TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   Checkbox mass update? (http://www.talkphp.com/absolute-beginners/2456-checkbox-mass-update.html)

oMIKEo 03-11-2008 10:01 AM
Checkbox mass update?
 
Hi,

I've built an approval process for submitted messages with an approve or delete button next to each message. This links through to either:

url.php?approve=$id
url.php?delete=$id

But i want to change them from links to checkboxes so that i can update multiple records at once.

How would i go about this?

Thanks,
Mike

ReSpawN 03-11-2008 03:23 PM
Make your form dynamically and run through it with a forloop. Like;

Code:
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<input type="checkbox" name="checkbox[]" value="id[]">
</form>
As you can see, both the value and the checkbox has a double bracket, which tells PHP that it's an array (same as the $_POST global).

So, if you want to mass update it, simply put in a forloop;
PHP Code:
for ($i 0$i count($_POST['checkbox']); $i++) {
mysql_query('UPDATE myTable SET myRow = "'.$_POST['checkbox'][$i].'" WHERE id = "'.$_POST['id'][$i].'" LIMIT 1');
I hope this helps, I haven't tried it but it should work.

TlcAndres 03-11-2008 07:33 PM
Maybe it's just paranoia but I would clean the input first..

Gareth 03-11-2008 07:52 PM
Quote:
Originally Posted by TlcAndres (Post 12269)
Maybe it's just paranoia but I would clean the input first..
No it isn't just paranoia. Sanitisation is a must if you are to defy silly little kiddy hackers who think they are cool by trying to SQL Inject you :)

oMIKEo 03-11-2008 08:13 PM
Thanks for the advice guys, will make sure put a stop to that sql injection and will let you know if i have any problems with the rest of the script :)

oMIKEo 03-12-2008 09:27 AM
ok i'm running into a little problem...

I have set all of the check boxes to:
PHP Code:
<input type="checkbox" name="checkbox[]" value="id[]" /> 
and have this code:
PHP Code:
for ($i 0$i count($_POST['checkbox']); $i++) {            
 //echo "myAction: $myAction<br />i: $i<br />";
 mysql_query('UPDATE orders SET '.$myAction.' = "Y" WHERE id = "'.$_POST['id'][$i].'" LIMIT 1');

in that loop it's saying where id = i but i need i to be the id number of that record but it hasnt been set anywhere, should i do:
PHP Code:
<input type="checkbox" name="checkbox[]" value="id[<?php echo $id?>]" />
or something like that?

Thanks

DeMo 03-12-2008 09:49 AM
The value property of each checkbox should be set to the actual id of each item, and not to an array (id[]).

HTML Code:
<input type="checkbox" name="checkbox[]" value="<?= $id ?>" />
That $id will probably come from your database as you build the list of items.


To process the form data you use $_POST['checkbox'][$i]:
PHP Code:
for ($i 0$i count($_POST['checkbox']); ++$i) {
  echo "item id: " $_POST['checkbox'][$i];

I tested it here, this is the right way to do it. ;-)

oMIKEo 03-12-2008 10:08 AM
Perfect, got that working great now.

Thanks guys! :)

ReSpawN 03-12-2008 02:39 PM
Quote:
Originally Posted by Gareth (Post 12275)
No it isn't just paranoia. Sanitisation is a must if you are to defy silly little kiddy hackers who think they are cool by trying to SQL Inject you :)
Seriously, I am not dumb or something? Why should I write a complete, complex system to filter out his input as well, if he asked for an example on a whole different subject.

So yes, paranoia.

Hopefully it'll work out oMIKEo!

/edit
I just noticed in your mysql_query() that you set the value with "Y" and perhaps "N". I advise you to set the field to int(1) and put a 0 for no, and a 1 for yes. That way, the system would be more secure and you wouldn't have to mess with upper or lower case characters.

Salathe 03-12-2008 03:22 PM
Quote:
Originally Posted by ReSpawN (Post 12318)
I advise you to set the field to int(1) and put a 0 for no, and a 1 for yes. That way, the system would be more secure and you wouldn't have to mess with upper or lower case characters.
There is a BOOLEAN / BOOL data type which you can use, where zero is false and non-zero is true. Storing true/false values within an INT column is a complete waste of space since that type uses four bytes. BOOL (or even TINYINT) only requires one byte. Specifying INT(1) does not restrict the range of allowed values to one byte in length (0-255 unsigned).


All times are GMT. The time now is 04:20 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0