0

I have a form with a number of fields to fill in. As follows: The form

 <form action="<?php echo $editFormAction; ?>" id="form1" name="form1" method="POST">

        <input type="checkbox" name="Category[]" value="Casio Digital Pianos" id="Category_0" />
          Casio piano</td>
        <td><input type="checkbox" name="Category[]" value="Casio Keyboards" id="Category_2" />
          Casio Keyboard</td>
        <td><input type="checkbox" name="Category[]" value="Recording" id="Category_3" />
    Recording</td>
        <td><input type="checkbox" name="Category[]" value="Modules & Add-on s" id="Category_4" />
    Modules & Add-on's</td>
      </tr>
      <tr>
        <td> <input type="checkbox" name="Category[]" value="Kawai Digital Pianos" id="Category_5" />


      </label>
      </p>
      <p>
        <label>Manufacturer
          <select name="Manufacturer" id="Manufacturer">
            <option value="Casio">Casio</option>
            <option value="Kawai">Kawai</option>
            <option value="Korg">Korg</option>
            <option value="Roland">Roland</option>
            <option value="Yamaha">Yamaha</option>
            <option value="Ketron">Ketron</option>
            <option value="Boss">Boss</option>
            <option value="Samson">Samson</option>
            <option value="Orla">Orla</option>
            <option value="Technics">Technics</option>
            <option value="Ultimax">Ultimax</option>
          </select>
        </label>
      </p>
        <p>
        <label>Model
          <input type="text" name="Model" id="Model" />
        </label>
      </p>
      <p>
        <label>Color
          <input type="text" name="Color" id="Color" />
        </label>
      </p>
      <p>
        <label>


      <p><input name="submit" type="submit" value="submit" /></p>
      <input type="hidden" name="MM_insert" value="form1" />
    </form>

I would like for each value of the category a new row in the database

I am using DW to start with as follows: Insertion code:

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

  $insertSQL = sprintf("INSERT INTO products (Category, Manufacturer, Model, Color) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['Category'], "text"),
                       GetSQLValueString($_POST['Manufacturer'], "text"),
                       GetSQLValueString($_POST['Model'], "text"),
                       GetSQLValueString($_POST['Color'], "text");


  mysql_select_db($database_dconn, $dconn);
  $Result1 = mysql_query($insertSQL, $dconn) or die(mysql_error());
}

Which doesn't work because it somehow can't find the Category I presume this is because it is an array. Is there a way to make this work so it does insert the form for each Category when ticked into a new field. I have tried the following:

if (isset($_POST['Category'])) {
    foreach($_POST['Category'] as $value);

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
etc...

But that doesn't seem to work at all. Any help welcome

Ria
  • 516
  • 6
  • 24
  • 1
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). – Jay Blanchard Jan 06 '15 at 14:19
  • What debugging have you done? `console.log()`? `echo $_POST`? – Phil Tune Jan 06 '15 at 14:20

1 Answers1

0

First, read up on PDO and stop using mysql() functions. Next, you were close with your foreach, but stop using isset - this will always return true for posted forms even if a field is empty (as the variable is initialised due to being posted, even if it's NULL - but don't try to check for NULL as it'll still pass as true on a value of ""), instead use if(!empty($_POST['field'])). In regards to your foreach against the category array, try the below.

Now, there are a few issues i've noticed. Are you looking to run multiple SQL inserts depending on the number of checked categories? Will these have identical values for color, manufacturer etc? If so, you're on the right track. If not, instead I would recommend you redo the entire form (E.G. if you need unique values for each checked category). Next, why are you passing a hidden field with your form names value? Is this to validate if the array is posted?

Last but not least, get_magic_quotes_gpc() - No. Just no. First, using PDO negates the need to sanitize strings on the way into a SQL query (Though kudos for understanding the dangers, if not winning points for execution). Further, on display all you really need then is htmlspecialchars() to sanitize any displayed output. This will do the trick and remove the need for your function.

Edit: Try the below (without any HTML formatting)

Could you not simply try: 

if(!empty($_POST['submit'])) {

    foreach ($_POST['category'] AS $val) {
    # $val will hold the value of your checkbox
    # Run SQL insert
    }

} else {
# Display HTML form
}
iamgory
  • 862
  • 1
  • 6
  • 10
  • The values for colour, manufacturer etc are identical for each checked category, however when I tried your code the error message said it cannot find a value for Category therefore noting was inserted. I have put the for each loop above the if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { and also below with the closing tags behind the insertion. This don't work. I really not sure what to do. – Ria Jan 06 '15 at 14:49
  • Have you tried changing the case of `Category[]` in your form to lower case c, I.E. `category[]`? – iamgory Jan 06 '15 at 14:52
  • That don't make any difference as it is the same in the db field. The field by the way are all text fields in the db. Thank you for your help – Ria Jan 06 '15 at 14:53
  • What displays if you use `var_dump($_POST)`? Also, your codebase is a nightmare. We're here to help by pointing you in the right direction, but we're not going to rewrite the entire thing for you. I suggested changes which you clearly haven't made, such as stripping your `if(isset($_POST["MM_insert))` as it's both wrong and not needed but you're clearly not heeding the advice. – iamgory Jan 06 '15 at 14:57
  • I've done all the suggested and it works fine. Thanks for your help. I'll start to use PDO. – Ria Jan 06 '15 at 15:57