0

I'm new to PHP. I want to update the status of my checked checkbox to 0. I want to insert the userid and the boxid which is the checkbox into another table. However, my code is unable to update and insert.

This is my code:

 if(isset($_POST['Next']))
{   
foreach($_POST['boxs'] as $f => $value){
    $sql = "UPDATE box SET status = '0' WHERE boxid = '$f'";
    mysqli_query($con,$sql) or die(mysqli_error($con));
    $result = "INSERT INTO booked(username, boxid) VALUES('$_POST[username]', '$f')";
    mysqli_query($con,$result) or die(mysqli_error($con));

   }
}

This is my checkbox:

<?php
$query = "SELECT * FROM box WHERE status = 1";
$result = @mysqli_query($con, $query);
$num_rows = @mysqli_num_rows($result);

$disable = '';
if (!$num_rows){
$disable = 'disabled="disabled"';
}

?>

<form method = "post" action = "">

<input type='checkbox' name="boxs[]" id="1.1" value ="1.1" <?php echo $disable ?>/>
<label for="1.1" class="background1"></label> <br/>
<input type='checkbox' name="boxs[]" id="1.2" value ="1.2"<?php echo $disable ?>/>
<label for="1.2" class="background2"></label> 
<br/>
<input type='checkbox' name="boxs[]" id="1.3" value ="1.3"<?php echo $disable ?>/>
<label for="1.3" class="background2"></label> 
<input type="submit" name="Next" id="Next" value="next" />
</form>

So, any idea what's wrong with my code?

June
  • 85
  • 1
  • 7
  • 1
    `mysqli_query()` missing first parameter database connection and syntex error in your query!! – Saty Jul 28 '16 at 12:57
  • Is this shows any error? – Deepak Dholiyan Jul 28 '16 at 12:58
  • This is the error shown: Notice: Undefined index: username in F:\xampp\htdocs\New folder\b.php on line 89. And in my database, in the table 'booked', the username is empty and the boxid is 0. – June Jul 28 '16 at 13:49

3 Answers3

0

Change like this, you have used wrong quotes, plus missing $conn param for mysqli_query function 

if(isset($_POST['Next']))
{   
foreach($_POST['boxs'] as $f => $value){
    $sql = "UPDATE box SET status = '0' WHERE boxid = '$f'";
    mysqli_query($con,$sql) or die(mysqli_error($con));
    $result = "INSERT INTO booked(username, boxid) VALUES('$_POST[username]', '$f')";
    mysqli_query($con,$result) or die(mysqli_error($con));

   }
}
Drone
  • 1,114
  • 1
  • 12
  • 31
  • i have tries your code, still no data insert into the database – June Jul 28 '16 at 13:37
  • This is the error shown: Notice: Undefined index: username in F:\xampp\htdocs\New folder\b.php on line 89. And in my database, in the table 'booked', the username is empty and the boxid is 0. – June Jul 28 '16 at 13:47
0

If you call mysqli_query procedurally, you need you need to connect to the DB first:

$link = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");

if (!$link) {
    echo "Error: Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
}

Then pass the connection when you're doing the query:

mysqli_query($link,$sql) or die(mysqli_error($con));

And in the end, close the connection:

mysqli_close($link);
evilpenguin
  • 5,448
  • 6
  • 41
  • 49
0

Instead of using direct substitution values, you could use below methods to avoid sql injection.

This will help to solve your problem.

Using MySQLi (for MySQL):

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // do something with $row
}

Please refer How can I prevent SQL-injection in PHP?

Community
  • 1
  • 1
Tamil
  • 1,193
  • 9
  • 24