0

everyone.

I know this is a far treated subject, but I've looked everywhere and cannot get it solved.

I have a series of checkboxes in my webpage and need to insert the values into a database.

For what I've read, it's supposed to be done this way:

<tr>
        <td class="titulofila">Sal&oacute;n Completo con: </td>
        <td>
        <table width="100%"><tr><td>
            <label>
            <input name="equipSalon[]" type="checkbox" id="equipSalon[]" value="mesa"  />
            mesas </label>
        </td><td>
            <label>
            <input name="equipSalon[]" type="checkbox" id="equipSalon[]" value="sillas"  />
            sillas </label>
        </td><td>
            <label>
            <input name="equipSalon[]" type="checkbox" id="equipSalon[]" value="sofa"  />
            sof&aacute;</label>
        </td></tr></table>
        </td>
    </tr>

And then, in the PHP script that the submit button takes to:

 $equipSalonF=mysql_real_escape_string(implode(',', $_POST['equipSalon']));
mysql_query("INSERT INTO markers (ciudad,
                            zona,address,name,
                            telefono,email,piso,
                            tipo,erasmus,nhabitaciones,
                            plazas,equipHabita,nbanos,
                            salon,cocina,electrodomesticos,
                            garaje,internet,calefaccion,
                            sexo,precio,superficie,otros,
                            fecha,lat,lng)
        VALUES ('{$_POST['ciudad']}','{$_POST['zona']}',
                '{$_POST['address']}','{$_POST['name']}','{$_POST['telefono']}',
                '{$_POST['email']}','{$_POST['piso']}','{$_POST['tipo']}',
                '{$_POST['erasmus']}','{$_POST['nhabitaciones']}',
                '{$_POST['plazas']}','{$equipHabitaF}',
                '{$_POST['nbanos']}','{$equipSalonF}',
                '{$equipCocinaF}','{$equipElectroF}','{$_POST['garaje']}',
                '{$_POST['internet']}','{$_POST['calefaccion']}',
                '{$_POST['sexo']}','{$_POST['precio']}',
                '{$_POST['superficie']}','{$_POST['otrosF']}',
                '{$_POST['fecha']}','{$_POST['lat']}',
                '{$_POST['lng']}'",$link);

I have more than this checkboxes and this doesn't work, just says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 21"

If anyone wants to look at the full index.html and php files, you can have them here: http://paste.ideaslabs.com/show/8qEHDnsZdr the form starts at line 147. And the PHP File in here: http://paste.ideaslabs.com/show/IJFLSHM7Ka

Thanks in advance.

Improve this question
2
  • Except you should remove the ID attributes. You only need to do that for the name attribute. Commented Feb 4, 2012 at 17:36
  • if you really want to see what is happening under the hood, dump the POST variable: <?php echo "<!-- POST: "; print_r($_POST); echo " -->\n"; ?> ... then use view source to see the debug in comments Commented Feb 4, 2012 at 23:04

1 Answer 1

Reset to default
1

Checkboxes are only posted when they are ticked. So if the checkbox is not ticked, is will not appear in $_POST. Also you should generally not give any values to checkboxes. Instead use names to distinguish between them.

In the database I usually represent checkboxes with tinyints and store 1 for checked and 0 for unchecked.

// If your checkbox name is foo, this will convert it
// into a value that can be stored in the database
$foo = isset($_POST['foo']) ? 1 : 0;

Also note that html requires ids to be unique. So you can't have multiple elements with the same id. And you should sanitize your inputs to prevent sql injection. Use mysql_real_escape_string() on user inputs that go in the database.

Update

The main issue is that the query is missing a ')' at the last line. The query should look like

$query = "INSERT INTO markers (ciudad,
                        zona,address,name,
                        telefono,email,piso,
                        tipo,erasmus,nhabitaciones,
                        plazas,equipHabita,nbanos,
                        salon,cocina,electrodomesticos,
                        garaje,internet,calefaccion,
                        sexo,precio,superficie,otros,
                        fecha,lat,lng)
    VALUES ('{$_POST['ciudad']}','{$_POST['zona']}',
            '{$_POST['address']}','{$_POST['name']}','{$_POST['telefono']}',
            '{$_POST['email']}','{$_POST['piso']}','{$_POST['tipo']}',
            '{$_POST['erasmus']}','{$_POST['nhabitaciones']}',
            '{$_POST['plazas']}','{$equipHabitaF}',
            '{$_POST['nbanos']}','{$equipSalonF}',
            '{$equipCocinaF}','{$equipElectroF}','{$_POST['garaje']}',
            '{$_POST['internet']}','{$_POST['calefaccion']}',
            '{$_POST['sexo']}','{$_POST['precio']}',
            '{$_POST['superficie']}','{$_POST['otrosF']}',
            '{$_POST['fecha']}','{$_POST['lat']}',
            '{$_POST['lng']}')";
mysql_query($query, $link);

Note the closing ')' on the last line of the query. Also note that creating the query like this, in a variable, allows you to output the created query so you can see what exactly is sent to MySQL and you also can test your query in a different environment (ie in phpmyadmin or any other database administration tool).

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thanks for the answer, but I'm trying to store the values of the checkboxes, not if they're checked or not. I want to make a string with the values of the checkboxes and store them into de MySQL DB. ¿Is this possible?
You may be able to get a proper value in your $_POST for a checked checkbox, but if the checkbox is not checked then it will never be posted. So you have to implement logic to see which values have been posted and use that to determine which values have not been posted.
You should more carefully look the code he's posting. He's quoting the $_POST values, so there shouldn't be any problems, no matter whether the checkboxes are checked or not.
@periklis, quoting values is good, but inputs also need to be escaped to prevent sql injection.
I totally agree with you, but what does that have to do with the user's question?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.