Processing an unknown amount of checkboxes

Question

I'm generating an unknown amount of checkboxes in my form using mysql, this number will always vary,

$frinfoq = mysql_query($frinfo) or die (mysql_error());
    while($frow = mysql_fetch_assoc($frinfoq)) {
        $username = $frow['username'];
        $ct = $frow['country'];
        $fruuid = $frow['uid'];
        ?>
    <tr><td><p><?php echo $username; ?></p></td><td><p><?php echo $ct; ?></p></td><td><form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="delf"><input type="hidden" value="<?php echo $fruuid; ?>" /><input type="checkbox" name="add[]" value="<?php echo $fruuid; ?>" id="a_t_game" /><form></td></tr>


    <?php   
    }
    ?>

When the form is submitted and is processed by "create.php" it's supposed to add only the checked users to a mysql table, a row per user, I determine (I'm not sure if this works due to the problem I'm about to get to) which are checked like this:

if($_POST['add'] == true) {
    $user_uid = $_POST['add'];
    }

I then try to add the rows like so:

$arr = array($user_uid);
foreach($arr as $user_uid) {
$game = "INSERT INTO wd_game (game_uid,user_uid,lastmove,startcountry) VALUES ('$gid','$user_uid',now(),'none')";
$gameq = mysql_query($game) or die (mysql_error());
}

All of the data inputs fine apart from the user uid which is set as "Array". It also only creates one row, and I need a row per user.

I know it's a problem with the way my array is being processed, that's pretty obvious, but I haven't the foggiest idea about how to fix it. Any help/pointers would be a great help!

Y U NO USE LINE BREAKS?! Had to br written. Seriously though, there's nothing wrong with breaking your strings into multiple lines. — Madara's Ghost, Jan 30 '12 at 15:31
Please, do not use "== true" in if statements. They are 100% redundant. — Victor Vasiliev, Jan 30 '12 at 15:37
You do know that [unchecked checkboxes will not be defined in the POST / GET data](http://stackoverflow.com/questions/2520952/how-come-checkbox-state-is-not-always-passed-along-to-php-script)? — Martin Hennings, Jan 30 '12 at 15:40

Travesty3 · Accepted Answer · 2012-01-30T15:53:01.533

$arr = array($user_uid); is your problem. Try just $arr = $user_uid;, or even cut out the middleman and just use $arr = $_POST["add"];.

EDIT

There are a number of other things that could also be improved with your code. For one, it's difficult to read. I would suggest cleaning it up a bit, and avoid jumping between HTML and PHP.

Another thing is that you should escape any data going into a database that could possibly come from user input (like $_POST). You should use mysql_real_escape_string.

A third thing is that a form with an action pointing to $_SERVER["PHP_SELF"] is not safe. It is vulnerable to cross-site scripting (XSS). See this blog for a more detailed description on the vulnerability.

I suggest you do something more like this:

<?php

if ($_POST["add"])
{
    $arr = $_POST["add"];

    foreach ((array)$arr as $user_uid)
    { 
        $game = "INSERT INTO wd_game (game_uid,user_uid,lastmove,startcountry) VALUES ('". mysql_real_escape_string($gid) ."','". mysql_real_escape_string($user_uid) ."', now(), 'none')"; 
        $gameq = mysql_query($game) or die (mysql_error()); 
    } 
}

$frinfoq = mysql_query($frinfo) or die (mysql_error()); 

while($frow = mysql_fetch_assoc($frinfoq))
{ 
    $username = $frow['username']; 
    $ct = $frow['country']; 
    $fruuid = $frow['uid'];
    echo "  <tr>
        <td>
            <p>{$username}</p>
        </td>
        <td>
            <p>{$ct}</p>
        </td>
        <td>
            <form method=\"post\" action=\"". htmlentities($_SERVER['PHP_SELF']) ."\" id=\"delf\">
                <input type=\"hidden\" value=\"{$fruuid}\" />
                <input type=\"checkbox\" name=\"add[]\" value=\"{$fruuid}\" id=\"a_t_game\" />
            <form>
        </td>
    </tr>\n";
    }
?>

It's a good job you fixed that code for me, the server self part, it's another form, it shouldn't have been there - deleted it, now the whole thing runs, thanks for the tips as well, much appreciated! — AviateX14, Jan 30 '12 at 15:57

score 0 · Answer 2 · answered Jan 30 '12 at 15:38

0

Your problem is here:

$arr = array($user_uid);

The $user_uid is already an array in the $_POST; casting it to an array again will make it 2 dimensional.

Try this.

if($_POST['add'] == true) {
     $user_uid = $_POST['add'];
}
foreach($user_uid as $userId) { ....

answered Jan 30 '12 at 15:38

jjs9534

475
2
7

This throws up an error: Invalid argument supplied for foreach() – AviateX14 Jan 30 '12 at 15:51

score 0 · Answer 3 · answered Jan 30 '12 at 15:38

It seems that $user_uid is already an array and you're wrapping it in an array (again) resulting in a multi-dimensional array. Consider testing $user_uid to see if it's an array:

if(!is_array($user_uid)) {
    $arr = array($user_uid);
} else {
    $arr = $user_uid;
}

Then, I believe your code will do what you expect.

Processing an unknown amount of checkboxes

3 Answers3