0

I'd like to have an update page where prices of shirts can be updated by admin, by filling in the new price and selecting which shirt's prices will change. However, it doesn't work if I select more than one checkbox.

This is my form:

        <form action="" method="post">
            <label for= "priceedit">change price:</label>
            <input type= "number" name="priceedit"><br>
            <input type= "checkbox" name="shirtsort" value="010">
                    <label for="shirtsort">Casual v neck cropped Shirt</label><br>
            <input type= "checkbox" name="shirtsort" value="020">
                    <label for="shirtsort">Tie Dye Letter Graphic Tee</label><br>
            <input type= "checkbox" name="shirtsort" value="030">
                    <label for="shirtsort">Casual Text Slogan Shirt</label><br>
            <input type= "checkbox" name="shirtsort" value="040">
                    <label for="shirtsort">Neck Frill Trim Ruched Top</label><br>
            <input type= "submit" name="verwerkupdate" value="Updaten"> <br>
        </form>
    </body>

This is my PHP code.

<?php 
if (ISSET($_POST['verwerkupdate'])){
if(!empty($_POST['shirtsort'])) {
foreach ($_POST['shirtsort'] as $idedit) ;
}
$priceedit = ($_POST['priceedit']);
echo "<br>".$priceedit."<br>";
echo "".$idedit."";
    
try {
$db=new PDO("");
$query = $db->prepare("UPDATE kleur SET price= $priceedit WHERE id LIKE '$idedit%'");
if($query->execute()){
echo "Data updated.";
}else{ 
    echo "Error";
}
}catch (PDOException $e) {
die("Error!: " . $e->getMessage());
}

}
?>

Shirts of the same model but different colors have different IDs, which is why I want the query to select shirts that are LIKE "01%", etc. I hope this isn' t the cause of the problem.

caroll ann c
  • 3
  • 2
  • 1
    In your HTML you need to define the name attribute as an array, by putting [] after the name. As in: name="shirtsort[]" – CharlesEF Jun 01 '21 at 23:13
  • I added the [] after the name, but it sadly didn't work – caroll ann c Jun 01 '21 at 23:16
  • Your PHP code is written to handle an array. Adding [] should work. Ah, maybe there are other problems. Have you checked the PHP error log? Do you get any errors at all? I've never seen a PDO connection without the connection string. I mean, '$db=new PDO("");'. Inside the double quotes there should be information about sql server location, user name, password, database and maybe port. – CharlesEF Jun 01 '21 at 23:24
  • One more thing, the label attribute 'for' should point to the element 'id', not to the 'name'. Also, the [] must be placed after every element with that name. – CharlesEF Jun 01 '21 at 23:27
  • (Possible) side note: Do not use string interpolation or concatenation to get values into SQL queries. That's error prone and might make your program vulnerable to SQL injection attacks. Use parameterized queries. See ["How to include a PHP variable inside a MySQL statement"](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) and ["How can I prevent SQL injection in PHP?"](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – sticky bit Jun 01 '21 at 23:27
  • ah yes, the connection string is there, I just didn't include it on my example here. When I execute the query it updates all of the shirts' prices, not only the shirts I checked. Everything but echo "
    ". $priceedit. "
    "; works.     – caroll ann c Jun 02 '21 at 00:11
  • @carollannc, I don't use LIKE very much but I think it should be: '%$idedit%'. – CharlesEF Jun 02 '21 at 02:42
  • @carollannc, I just noticed that your input element for 'priceedit' has no value attribute. Maybe that's why 'echo "
    ". $priceedit. "
    "' doesn't work. It shouldn't matter but you never know.     – CharlesEF Jun 02 '21 at 04:01

1 Answers1

0

I wrote a short example based on your HTML and PHP code. It works fine for me. Remember, the array returns only the checked checkboxes, not the unchecked.

<?php
if (ISSET($_POST['verwerkupdate']))
{
 if(!empty($_POST['shirtsort']))
 {
  foreach ($_POST['shirtsort'] as $idedit)
  {
   echo("$idedit<br>" . PHP_EOL);
  }
 }
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Untitled</title>
</head>
<body>
<form action="" method="post">
 <label for= "priceedit">change price:</label>
 <input type= "number" name="priceedit"><br>
 <input type= "checkbox" name="shirtsort[]" value="010">
 <label for="shirtsort">Casual v neck cropped Shirt</label><br>
 <input type= "checkbox" name="shirtsort[]" value="020">
 <label for="shirtsort">Tie Dye Letter Graphic Tee</label><br>
 <input type= "checkbox" name="shirtsort[]" value="030">
 <label for="shirtsort">Casual Text Slogan Shirt</label><br>
 <input type= "checkbox" name="shirtsort[]" value="040">
 <label for="shirtsort">Neck Frill Trim Ruched Top</label><br>
 <input type= "submit" name="verwerkupdate" value="Updaten"> <br>
</form>
</body>
</html>
CharlesEF
  • 608
  • 1
  • 15
  • 25