Jump to content
Killersites Community
ianhaney

insert multiple checkboxes into database crud script

Recommended Posts

I am using the crud mysqli script and want to be able to insert multiple checkbox values selected to the database table but add the values to one db table column, below is the coding I have but no data is being added

<?php

	/*
		Allows the user to both create new records and edit existing records
	*/

	

	// creates the new/edit record form
 	// since this form is used multiple times in this file, I have made it a function that is easily reusable
	function renderForm($customer_name = '', $customer_email = '', $customer_phone = '', $items_booked_in = '', $computer_make = '', $computer_model = '', $technician = '', $status = '', $exrdate = '', $exrtime = '', $exstdate = '', $exstime = '', $deltype = '', $comments = '', $job_cost = '', $part_cost = '', $profit = '', $error = '', $id = '', $send_sms = '', $username = '', $password = '')
	{ ?>
    
    <form action="" method="post" class="form-valide">
    <div class="form-group row">
                    <label class="col-lg-4 col-form-label">Items Booked In</label>
                    <div class="col-lg-6">
                    <label>Laptop<input type="checkbox" class="form-control" name="Items[]" value="Laptop"/></label>
                    &nbsp;
                    <label>Charger<input type="checkbox" class="form-control" name="Items[]" value="Charger"/></label>
                    &nbsp;
                    <label>Laptop Bag<input type="checkbox" class="form-control" name="Items[]" value="Laptop Bag"/></label>                    
                    </div>
                    </div>
                    </form>
                    
                    <?php }

        /*

           EDIT RECORD

        */
	// if the 'id' variable is set in the URL, we know that we need to edit a record
	if (isset($_GET['id']))
	{
		// if the form's submit button is clicked, we need to process the form
		if (isset($_POST['submit']))
		{
			// make sure the 'id' in the URL is valid
			if (is_numeric($_POST['id']))
			{
				// get variables from the URL/form
				$id = $_POST['id'];
				$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
				$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
				$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES);
				$items_booked_in = htmlentities($_POST['items_booked_in'], ENT_QUOTES);
				$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
				$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
				$technician = htmlentities($_POST['technician'], ENT_QUOTES);
				$status = htmlentities($_POST['status'], ENT_QUOTES);
				$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
				$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
				$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
				$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
				$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
				$comments = htmlentities($_POST['comments'], ENT_QUOTES);
				$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
				$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
				$profit = htmlentities($_POST['profit'], ENT_QUOTES);
				
				// check that firstname and lastname are both not empty
				if ($customer_name == '' || $customer_phone == '' || $computer_make == '' || $computer_model == '' || $comments == '')
				{
					// if they are empty, show an error message and display the form
					$error = 'ERROR: Please fill in all required fields!';
renderForm($customer_name, $customer_phone, $computer_make, $computer_model, $comments, $error, $id);
				}
				else
				{
					// if everything is fine, update the record in the database
	if ($stmt = $mysqli->prepare("UPDATE repairs SET customer_name = ?, customer_email = ?, customer_phone = ?, items_booked_in = ?, computer_make = ?, computer_model = ?, technician = ?, status = ?, exrdate = ?, exrtime = ?, exstdate = ?, exstime = ?, deltype = ?, comments = ?, job_cost = ?, part_cost = ?, profit = ?
						WHERE id=?"))
					{
	$stmt->bind_param("sssssssssssssssssi", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $id);
						$stmt->execute();
						$stmt->close();
					}
					// show an error message if the query has an error
					else
					{
						echo "ERROR: could not prepare SQL statement.";
					}
					
					// redirect the user once the form is updated
					header("Location: view-all-repairs-tracking.php");
				}
			}
			// if the 'id' variable is not valid, show an error message
			else
			{
				echo "Error!";
			}
		}
		// if the form hasn't been submitted yet, get the info from the database and show the form
		else
		{
			// make sure the 'id' value is valid
			if (is_numeric($_GET['id']) && $_GET['id'] > 0)
			{
				// get 'id' from URL
				$id = $_GET['id'];
				
				// get the recod from the database
				if($stmt = $mysqli->prepare("SELECT id, customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, send_sms FROM repairs WHERE id=?"))
				{
					$stmt->bind_param("i", $id);
					$stmt->execute();
					
					$stmt->bind_result($id, $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $send_sms);
					$stmt->fetch();
					
					// show the form
					renderForm($customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, NULL, $id, $send_sms);
					
					$stmt->close();
				}
				// show an error if the query has an error
				else
				{
					echo "Error: could not prepare SQL statement";
				}
			}
			// if the 'id' value is not valid, redirect the user back to the view.php page
			else
			{
				header("Location: view-all-repairs-tracking.php");
			}
		}
	}
	
        /*

           NEW RECORD

        */
		
	// if the 'id' variable is not set in the URL, we must be creating a new record
	else
	{
		// if the form's submit button is clicked, we need to process the form
		if (isset($_POST['submit']))
		{
			
			$country_code = '44';
			
			// get the form data
			$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
			$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
			$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES); 			
			$items=NULL;
foreach($_POST['items_booked_in'] as $k){
  $items[]=htmlentities($k, ENT_QUOTES);
}
$items=implode(',',$items);
			$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
			$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
			$technician = htmlentities($_POST['technician'], ENT_QUOTES);
			$status = htmlentities($_POST['status'], ENT_QUOTES);
			$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
			$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
			$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
			$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
			$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
			$comments = htmlentities($_POST['comments'], ENT_QUOTES);
			$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
			$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
			$profit = htmlentities($_POST['profit'], ENT_QUOTES);
			$username = htmlentities($_POST['user_name'], ENT_QUOTES);
			$password = htmlentities($_POST['user_pass'], ENT_QUOTES);
			
			// check that firstname and lastname are both not empty
			if ($customer_name == '' || $computer_make == '' || $computer_model == '' || $comments == '' )
			{
				// if they are empty, show an error message and display the form
				$error = 'ERROR: Please fill in all required fields!';
	renderForm($customer_name, $computer_make, $computer_model, $comments, $username, $password, $error);
			}
			else
			{
				// insert the new record into the database


				//hash the password
		$hashed_password = password_hash($password, PASSWORD_DEFAULT);
				
				if ($stmt = $mysqli->prepare("INSERT repairs (customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, user_name, user_pass) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))

				{
					$stmt->bind_param("sssssssssssssssssss", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $username, $password);
					$stmt->execute();
				$repair_id = $mysqli->insert_id;
				//check for existing user
			$check_user = $mysqli->prepare("SELECT customer_email,customer_phone from users where customer_email=?");
			$check_user->bind_param("s", $customer_email);
						$check_user->execute();
						$check_user->bind_result($customer_email, $customer_phone);

						if(!$check_user->fetch()){
			if ($stmt = $mysqli->prepare("INSERT users (user_name, user_pass, customer_name, customer_email, customer_phone) VALUES (?, ?, ?, ?, ?)"))
					
					{
						$stmt->bind_param("sssss", $username, $hashed_password, $customer_name, $customer_email, $customer_phone);
						$stmt->execute();
						$userid=$stmt->insert_id;
					$stmt->close();
					
					$stmt = $mysqli->prepare("UPDATE repairs SET userid = $userid WHERE id=$repair_id");
						$stmt->execute();
						$stmt->close();
					
					
				}
						
				// show an error if the query has an error
				else
				{
					echo "ERROR: Could not prepare SQL statement.";
				}
				}
				
                if ($stmt = $mysqli->prepare("UPDATE repairs SET send_sms = 1 WHERE id=$repair_id"))
					{
	
						$stmt->execute();
						$stmt->close();
					}
					// show an error message if the query has an error
					else
					{
						echo "ERROR: could not prepare SQL statement.";
					}
					
					endif;
				}
	
				// redirec the user
				header("Location: view-all-repairs-tracking.php");
			}
			
		}
		
		// if the form hasn't been submitted yet, show the form
		else
		{
			renderForm();
		}
	}
	// close the mysqli connection
	$mysqli->close();
?>

Thank you in advance

Share this post


Link to post
Share on other sites

Hi,

People wont' debug a big chunk of code like that. So you have to narrow it down. 

That said, remember that HTML form widgets are just text strings to insert ... which you can do with PHP. So for each record you return, you include a new checkbox.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×