Home/ Questions/Q 7401607
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T04:31:07+00:00

I’m generating an unknown amount of checkboxes in my form using mysql, this number

  • 0

I’m generating an unknown amount of checkboxes in my form using mysql, this number will always vary,

$frinfoq = mysql_query($frinfo) or die (mysql_error());
    while($frow = mysql_fetch_assoc($frinfoq)) {
        $username = $frow['username'];
        $ct = $frow['country'];
        $fruuid = $frow['uid'];
        ?>
    <tr><td><p><?php echo $username; ?></p></td><td><p><?php echo $ct; ?></p></td><td><form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="delf"><input type="hidden" value="<?php echo $fruuid; ?>" /><input type="checkbox" name="add[]" value="<?php echo $fruuid; ?>" id="a_t_game" /><form></td></tr>


    <?php   
    }
    ?>

When the form is submitted and is processed by “create.php” it’s supposed to add only the checked users to a mysql table, a row per user, I determine (I’m not sure if this works due to the problem I’m about to get to) which are checked like this:

if($_POST['add'] == true) {
    $user_uid = $_POST['add'];
    }

I then try to add the rows like so:

$arr = array($user_uid);
foreach($arr as $user_uid) {
$game = "INSERT INTO wd_game (game_uid,user_uid,lastmove,startcountry) VALUES ('$gid','$user_uid',now(),'none')";
$gameq = mysql_query($game) or die (mysql_error());
}

All of the data inputs fine apart from the user uid which is set as “Array”. It also only creates one row, and I need a row per user.

I know it’s a problem with the way my array is being processed, that’s pretty obvious, but I haven’t the foggiest idea about how to fix it. Any help/pointers would be a great help!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    $arr = array($user_uid); is your problem. Try just $arr = $user_uid;, or even cut out the middleman and just use $arr = $_POST["add"];.

    EDIT

    There are a number of other things that could also be improved with your code. For one, it’s difficult to read. I would suggest cleaning it up a bit, and avoid jumping between HTML and PHP.

    Another thing is that you should escape any data going into a database that could possibly come from user input (like $_POST). You should use mysql_real_escape_string.

    A third thing is that a form with an action pointing to $_SERVER["PHP_SELF"] is not safe. It is vulnerable to cross-site scripting (XSS). See this blog for a more detailed description on the vulnerability.

    I suggest you do something more like this:

    <?php

if ($_POST["add"])
{
    $arr = $_POST["add"];

    foreach ((array)$arr as $user_uid)
    { 
        $game = "INSERT INTO wd_game (game_uid,user_uid,lastmove,startcountry) VALUES ('". mysql_real_escape_string($gid) ."','". mysql_real_escape_string($user_uid) ."', now(), 'none')"; 
        $gameq = mysql_query($game) or die (mysql_error()); 
    } 
}

$frinfoq = mysql_query($frinfo) or die (mysql_error()); 

while($frow = mysql_fetch_assoc($frinfoq))
{ 
    $username = $frow['username']; 
    $ct = $frow['country']; 
    $fruuid = $frow['uid'];
    echo "  <tr>
        <td>
            <p>{$username}</p>
        </td>
        <td>
            <p>{$ct}</p>
        </td>
        <td>
            <form method=\"post\" action=\"". htmlentities($_SERVER['PHP_SELF']) ."\" id=\"delf\">
                <input type=\"hidden\" value=\"{$fruuid}\" />
                <input type=\"checkbox\" name=\"add[]\" value=\"{$fruuid}\" id=\"a_t_game\" />
            <form>
        </td>
    </tr>\n";
    }
?>
    • 0