0

I am not sure what I am missing with this Array output of php to mysql. It really seems simple and I am missing something. I would think it would break it up into checkbox[1], checkbox[2], checkbox[3].

<html>
<body>
<form method="post" action="output_to_sql.php">
Check box - Please choose type of residence:<br />
Steak:<input type="checkbox" value="Steak" name="checkbox[]"><br />
Pizza:<input type="checkbox" value="Pizza" name="checkbox[]"><br />
Chicken:<input type="checkbox" value="Chicken" name="checkbox[]"><br />
<input type="submit" value="submit" name="submit">
</form>

output_to_sql.php

<?php
$servername = "localhost";
$username = "user";
$password = "password";
$dbname = "database";

// Create connection
$connection = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}else{
echo "success";
}
$checkbox = $_POST["checkbox"];
if (!isset($_POST['submit'])) { 
// if page is not submitted to itself echo the form
echo "error submitting form";
} 
else //show form data with check box answers
{
//make an array with check boxes and show result
foreach ($checkbox as $checkboxitems) {
echo $checkboxitems."<br />";
}
$sql =  mysqli_query("INSERT INTO `table` (`checkbox1`, `checkbox2`, `checkbox3`) VALUES ('$checkboxitems[0]','$checkboxitems[1]','$checkboxitems[2]')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
DDJ
  • 807
  • 5
  • 13
  • 31
  • 1
    It looks like `$checkboxitems` is only *one* of the checkbox values, specifically the last one (set during your `foreach` loop). So, `$checkboxitems[0]` doesn't exist. The array you're referencing seems to be called `$checkbox`, so the first checkbox would be `$checkbox[0]`. – showdev Jan 21 '16 at 23:20
  • 2
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jan 21 '16 at 23:22
  • 1
    As Quentin points out, one of the biggest things **wrong** with the code is that appears to be vulnerable to SQL Injection. Despite what the plethora of vulnerable code examples would lead you to believe... prepared statements and bind placeholders are really *not that hard.* – spencer7593 Jan 21 '16 at 23:25
  • I want to make sure it worked before I strip it and prepare it to prevent SQL injection. I just have had a hard time understanding this one and radio buttons because there aren't that many good tutorials I could find (even in my thick MYSQL PHP book) – DDJ Jan 21 '16 at 23:40

1 Answers1

1

Only checked checkboxes are successful controls.

So if no checkbox is checked, then the array will be empty.

If one is checked, then it will have one item in it (at index 0 not index 1, arrays start counting from 0).

In general, this should be resolved with a many-to-many relationship.

After inserting your data (without checkboxes) into your "table" table, loop over $_POST['checkboxitems'] and insert the id of your new row and the id of the matching foodstuff in the "foodstuffs" table into your linking table.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335