How to insert user_from SESSION along with multiple checkboxes

Question

I have updated this question, as I have part of it working. My checkbox values wont insert but my user_id does. Can anyone tell me why my checkboxes are not inserting into my database?

I have updated my eNISATExec.php file. I am new to php, I need help with a project I am working on. I am aware that mysql functions are deprecated, but I will be using them for the purpose of this project. I have multiple checkboxes that I wish to insert the values of in my database table (enisatanswer), although I also wish to store the user_id (primary key of my users table) from the user logged on using sessions.

I did have the checkboxes inserting without the user_id although this is essential for me to be able to display content on my next page after I get this part working.

I have a separate column for each of my checkboxes in my table (Log, Worktray, Visual) etc, and a column for user_id. I have tried adding a WHERE statement to the end of my INSERT statement although I am getting an error:

Parse error: syntax error, unexpected ')' in C:\wamp\www\Login\eNISATExec.php on line 31.

Before that I was getting an error: column count does not match at row 1. There is obviously an issue with my $query in eNISATExec.php, although I cannot resolve it.

Any help would be greatly appreciated. Here are my files:

dbconnect.php

<?php
if(!@mysql_connect("localhost","root","#########"))
{
     die('There was connection problem ! --> '.mysql_error());
}
if(!mysql_select_db("dbtest"))
{
     die('There was database selection problem ! --> '.mysql_error());
}
?>

index.php

<?php
session_start();
include_once 'dbconnect.php';

if(isset($_SESSION['user'])!="")
{
 header("Location: home.php");
}
if(isset($_POST['btn-login']))
{
 $username = mysql_real_escape_string($_POST['username']);
 $upass = mysql_real_escape_string($_POST['pass']);
 $res=mysql_query("SELECT * FROM users WHERE username='$username'");
 $row=mysql_fetch_array($res);
 if($row['password']==md5($upass))
 {
  $_SESSION['user'] = $row['user_id'];
  header("Location: home.php");
 }
 else
 {
  ?>
        <script>alert('User name taken or in the wrong format');</script>
        <?php
 }

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>NHSCT E-Learning Portal</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<div id="login-form">
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td><input type="text" name="username" placeholder="Your User Name" required /></td>
</tr>
<tr>
<td><input type="password" name="pass" placeholder="Your Password" required /></td>
</tr>
<tr>
<td><button type="submit" name="btn-login">Sign In</button></td>
</tr>
<tr>
<td><a href="register.php">Sign Up Here</a></td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>

home.php

<?php
session_start();
include_once 'dbconnect.php';

if(!isset($_SESSION['user']))
{
 header("Location: index.php");
}
$res=mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome - <?php echo $userRow['username']; ?></title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="header">
 <div id="left">
    <label>NHSCT E-Learning Portal</label>
    </div>
    <div id="right">
     <div id="content">
         Welcome <?php echo $userRow['forename']; ?>&nbsp;<a href="logout.php?logout">Sign Out</a>
        </div>
    </div>
</div>
<br>
<center>
<h1> Select an E-Learning Module<h1>
<br>
<table align="center" height="200" width="30%" border="0">
<tr>
<td><button name="eNISAT" onclick="window.location.href='eNISATExec.php'">eNISAT Tutorials</button></td>
</tr>
<td><button name="Email" "window.location.href='email.php'">Email Tutorials</button></td>

<tr>
</tr>
</table>
</body>
</html>

eNISATExec.php

    <?php  
session_start();
include_once 'dbconnect.php';

if(!isset($_SESSION['user']))
{
 header("Location: index.php");
}
$res=mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);

if(isset($_POST['submit']))
{      
@$userID=$_SESSION['user'];
@$checkbox1=$_POST['Log'];
@$checkbox2=$_POST['Worktray'];
@$checkbox3=$_POST['Visual'];
@$checkbox4=$_POST['ChangePd']; 
@$checkbox5=$_POST['Logout'];
@$checkbox6=$_POST['ClientSearch'];
@$checkbox7=$_POST['StartAssessment'];
@$checkbox8=$_POST['Finalise'];
@$checkbox9=$_POST['Print'];
@$checkbox10=$_POST['Hcn'];
@$checkbox11=$_POST['Lcid'];
@$checkbox12=$_POST['Soscare'];
@$checkbox13=$_POST['Reassign'];
@$checkbox14=$_POST['Close'];

    $query="INSERT INTO enisatanswer (user_id,Log,Worktray,Visual,ChangePd,Logout,ClientSearch,StartAssessment,Finalise,Print,Hcn,Lcid,Soscare,Reassign,Close) VALUES 
    ('$userID', '$checkbox1', '$checkbox2','$checkbox3', '$checkbox4', '$checkbox5', '$checkbox6','$checkbox7', '$checkbox8','$checkbox9', '$checkbox10','$checkbox11', '$checkbox12', '$checkbox13', '$checkbox14')";  
    mysql_query($query) or die (mysql_error() );
if($query==1)
   {  
      echo'<script>alert("Inserted Successfully")</script>';  
   }  
else  
   {  
      echo'<script>alert("Failed To Insert")</script>';  
   }  
}  
?>

Why are you suppressing so many potential errors? It is considered bad practice, you should validate the fields correctly to prevent other errors from occurring later on. [Déjà vu](http://stackoverflow.com/questions/34927227/loop-for-php-pagination). Oh and you are closing your query early `[...] '$checkbox14'") [...]`. — Script47, Jan 21 '16 at 15:36
You should also consider switching from MySQL as it has been [officially](http://php.net/manual/en/migration55.deprecated.php) deprecated. Use [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers) **with** [prepared statements](http://php.net/manual/en/pdo.prepared-statements.php). — Script47, Jan 21 '16 at 15:42
What behavior are you wanting by having a `WHERE` clause on an `INSERT` statement? That's not really an option. Are you really trying to do an `UPDATE`? — Patrick Q, Jan 21 '16 at 15:43
The syntax error you're getting has to do with your php script, not with the your query. Just add or remove some ')' around the line your error message tells you the error is. Then for your queries, just execute them on mysql tool so you can see where you're going wrong. I recommend using mysql workbench, or if yuo dont want to intstall anything, use phpmyadmin — Glubus, Jan 21 '16 at 15:43
I'm also going to add a bit to what @Script47 said, error suppression is bad, as debugging and errors exist for a reason. Secondly I would suggest no your `mysql_*` commands, they are depreciated and insecure. I would recommend using PDO — Mark Hill, Jan 21 '16 at 15:43
OP said he knows mysql is deprecated, and that he's using it for the sake of this project. — Glubus, Jan 21 '16 at 15:44
Apologises Folks I got it working. I declared a variable for userID as follows:so I didnt need to use a WHERE statement in the end. — scubbastevie, Jan 21 '16 at 16:11
Apologises Folks I got it working. I declared a variable for userID as follows: @$userID=$_SESSION['user']; then added $userID as variable in my query. So I didn't need to use a WHERE statement in the end. Thank you everyone. I know mysql is deprecated but it is only a prototype for uni and will be all localhost so security isnt paramount. I may be back for help in future as I wish to show a seperate video file for each of the checkboxes selected and I dont know how to go about it just yet — scubbastevie, Jan 21 '16 at 16:17
Actually it is not quite working, user_id is inserting by checkbox value is not. I have updated the question, can anyone tell me why the values are not updating? — scubbastevie, Jan 21 '16 at 16:38

How to insert user_from SESSION along with multiple checkboxes

0 Answers0