_id;      
}

$inStr = "(" + implode(",",$checkedStudents) + ")";
$query = "DELETE FROM student_class WHERE class_id = $class_id 
          AND student_id NOT IN ".$inStr;
dognose
  • 20,360
  • 9
  • 61
  • 107
  • Your approach is the same that I use, but you guys should be using prepared statements. – davidhaskins Jul 08 '14 at 18:30
  • @davidhaskins i don't wanted to modify the existing code to much, so OP can see the relation to what he is doing right now. – dognose Jul 08 '14 at 18:37
  • Thank you for the example. I learned new things about implode and the "NOT IN" clause. Now on to checking out how to prevent SQL-injection. Cheers! – Tyler Peterson Jul 08 '14 at 22:05