Checkbox mass update?

oMIKEo · 03-11-2008, 10:01 AM

Hi,

I've built an approval process for submitted messages with an approve or delete button next to each message. This links through to either:

url.php?approve=$id
url.php?delete=$id

But i want to change them from links to checkboxes so that i can update multiple records at once.

How would i go about this?

Thanks,
Mike

ReSpawN · 03-11-2008, 03:23 PM

Make your form dynamically and run through it with a forloop. Like;

Code:

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<input type="checkbox" name="checkbox[]" value="id[]">
</form>

As you can see, both the value and the checkbox has a double bracket, which tells PHP that it's an array (same as the $_POST global).

So, if you want to mass update it, simply put in a forloop;

PHP Code:


			
for ($i = 0; $i < count($_POST['checkbox']); $i++) {
mysql_query('UPDATE myTable SET myRow = "'.$_POST['checkbox'][$i].'" WHERE id = "'.$_POST['id'][$i].'" LIMIT 1');
}

I hope this helps, I haven't tried it but it should work.

TlcAndres · 03-11-2008, 07:33 PM

Maybe it's just paranoia but I would clean the input first..

Gareth · 03-11-2008, 07:52 PM

Quote:

Originally Posted by TlcAndres

Maybe it's just paranoia but I would clean the input first..

No it isn't just paranoia. Sanitisation is a must if you are to defy silly little kiddy hackers who think they are cool by trying to SQL Inject you :)

oMIKEo · 03-11-2008, 08:13 PM

Thanks for the advice guys, will make sure put a stop to that sql injection and will let you know if i have any problems with the rest of the script :)

oMIKEo · 03-12-2008, 09:27 AM

ok i'm running into a little problem...

I have set all of the check boxes to:

PHP Code:


			
<input type="checkbox" name="checkbox[]" value="id[]" />

and have this code:

PHP Code:


			
for ($i = 0; $i < count($_POST['checkbox']); $i++) {            

 //echo "myAction: $myAction<br />i: $i<br />";

 mysql_query('UPDATE orders SET '.$myAction.' = "Y" WHERE id = "'.$_POST['id'][$i].'" LIMIT 1');

}

in that loop it's saying where id = i but i need i to be the id number of that record but it hasnt been set anywhere, should i do:

PHP Code:


			
<input type="checkbox" name="checkbox[]" value="id[<?php echo $id; ?>]" />

or something like that?

Thanks

DeMo · 03-12-2008, 09:49 AM

The value property of each checkbox should be set to the actual id of each item, and not to an array (id[]).

HTML Code:

<input type="checkbox" name="checkbox[]" value="<?= $id ?>" />

That $id will probably come from your database as you build the list of items.

To process the form data you use $_POST['checkbox'][$i]:

PHP Code:


			
for ($i = 0; $i < count($_POST['checkbox']); ++$i) {

  echo "item id: " . $_POST['checkbox'][$i];

}

I tested it here, this is the right way to do it.

oMIKEo · 03-12-2008, 10:08 AM

Perfect, got that working great now.

Thanks guys! :)

ReSpawN · 03-12-2008, 02:39 PM

Quote:

Originally Posted by Gareth

No it isn't just paranoia. Sanitisation is a must if you are to defy silly little kiddy hackers who think they are cool by trying to SQL Inject you :)

Seriously, I am not dumb or something? Why should I write a complete, complex system to filter out his input as well, if he asked for an example on a whole different subject.

So yes, paranoia.

Hopefully it'll work out oMIKEo!

/edit
I just noticed in your mysql_query() that you set the value with "Y" and perhaps "N". I advise you to set the field to int(1) and put a 0 for no, and a 1 for yes. That way, the system would be more secure and you wouldn't have to mess with upper or lower case characters.

Salathe · 03-12-2008, 03:22 PM

Quote:

Originally Posted by ReSpawN

I advise you to set the field to int(1) and put a 0 for no, and a 1 for yes. That way, the system would be more secure and you wouldn't have to mess with upper or lower case characters.

There is a BOOLEAN / BOOL data type which you can use, where zero is false and non-zero is true. Storing true/false values within an INT column is a complete waste of space since that type uses four bytes. BOOL (or even TINYINT) only requires one byte. Specifying INT(1) does not restrict the range of allowed values to one byte in length (0-255 unsigned).