0

so the problem is, I have a HTML form with checkboxes as an input-option. I want to save all the selected options as a string(!) in one variable.

I'm pretty sure the solution is a foreach-loop, but mine doesn't work. It only returns the last selected value.

How can I fix this?

HTML 

<form action="" method="post">
<label>category:<br/>
     one <input type="checkbox" name ="ber[]" value="one"><br/>
     two <input type="checkbox" name ="ber[]" value="two"><br/>
     thr <input type="checkbox" name ="ber[]" value="three"><br/>
     fou <input type="checkbox" name ="ber[]" value="four"><br/>
</form>

PHP

foreach ($_POST['ber'] as $value) {
$ber = "$value. ', '"
}
Nat_
  • 141
  • 8
  • 2
    `$_POST['category']` should be `$_POST['ber']` no? – treyBake Jul 11 '18 at 14:35
  • The name will be `$_POST['ber']` not `$_POST['category']` and you are overwriting the $ber variable each time round the loop – RiggsFolly Jul 11 '18 at 14:35
  • 2
    Judging by this `$ber = "$value. ', '"` ... it looks like its about to be stuffed into a mysql query :( – IncredibleHat Jul 11 '18 at 14:37
  • @IncredibleHat that is right. you don't seem very happy about that. could you explain why? I would really appreciate to learn more about it. since I'm quite unexperienced :) – Nat_ Jul 11 '18 at 14:40
  • 4
    @Nat_ CSVs should not be stored in a column. 1 value per column. You also should not pass user input to a SQL query. Queries should be parameterized. Take a look at https://stackoverflow.com/questions/3653462/is-storing-a-delimited-list-in-a-database-column-really-that-bad and https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – user3783243 Jul 11 '18 at 14:41
  • What @user3783243 said ;) – IncredibleHat Jul 11 '18 at 14:41
  • yes, I see. But let's pretend there was only one value to be added via user-input; wouldn't it help to treat the input with htmlspecialchars() or so? – Nat_ Jul 11 '18 at 14:45
  • 3
    No, `htmlspecialchars` is for outputting to a browser, not for SQL. (It also does nothing to single quotes by default) Also injections can be done a number of ways. It is best to parameterize and let the driver escape everything than guessing how an injection might look. – user3783243 Jul 11 '18 at 14:48

4 Answers4

7

This is called "implode an array":

$ber = implode(',', $_POST['ber']);
echo $ber;
// or simply
echo implode(',', $_POST['ber']);
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
u_mulder
  • 54,101
  • 5
  • 48
  • 64
2

You need to concatenate.

$ber = ''
foreach ($_POST['ber'] as $value) {
    $ber .= "$value. ', '"
}

With your current approach $ber = overwrites the previous value.

A better solution though is implode.

user3783243
  • 5,368
  • 5
  • 22
  • 41
2

You will get the selected checkboxes value in POST array

<?php $_POST['ber']; ?>

Now If you want to assign this array to variable with comma separated

<?php $beer_value = implode(",", $_POST['ber']); ?>
D P
  • 328
  • 1
  • 8
1

Just change your foreach loop with below foreach loop. You are getting ber in POST not category. So you need to change $_POST['ber'] from $_POST['category'].

$ber = '';
foreach ($_POST['ber'] as $value) {
    $ber .= "$value. ', '"
}
Bhavin
  • 2,070
  • 6
  • 35
  • 54