checkboxes to db

maplematt

Hi all, complete beginner so excuse my stupidity.

Firsty, lets get the code down:

I have a form as below:

<applications><h2>Applications</h2><br><input type="checkbox" name="apps[]" value="gg">gg<br><br>
<input type="checkbox" name="apps[]" value="aa">aa<br><br>
<input type="checkbox" name="apps[]" value="bb">bb<br><br>
<input type="checkbox" name="apps[]" value="cc">cc<br><br>
<input type="checkbox" name="apps[]" value="dd">dd<br><br>
    </applications>

<servers>
<h2>Servers</h2><br><input type="checkbox" name="serv[]" value="servera">servera<br><br>
<input type="checkbox" name="serv[]" value="serverb">serverb<br><br>

</servers>
<countries1><h2>Countries</h2><br><input type="checkbox" name="country" value="uk">UK<br><br>
<input type="checkbox" name="country[]" value="germany">Germany<br><br>
<input type="checkbox" name="country[]" value="france">France<br><br>

</countries1>
<countries2>
<input type="checkbox" name="country[]" value="spain">Spain<br><br>
<input type="checkbox" name="country[]" value="sweeden">Sweeden<br><br>
</countries2>

<submitb>
<?
session_start();

$_SESSION['country']=$country;
$_SESSION['serv']=$serv;
$_SESSION['apps']=$apps;?>
<input type="submit" value="Update">

</submitb>

</form>
Then on my retrieval end:

 $apps=$_SESSION['apps'];

 $countries=$_SESSION['country'];
 $servers= $_SESSION['serv'];

Then, after this is submitted:

<?php

 // First we execute our common code to connection to the database and start the session 
    require("common.php"); 


 $query = " 
            INSERT INTO preferences ( 
                prefid, 
                ireport, 
                ireir, 
				image,
				ifle,
				ptal,
				phix,
				leaa,
				uk,
				germany,
				france,
				spain,
				benelux,
				sweeden,
				userid

        ) VALUES ( 
            :ireport, 
            :irepair, 
			:image,
			:iflt,
			:ptal,
			:phnix,
			:leasea,
			:uk,
			:germany,
			:france,
			:spain,
			:benelux,
			:sweeden,
			:userid
        ) 
    "; 
     $apps=$_SESSION['apps'];

	 $countries=$_SESSION['country'];
	 $servers= $_SESSION['serv'];


Print_r ($_SESSION);         

    $query_params = array( 
            ':ireport' => $apps[0], 
            ':irepair' => $apps[1], 
			':image' => $apps[2],
			':iflt'  => $apps[3],
			':ptal'  => $apps[4],
			':phnix' => $servers[0],
			':leasea'  => $servers[1],
			':uk'      => $countries[0],
			':geany' => $countries[1],
			':frae'  => $countries[2],
			':sin'   => $countries[3],
			':belux' => $countries[4],
			':seden' => $countries[5],
			':userid'  => 0		
    ); 


    try 
    { 
        // Execute the query to create the user 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 
	?>

(I know the variables don't match up in the query, deleted some chars to mask them a bit).

The error I get is as follows:
Undefined index: apps in C:\wamp\www\notifcation system\done.php on line 43
Call Stack
#	Time	Memory	Function	Location
1	0.0020	149104	{main}( )	..\done.php:0

( ! ) Notice: Undefined index: country in C:\wamp\www\notifcation system\done.php on line 45
Call Stack
#	Time	Memory	Function	Location
1	0.0020	149104	{main}( )	..\done.php:0

( ! ) Notice: Undefined index: serv in C:\wamp\www\notifcation system\done.php on line 46
Call Stack
#	Time	Memory	Function	Location
1	0.0020	149104	{main}( )	..\done.php:0

When I dump my session, it is obvious that the arrays ar enot being added to it. Any help would be really appreciated.

johanafm

Could you repost the code beginning at line 43 (as indicated by the error: "on line 43") + 7 more lines of code (including blank linkes), followed by the output of Print_r ($_SESSION)?

Hint: it might just tell you all you need to know…

bradgrafelman

Questions I came up with:

In regards to HTML (is that raw HTML, or some other template language?), you seem to be "inventing" new entities. Are you sure you're producing a valid HTML document?
In regards to the PHP code executed on the form page:
```
<?
session_start();

$_SESSION['country']=$country;
$_SESSION['serv']=$serv;
$_SESSION['apps']=$apps;?>
```
I've got a few questions:
1. Why are you executing this every time the form is displayed rather than only when it is submitted?
2. Are you even executing this code when the form is submitted?
3. Where do you define the PHP variables $country, $serv, and $apps?
4. Assuming you've just hidden those variable definitions from us for some unknown reason... how do you handle the fact that $_POST['apps'], etc. will be an [man]array[/man] rather than just a [man]string[/man]?
Ensure you have display_errors (or log_errors) set to On and error_reporting set to E_ALL (or better).
How are you planning on storing the values in the DB? Note that storing multiple values in a single field (e.g. using a comma-delimited list) will not only result in a non-normalized schema but can also hinder your ability to write simple, portable SQL queries to work with the data.

dalecosp

Hello, and welcome to PHPBuilder.

I'm guessing there may be a number of issues with your system at present.

Here's the first, quite obvious one:

<submitb>
<?
session_start();

Note that [man]session_start/man cannot be set (successfully) after anything has been output to the browser ... like the <submitb> tag in your code that I quoted.

In addition, the short PHP tag "<?" has been deprecated, although it is possible to still configure a server to recognize it. Using "<?php" is recommended and, indeed, the only acceptable custom for new code.

It's impossible from here to guess what else may be wrong, as it appears that the rest of the system is dependent on the $_SESSION array having data in it ....

dalecosp

Ooh, and sorry if I'm jumping in now ... I started this reply before lunch .... :eek:

maplematt

Hi all, and thank you very much for the replies. As you can tell I am very much a php beginner.
Let me address everything individually:

johanafm;11034477 wrote:
Could you repost the code beginning at line 43 (as indicated by the error: "on line 43") + 7 more lines of code (including blank linkes), followed by the output of Print_r ($_SESSION)?

Hint: it might just tell you all you need to know…

Line 43 onwards:
     $apps=$_SESSION['apps'];

	 $countries=$_SESSION['country'];
	 $servers= $_SESSION['serv'];


Print_r ($_SESSION);         

    $query_params = array( 
            ':irert' => $apps[0], 
            ':irair' => $apps[1], 
			':image' => $apps[2],
			':iflt'  => $apps[3],
			':poal'  => $apps[4],
			':phnix' => $servers[0],
			':leaa'  => $servers[1],
			':uk'      => $countries[0],
			':gerny' => $countries[1],
			':frce'  => $countries[2],
			':sin'   => $countries[3],
			':belux' => $countries[4],
			':swden' => $countries[5],
			':userid'  => 0		
    ); 


    try 
    { 
        // Execute the query to create the user 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 
	?>

output of printing the session:

Array ( [user] => Array ( [id] => 2 [username] => nonadmintest [email] => help@ge.com [admin] => 0 ) [admin] => Array ( [id] => 2 [username] => nonadmintest [email] => help@ge.com [admin] => 0 ) ) Failed to run query: SQLSTATE[21S01]: Insert value list does not match column list: 1136 Column count doesn't match value count at row 1

So from this I can tell my checkbox selections are not being added to the session(?)

bradgrafelman;11034481 wrote:
Questions I came up with:
In regards to HTML (is that raw HTML, or some other template language?), you seem to be "inventing" new entities. Are you sure you're producing a valid HTML document?
In regards to the PHP code executed on the form page:
<?
session_start();

$_SESSION['country']=$country;
$_SESSION['serv']=$serv;
$_SESSION['apps']=$apps;?>
I've got a few questions:

Why are you executing this every time the form is displayed rather than only when it is submitted?

Are you even executing this code when the form is submitted?

Where do you define the PHP variables $country, $serv, and $apps?

Assuming you've just hidden those variable definitions from us for some unknown reason... how do you handle the fact that $_POST['apps'], etc. will be an [man]array[/man] rather than just a [man]string[/man]?
Ensure you have display_errors (or log_errors) set to On and error_reporting set to E_ALL (or better).

How are you planning on storing the values in the DB? Note that storing multiple values in a single field (e.g. using a comma-delimited list) will not only result in a non-normalized schema but can also hinder your ability to write simple, portable SQL queries to work with the data.

I am using twitter bootstrap.

That session_start() has been removed as it was wrong. Session_start is called in common.php and was therefore producing errors itself.

I hope I am executing the code,if not that is my issue 🙂
I define them as I thought I would need to move the array across? Please do correct me

I am trying to split the array into each individual elements and store them in the db individually.

Hopefully I have given a bit more useful information that you can advise me better. I really do appreciate it.

johanafm

maplematt;11034541 wrote:

Print_r ($_SESSION);

output of printing the session:

Array ( [user] => Array ( [id] => 2 [username] => nonadmintest [email] => help@ge.com [admin] => 0 ) [admin] => Array ( [id] => 2 [username] => nonadmintest [email] => help@ge.com [admin] => 0 ) ) Failed to run query: SQLSTATE[21S01]: Insert value list does not match column list: 1136 Column count doesn't match value count at row 1

So from this I can tell my checkbox selections are not being added to the session(?)

Most likely. All you can say for sure is "not at that point".

Going back to your previous post, you had

<submitb>
<?
session_start();

$_SESSION['country']=$country;
$_SESSION['serv']=$serv;
$_SESSION['apps']=$apps;?>
<input type="submit" value="Update">

</submitb>

</form>

Then on my retrieval end:

I was obviously not paying enough attention the first time I replied. Among other things I missed that we are not looking at HTML code… Taking a second look at it, I'm starting to wonder if you've missunderstood the difference between what happens on the server, what happens in the client and how the two relate. Anyway, for now I will assume we are dealing with html code and a web browser, until otherwise specified.

Looking at the above, you have php code between what seems to imply a submit button, while the code in that place doen'st output text to produce a submit button, but rather seems to be php code meant to deal with receiving the post request. And after that you write "then on my retrieval end". But receiving the form data would actually be that "retrieval end".

The way it works is

[Client] requests the form
[Server] Either you have an html document with the form, or you have PHP code which produces the exact same html document as output. Either way, the exact same thing would be sent by the server. Whatever is sent from the server to the client is nothing but text.
3.1 [Client]Recieves your document. If it's sent as an html document, the text will be processed as such and turned from text into form elements etc. But the browser does not understand php code, it has no php parser. Which doesn't really matter. Look at the document source (rclick the page in your browser, and click "show source" or similar). It contains no php tags (remember those are handled in step 2)
3.2 [Client] When user is done and clicks submit, the browser performs the duty of assembling the form data in some agreed-upon form, either implicit default or explicit form attribute. Another request is sent to the server, which is the same thing that happens in step 1, except another resource is requested, or the server decides to do other things based on the form being submitted etc, so let's look at it as if it's not already looping back to step 1.
[Server] Receives data, and the web server + php will populate $GET (url query string) and $POST (the body of a post request) arrays with such data.
[Server] At this point, you may take user input and store it in $_SESSION for later use. The server may produce more output, such as an html document and send it to the browsers…

If my suspicion is correct, you are trying to perform step 5 during step 2. Moreover, because of this missunderstanding, you are trying to propagate things from step 2 to 5 using session data, when in reality you don't need any special handling of it. It will arrive by means of post or get data. Only if you need to propagate data from to subsequent page requests will you need to use sessions.

First request is for show-form.php
show-form.php

session_start();
echo $the-form-document;

Whatever resource pointed to by the previous form's action attribute. It could even be the same script again, i.e.e "show-form.php", but let's say it's "process-form.php" instead.
process-form.php

session_start();
# the page could be requested as a GET request, or without the form we wish to deal with being sent. Perform some check that you get what you want
if (!isset($_POST['submit'])) {
    # location always takes a fully qualified url - including protocol specification - http, https etc
    header('location: http://example.com/show-form.php');
    exit;
}
if (isset($_POST['app'])) {
    # deal with this as you need - you have received the data. no need for sessions…
    printf('You selected the following: %s%s',
        '<br>',
        implode(', ', $_POST['app'])
    );


# … unless you want to use the data on future page requests
# BUT! Do note that you can _only_ store strings as session data - look up serialize and unserialize at php.net
$_SESSSION['app'] = serialize($_POST['app']);
}

User now clicks any other link, types in a url or whatever which takes them to the same domain for which the session is valid
start.php

session_start();

# but here you cannot necessarily know that the user has made his selection yet.
if (empty($_SESSION['app'])) {
    printf('No seletion made so far. <a href="%s">One man enter, two choices made here!</a>',
        '/show-form.php'
    );
}
else {
    printf('Your selection is: %s',
        implode(', ', unserialize($_SESSION['app']))
    );
}

If you can't immediately manage to transform the above into your own usecase, go ahead and make the three pages I suggested while keeping them as simple as possible. Once you have them working you should understand the logic and be able to implement it in your own case.

maplematt;11034541 wrote:
I am trying to split the array into each individual elements and store them in the db individually.

And once again, if this is all you need, why bother with sessions to begin with? Data is posted -> process incoming data and store in db.