1

I'm trying to create a table in php that would show the data on the mysql database based on the check box that is checked by the user. As you can see in this screen shot, it will have problems when you did not check on a checkbox before the one that will be the last: http://www.mypicx.com/04282010/1/

Here is my code:

if($_POST['general'] == 'ADDRESS'){
$result2 = mysql_query("SELECT * FROM student WHERE ADDRESS='$saddress'");
 ?>



<table border='1'>
<tr>
<th>IDNO</th>
<th>YEAR</th>
<th>SECTION</th>

<?php if ( $ShowLastName )
echo "<th>LASTNAME</th>" ?>

<?php if ( $ShowFirstName  )
echo "<th>FIRSTNAME</th>" ?>


<?php if ( $ShowMidName  )
echo "<th>MIDNAME</th>" ?>


<?php if ( $ShowAddress  )
echo "<th>ADDRESS</th>" ?>


<?php if ( $ShowGender  )
echo "<th>GENDER</th>" ?>

<?php if ( $ShowReligion  )
echo "<th>RELIGION</th>" ?>

<?php if ( $ShowBday  )
echo "<th>BIRTHDAY</th>" ?>

<?php if ( $ShowContact  )
echo "<th>CONTACT</th>" ?>
</tr>


<?php
while($row = mysql_fetch_array($result2))
  {?>
    <tr> 
    <td><?php echo $row['IDNO']?> </td>
 <td><?php echo $row['YEAR'] ?> </td>
   <td><?php echo $row['SECTION'] ?></td>


  <td><?php
   if ( $ShowLastName  )
  echo $row['LASTNAME'] ?></td>

    <td><?php
   if ( $ShowFirstName  )
  echo $row['FIRSTNAME'] ?></td>

             <td><?php
   if ( $ShowMidName  )
  echo $row['MI'] ?></td>


   <td><?php
   if ( $ShowAddress  )
  echo $row['ADDRESS'] ?></td>

  <td><?php
   if ( $ShowGender  )
  echo $row['GENDER'] ?></td>



  <td><?php
   if ( $ShowReligion  )
  echo $row['RELIGION'] ?></td>

  <td><?php
   if ( $ShowBday  )
  echo $row['BIRTHDAY'] ?></td>

  <td><?php
   if ( $ShowContact  )
  echo $row['S_CONTACTNUM'] ?></td>



   </tr>

<?PHP   }  ?>
    </table>

<?PHP }






mysql_close($con);
?>

What can you recommend so that the output will not look like this when you one of the checkbox before a checkbox is not clicked: http://www.mypicx.com/04282010/2/ alt text

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
user225269
  • 10,743
  • 69
  • 174
  • 251
  • Wow, I see much more trouble coming for you, unless this is simple schoolwork. You code is susceptible to both SQL injection and XSS injection. You should really learn to use stuff like mysql_real_escape_string and htmlspecialchars at least. – Milan Babuškov Apr 28 '10 at 09:07
  • To be fair, we don't know that `$saddress` hasn't been quoted. Still, very important topics to raise. Where do you see the XSS vector? The values from the table? – outis Apr 28 '10 at 09:28
  • is this ok: $syear = mysql_real_escape_string($_POST['specific']); I didn't show the rest of the code. I'm just a beginner and I believe that I'll only be needing mysql_real_escape_string when there's an input type="text". Please enlighten me about this belief if I'm wrong. – user225269 Apr 28 '10 at 09:50

5 Answers5

4

instead of 

   <td><?php
       if ( $ShowGender  )
         echo $row['GENDER'] ?>
    </td>

you should do something like

<?php
   if ( $ShowGender  )
  echo "<td>".$row['GENDER']."</td>" ?>

So that the <td> tags only appears if the "if" statement is true.

Vinze
  • 2,549
  • 3
  • 22
  • 23
2

You only print table header elements (<th>) if the corresponding $isField variable is set, but you print all table cells, only testing whether or not to print the cell contents.

Instead of all that, loop over the fields to be printed out. No need to test each and every field.

Example form:

<form action="..." method="POST">
  <h4>Student Information</h4>
  <?php foreach ($studentFields as $key => $label) { ?>
    <input type="checkbox" name="show[<?php echo $key; ?>]" id="show_<?php echo $key; ?>"/><label for="show_<?php echo $key; ?>"><?php echo $label; ?></label>
  <?php } ?>
  <h4>Parent Information</h4>
  <?php foreach ($parentFields as $key => $label) { ?>
    <input type="checkbox" name="show[<?php echo $key; ?>]" id="show_<?php echo $key; ?>"/><label for="show_<?php echo $key; ?>"><?php echo $label; ?></label>
  <?php } ?>
</form>

Form handler:

<table>
  <thead><tr>
    <?php foreach ($fields as $key => $label) { ?> 
      <th><?php echo $label; ?></th> 
    <?php } ?>
  </tr></thead>
  <tbody>
    <?php foreach ($results as $row) { ?>
      <tr>
        <?php foreach ($fields as $key => $label) { ?>
          <td><?php echo $row[$key]; ?></td>
        <?php } ?>
      </tr>
    <?php ?>
  </tbody>

The foreach ($results as $row) { needs to be rewritten as a while loop if you stick with the outdated mysql driver, but works with PDOStatement. Switching to PDO also makes it easier to injection vulnerabilities, as prepared statement parameters are invulnerable to them. You can also rewrite that SELECT * to only fetch the requested columns, reducing DB load.

$validFields = array('last' => 'Last Name', 'first' => 'First Name', 'stAddr' => 'Address', ...);
$fields = array_intersect($validFields, $_POST['show']);

You could even make it self-configuring by constructing the $validFields array by inspecting the DB table(s), though this would incur an extra table query.

Community
  • 1
  • 1
outis
  • 75,655
  • 22
  • 151
  • 221
2

Ok first thing's first, let's clean your code up, because it's so difficult to read in it's current format:

<?php
        if($_POST['general'] == 'ADDRESS'){
        $result2 = mysql_query("SELECT * FROM student WHERE ADDRESS='$saddress'");
?>
<table border='1'>
        <tr>
                <th>IDNO</th>
                <th>YEAR</th>
                <th>SECTION</th>
                <?php if ( $ShowLastName ) { ?><th>LASTNAME</th><?php } ?>
                <?php if ( $ShowFirstName ) { ?><th>FIRSTNAME</th><?php } ?>
                <?php if ( $ShowMidName ) { ?><th>MIDNAME</th><?php } ?>
                <?php if ( $ShowAddress ) { ?><th>ADDRESS</th><?php } ?>
                <?php if ( $ShowGender ) { ?><th>GENDER</th><?php } ?>
                <?php if ( $ShowReligion ) { ?><th>RELIGION</th><?php } ?>
                <?php if ( $ShowBday ) { ?><th>BIRTHDAY</th><?php } ?>
                <?php if ( $ShowContact ) { ?><th>CONTACT</th><?php } ?>
        </tr>

<?php while($row = mysql_fetch_array($result2)) {?>
        <tr> 
                <td><?php echo $row['IDNO']?> </td>
                <td><?php echo $row['YEAR'] ?> </td>
                <td><?php echo $row['SECTION'] ?></td>
                <?php if ( $ShowLastName ) { echo('<td>'.$row['LASTNAME'].'</td>'); } ?></td>
                <?php if ( $ShowFirstName ) { echo('<td>'.$row['FIRSTNAME'].'</td>'); } ?>
                <?php if ( $ShowMidName ) { echo('<td>'.$row['MI'].'</td>'); } ?>
                <?php if ( $ShowAddress ) { echo('<td>'.$row['ADDRESS'].'</td>'); } ?>
                <?php if ( $ShowGender ) { echo('<td>'.$row['GENDER'].'</td>'); } ?>
                <?php if ( $ShowReligion ) { echo('<td>'.$row['RELIGION'].'</td>'); }?>
                <?php if ( $ShowBday ) { echo('<td>'.$row['BIRTHDAY'].'</td>'); }?>
                <?php if ( $ShowContact ) { echo('<td>'.$row['S_CONTACTNUM'].'</td>'); }?>
        </tr>
<?php } ?>
</table>
<?php }
        mysql_close($con);
?>

Your best bet would be to try putting this code in and telling us if this improves things?

EDIT

Ah, as the others have said your <td> tags are sitting outside of your condition, still, the above code is much easier to read and will help future debugging :-)

Ben Everard
  • 13,652
  • 14
  • 67
  • 96
1

Yeah, do it the same way as you've done the th tags, with the if statement around the td tags, rather than inside them. Way you've done it now will always show 9 columns, no matter what check boxes are selected.

Tom
  • 4,257
  • 6
  • 33
  • 49
1

Your 're printing the cells in the iteration, but only it's content depends on the condition. 

<?php
if ( $ShowContact  )
echo '<td>' . $row['S_CONTACTNUM'] . '</td>' ?>
Mikulas Dite
  • 7,790
  • 9
  • 59
  • 99