Help with radio buttons and checkbox in form

ukphp

Hi,

I've created a PHP form which links to a MySQL database, however trouble is I've got all the fields validating and submitting except for the radio buttons and checkbox field. I have an idea where it is going wrong, but just dont know how to fix.

For the radio buttons, I need it to submit "Yes" or "No" to the database. Trouble is the validation (I think) needs to go in the "value" field which is also where I would have throught the yes and no would need to be. Any ideas how I should be coding it?

Futhermore, with the checkbox I need to see if it is checked and return "Agreed" to the database if checked. Both fields have validation on to make sure they have been selected.

All the code is below, radio buttons and checkbox are in the last few rows in the table.

<?php
require_once('db.php');
require_once('functions.php');
// date
$DATE = date(cleanInput("Y-m-d", $conn));

$errors = array();

// If request is a form submission
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

$NAME = cleanInput($_POST['NAME'], $conn);
$EMAIL = cleanInput($_POST['EMAIL'], $conn);
$COMMENTS = cleanInput($_POST['COMMENTS'], $conn);
$OVER18 = cleanInput($_POST['OVER18'], $conn);
$TERMS = cleanInput($_POST['TERMS'], $conn);


// Validation
// Check NAME is not less than 2 characters
    if (strlen($NAME) < 2) {
        $errors['NAME'] = "Your name is not long enough";
    }

// Check TELEPHONE is valid
if (0 === preg_match("/^((\(?0\d{4}\)?\s?\d{3}\s?\d{3})|(\(?0\d{3}\)?\s?\d{3}\s?\d{4})|(\(?0\d{2}\)?\s?\d{4}\s?\d{4}))(\s?\#(\d{4}|\d{3}))?$/", $_POST['TELEPHONE'])) {
    $errors['TELEPHONE'] = "Please enter valid phone number";
}

// Check EMAIL is not less than 2 characters
if (strlen($EMAIL) < 2) {
    $errors['EMAIL'] = "Your email address is not long enough";
}

// Check COMMENTS is not less than 3 characters
if (strlen($COMMENTS) < 3) {
    $errors['COMMENTS'] = "Please enter a comment";
}

// Check OVER 18 
if ($OVER18 < 18) {
    $errors['OVER18'] = "You must be 18 or over";
}

// Check TERMS have been agreed
if ($TERMS == "No") {
    $errors['TERMS'] = "It is required of you to agree to the terms before continuing";
}

// If no validation errors
if (0 === count($errors)) {

    // Sanitise details
    $NAME = cleanInput($_POST['NAME'], $conn);
    $TELEPHONE = cleanInput($_POST['TELEPHONE'], $conn);
    $EMAIL = cleanInput(trim($_POST['EMAIL']), $conn);
    $COMMENTS = cleanInput($_POST['COMMENTS'], $conn);
    $OVER18 = cleanInput($_POST['OVER18'], $conn);
    $TERMS = cleanInput($_POST['TERMS'], $conn);

    // Insert user into the database
    $query = "
INSERT INTO
    testform  (
        DATE
      , NAME
      , TELEPHONE
      , EMAIL
      , COMMENTS
      , OVER18
      , TERMS
) VALUES (
        '$DATE'
      , '$NAME'
      , '$TELEPHONE'
      , '$EMAIL'
      , '$COMMENTS'
      , '$OVER18'
      , '$TERMS'
      )";


    // for debugging
    print_r($_POST);

    $result = mysqli_query($conn, $query) or die(mysqli_error($conn) . $query);

    if ($result != FALSE) {
        // Form submitted successfully
        header("Location: thankyou.php");
        exit;
    }
}
} else {

//  DEBUGGING ONLY - DISABLE IN PRODUCTION SITE
// echo "<br/><br /> MySQLi Error: " . mysqli_error($conn);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
        <link rel="stylesheet" type="text/css" href="styles.css" />
    </head>
    <body>
        <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">       

            <table class="form">
                <tr class="<?php echo form_row_class("NAME", $errors); ?>">
                    <th><label for="NAME">Telephone</label></th>
                    <td><input name="NAME" id="NAME" type="text" value="<?php echo isset($_POST['NAME']) ? hsc($_POST['NAME']) : ''; ?>" />
                        <?php echo error_for("NAME", $errors); ?></td>
                </tr>
                <tr class="<?php echo form_row_class("TELEPHONE", $errors); ?>">
                    <th><label for="TELEPHONE">Telephone</label></th>
                    <td><input name="TELEPHONE" id="TELEPHONE" type="text" value="<?php echo isset($_POST['TELEPHONE']) ? hsc($_POST['TELEPHONE']) : ''; ?>" />
                        <?php echo error_for("TELEPHONE", $errors); ?></td>
                </tr>
                <tr class="<?php echo form_row_class("EMAIL", $errors); ?>">
                    <th><label for="EMAIL">Email Address</label></th>
                    <td><input name="EMAIL" id="EMAIL" type="text" value="<?php echo isset($_POST['EMAIL']) ? hsc($_POST['EMAIL']) : ''; ?>" />
                        <?php echo error_for("EMAIL", $errors); ?></td>
                </tr>
                <tr class="<?php echo form_row_class("COMMENTS", $errors); ?>">
                    <th><label for="COMMENTS">Comments</label></th>
                    <td><textarea name="COMMENTS" id="COMMENTS"><?php echo isset($_POST['COMMENTS']) ? hsc($_POST['COMMENTS']) : ''; ?></textarea>
                        <?php echo error_for("COMMENTS", $errors); ?></td>
                </tr>

            <tr class="<?php echo form_row_class("OVER18", $errors); ?>">
                <th><label for="OVER18">Tick box to agree to terms and conditions</label></th>
                <td colspan="2">
                    <label for="OVER18_YES">Yes</label>
                    <input type="radio" name="OVER18_NO" id="OVER18" value="<?php echo isset($_POST['OVER18']) ? hsc($_POST['OVER18']) : ''; ?>" />
                    <label for="OVER18_NO">NO</label>
                    <input type="radio" name="OVER18_NO" id="OVER18" value="<?php echo isset($_POST['OVER18']) ? hsc($_POST['OVER18']) : ''; ?>" />
                    <?php echo error_for("OVER18", $errors); ?></td>
            </tr>

            <tr class="<?php echo form_row_class("TERMS", $errors); ?>">
                <th><label for="TERMS">Tick box to agree to terms and conditions</label></th>
                <td colspan="2">
                    <input type="checkbox" name="TERMS" id="TERMS" value="<?php echo isset($_POST['TERMS']) ? hsc($_POST['TERMS']) : ''; ?>" />
                    <?php echo error_for("TERMS", $errors); ?></td>
            </tr>
            <tr>
                <th></th>
                <td>
                    <input type="submit" value="Go!" /></td>
            </tr>
        </table>
    </form>
</body>
</html>

Or to narrow it down for ease of finding, this part specifically.....

                    <th><label for="OVER18">Tick box to agree to terms and conditions</label></th>
                    <td colspan="2">
                        <label for="OVER18_YES">Yes</label>
                        <input type="radio" name="OVER18_NO" id="OVER18" value="<?php echo isset($_POST['OVER18']) ? hsc($_POST['OVER18']) : ''; ?>" />
                        <label for="OVER18_NO">NO</label>
                        <input type="radio" name="OVER18_NO" id="OVER18" value="<?php echo isset($_POST['OVER18']) ? hsc($_POST['OVER18']) : ''; ?>" />
                        <?php echo error_for("OVER18", $errors); ?></td>
                </tr>

            <tr class="<?php echo form_row_class("TERMS", $errors); ?>">
                <th><label for="TERMS">Tick box to agree to terms and conditions</label></th>
                <td colspan="2">
                    <input type="checkbox" name="TERMS" id="TERMS" value="<?php echo isset($_POST['TERMS']) ? hsc($_POST['TERMS']) : ''; ?>" />
                    <?php echo error_for("TERMS", $errors); ?></td>
            </tr>

I tried this with a drop down list, however that was fine as it has a "Select" field. Thanks in advance.

Derokorian

I'm not entirely sure the question since you talk about how to put it in the database, then say more specifically and show the form. So I'll start at the form. If you are looking to add default selection and default checking you need to use checked="checked" like so:

<input type="radio" name="radio" value="yes" <?php echo isset($_POST['radio']) && $_POST['radio'] == 'yes' ? 'checked="checked"' : ''; ?>/>
<input type="radio" name="radio" value="no" <?php echo isset($_POST['radio']) && $_POST['radio'] == 'no' ? 'checked="checked"' : ''; ?>/>
<input type="checkbox" name="checkbox" value="yes" <?php echo isset($_POST['checkbox'] && $_POST['checkbox'] == 'yes' ? 'checked="checked"' : ''; ?>/>

In php $_POST['checkbox'] will only exist if its checked. So varifying it was indeed checked is as simple as using isset().

ukphp

Hi Derokorian,

Thanks, think what you have provided has partly answered my question. Apologies if my question was a bit confusing. What it is my form has validation which I've put towards the top of the first quote of code in my last post. I'm wanting the form to submit "Yes" to my database if for example the checkbox has been checked, however if the checkbox has not been checked, then return an error message.

In the two bits of code below I've tried to piece together what you provided with the validation part. Hopefully this makes sense, not sure if it's correct though?

// Check TERMS have been agreed
    if ($checkbox !== "yes") {
        $errors['checkbox'] = "It is required of you to agree to the terms before continuing";
    }

<input type="checkbox" name="checkbox" value="yes" <?php echo isset($_POST['checkbox'] && $_POST['checkbox'] == 'yes' ? 'checked="checked"' : ''; ?>/>

With the radio buttons I'm just wanting to write the value of the radio button to the database depending on which is selected, however if neither of the two radio buttons are selected, then I would like an error message to appear. So I'm guessing this would be something like.

// Checks a radio button have been selected
    if ($radio !== "yes" || $radio !== "no") {
        $errors['radio'] = "Please select one of the radio buttons";
    }

<input type="radio" name="radio" value="yes" <?php echo isset($_POST['radio']) && $_POST['radio'] == 'yes' ? 'checked="checked"' : ''; ?>/>
<input type="radio" name="radio" value="no" <?php echo isset($_POST['radio']) && $_POST['radio'] == 'no' ? 'checked="checked"' : ''; ?>/>

Derokorian

First:

    if ($radio !== "yes" || $radio !== "no") {

Makes absolutely no sense at all. If $radio is equal to yes, then it will not be equal to no (making this statement evaluate to true). If $radio is equal to no, then it will not be equal to yes (making this statement evaluate to true). If $radio is equal to anything else then it will not be equal to yes and it will not be equal to no (making this statement evaluate to true).

$NAME = cleanInput($_POST['NAME'], $conn);

You are still missing the part about checking for external data's existence BEFORE trying to assign it to a variable. What happens if name doesn't exist? You will get a notice about undefined index. You may think no big deal, this is after checking for submission so it will be set. But as I explained this isn't true for checkbox because it will NOT exist in post data UNLESS it is checked. Also why is this block of code existent in your post TWICE?

Also why input yes into the DB for the checkbox? If you aren't going to accept the submission UNLESS they say yes, that means they won't get inserted into the DB unless they answer yes, which means EVERY row will have the same value for that column making is redundant and a waste of space.

if( !isset($_POST['checkbox']) || $_POST['checkbox'] != 'yes' ) {
   $errors['checkbox'] = 'You are required to accept the terms.';
}

if( !isset($_POST['radio']) || ($_POST['radio'] != 'yes' && $_POST['radio'] != 'no') ) {
   $errors['radio'] = 'You must answer the question';
}

ukphp

Ah ok yeah I see your point. With regard to the radio buttons I was trying to say if the neither buttons are selected then return the error message, otherwise write to the database the value of the selected radio button. So I wasnt sure how to do that one.

You are still missing the part about checking for external data's existence BEFORE trying to assign it to a variable. What happens if name doesn't exist? You will get a notice about undefined index.

Yeah I really did not know how to fix this issue other than to have it twice in my code. And yes your right with the checkbox I get an undefined index message even if it is in twice. How would I go abouts doing this? Also another good point about the checkbox for agreeing terms, like you say the logic should be if unchecked show error message. I just didnt know if I needed to put some other validation on this for security, hence trying to fun it through my cleanInput function.

Sorry if I come across as ignoring, its not that just more a case of I'm new to PHP and am unsure of what to do. Things do make sense when I see the working code, just unsure of how to get there at times.