0

I am inserting values checked from a form into a db, but the inserted value has a slash (/) at the end.

I am inserting into sql database from an array in a form with check boxes, I want to insert only the checked values.

The insert is okay for all the values but they appear with a slash at the end and I can't tell why it is like that.

Here is the form

<form role="form" method="POST" action="add_payroll.php">
<label>Employees</label><br>

<?php
// include "../includes/connect.php";
$cs = mysql_query("SELECT user_Idnum, salary, user_fname, user_lname,user_mname from tbl_user_details");

if($cs==true){
$count=mysql_num_rows($cs);
while($row=mysql_fetch_assoc($cs)){
extract($row);
echo '<input type="checkbox" name="detail_Id[]" value='.$user_Idnum.'/>'.$user_fname." ".$user_mname." ".$user_lname.'<br>';

 }
 }
?>                                       
<label>Description</label>

<textarea class="form-control" name="description"></textarea>
<label>Transaction Date</label>
<input size="16" type="text"  readonly name="transaction_date"class="form_datetime form-control">

</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn dark btn-outline">Cancel</button>
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</div>

</form>

And here is the php script

<?php
include "../functions/connect.php";
$ids  = $_POST['detail_Id'];
$desc = $_POST['description'];
$time = $_POST['transaction_date'];

foreach ($ids as  $va) {

$run1= mysql_query("insert into tbl_payroll(detail_Id, description,     transaction_date) values('$va', '$desc', '$time' )");

                            if($run1==true)
                             {
                                echo '<script language="javascript">';
                                echo 'alert("Successfully Added")';
                                echo '</script>';
                                echo '<meta http-equiv="refresh" content="0;url=report.php" />';
                             }

    }

?>
Improve this question
3
  • 2
    value='.$user_Idnum.'/ perhaps? Use quotes. Commented Nov 9, 2016 at 12:07
  • yess..... Jon Stirling.... thats where the problem was.... Commented Nov 9, 2016 at 12:16
  • This code demonstrates everything you shouldn't do when querying a database. First off you're using mysql_* functions which are hopelessly out of date and been deprecated for years, and are no longer even present in PHP 7. Second off, you're building queries by concatenating strings instead of using parameterised statements. Third off you're accepting user input without any kind of validation or sanitation. This code is a recipe for disaster. xkcd.com/327 Commented Nov 9, 2016 at 13:06

2 Answers 2

Reset to default
1

Change

echo '<input type="checkbox" name="detail_Id[]" value='.$user_Idnum.'/>'.$user_fname." ".$user_mname." ".$user_lname.'<br>';

To

echo '<input type="checkbox" name="detail_Id[]" value="'.$user_Idnum.'"/>'.$user_fname." ".$user_mname." ".$user_lname.'<br>';

By having no quotes around the value attribute whatever is within that value will have a trailing slash concatenated to it's value.

You should probably not be writing out the javascript and meta-refresh in a loop either - the refresh will be triggered on the first iteration through the loop and subsequent statements will not be executed.

Also worth noting is the use of the now deprecated mysql functions - upgrade to either mysqli or PDO and use prepared statements to prevent SQL injection, something to which this code is vulnerable.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
<?php
include "../functions/connect.php";
$ids  = $_POST['detail_Id'];

try

if(substr($ids, -1) == '/') {
   $ids = substr($ids, 0, -1);
}

or 

$ids = rtrim($ids,"/");

..

$desc = $_POST['description'];
$time = $_POST['transaction_date'];
.......
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.