0

Here's my code, I don't know why the checkbox isnt updated when I try to update the mysql database. Only the input box are being updated.

   <tr>
<td><font size="3"></td>
<td></td>
<input type='hidden' name="stats6" value="0">
<td><input name="stats6" type="checkbox" id="dep" value="<?php echo $row["STAT6"]; ?>" <?php echo $row["STAT6"] ? 'checked="checked"' : ''; ?> >Dependent</td>
<td><font size="3"></td>
<td></td>
<input type='hidden' name="stats7" value="0">
<td><input name="stats7" type="checkbox" id="emp" value="<?php echo $row["STAT7"]; ?>" <?php echo $row["STAT7"] ? 'checked="checked"' : ''; ?> >Employee</td>
<td><font size="3"></td>
<td></td>
<input type='hidden' name="stats8" value="0">
<td><input name="stats8" type="text" id="" value="<?php echo $row["STAT8"]; ?>" maxlength="15">Others</td>

And here's the form action:

mysql_select_db("Hospital", $con);

mysql_query("UPDATE t2 SET HOSPNUM ='$_POST[hnum]', ROOMNUM='$_POST[rnum]', ADATE='$_POST[adate]',  ADTIME='$_POST[adtime]', LASTNAME='$_POST[lname]', FIRSTNAME='$_POST[fname]', MIDNAME='$_POST[mname]', CSTAT='$_POST[cs]', AGE='$_POST[age]', BDAY='$_POST[bday]', ADDRESS='$_POST[ad]', SEX='$_POST[sex]', 
                                                                                                                                                                                                                                     STAT='$_POST[stats1]', STAT2='$_POST[stats2]', STAT3='$_POST[stats3]', STAT4='$_POST[stats4]', STAT5='$_POST[stats5]', STAT6='$_POST[stats6]', STAT7='$_POST[stats7]', STAT8='$_POST[stats8]', NURSE='$_POST[nurse]'              
WHERE PNUM ='$_POST[pnum]'");

what might be wrong with my code?It doesn't really update the data that are in the checkbox. And when I try to search it, its all zeros

Improve this question
1
  • You have a SQL injection vulnerability. Commented Mar 1, 2010 at 12:38

4 Answers 4

Reset to default
0

You have a number of problems. Here are some of the key ones:

  • Your HTML is invalid. You have <input> elements between table cells. Use a validator.

  • You have multiple inputs with the same name (<input type='hidden' name="stats6" value="0"> and <input name="stats6" type="checkbox" for instance) and:

    • You are looking for a single element of that name in your PHP
    • You are naming them without [] on the end (which is only a problem in PHP)

PHP, IIRC, populates an $_POST['foo'] with the value of the first 'foo' it encounters.

It looks like you are trying to have a default value in case the checkbox isn't there. If so, handle that entirely with PHP. Don't add hidden inputs to the form.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It might be that the hidden input for each checkbox need to be behind the tag for it. I don't remember how PHP do with duplicates, but that might be the problem.

But, another note. I hope that code is only for example, you should never put data directly into the database from the input without sanitizing and validating it beforehand. Doing it like that will open up the possibilities for SQL injections.

Improve this answer

Comments

0

First of all it's recommended to use $_POST["hnum"] instead of $_POST[hnum]. Guess it is a typo.

ow the real problem. Checkbox values are only set when they are checked. If they are not checked, there will be no value like $_POST["hnum"]. Maybe that's part of your problem.

Improve this answer

Comments

-1

Your Html is correct the problem is with your SQL

i just have made come corrections to your query try it, 

$sql = "UPDATE t2 SET ";
$sql .= "HOSPNUM ='".$_POST['hnum']."', ";
$sql .= "ROOMNUM    ='".$_POST['rnum']."', ";
$sql .= "ADATE      ='".$_POST['adate']."', ";
$sql .= "ADTIME     ='".$_POST['adtime']."', ";
$sql .= "LASTNAME   ='".$_POST['lname']."', ";
$sql .= "FIRSTNAME  ='".$_POST['fname']."', ";
$sql .= "MIDNAME    ='".$_POST['mname']."', ";
$sql .= "CSTAT      ='".$_POST['cs']."', ";
$sql .= "AGE        ='".$_POST['age']."', ";
$sql .= "BDAY       ='".$_POST['bday']."', ";
$sql .= "ADDRESS    ='".$_POST['ad']."', ";
$sql .= "SEX        ='".$_POST['sex']."', ";
$sql .= "STAT       ='".$_POST['stats1']."', ";
$sql .= "STAT2      ='".$_POST['stats2']."', ";
$sql .= "STAT3      ='".$_POST['stats3']."', ";
$sql .= "STAT4      ='".$_POST['stats4']."', ";
$sql .= "STAT5      ='".$_POST['stats5']."', ";
$sql .= "STAT6      ='".$_POST['stats6']."', ";
$sql .= "STAT7      ='".$_POST['stats7']."', ";
$sql .= "STAT8      ='".$_POST['stats8']."', ";
$sql .= "NURSE      ='".$_POST['nurse']."'";
$sql .= "WHERE PNUM ='".$_POST['pnum']."'";

mysql_query($sql);

you have forget to put the "'" in the post values

fore example you have $_POST[stats1] which should be $_POST['stats1']

have a try

Improve this answer

1 Comment

The HTML isn't correct, and your SQL has major SQL injection vulnerabilities.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.