| Re: Syntax for adding text prefix to a post variable? [message #170262 is a reply to message #170257] |
Sat, 23 October 2010 12:40   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 10/22/2010 11:59 PM, GarryJones wrote:
> Syntax problem when adding a prefix to an item number ->
>
> A user can mark each item as "10% paid" and/or "90% paid". Each item
> has a unique number in a mysql database.
>
> In the php form I give each checkbox a unique number. Every item has 2
> checkboxes.
>
> For instance item 289474 has two checkboxes, I prefix these with 10
> and 90 so its two checkboxes are called "10289474" and "90289474". So
> far so good, I can see these are correct in the html code.
>
> Then when the user presses OK I need to update what has and has not
> been checkedboxed as paid.
>
> If checkbox 10289474 has been checked I need to update item 289474 as
> 10% paid.
> When checkbox 90289474 has been checked I need to update item 289474
> as 90% paid.
>
> (In the table I have a column for "10% paid" and another column for
> "90% paid" which I need to set to "yes" when the user checks the
> respective checkbox, the std value is "no" and prefilled on item
> creation)
>
> I am adding each item number to an array to use when processing the
> checkboxes. I have listed the array and it is correct.
>
> The array is called $arr_payref
> The item number is in a column called bokanmref
>
> This is not working.. My problem is I don't know how to add the
> prefixes (10 and 90) to the item number in the array before collecting
> the data with the post command. This is my best(?) effort....
>
> foreach ($arr_payref as $payboxnmn)
> {
> $paybox = $_POST["10$payboxnmn"];
> if($paybox == "yes"){
> mysql_query("UPDATE ct_bok2 SET bok_paid10='yes' WHERE
> bokanmref='$payboxnmn'");
> } else {
> mysql_query("UPDATE ct_bok2 SET bok_paid10='no' WHERE
> bokanmref='$payboxnmn'");
> }
> }
>
> foreach ($arr_payref as $payboxnmn)
> {
> $paybox = $_POST["90$payboxnmn"];
> if($paybox == "ja"){
> mysql_query("UPDATE ct_bok2 SET bok_paid10='yes' WHERE
> bokanmref='$payboxnmn'");
> } else {
> mysql_query("UPDATE ct_bok2 SET bok_paid10='no' WHERE
> bokanmref='$payboxnmn'");
> }
> }
>
> Any help greatly appreciated.
>
> Garry Jones
> Sweden
Not very secure, and wide open to hackers. Someone could easily come in
and change the id in the form to something else, for instance. It would
be better to keep the database row id in your $_SESSION where it can't
be changed.
Then you could have your checkboxes as "10" and "90", but again having
to prefill values is a bad way to go. Rather, you should have them
both named something like payment[] (brackets are important!) with
values of "10" and "90". Then you can check to see if $_POST['payment']
is set; if it is, $_POST['payment'][0] will contain the value (10 or 90)
of the first checkbox checked; if both are checked, $_POST['payment'][1]
will contain the other value.
But also ensure you are checking the value against the valid values (10
or 90 in this case) as these could be hacked, also.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]