Jump to content
Killersites Forums

insert multiple checkboxes into database crud script


Recommended Posts

I am using the crud mysqli script and want to be able to insert multiple checkbox values selected to the database table but add the values to one db table column, below is the coding I have but no data is being added

<?php

	/*
		Allows the user to both create new records and edit existing records
	*/

	

	// creates the new/edit record form
 	// since this form is used multiple times in this file, I have made it a function that is easily reusable
	function renderForm($customer_name = '', $customer_email = '', $customer_phone = '', $items_booked_in = '', $computer_make = '', $computer_model = '', $technician = '', $status = '', $exrdate = '', $exrtime = '', $exstdate = '', $exstime = '', $deltype = '', $comments = '', $job_cost = '', $part_cost = '', $profit = '', $error = '', $id = '', $send_sms = '', $username = '', $password = '')
	{ ?>
    
    <form action="" method="post" class="form-valide">
    <div class="form-group row">
                    <label class="col-lg-4 col-form-label">Items Booked In</label>
                    <div class="col-lg-6">
                    <label>Laptop<input type="checkbox" class="form-control" name="Items[]" value="Laptop"/></label>
                    &nbsp;
                    <label>Charger<input type="checkbox" class="form-control" name="Items[]" value="Charger"/></label>
                    &nbsp;
                    <label>Laptop Bag<input type="checkbox" class="form-control" name="Items[]" value="Laptop Bag"/></label>                    
                    </div>
                    </div>
                    </form>
                    
                    <?php }

        /*

           EDIT RECORD

        */
	// if the 'id' variable is set in the URL, we know that we need to edit a record
	if (isset($_GET['id']))
	{
		// if the form's submit button is clicked, we need to process the form
		if (isset($_POST['submit']))
		{
			// make sure the 'id' in the URL is valid
			if (is_numeric($_POST['id']))
			{
				// get variables from the URL/form
				$id = $_POST['id'];
				$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
				$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
				$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES);
				$items_booked_in = htmlentities($_POST['items_booked_in'], ENT_QUOTES);
				$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
				$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
				$technician = htmlentities($_POST['technician'], ENT_QUOTES);
				$status = htmlentities($_POST['status'], ENT_QUOTES);
				$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
				$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
				$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
				$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
				$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
				$comments = htmlentities($_POST['comments'], ENT_QUOTES);
				$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
				$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
				$profit = htmlentities($_POST['profit'], ENT_QUOTES);
				
				// check that firstname and lastname are both not empty
				if ($customer_name == '' || $customer_phone == '' || $computer_make == '' || $computer_model == '' || $comments == '')
				{
					// if they are empty, show an error message and display the form
					$error = 'ERROR: Please fill in all required fields!';
renderForm($customer_name, $customer_phone, $computer_make, $computer_model, $comments, $error, $id);
				}
				else
				{
					// if everything is fine, update the record in the database
	if ($stmt = $mysqli->prepare("UPDATE repairs SET customer_name = ?, customer_email = ?, customer_phone = ?, items_booked_in = ?, computer_make = ?, computer_model = ?, technician = ?, status = ?, exrdate = ?, exrtime = ?, exstdate = ?, exstime = ?, deltype = ?, comments = ?, job_cost = ?, part_cost = ?, profit = ?
						WHERE id=?"))
					{
	$stmt->bind_param("sssssssssssssssssi", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $id);
						$stmt->execute();
						$stmt->close();
					}
					// show an error message if the query has an error
					else
					{
						echo "ERROR: could not prepare SQL statement.";
					}
					
					// redirect the user once the form is updated
					header("Location: view-all-repairs-tracking.php");
				}
			}
			// if the 'id' variable is not valid, show an error message
			else
			{
				echo "Error!";
			}
		}
		// if the form hasn't been submitted yet, get the info from the database and show the form
		else
		{
			// make sure the 'id' value is valid
			if (is_numeric($_GET['id']) && $_GET['id'] > 0)
			{
				// get 'id' from URL
				$id = $_GET['id'];
				
				// get the recod from the database
				if($stmt = $mysqli->prepare("SELECT id, customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, send_sms FROM repairs WHERE id=?"))
				{
					$stmt->bind_param("i", $id);
					$stmt->execute();
					
					$stmt->bind_result($id, $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $send_sms);
					$stmt->fetch();
					
					// show the form
					renderForm($customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, NULL, $id, $send_sms);
					
					$stmt->close();
				}
				// show an error if the query has an error
				else
				{
					echo "Error: could not prepare SQL statement";
				}
			}
			// if the 'id' value is not valid, redirect the user back to the view.php page
			else
			{
				header("Location: view-all-repairs-tracking.php");
			}
		}
	}
	
        /*

           NEW RECORD

        */
		
	// if the 'id' variable is not set in the URL, we must be creating a new record
	else
	{
		// if the form's submit button is clicked, we need to process the form
		if (isset($_POST['submit']))
		{
			
			$country_code = '44';
			
			// get the form data
			$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
			$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
			$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES); 			
			$items=NULL;
foreach($_POST['items_booked_in'] as $k){
  $items[]=htmlentities($k, ENT_QUOTES);
}
$items=implode(',',$items);
			$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
			$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
			$technician = htmlentities($_POST['technician'], ENT_QUOTES);
			$status = htmlentities($_POST['status'], ENT_QUOTES);
			$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
			$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
			$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
			$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
			$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
			$comments = htmlentities($_POST['comments'], ENT_QUOTES);
			$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
			$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
			$profit = htmlentities($_POST['profit'], ENT_QUOTES);
			$username = htmlentities($_POST['user_name'], ENT_QUOTES);
			$password = htmlentities($_POST['user_pass'], ENT_QUOTES);
			
			// check that firstname and lastname are both not empty
			if ($customer_name == '' || $computer_make == '' || $computer_model == '' || $comments == '' )
			{
				// if they are empty, show an error message and display the form
				$error = 'ERROR: Please fill in all required fields!';
	renderForm($customer_name, $computer_make, $computer_model, $comments, $username, $password, $error);
			}
			else
			{
				// insert the new record into the database


				//hash the password
		$hashed_password = password_hash($password, PASSWORD_DEFAULT);
				
				if ($stmt = $mysqli->prepare("INSERT repairs (customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, user_name, user_pass) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))

				{
					$stmt->bind_param("sssssssssssssssssss", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $username, $password);
					$stmt->execute();
				$repair_id = $mysqli->insert_id;
				//check for existing user
			$check_user = $mysqli->prepare("SELECT customer_email,customer_phone from users where customer_email=?");
			$check_user->bind_param("s", $customer_email);
						$check_user->execute();
						$check_user->bind_result($customer_email, $customer_phone);

						if(!$check_user->fetch()){
			if ($stmt = $mysqli->prepare("INSERT users (user_name, user_pass, customer_name, customer_email, customer_phone) VALUES (?, ?, ?, ?, ?)"))
					
					{
						$stmt->bind_param("sssss", $username, $hashed_password, $customer_name, $customer_email, $customer_phone);
						$stmt->execute();
						$userid=$stmt->insert_id;
					$stmt->close();
					
					$stmt = $mysqli->prepare("UPDATE repairs SET userid = $userid WHERE id=$repair_id");
						$stmt->execute();
						$stmt->close();
					
					
				}
						
				// show an error if the query has an error
				else
				{
					echo "ERROR: Could not prepare SQL statement.";
				}
				}
				
                if ($stmt = $mysqli->prepare("UPDATE repairs SET send_sms = 1 WHERE id=$repair_id"))
					{
	
						$stmt->execute();
						$stmt->close();
					}
					// show an error message if the query has an error
					else
					{
						echo "ERROR: could not prepare SQL statement.";
					}
					
					endif;
				}
	
				// redirec the user
				header("Location: view-all-repairs-tracking.php");
			}
			
		}
		
		// if the form hasn't been submitted yet, show the form
		else
		{
			renderForm();
		}
	}
	// close the mysqli connection
	$mysqli->close();
?>

Thank you in advance

Link to post
Share on other sites

Hi,

People wont' debug a big chunk of code like that. So you have to narrow it down. 

That said, remember that HTML form widgets are just text strings to insert ... which you can do with PHP. So for each record you return, you include a new checkbox.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...