Post New Checkbox values to db after edited
Results 1 to 4 of 4

Thread: Post New Checkbox values to db after edited

  1. #1
    Junior Member
    Join Date
    May 2017
    Posts
    2

    Post New Checkbox values to db after edited

    I have a edit form that has some checkboxes on it and I am having trouble getting the new checkbox values posted back to the db after it has been changed. So far the form will load in the current values in the db but after you click different check boxes it wont update the change in the db. Any help would be appreciated.


    Code:
    <?php
    
    /*
    
    EDIT.PHP
    
    Allows user to edit specific entry in database
    
    */
    
    
    
    // creates the edit record form
    
    // since this form is used multiple times in this file, I have made it a function that is easily reusable
    
    function renderForm($id, $firstname, $contactname, $phone, $type, $sex, $markers, $error)
    
    {
    
    ?>
    
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    
    <html>
    
    <head>
    
    <title>Edit Record</title>
    
    </head>
    
    <body>
    
    <?php
    
    // if there are any errors, display them
    
    if ($error != '')
    
    {
    
    echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
    
    }
    
    ?>
    
    
    
    <form action="" method="post">
    
    <input type="hidden" name="id" value="<?php echo $id; ?>"/>
    
    <div>
    
    <p><strong>ID:</strong> <?php echo $id; ?></p>
    
    <strong>First Name: *</strong> <input type="text" name="firstname" value="<?php echo $firstname; ?>"/><br/>
    
    <strong>Contact Name: *</strong> <input type="text" name="contactname" value="<?php echo $contactname; ?>"/><br/>
    
    <strong>Phone Number: *</strong> <input type="text" name="phone" value="<?php echo $phone; ?>"/><br/>
    
    <strong>Type: *</strong> 
    <select name="type">
      <option value="">Select...</option>
      <option value="Inpatient Hospital" <?php if($type=="Inpatient Hospital")echo "selected=\"selected\""; ?>>Inpatient Hospital</option>
      <option value="Residential Facility"<?php if($type=="Residential Facility")echo "selected=\"selected\""; ?>>Residential Facility</option>
      <option value="Behavioral Treatment Facility"<?php if($type=="Behavioral Treatment Facility")echo "selected=\"selected\""; ?>>Behavioral Treatment Facility</option>
      <option value="Therapeutic Group Home"<?php if($type=="Therapeutic Group Home")echo "selected=\"selected\""; ?>>Therapeutic Group Home</option>
      <option value="Drug or Addictions Rehab"<?php if($type=="Drug or Addictions Rehab")echo "selected=\"selected\""; ?>>Drug or Addictions Rehab</option>
    </select><br/>
    
    <input type="radio" name="sex" value="Male" <?php echo ($sex=="Male")?'checked="checked"':'' ?>size="17">Male
    <input type="radio" name="sex" value="Female" <?php echo ($sex=="Female")?'checked="checked"':'' ?> size="17">Female
    <input type="radio" name="sex" value="Both" <?php echo ($sex=="Both")?'checked="checked"':'' ?> size="17">Both<br/>
    
    <strong>Markers: *</strong> <input type="text" name="markers" value="<?php echo $markers; ?>"/><br/>
    
    
    <?php
    // Create connection
    $con=mysqli_connect("localhost","un","pw","childcare");
    
    // Check connection
    if (mysqli_connect_errno($con))
      {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      }
    $result = mysqli_query($con,"SELECT FMarkers FROM faci WHERE ID='$id'"); 
    while($row = mysqli_fetch_array($result))
      {
        $focus=explode(",",$row['FMarkers']);
    
    ?>
    Autism<input type="checkbox" name="tmarkers[]" value="Autism" <?php if(in_array("Autism",$focus)) { ?> checked="checked" <?php } ?> >
    Attachement Disorder<input type="checkbox" name="tmarkers[]" value="Attachement Disorder" <?php if(in_array("Attachement Disorder",$focus)) { ?> checked="checked" <?php } ?> >
    Dissociative Disorder<input type="checkbox" name="tmarkers[]" value="Dissociative Disorder" <?php if(in_array("Dissociative Disorder",$focus)) { ?> checked="checked" <?php } ?> >
    ODD<input type="checkbox" name="tmarkers[]" value="ODD" <?php if(in_array("ODD",$focus)) { ?> checked="checked" <?php } ?> >
    ADHD<input type="checkbox" name="tmarkers[]" value="ADHD" <?php if(in_array("ADHD",$focus)) { ?> checked="checked" <?php } ?> >
    
    
    
    <?php
    $markers = implode(',', $_POST['tmarkers']);
    
    
    ?>
    
    
    <?php
    
    }
    ?>
    
    
    
    
    <p>* Required</p>
    
    <input type="submit" name="submit" value="Submit">
    
    </div>
    
    </form>
    
    </body>
    
    </html>
    
    <?php
    
    }
    
    
    
    
    
    
    
    // connect to the database
    
    include('connect-db.php');
    
    
    
    // check if the form has been submitted. If it has, process the form and save it to the database
    
    if (isset($_POST['submit']))
    
    {
    
    // confirm that the 'id' value is a valid integer before getting the form data
    
    if (is_numeric($_POST['id']))
    
    {
    
    // get form data, making sure it is valid
    
    $id = $_POST['id'];
    
    $firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
    
    $contactname = mysql_real_escape_string(htmlspecialchars($_POST['contactname']));
    
    $phone = mysql_real_escape_string(htmlspecialchars($_POST['phone']));
    
    $type = mysql_real_escape_string(htmlspecialchars($_POST['type']));
    
    $sex = mysql_real_escape_string(htmlspecialchars($_POST['sex']));
    
    $markers = mysql_real_escape_string(htmlspecialchars($_POST['tmarkers']));
    
    // check that firstname/lastname fields are both filled in
    
    if ($firstname == '' || $contactname == '')
    
    {
    
    // generate error message
    
    $error = 'ERROR: Please fill in all required fields!';
    
    
    
    //error, display form
    
    renderForm($id, $firstname, $contactname, $phone, $type, $sex, $markers, $error);
    
    }
    
    else
    
    {
    
    // save the data to the database
    
    mysql_query("UPDATE faci SET FName='$firstname', FContact='$contactname', FPhone='$phone', FType='$type', FSex='$sex', FMarkers='$markers' WHERE ID='$id'")
    
    or die(mysql_error());
    
    
    
    // once saved, redirect back to the view page
    
    header("Location: facility-view.php");
    
    }
    
    }
    
    else
    
    {
    
    // if the 'id' isn't valid, display an error
    
    echo 'Error!';
    
    }
    
    }
    
    else
    
    // if the form hasn't been submitted, get the data from the db and display the form
    
    {
    
    
    
    // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
    
    if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
    
    {
    
    // query db
    
    $id = $_GET['id'];
    
    $result = mysql_query("SELECT * FROM faci WHERE ID=$id")
    
    or die(mysql_error());
    
    $row = mysql_fetch_array($result);
    
    
    
    // check that the 'id' matches up with a row in the databse
    
    if($row)
    
    {
    
    
    
    // get data from db
    
    $firstname = $row['FName'];
    
    $contactname = $row['FContact'];
    
    $phone = $row['FPhone'];
    
    $type = $row['FType'];
    
    $sex = $row['FSex'];
    
    $markers = $row['FMarkers'];
    
    
    
    // show form
    
    renderForm($id, $firstname, $contactname, $phone, $type, $sex, $markers, '');
    
    }
    
    else
    
    // if no match, display result
    
    {
    
    echo "No results!";
    
    }
    
    }
    
    else
    
    // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
    
    {
    
    echo 'Error!';
    
    }
    
    }
    
    ?>

  2. #2
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Contact Unit "Coping Mechanism"
    Posts
    22,433
    You don't do anything to turn the $_POST['tmarkers'] array into a comma-separated string before escaping it for the database.

    You don't escape $id at all.

    You're also using the MySQL extension.

    You shouldn't be using htmlspecialchars on data going into the database - the database is not a web page; you should be using it on stuff that's coming out of the database to go into a web page.

    I think MySQL has a bitfield type even if it doesn't have a boolean type.
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

  3. #3
    Junior Member
    Join Date
    May 2017
    Posts
    2
    Ok, thats a little over my head, what do I need to do to fix the problem>

  4. #4
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Contact Unit "Coping Mechanism"
    Posts
    22,433
    You use explode to turn the content of the FMarkers field in the database from a string into an array so that you can populate a list of checkboxes, but you're not using implode to turn the list of submitted checkbox values from an array back into a string suitable for storing in the database.
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •