[RESOLVED] get variable from checkbox

yanks6rule

I am having this frustrating problem and everytime I get closer to fixing it, I some how end up farther away.

The problem is this, I am displaying a table dynamically from a MySQL database and the first column is a checkbox. With the code below

$i = 0;
while (($i < $num) && ($row = mysql_fetch_array($guest_res))) {

$guest_table .= '
<tr>
<td width=5%><input type="checkbox" name="'. $row['gid']  .'" value="1" /></td>
<td><div align="center"><span class="black_text">' . $row['glastname'] . '</span></div></td>
<td><div align="center"><span class="black_text">' . $row['gfirstname'] . '</span></div></td>
<td><div align="center"><span class="black_text">' . $row['mi'] . '</span></div></td> 
<td><div align="center"><span class="black_text">' . $row['relation'] . '</span></div></td> 
</tr>';

$i++;
}

I have also tried the idea of putting the gid variable inside of a name like remove[]. I want to be able to isolate the gid value and place it an array variable. The reason for this is I want the member to be able to check guests and remove them and if the gid from the checkbox matches a gid that is displayed and the checkbox is marked that guest will be deleted. I have tried to place the gid value in a array using array($row['gid']) and a while loop but it only puts the last entry in. Any help would be great.

Thanks

devinemke

while ($row = mysql_fetch_assoc($guest_res))
{
	$guest_table .= '
	<tr> 
	<td width="5%"><input type="checkbox" name="delete[]" value="' . $row['gid'] . '" /></td> 
	<td><div align="center"><span class="black_text">' . $row['glastname'] . '</span></div></td> 
	<td><div align="center"><span class="black_text">' . $row['gfirstname'] . '</span></div></td> 
	<td><div align="center"><span class="black_text">' . $row['mi'] . '</span></div></td> 
	<td><div align="center"><span class="black_text">' . $row['relation'] . '</span></div></td> 
	</tr>
	';
}

when the form is submitted you will have an array called $_POST['delete'] containing all of the rows checked. you can then simply feed that to a DELETE query. be advised that this script without any form validation would allow anyone accessing it to delete any record they want (not just the checked rows). perhaps that is not a concern (depending on who you are allowing to access this script).

yanks6rule

This script is embedded in a page that is restricted to a member. I am using sessions so that a member has to be logged on to update his/her information. What type of form validation can I use here? I would think that I can just check to see if a box is checked then proceed if not then just state that no box was check so no guest is removed.

Maybe I am not seeing the big security issue and if not I am sorry I am new to using sessions and making sure that all the holes are plugged so to speak.

Thanks

devinemke

yanks6rule wrote:
Maybe I am not seeing the big security issue and if not I am sorry I am new to using sessions and making sure that all the holes are plugged so to speak.

let's say i am logged into your site and you only want me to be able to delete rows 1-5. your code will display a form to me that looks like this...

<form action="http://www.yanks6rule.com/form.php" method="post">
<input type="checkbox" name="delete[]" value="1"> row #1<br>
<input type="checkbox" name="delete[]" value="2"> row #2<br>
<input type="checkbox" name="delete[]" value="3"> row #3<br>
<input type="checkbox" name="delete[]" value="4"> row #4<br>
<input type="checkbox" name="delete[]" value="5"> row #5<br>
<input type="submit" name="submit" value="delete">
</form>

there is nothing to prevent me from altering the HTML source to this...

<form action="http://www.yanks6rule.com/form.php" method="post">
<input type="checkbox" name="delete[]" value="6"> row #6<br>
<input type="checkbox" name="delete[]" value="7"> row #7<br>
<input type="checkbox" name="delete[]" value="8"> row #8<br>
<input type="checkbox" name="delete[]" value="9"> row #9<br>
<input type="checkbox" name="delete[]" value="10"> row #10<br>
<input type="submit" name="submit" value="delete">
</form>

...then submitting the form to http://www.yanks6rule.com/form.php which will proceed to delete rows 6-10. in the form processing script you need to make sure that regardless of what is submitted you are only deleting records that the user is allowed to delete. again, if all users that you plan to authenticate can delete any row they want anyway then this is not much of a concern.

yanks6rule

I think I am able to prevent what you say from happening because in my delete call I can add the statement WHERE memberID=$_SESSION['memberID'], this way the member can only delete rows that he had put into the table.

I hope that makes sense.

Thanks for the help I am going to give this a try now

yanks6rule

This worked except for one small problem, it never gets out of a loop and I don't understand why. If I go to my MySQL database the person I checked was in fact deleted except it came going through a loop. I am including my code and I will explain the main parts.

else if ($_POST['rm'] == "gst") {
	//Delete any checked rows
	foreach($_POST['delete'] as $key=>$gid)
	{
	   include "mysql_connect_snacks.php";
	   mysql_select_db("chemdata");
	   $sql = "DELETE FROM guest WHERE gid='$gid'";
	   $result = mysql_query($sql) or die(mysql_error());
	}
		if ($result) {
		echo "Guest has been removed";
                /*I put this here to reload the page, I would also include a refresh using a function and an HTML refresh, but I have not added it yet.
		include "guest_reg.php";
		} else {
		echo "There was a problem removing guest";
		}

I am probably missing something trivial, but why is that when I run this script it just keeps on running until it runs out of allocated memory?

Thanks

devinemke

you do not need the loop at all

include('mysql_connect_snacks.php');
mysql_select_db('chemdata') or exit(mysql_error());
$result = mysql_query('DELETE FROM guest WHERE gid IN(' . implode(',', $_POST['delete']) . ')') or die(mysql_error());

yanks6rule

Devine...thank you for all of your help, this is working and I can now start using it. I learned a lot from this and even some new functions like implode.

Thanks again

Yanks