selecting correct value when checkbox is checked

Question

I have a list of dates that is generated from and SQL table:

<form action="deleteMilestone.php" method="GET">
        <label class="boldLabel">Project Milestone Dates:</label><br><br>
        <div class="dateContainerLeft">
            <?php
            $result2 = $conn->prepare("SELECT mDate FROM datetable WHERE pId 
                     = '$pId' AND mDate <> '0000-00-00'");
            $result2->execute();
            $rows2 = $result2->fetchAll(PDO::FETCH_ASSOC);
            foreach ($rows2 as $row2) {
                $mDate = $row2['mDate'];
                ?>
                <input type="hidden" name="mDate" value="<?php echo $mDate; 
               ?>">
                <input type="checkbox" name="mDate"><?php echo $mDate; ?>
                <br>
                <input type="hidden" name="pId" value="<?php echo $pId; ?>">
            <?php } ?>
            <br><br>
            <button class="buttonMilestone" type="submit" name="milestone" 
                    value="delete">Delete Milestone Date</button>
        </div>
    </form>

I am trying to delete a specific date when it is checked, the issue I am having is that no matter which date is selected the value that gets passed to the DELETE SQL is always the last date displayed. So if there is a list of 10 dates and I select date[5] when the DELETE SQL runs it deletes date[10] it should delete date[5].

Here is the DELETE SQL(updated to prevent SQL Injection):

if(isset($_GET['mDate'])) {
$sql = "DELETE FROM datetable 
    WHERE pId = :pId AND mDate = :mDate";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':pId', $pId);
$stmt->bindParam(':mDate', $mDate);
$stmt->execute();
}

if it has a checked value doesn't that just show up as a selected checkbox on the page — HippyDippy, Jan 12 '18 at 17:03
You should use HTML array in checkbox names like `name="mDate[]"` — Murtaza Bhurgri, Jan 12 '18 at 17:10
Seems like the form is going to contain multiple elements with the name `mDate` and `pId` (because of the loop, for each row returned by the query.) And in the case of `mDate`, there is a "hidden" and a "checkbox" for each row. Also https://www.owasp.org/index.php/SQL_Injection — spencer7593, Jan 12 '18 at 17:11

score 0 · Answer 1 · answered Jan 12 '18 at 17:11

0

mdate needs to be an array, at the moment you are only passing one value (the last one).

<input type="checkbox" name="mDate[]">

Then you query needs to be rewritten with a IN instead of a simple equals.

Also please read about SQL injection.

answered Jan 12 '18 at 17:11

rlanvin

6,057
2
18
24

that deleted the final value in the array so date[10] was deleted instead of date[5] – HippyDippy Jan 12 '18 at 17:14

gatas · Answer 2 · 2018-01-12T23:07:07.967

0

I don't understand why the hidden input with the value of mDate exists, since checkbox elements can get a value attribute.

<input type="checkbox" name="mDate[]" value="<?php echo $mDate; ?>">

which will not be shown and will be accessed as a string with $_GET['mDate'][0]. Also if pId values are different and there is no way for the user to select one of them the first value will always be returned. So an approach would be:

<input type="checkbox" name="mDate[]" value="<?php echo $pId.':'.$mDate; ?>">

and access it

$data = explode(':', $_GET['mDate'][0]);
$pId = $data[0];
$mDate = $data[1];

If I missunderstood something please correct me.

Good Luck.

edited Jan 12 '18 at 23:07

answered Jan 12 '18 at 20:12

gatas

51
3

I thought I needed the hidden value to carry the data from one page to another – HippyDippy Jan 14 '18 at 17:09
No you don't, there are detailed guides about these things, http://form.guide/php-form/php-form-checkbox.html – gatas Jan 14 '18 at 19:19

selecting correct value when checkbox is checked

2 Answers2