Re: [PHP-DB] Check Boxes
On Wednesday 18 August 2004 20:07, Ford, Mike [LSS] wrote: > > > $sql = 'SELECT ' . implode(', ', $chkboxes) . 'FROM form'; > > > > Just note that with either solution, someone can post a value of "* > > FROM table WHERE 1#" and see everything in any table in your database. > > I was waiting for someone to come in with a security warning, but knew that > whoever it was would express it much better than I could ;) -- so, a gold > medal to John!! The trouble is that it's a never ending task. Almost every question concerning sql queries and accepting info from POST, GET etc have security implications if data is not sanitised. Where do you begin? Where do you end? -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* Everything is worth precisely as much as a belch, the difference being that a belch is more satisfying. -- Ingmar Bergman */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Check Boxes
On 18 August 2004 15:53, John Holmes wrote: > Ford, Mike [LSS] wrote: > > > > $chkboxes = $_POST['ch']; > > > $sql = 'SELECT '; > > > foreach($chkboxes as $k => $v) > > > { > > > $sql .= $v; > > > if($k < (sizeof($chkboxes) - 1)) > > > { > > > $sql .= ', '; > > > } > > > } > > > $sql .= ' FROM form'; > > > > > > $sql = 'SELECT ' . implode(', ', $chkboxes) . 'FROM form'; > > Just note that with either solution, someone can post a value of "* > FROM table WHERE 1#" and see everything in any table in your database. I was waiting for someone to come in with a security warning, but knew that whoever it was would express it much better than I could ;) -- so, a gold medal to John!! Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Check Boxes
Ford, Mike [LSS] wrote: $chkboxes = $_POST['ch']; $sql = 'SELECT '; foreach($chkboxes as $k => $v) { $sql .= $v; if($k < (sizeof($chkboxes) - 1)) { $sql .= ', '; } } $sql .= ' FROM form'; $sql = 'SELECT ' . implode(', ', $chkboxes) . 'FROM form'; Just note that with either solution, someone can post a value of "* FROM table WHERE 1#" and see everything in any table in your database. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Check Boxes
yeah yeah...it's damn near 4 in the morning here...my brain isn't exactly on at the moment. :) On Wed, 18 Aug 2004 11:35:59 +0100, Ford, Mike [LSS] <[EMAIL PROTECTED]> wrote: > On 18 August 2004 11:24, randy wrote: > > > $chkboxes = $_POST['ch']; > > $sql = 'SELECT '; > > foreach($chkboxes as $k => $v) > > { > > $sql .= $v; > > if($k < (sizeof($chkboxes) - 1)) > > { > > $sql .= ', '; > > } > > } > > $sql .= ' FROM form'; > > $sql = 'SELECT ' . implode(', ', $chkboxes) . 'FROM form'; > > Cheers! > > Mike > > - > Mike Ford, Electronic Information Services Adviser, > Learning Support Services, Learning & Information Services, > JG125, James Graham Building, Leeds Metropolitan University, > Headingley Campus, LEEDS, LS6 3QS, United Kingdom > Email: [EMAIL PROTECTED] > Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- randy [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Check Boxes
On 18 August 2004 11:24, randy wrote: > $chkboxes = $_POST['ch']; > $sql = 'SELECT '; > foreach($chkboxes as $k => $v) > { > $sql .= $v; > if($k < (sizeof($chkboxes) - 1)) > { > $sql .= ', '; > } > } > $sql .= ' FROM form'; $sql = 'SELECT ' . implode(', ', $chkboxes) . 'FROM form'; Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Check Boxes
If one of the checkboxes is NOT checked, then your query will break as ift will look something like this: SELECT xxx,,yyy FROM form; Name your checkboxes like so: ch[] Then you can loop through the checkbox array and run your query that way $chkboxes = $_POST['ch']; $sql = 'SELECT '; foreach($chkboxes as $k => $v) { $sql .= $v; if($k < (sizeof($chkboxes) - 1)) { $sql .= ', '; } } $sql .= ' FROM form'; On Wed, 18 Aug 2004 15:01:01 +0530, balwantsingh <[EMAIL PROTECTED]> wrote: > i am using following coding > > $a1 = $_POST['ch1']; > $a2 = $_POST['ch2']; > $a3 = $_POST['ch3']; > > if ($a1 or $a2 or $a3) { > $query = "SELECT $a1, $a2, $a3 FROM form"; > [EMAIL PROTECTED] ($query); > } > Enter_Date > Opening_Units > Unit_Consumed > > > > > -Original Message- > From: John Holmes [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 18, 2004 5:43 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] Check Boxes > > balwantsingh wrote: > > can somebody advise me > > i want to use checkboxes on my website, i want that if user selects some > > checkboxes (there will be more than 20 checkboxes), checkbox's value will > be > > stored in variables and than SELECT query command will be run using these > > variables through PHP. but my problem is that in SELECT query command > after > > each column name comma (,) is required and if i use the same than it is > > displaying "You have an error in your SQL syntax near 'FROM form' at line > > 1" > > How about showing us some code kind of hard to help without that... > > -- > > ---John Holmes... > > Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ > > php|architect: The Magazine for PHP Professionals â www.phparch.com > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- randy [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Check Boxes
i am using following coding $a1 = $_POST['ch1']; $a2 = $_POST['ch2']; $a3 = $_POST['ch3']; if ($a1 or $a2 or $a3) { $query = "SELECT $a1, $a2, $a3 FROM form"; [EMAIL PROTECTED] ($query); } Enter_Date Opening_Units Unit_Consumed -Original Message- From: John Holmes [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 18, 2004 5:43 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Check Boxes balwantsingh wrote: > can somebody advise me > i want to use checkboxes on my website, i want that if user selects some > checkboxes (there will be more than 20 checkboxes), checkbox's value will be > stored in variables and than SELECT query command will be run using these > variables through PHP. but my problem is that in SELECT query command after > each column name comma (,) is required and if i use the same than it is > displaying "You have an error in your SQL syntax near 'FROM form' at line > 1" How about showing us some code kind of hard to help without that... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Check Boxes
balwantsingh wrote: can somebody advise me i want to use checkboxes on my website, i want that if user selects some checkboxes (there will be more than 20 checkboxes), checkbox's value will be stored in variables and than SELECT query command will be run using these variables through PHP. but my problem is that in SELECT query command after each column name comma (,) is required and if i use the same than it is displaying "You have an error in your SQL syntax near 'FROM form' at line 1" How about showing us some code kind of hard to help without that... -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] check boxes and php
John, There a few good threads in the PHP-DB archives that will guide you through implementing your check box solution. Here is one of the most recent: http://marc.theaimsgroup.com/?l=php-db&m=104610149123353&w=2 In the past, I've implemented check boxes for the purpose of deleting News items almost exactly as the link above describes, so I know it works - at least for me :). Searching on Google for checkbox + php will also yield dozens of good examples. Hope this helps. Rich > -Original Message- > From: Dillon, John [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 27, 2003 6:16 AM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] check boxes and php > > > I want to create a page where the user will have a list of > its favorites and > by ticking a box opposite the item will be able to delete it > by clicking the > submit button. I want to make this dynamic so that the php > works out the > one to delete based on the value of the tickbox (I'm > thinking), having first > > - done a query to retrieve the favorites of the user > - listed the favorites on the browser and set the tick boxes > with a value > corresponding to the ID of the favorite...thus knowing which > one to delete. > > I was wondering what's the best approach - the one above or > to mix in some > javascript? Any examples out there? I know it's a popular > idea. Maybe > there's a better approach than tickboxes. > > John > > > > > http://www.cantor.com > CONFIDENTIAL: This e-mail, including its contents and > attachments, if any, are confidential. If you are not the > named recipient please notify the sender and immediately > delete it. You may not disseminate, distribute, or forward > this e-mail message or disclose its contents to anybody else. > Copyright and any other intellectual property rights in its > contents are the sole property of Cantor Fitzgerald. > E-mail transmission cannot be guaranteed to be secure or > error-free. The sender therefore does not accept liability > for any errors or omissions in the contents of this message > which arise as a result of e-mail transmission. If > verification is required please request a hard-copy version. > Although we routinely screen for viruses, addressees > should check this e-mail and any attachments for viruses. We > make no representation or warranty as to the absence of > viruses in this e-mail or any attachments. Please note that > to ensure regulatory compliance and for the protection of our > customers and business, we may monitor and read e-mails sent > to and from our server(s). > > For further important information, please read the Important > Legal Information and Legal Statement at > http://www.cantor.com/legal_information.html > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Check Boxes
I usually store the value as a 0 (unchecked) or a 1(checked) in a char(1) field. Then, in populating the form my input has something like There are other ways of doing it. (Warning, I'm not actually LOOKING at my code at the moment so YMMV.) HTH, =C= * * Cal Evans * Journeyman Programmer * Techno-Mage * http://www.calevans.com * -Original Message- From: Julio Cuz, Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:33 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [PHP-DB] Check Boxes Hi-- Does anyone have any suggestions, SAMPLES, or ideas on how to STORE, RETRIEVE, AND PROCESS values for "Check Boxes" w/PHP & Postgresql? Thanks! Julio Cuz, Jr. Riverside Community College [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Check Boxes!
Sometimes, PHP becaomes confused when a variable is included in another word, such as you are doing with $i in: if($HTTP_POST_VARS["chkAuthStatus_$i"] = 'on') To avoid this problem, use braces to segregate the PHP variable from the rest of the word: try: if($HTTP_POST_VARS["chkAuthStatus_${i}"] = 'on') or:if($HTTP_POST_VARS["chkAuthStatus_{$i}"] = 'on') -Original Message- From: Matt C [mailto:[EMAIL PROTECTED]] Sent: Friday, October 19, 2001 6:43 PM To: [EMAIL PROTECTED] Subject: [PHP-DB] Check Boxes! I still can't get my damn code working :( :( :( All I want to do is have any records with a checked check box given the value of 1 in the AuthStatus row. Can anyone help me please? - JobID; for ($i = 0; $i <= $Max_JobID; $i++) { if($HTTP_POST_VARS["chkAuthStatus_$i"] = 'on') { $JobID = $i; } if($JobID){ $sql = "UPDATE vacancies SET AuthStatus='1' WHERE (JobID = '$JobID')"; mysql_query($sql,$dbconnect); } } } ?> _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Check Boxes!
Try removing the parenthesis from your update sql query $sql = "UPDATE vacancies SET AuthStatus='1' WHERE JobID = '$JobID'"; HTH Paul - Original Message - From: "Matt C" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, October 20, 2001 12:43 AM Subject: [PHP-DB] Check Boxes! : I still can't get my damn code working :( :( :( : : All I want to do is have any records with a checked check box given the : value of 1 in the AuthStatus row. : : Can anyone help me please? : : - : : : JobID; : : for ($i = 0; $i <= $Max_JobID; $i++) { : if($HTTP_POST_VARS["chkAuthStatus_$i"] = 'on') { : $JobID = $i; : } : : if($JobID){ : : $sql = "UPDATE vacancies SET AuthStatus='1' WHERE (JobID = '$JobID')"; : mysql_query($sql,$dbconnect); : : } : : : } : } : : ?> : : _ : Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp : : : -- : PHP Database Mailing List (http://www.php.net/) : To unsubscribe, e-mail: [EMAIL PROTECTED] : For additional commands, e-mail: [EMAIL PROTECTED] : To contact the list administrators, e-mail: [EMAIL PROTECTED] : -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Check Boxes/UPDATE
>-Original Message- >From: Matt C [mailto:[EMAIL PROTECTED]] >Sent: 03 October 2001 23:17 >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: RE: [PHP-DB] Check Boxes/UPDATE > > >I am sorry but I still really don't get it :( > >How do I do the array thing? Please specify *which* part you don't understand -- the setting up of the form, or retrieving the info from the form? -- Jason Wong Gremlins Associates www.gremlins.com.hk Tel: +852-2573-5033 Fax: +852-2573-5851 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Check Boxes/UPDATE
for( $i=0; $i<3; $i++ ) { if( isset($chkAuthStatus[$i]) ) { do something } } -Original Message- From: Matt C [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 03, 2001 10:17 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Check Boxes/UPDATE I am sorry but I still really don't get it :( How do I do the array thing? >-Original Message- >From: Jason G. [mailto:[EMAIL PROTECTED]] >Sent: 03 October 2001 12:12 >To: Matt C; [EMAIL PROTECTED] >Subject: Re: [PHP-DB] Check Boxes/UPDATE > > >Matt, > >Assuming that you have a variable number of records being displayed out of >the database: > >As you write out the HTML, give each checkbox a name containing the ID# of >the record that is being written out. Ex: > > > Note that you can use arrays when naming your form elements -- isn't PHP wonderful :). Thus you can have: ...etc This simplifies the code somewhat as you can now loop through the elements of the array $chkAuthStatus to find out whether it is checked or not. regards -- Jason Wong Gremlins Associates www.gremlins.com.hk Tel: +852-2573-5033 Fax: +852-2573-5851 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Check Boxes/UPDATE
I am sorry but I still really don't get it :( How do I do the array thing? _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Check Boxes/UPDATE
>-Original Message- >From: Jason G. [mailto:[EMAIL PROTECTED]] >Sent: 03 October 2001 12:12 >To: Matt C; [EMAIL PROTECTED] >Subject: Re: [PHP-DB] Check Boxes/UPDATE > > >Matt, > >Assuming that you have a variable number of records being displayed out of >the database: > >As you write out the HTML, give each checkbox a name containing the ID# of >the record that is being written out. Ex: > > > Note that you can use arrays when naming your form elements -- isn't PHP wonderful :). Thus you can have: ...etc This simplifies the code somewhat as you can now loop through the elements of the array $chkAuthStatus to find out whether it is checked or not. regards -- Jason Wong Gremlins Associates www.gremlins.com.hk Tel: +852-2573-5033 Fax: +852-2573-5851 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Check Boxes/UPDATE
Matt, Assuming that you have a variable number of records being displayed out of the database: As you write out the HTML, give each checkbox a name containing the ID# of the record that is being written out. Ex: Use code like the following to Write and Read the web form... id; //When Writing out the Web Form, use this $sChecked = ($oRow->authstatus ? ' checked' : ''); echo ""; //When Reading in the web form, use this //If the checkbox variable isset(checked) then set the authstatus=1 //Otherwise set the authstat= 0 $authstatus = (isset($$sCheckName) ? 1 : 0); //Update the database mysql_query("UPDATE table SET authstatus=$authstatus WHERE id=$oRow->id"); } ?> -Jason Garber www.IonZoft.com At 03:22 AM 10/3/2001 +0100, Matt C wrote: >I have a page of jobs with AuthStatus set to 0. Basically I want to list >each job title with a checkbox next to it. This I have done. > >What I really don't understand is how do I make it so that the rows in my >table for all the different records when ticked are updated to 1? > >Please help. > >Matt > >_ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Check Boxes/UPDATE
Hiya Matt you have to set the value of the checkbox to 1, and give it a unique name. if the user has checked the box when they submit the form then the checkbox' name will have a value of 1. if they didn't check it it won't have a value at all. Hope this helps! Dave -Original Message- From: Matt C [mailto:[EMAIL PROTECTED]] Sent: 03 October 2001 03:23 To: [EMAIL PROTECTED] Subject: [PHP-DB] Check Boxes/UPDATE I have a page of jobs with AuthStatus set to 0. Basically I want to list each job title with a checkbox next to it. This I have done. What I really don't understand is how do I make it so that the rows in my table for all the different records when ticked are updated to 1? Please help. Matt _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]