0

I'm making a form where i have to insert in my dB several values from a checkbox btn group into different columns. I also have to insert two different values depending if the btn is checked or not. I made it work in the following way, but is there another way for this became more simple? It´s a lot of issets :).
Thanks for your time.

Best regards!
NM

<?php
if(isset($_POST["submit"])){

// Create connection
include ('connection.php');

if(isset($_POST['fixvalue']) && ($_POST['fixvalue'] == 0)) { 
    $fixvalue= "fixvalue";
} else { 
    $fixvalue= 0;
};

if(isset($_POST['frtvalue']) && ($_POST['frtvalue'] == 0)) { 
    $valueone= "valueone";
} else { 
    $valueone= 0;
};

if(isset($_POST['secvalue']) && ($_POST['secvalue'] == 0)) { 
    $valuetwo= "valuetwo";
} else { 
    $valuetwo= 0;
};  

if(isset($_POST['thevalue']) && ($_POST['thevalue'] == 0)) { 
    $valuethree= "valuethree";
} else { 
    $valuethree= 0;
};

if(isset($_POST['fovalue']) && ($_POST['fovalue'] == 0)) { 
    $valuefour= "valuefour";
} else { 
    $valuefour= 0;
};  

if(isset($_POST['fitvalue']) && ($_POST['fitvalue'] == 0)) { 
    $valuefive= "valuefive";
} else { 
    $valuefive= 0;
};

$sql = "INSERT INTO values(fixvalue,valueone,valuetwo,
                            valuethree,valuefour,valuefive)
                VALUES('".$fixvalue."','".$valueone."','".$valuetwo."',
                        '".$valuethree."','".$valuefour."','".$valuefive."')";

if ($con->query($sql) === TRUE) {

    echo'<button class="btn btn-success" style="left:400px;bottom:20px;width:200px;">Sucess</button>';
    echo "<script type= 'text/javascript'>alert('New record OK');</script>";
} else {
    echo "<script type= 'text/javascript'>alert('Error: " . $sql . "<br>"     $con->error."');</script>";
}

$con->close();
}
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Nuno Marques
  • 3
  • 1
  • You can use a loop. – Edward Mar 20 '18 at 00:13
  • _Small Note_ You dont need to add semi colon after the last `}` of an if like this `};` – RiggsFolly Mar 20 '18 at 00:16
  • 1
    Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Mar 20 '18 at 00:16
  • I already try a foreach but the values were always entered whether the button was selected or not. I'm kind of a newbie in this.... – Nuno Marques Mar 20 '18 at 00:19
  • @RiggsFolly yea i know... this is a kind of a first draft... but tks :) – Nuno Marques Mar 20 '18 at 00:24
  • You do realise that checkboxes are only sent from the browser to PHP if they are actually checked right. So all you need to do is test if they exist in $_POST and that means they have been checked – RiggsFolly Mar 20 '18 at 00:28
  • that`s ok.... but the if the ckbox are not ckded no data is sent to the dB... the field gets empty and i need it to be 1 or 0 for example.... Already try with a type hidden btn but no results achieved . – Nuno Marques Mar 20 '18 at 00:42

2 Answers2

1

Here's what I would do:

<form action="" method="post">
    <input type="checkbox" name="fixvalue"> Checkbox<br>
    <input type="checkbox" name="valueone"> Checkbox 1<br>
    <input type="checkbox" name="valuetwo"> Checkbox 2<br>
    <input type="checkbox" name="valuethree"> Checkbox 3<br>
    <input type="checkbox" name="valuefour"> Checkbox 4<br>
    <input type="checkbox" name="valuefive"> Checkbox 5<br>
    <input type="submit" name="submit">
</form>

<?php

$fields = [
    'fixvalue' => 0,
    'valueone' => 0,
    'valuetwo' => 0,
    'valuethree' => 0,
    'valuefour' => 0,
    'valuefive' => 0
];

if($_POST['submit']){
    foreach($_POST as $key => $value) {
        if($key !== 'submit') {
            $fields[$key] = $key;
        }
    }

    extract($fields);
    $sql = $db->prepare("INSERT INTO table_name (fixvalue, valueone, valuetwo, valuethree, valuefour, valuefive) VALUES(:fixvalue, :valueone, :valuetwo, :valuethree, :valuefour, :valuefive)");
    foreach ($fields as $key => $value) {
        $sql->bindValue(':'.$key, $$value);
    }
    $sql->execute();
}

?>
Edward
  • 2,291
  • 2
  • 19
  • 33
  • Well... tks @edward... but doesn't work here... keeps reporting Fatal error: Call to a member function bindValue() on boolean in.... . Already change to bind_param for mysqli and still nothing... – Nuno Marques Mar 20 '18 at 13:08
  • @NunoMarques Sorry, I had `echo` in there before.I removed it, please try again. – Edward Mar 20 '18 at 15:44
  • It´s working... still passing null values but that's fine :) tks a lot :) best regards – Nuno Marques Mar 20 '18 at 23:27
  • @NunoMarques No problem! Please +1 and accept the answer, thanks! – Edward Mar 20 '18 at 23:28
0
$checks = array(
    'fixvalue',
    'frtvalue',
    'secvalue',
    'thevalue',
    'fovalue',
    'fitvalue'
);
$data = array();
foreach( $checks as $value){
    $data[$value] = isset($_POST[$value]) && $_POST[$value] != '' ? $_POST[$value] : 0;
}

Than use $data['frtvalue'] etc in a prepared sql statement

Omar Tanti
  • 1,368
  • 1
  • 14
  • 29