Using Checkboxes to display relevent rows

Bifter

Basicly after searching a database of products sold this is returned within index.php with checkboxs next to each row returned, if the checkbox is ticked I would like that row sent to email-details.php where they will be emailed, the email part is not an issue, but for now I would like them to be displayed in a table in the browser.

The code im currently is as follows:
index.php

<?php
while ($row = mysql_fetch_assoc($resultp)) {
  echo "<tr>";
  $id = $row['ID'];
  echo "<td>" . "<div align=\"center\">". "<input name=\"checked[$id]\" type=\"checkbox\" value=\"yes\"></div></td>";
  echo "<input type=\"hidden\" name=\"rawID\" value = \"".$row['ID']."\">";
  echo "<td>" . "<div align=\"center\">". $row['date'] . "</div><input type=\"hidden\" name=\"date\" id=\"date\" value=\"" . $row['date'] . "\"></td>";
  echo "<td>" . "<div align=\"center\">". $row['company'] . "</div><input type=\"hidden\" name=\"company\" id=\"company\" value=\"" . $row['company'] . "\"></td>";
  echo "<td>" . "<div align=\"center\">". $row['product'] . "</div><input type=\"hidden\" name=\"product\" id=\"product\" value=\"" . $row['product'] . "\"></td>";
  echo "<td>" . "<div align=\"center\">". $row['serial'] . "</div><input type=\"hidden\" name=\"serial\" id=\"serial\" value=\"" . $row['serial'] . "\"></td>";
  echo "<td>" . "<div align=\"center\">". $row['mac'] . "</div><input type=\"hidden\" name=\"mac\" id=\"mac\" value=\"" . $row['mac'] . "\"></td>";
  echo "<td>" . "<div align=\"center\">" . "<a href='edit-details.php?cmd=edit&id=$id'>edit</a>" . "&nbsp; | &nbsp;" . "<a href='' onclick='disp_confirm()';'>Delete</a>" . "</td>";
  echo "</tr>";
}
mysql_free_result($resultp);
<?

email-details.php

<?php
echo "<table width=\"97%\" border=\"0\" align=\"center\">";
echo "<thead>
  <tr>
    <th scope=\"col\">Date</th>
    <th scope=\"col\">Product</th>
    <th scope=\"col\">Serial</th>
    <th scope=\"col\">MAC Address</th>
  </tr>
  </thead>";
$id = $_GET['rawID'];
$size = count($_GET['checked'][$id]=='yes');
echo $size;
$ia = 0;
while ($ia < $size) {
$id = $_GET['rawID'];
if (($_GET['checked'][$id]=='yes')){
$query = "SELECT * FROM details WHERE id='$id'";
$result = mysql_query($query) or die(mysql_error());
while($data = mysql_fetch_array($result)){
echo "<td><div align=\"center\">";
echo "" .$data['date'];
echo "</div></td>";
echo "<td><div align=\"center\">";
echo "" .$data['product'];
echo "</div></td>";
echo "<td><div align=\"center\">";
echo "" .$data['serial'];
echo "</div></td>";
echo "<td><div align=\"center\">";
echo "" .$data['mac'];
echo "</div></td>";
}
}
++$ia;
}

?>
</tr></table>
<?

The problem is only the last row is returned, no matter how many checkboxes are ticked.

I hope i have explained it ok - fingers crossed!

etully

I would start by changing your checkbox input from this:

Now, in email-details.php, you can loop through all the checkbox values like this:

foreach ($_REQUEST['checked'] as $v) {
print "Checkbox $v was checked";  

}

In my sample, you can replace the print statement with whatever code you have for emailing that particular row. You can send out one email per checked box by putting an email statement where the print statement is. Or you can send out just one email (with all the rows in it) by using the loop to build a string like this:

foreach ($_REQUEST['checked'] as $v) {
// check mysql for the data for id# $v
$email_string .= "Data for row $v: " . $date . $product . $serial . $mac . "\n";
}

// send $email_string to recipient

Also, I notice that in your technique, you are passing all the data via hidden fields. If the data is very large or there are a very large number of checkboxes that are checked, you run the risk of losing some of the data in the post from the first to the second page. You should only pass the id# in the checkbox. Then, in email-details.php, you can lookup the data again.

Also, there is a minor security risk here. A clever hacker can change the values of the hidden fields if she wants. You are trusting that the data that is passed from page 1 to page 2 has been unaltered and then you are performing some action on page 2. The right way to do this is to pass in the id#'s only (via the checkboxes) and then look up the data from the database on page 2. Not only do you prevent the risk of the data being too large... but you also increase the security. And the site runs faster and abuses your bandwidth less because you aren't sending data down to the user only to send it back up to the server.